Use SHIP to provide data access

This route-map will guide you step-by-step through your assessment of requests from researchers to use data for which you are responsible in your role as data controller and explain how SHIP can facilitate this process and maximise the secure handling of the data.

The benefits of providing data access through SHIP

SHIP’s guiding principles and operating procedures provide you, the data custodian, with the confidence that when you provide access to health data for research purposes via SHIP that this data will be used in accordance with optimal information governance standards.  SHIP offers you the security of knowing that the data you are responsible for is safe data being processed by safe people in safe environments because:

  • Applicants for data access through SHIP must have SHIP accredited approved researcher status;
  • The proposed research use of the data, including its relative risks to privacy and public interest benefits, will be subject to an authorisation process proportionate to a privacy risk category assigned according to a triage process based on transparent criteria;
  • Once a research use has been authorised the researchers will be held to the conditions of this approval by a binding Data Sharing Agreement, breaches of these agreements will be penalised;
  • SHIP offers a Safe Haven service, as recommended by the UK Ministry of Justice’s 2008 Data Sharing Review Report;
  • As data custodian you will be able to set conditions on the uses of the data, including by making it a requirement that researchers access the data only through a SHIP safe haven and specifying degrees of anonymisation;
  • SHIP safe havens provide a data indexing and linkage service to anonymise or partially anonymise the data.  This means that researchers will only be able to access data at the level of person-identifiability needed for your particular research aims and as set out in your data sharing agreement;
  • The SHIP Safe Haven takes on the legal responsibilities of data controller jointly with you, the data custodian, for the duration of the project. The Safe Haven a data controller for both the received datasets and the newly created linked dataset;
  • The safe haven also performs statistical disclosure control on the results of any analysis before releasing these results to researchers, automatically archives the datasets and acts as a repository for all the necessary documentation and approvals for data linkage;
  • You will be able to seek the advice of the national Privacy Advisory Committee (PAC) on the sensitivities of providing access to the data even if you are not a data custodian within NSS Information Services Division (ISD) or National Records of Scotland (NRS).

Return to top of page

Your role as data custodian

As a data controller providing access to health-related data through SHIP your responsibilities are:

  • To demonstrate your commitment to privacy protection through the development and implementation of appropriate and transparent policies;
  • To comply with your legal responsibilities as a data controller under the terms of the Data Protection Act and to handle data and respond to data access requests in ways that comply with the legal and ethical requirements for optimal information governance as set out in this toolkit;
  • Provided appropriate approval processes are in place - to participate in appropriate sharing of data resources within the health and non-health contexts.  Your access policies should be developed in a transparent and open manner;
  • To provide to researchers who are seeking to access data that you hold, information about features of these data that may be relevant to their access request, for example, consent conditions or particular risks of identification of individual patients;
  • To take public interest in secondary uses of patient data into account and to weigh this against potential privacy risks when making a decision about whether to provide access to data for which you are responsible.  The common law of confidentiality, the Data Protection Act and article 8 of the Human Rights Act all permit the balancing of privacy concerns against considerations of public interest – so you should avoid being disproportionately restrictive in setting conditions for access to data where the proposed research uses are lawful and bring recognised public benefits.

The role of SHIP Research Co-ordinators

The SHIP Research Coordinator is a professional with experience of managing information governance in health care settings.  The Research Co-ordinator works together with colleagues in the SHIP framework to advise and support researchers and data custodians and to oversee the safe sharing of health care data for research purposes through SHIP.  The specific roles of a SHIP Research Coordinator are:

  • To liaise with principal investigators to:
    • provide practical assistance in developing a feasible research proposal;
    • provide information on what past research has been done in the area;
    • help identify the associated data requirements and which existing and potential data sources may be available;
    • and to advise the likely privacy risk category to which the project proposal will be assigned, including whether use of a safe haven is likely to be a requirement, and what level of approval will be needed for their project.
  • To liaise with you, the data custodian, on behalf of researchers.
  • To assist in assigning the appropriate privacy risk category to a data access request using transparent SHIP criteria and thus to determine the level of formal authorisation required.
  • To administer SHIP processes, including

Return to top of page

Return to route-map