2022 has, thus far, been an intense and transformative year for data policy - particularly for health data policy. Between April and July 2022 more than 8 data policy documents were published by the central government. Keeping pace with these developments has undoubtedly been a gargantuan task for all those working in the sector. However, this challenge has perhaps been most pronounced for the new National Data Guardian, Dr. Nicola Byrne, charged with “safeguarding trust in the confidentiality of our health and social care services,” during what she describes as an “eventful and tumultuous [first] year.” The annual NDG report, published on 30th August, makes clear just how often the expertise of the NDG’s office has been called upon over the last year.

The report covers three NDG-led projects and an additional 27 policy projects with which the NDG has been involved in an advisory capacity. Several of the projects covered, are projects that we have also been involved in, either in parallel with the NDG, or via direct engagement with the NDG. These overlapping projects include:

Here we summarise the NDG’s commentary on these projects, alongside our own involvement, and highlight how the results of all are coming together to build a strong case for the broader adoption and use of Trusted Research Environments across the NHS.

Learning from the pandemic: Citizens’ Juries

First, in 2021, the NDG co-commissioned a series of three citizens’ juries which sought to understand public reaction to the emergency measures that enabled greater sharing of health data during the COVID-19 pandemic. The three juries, each investigated the following three projects: Summary Care Record Additional Information; NHS COVID-19 Data Store and Data Platform; OpenSAFELY. Each jury was asked, for each project, whether they found its introduction acceptable, and whether it should be allowed to continue beyond the emergency stage of the pandemic. We were involved with all three juries, acting as the expert witness for OpenSAFELY.

The Annual NDG Report summarises the findings of the juries, noting that of the three data sharing initiatives, most jurors supported OpenSAFELY (77% of jurors very much in support) because they considered it to be the most transparent, trustworthy, and secure. In contrast, the NDG notes, the NHS COVID-10 Data Store and Platform had the least amount of support (38% of jurors very much in support) because jurors felt it lacked transparency.

We wrote more about the results of the citizens’ juries when the results were first published here. Additionally, as the NDG Report highlights, we quoted the results in the Goldacre Review Better, Broader, Safer, using them to demonstrate public understanding and support for what became one of our central recommendations: that TREs should be the norm when analysing NHS patient record data.

Better, Broader, Safer: Using Health Data for Research and Analysis

The NDG, of course, also informed the Goldacre Review, Better, Broader, Safer. As explained in the NDG Report, we met with the NDG’s panel in November 2021 to discuss the draft findings and recommendations of the Review. During this meeting, as the report goes on to note, the NDG panellists agreed with the argument that implementing TREs and moving away from data dissemination would help to develop a trustworthy system. Specifically, we recommend:

“All analysis of NHS patient records should move to be done in a TRE. This will allow more users to access NHS data while preserving patient privacy. It will reduce duplication of risk, work, and cost. It will also help to drive the overdue move to modern, open working methods and Reproducible Analytical Pipelines.”

The NDG report highlights that the NDG panellists were particularly supportive of the idea that TREs must have an accompanying standard ‘service wrapper,’ including audit logs, to facilitate the development of a more transparent system of access to health and care data.

Going into more detail on the NDG’s ongoing support for the development of this standard service wrapper element, the report states:

“A properly resourced centralised approach presents the opportunity to ensure that the key aspects that the public have told us should govern access to their data such as transparency and trust, proportionality, diversity and inclusion in design and oversight and ongoing learning are prioritised.”

This ongoing support from the NDG will be essential in ensuring the success of forthcoming policy in this domain.

Data saves lives: reshaping health and social care with data

Next, the Annual Report outlines the NDG’s contribution to the development of the NHS Data strategy Data Saves Lives. Specifically the report notes that during the consultation phase, the NDG stressed the importance of being clear with the public about how exactly trust would be built and maintained. These recommendations made it into the final version of Data Saves Lives which commits to building public trust in 5 ways:

  • Keeping data safe and secure.
  • Being open about how data is used.
  • Ensuring fair terms from data partnerships.
  • Giving the public a bigger say in how data is used.
  • Improving the public’s access to their own data.

Writing in a blog at the time (which is referenced in the Annual Report), the NDG explained that she was particularly pleased to see:

“…the shift towards data access in secure data environments (SDEs) – of which trusted research environments (TREs) are a subset – and away from routine disseminations is a significant development and a move that I strongly support. The ethical framework that underpins the use of the SDEs through the use of the ONS’s ‘5 safes’ is also key.”

This blog also refers back to Better, Broader, Safer pointing to its description of TREs, the standards they should meet, the need for appropriate accreditation, and - again - the importance of a consistently robust service wrapper.


Mid-way through, the report touches on the General Practice Data for Planning and Research programme (GPDPR). It explains how the programme was originally announced in May 2021, only to be paused several months later after substantial public, patient, and professional concerns were raised about the privacy implications of the proposed data collection process. The report stresses that the NDG was in general supportive of the purpose of the programme but was concerned about the lack of public discussion regarding protective safeguards and benefits.

Fortunately, as the report highlights, the NDG’s concerns - and those expressed by others around the system, including ourselves - were listened to and a letter was sent to GPs from Jo Churchill MP on 19 July 2021. The letter promised that data would only be collected once a number of conditions had been met - including the development and implementation of a Trusted Research Environment in NHS Digital. Specifically, the letter made the following commitment:

“The Government has committed that access to GP data will only be via a Trusted Research Environment (TRE) and never copied or shipped outside the NHS secure environment, except where individuals have consented to their data being accessed e.g. written consent for a research study. This is intended to give both GPs and patients a very high degree of confidence that their data will be safe and their privacy protected. The TRE will be built in line with best practice developed in projects, such as OpenSAFELY and the Office for National Statistics’ Secure Research Service.”

House of Commons Science and Technology Committee inquiry into “The Right to Privacy: Digital Data”

Finally, the NDG report describes the involvement of the NDG in the Science and Technology Committee inquiry on the topic of privacy and digital data. The report notes that the NDG initially provided written evidence to the committee in February 2022, which concluded that protecting patient privacy whilst maximising the benefits of NHS data would require:

“…a deep understanding of the uniquely sensitive, confidential nature of health and care data, provided by patients and service users within the context of a reciprocal relationship with the health and care system that is based on trust. The public should not be asked to simply trust how their data is subsequently used. Rather the onus should be on the system to demonstrate its trustworthiness through a commitment to good governance, engagement and transparency, data security, the provision of authentic public choice, and ensuring that the public are represented through involvement in decision making.”

This idea of demonstrable trustworthiness was repeated in the NDG’s oral evidence given to the committee in April 2022, and is something that we also believe in. Indeed, OpenSAFELY is designed to be ‘provably trustworthy’ and the general concept of ‘demonstrable trustworthiness’ via TREs as a key idea expressed by our Director, Professor Ben Goldacare, when he gave evidence to the same committee the following month. The inquiry concluded in June 2022, and we await the final report.


Overall, the NDG report provides a powerful insight into just how far the system has moved in a relatively short space of time, with regards to its attitudes towards health data and privacy. It seems now that there is far greater recognition of the dangers associated with the pseudonymisation and dissemination of data, and of the significant advantages of Trusted Research Environments. If policy development continues in this direction, which we - and the report makes clear the NDG - hope it does, then we can all afford to feel optimistic about the future and the NHS’s ability to unlock the power and potential of its data in a better, broader, and safer way.