This notice is provided in compliance with the General Data Protection Regulation 2018. It relates to the use of personally identifiable information the context of research conducted in the National Perinatal Epidemiology Unit.
'MBRRACE-UK' is the collaboration appointed by the Healthcare Quality Improvement Partnership (HQIP) to run the national Maternal, Newborn and Infant clinical Outcome Review Programme (MNI-CORP) which continues the national programme of work conducting surveillance and investigating the causes of maternal deaths, stillbirths and infant deaths. HQIP commissions this work on behalf NHS England, NHS Wales, the Health and Social Care Division of the Scottish government, the Department of Health, Social Services and Public Safety, Northern Ireland (DHSSPS), the States of Jersey, Guernsey, and the Isle of Man. The MBRRACE-UK collaboration is led from the National Perinatal Epidemiology Unit in the Nuffield Department of Population Health at the University of Oxford.
The national Perinatal Mortality Review Tool (PMRT) is a tool which has been developed by the MBRRACE-UK/PMRT collaboration to support local Trusts and Health Boards across England, Wales and Scotland to carry out systematic, standardised, high quality, multidisciplinary reviews of the care provided to women and babies when the baby dies before or soon after birth (knowns as a perinatal death). The aim is to help local Trusts/Health Boards to provide high quality information to parents whose baby has died about why their baby died (accepting that even with a full investigation it isn’t always possible to identify why every baby dies), and to support learning and improvements in care to prevent future deaths.
Who is responsible for the data we collect?
Under the General Data Protection Regulation the ‘data controller’ is responsible for what happens to data which is collected. The ‘data controller’ for the PMRT programme is the Healthcare Quality Improvement Partnership (HIQP) who commissions the work. The MBRRACE-UK/PMRT team act as the ‘data processor’.
Personal data we collect about individuals during the conduct of local reviews of care using the PMRT
The purpose of the Perinatal Mortality Review Tool (PMRT) is to help local Trusts and Health Boards to carry out reviews of the care provided when a perinatal death has occurred. The PMRT is not primarily a data collection tool, but since information is needed to enable staff to carry out the review process, data about individuals is inevitably used and collected. The PMRT is completely integrated within the MBRRACE-UK national perinatal death surveillance data collection which is a web-based system. The MBRRACE-UK system is run from the National Perinatal Epidemiology Unit (NPEU) and so the data collected are held and managed by the NPEU, this includes the PMRT data.
Staff who conduct the reviews need to have the identifying details of the mothers and babies whose care they review and so this information is included in the PMRT and also in the report of the review which is generated for the staff in Trusts/Health Boards to use and file in the medical record. Personal identifying information is therefore held on the MBRRACE-UK/PMRT system.
The identifying information includes, for example, name, address, and NHS number of mothers and babies. Within Trusts/Health Boards the information is only available to authorised users of the PMRT system. At the NPEU this information is only available to specified individuals in the MBRRACE-UK/PMRT team on a ‘need to know’ basis to run the system.
How we use personal data
As a research unit within the university we use personally-identifiable information to conduct research to improve health, health care and health services. As a publicly-funded organisation, we have to ensure that it is in the public interest when we use personally-identifiable information in our research. Health and care research should serve the public interest, which means that before we are able to access to the personal identifiable information which is listed above we have to demonstrate that our research serves the interests of society as a whole.
To ensure we carry out our research to the highest standards we comply with the UK Policy Framework for Health and Social Care Research and other regulatory requirements. For example, for the PMRT we have approval from the Confidentiality Advisory Committee for section 251 approval under the NHS Act 2006 (England and Wales) and the Public Benefit and Privacy Panel for Health and Social Care (Scotland).
How long we keep personal data for
The need to keep personally identifiable information in the long term depends upon the individual research study. For the purposes of MBRRACE-UK/PMRT we will keep the data long enough to enable us to monitor trends over time.
How we protect data
We ensure that we protect personal identifiable data against unauthorised access, unlawful use, accidental loss, corruption or destruction. To do this we use ‘technical measures’ such as encryption and passwords to protect the individual datasets as well as the systems the datasets are held in. We also use ‘operational measures’ to protect the data, for example, by limiting the number of people who have access to the databases in which identifiable data is held.
We keep these security measures under review and refer to University Security Policies to keep up to date with current best practice. Read the University’s data protection policy.
Sharing identifiable data
Personal identifiable data which is collected and managed by the MBRRACE-UK/PMRT collaboration will not be shared with anyone else unless this is required as part of the conduct of the PMRT programme or there is special permission in place to do this.
Anonymised data (from which individuals cannot be identified) may be shared with other research groups who are doing similar research. The data which is shared in these circumstances will not include any information to enable individuals to be identified and the data will not be combined with any other information in a way that could lead to individuals being identified. Any information shared will only be used for the purpose of health and care research, and will not be used to contact individuals or to affect their care.
Decisions about who has access to PMRT data are made by the data controller HQIP.
The rights of individuals
The rights of individuals to access, change or move their information are limited, as we need to manage information in specific ways in order for the research we carry out to be reliable and accurate. Individuals involved in any study we conduct do however, have the right to withdraw from the study. If this happens we will keep the information that we have already obtained. To safeguard an individual’s rights, we will use the minimum personally-identifiable information possible.
The individuals whose data we hold have the right to complain. If you are one of those individuals and you wish to raise a complaint about how we have handled your personal data, you can contact our Data Protection Officer, email@example.com who will investigate the matter. If you are not satisfied with our response or believe we are processing your personal data in a way that is not lawful you can complain to the Information Commissioner’s Office (ICO).
If you would like to contact us directly for more information about how we use and protect data collected for research conducted at the NPEU, please email Professor Jenny Kurinczuk, Director, National Perinatal Epidemiology Unit at: firstname.lastname@example.org