Healthcare Evaluation Data (HED) is an online system allowing comparison of hospitals across the country. This sharing of information enables healthcare organisations to drive clinical performance in order to improve patient care and deliver financial savings. HED is only available to healthcare professionals, and not to the public.
The system has been developed in-house at University Hospitals Birmingham NHS Foundation Trust (UHB), with strong clinical engagement. As a result, HED delivers timely, detailed intelligence that can provide meaningful insight from board to ward alike. More detailed information about the system is available on the HED website.
HED uses information about individual patients to help improve the quality of care. Wherever possible, the data is anonymised, but occasionally authorised users will use patients’ personal data to help with clinical audits and case note reviews. This is to improve future patient care and is only used within the NHS by trained, approved users.
What is HED?
HED is an online system delivering information which enables healthcare organisations to impact clinical performance, to improve patient care and deliver financial savings. It is created for the NHS by the NHS. It uses data from patients’ hospital experience to help hospitals improve what happens in the future.
The HED system was created by UHB, and is used by NHS hospitals across England.
Where can I find UHB’s privacy notice?
The sole Data Controller for information used within HED is UHB.
UHB processes a range of personal data for a variety of reasons, including HED. The Trust’s online privacy notice details how personal data is used and provides contact details for the Data Protection Officer.
What data does HED have about me and why?
Data which could identify you is known as your "personal data". HED uses "hospital episode statistics" which tell us about your stay in hospital. It tells us when you came and left, who you saw, what was wrong with you, and details of any operations you had while there.
We also add information held by the Office of National Statistics, so for patients who sadly die in the 30 days following a stay in hospital, we can see when they died and the cause of death. This data is used to review the quality of care patients were given, and to ensure future patient safety.
Who do you share my data with?
We provide grouped non-identifiable data to our subscriber NHS organisations to help them further understand the care they give. By looking at comparative grouped data from other NHS hospitals, our authorised users learn where they can improve what they do for the benefit of patients. This analysis of non-identifiable data is the main part of HED.
Personal data is only provided to authorised users within hospitals to enable matching with local information systems, and the organisation of clinical audits and case note reviews, with a view to improving patient care. These users will have had approval from their local Caldicott Guardian. A Caldicott Guardian is a senior person responsible for protecting the confidentiality of patient and service user information and enabling appropriate information-sharing. Each NHS organisation is required to have a Caldicott Guardian.
Only the NHS hospital(s) which you attended will be able to see your personal data.
No identifiable data is shared with anyone outside of the NHS.
What is HED’s legal basis for processing my personal information?
Any personal information we hold about you is processed for the purposes of "the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller" under chapter 2, section 6 and the "reasons of public interest in the area of public health" under chapter 2, section 9 of the Data Protection Act 2018.
How long does HED keep my data?
We only keep your data as long as is strictly necessary to help the NHS improve your care and is in line with our data sharing agreements with NHS Digital. Personal data will be kept for a maximum of three years. Once it is finished with, it is safely destroyed.
How does the Data Protection Act protect me?
The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR). The Data Protection Act 2018 requires that, as far as is practicable, individuals are informed about who has access to their personal data and for what purposes. Patients have the right to object to confidential information being shared for purposes beyond their own care and treatment.
UHB is registered under the Data Protection Act and its registration number is Z5568104.
How does HED keep my personal data safe?
Keeping your data safe is vitally important to us, and we have many safeguards in place to ensure it is kept confidential, safe and secure at all times:
- We have a duty of care to protect information from unauthorised or accidental modification, loss and release
- All our patient-level data is held on our secure and access-restricted server
- No one can access your personal data other than authorised healthcare professionals at the hospital you attended
- The Data Security and Protection Toolkit (DSPT) is an NHS Digital assessment that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards. This provides assurance we are practising good data security and that personal information is handled correctly
Information about the choices you have about your personal data is available on the NHS website.
The national data opt-out was introduced on 25 May 2018, providing a web-based facility for individuals to opt-out from the use of their data for research or planning purposes. This is provided in line with the recommendations of the National Data Guardian in review of data security, consent and opt outs.
You can view or change your national data opt-out choice at any time on the NHS website.
HED uses information about individual patients to help improve the quality of care patients get in future. Wherever possible it is anonymised, but occasionally authorised users will use patients’ personal data to allow clinical audit and case note reviews to take place. This is to improve future patient care and is only used within the NHS by trained, approved users.
You have three options regarding your personal data
1. Do nothing
If you do nothing, data will be collected along your health journey, collated by NHS Digital and subsequently used by other health organisations to improve future healthcare. It will not be "sold on" to financial institutions, insurance companies or marketing companies. It will only be used to improve the work of the NHS.
2. Opt out with individual organisations that use personal health data, such as HED (UHB’s comparative data system)
If you opt out from an individual organisation, they will remove you from their own system, but your personal data can still be used by other organisations using health data. To be removed from data which UHB holds on behalf of HED, you would need to send an official opt out request to Christopher Stephen, Head of Health Informatics.
On receipt of your opt-out request, the Director of Strategy and Quality Development will liaise with you and will arrange for the removal of your personal data. We will find your records using a combination of different types of information, for example age, sex, postcode and GP practice.
The Director of Strategy and Quality Development will also write to you to confirm that all your personal data has been deleted from our databases going back for three years and won't be used in future. HED also processes nationally pseudonymised data. Since this data does not contain any direct identifiers it is not possible to opt out as there is no way to identify any individual.
3. Choose to take out a national data opt-out
This will mean that your data can only be used for circumstances directly relating to you own personal healthcare (other than in particular circumstances required by law, such as a public health emergency, like an outbreak of a pandemic disease).
Rights of access to information
Under the Data Protection Act 2018, you are also entitled to access your clinical records or any other personal information held about you. For information on how to request access your personal information, please see our page on requesting access to your health records.
Why should I let HED use my data?
HED is part of the NHS and its purpose is to improve patients' NHS experience. It has been created by the NHS to provide high-quality analytics of relevance to the NHS. HED provides hospitals with timely, detailed intelligence that can provide meaningful insight at all levels, to help save lives and save money.
Your data can help us do that.
This use of data can only inform and improve the quality of care provided by the NHS as a whole, and you can be part of it by allowing us to use your data.
Any more questions?
Please do not hesitate to contact us if you have any more questions.
Christopher Stephen, Head of Health Informatics
University Hospitals Birmingham NHS Foundation Trust
11 - 13 Frederick Road
Birmingham, B15 1JD
Last reviewed: 19 April 2022