NHS England Data Sharing Remote Audit: Our Future Health
This report records the key findings of a remote data sharing audit of Our Future Health (OFH) between 02 and 06 December 2024.
Audit summary
Purpose
This report records the key findings of a remote data sharing audit of Our Future Health (OFH) between 02 and 06 December 2024. It provides an evaluation of how OFH conforms to the requirements of:
-
the data sharing framework contract (DSFC) CON-640689-Q9J6Q-v2.02
-
the data sharing agreement (DSA) DARS-NIC-411795-X5N2V-v0.9
-
the organisation’s own policies, processes and procedures
This DSA covers the provision of the following datasets:
| Dataset | Classification of data | Dataset period |
|---|---|---|
|
Civil Registrations of Death |
Identifiable, Sensitive |
Latest available |
|
Demographics |
Identifiable, Sensitive |
Latest available |
|
Emergency Care Data Set (ECDS) |
Identifiable, Sensitive |
2019 – 2027 Q2 |
|
Hospital Episode Statistics Accident and Emergency (HES A and E) |
Identifiable, Non-Sensitive |
2007 - 2020 |
|
Hospital Episode Statistics Admitted Patient Care (HES APC) |
Identifiable, Non-Sensitive |
1997 – 2027 Q1 |
|
Hospital Episode Statistics Critical Care (HES Critical Care) |
Identifiable, Non-Sensitive |
2008 – 2027 Q1 |
|
Hospital Episode Statistics Outpatients (HES OP) |
Identifiable, Non-Sensitive |
2003 – 2027 Q1 |
|
National Diabetes Audit |
Identifiable, Sensitive |
2003 – 2025 |
|
NDRS Cancer Pathway |
Identifiable, Non-Sensitive |
Latest available |
|
NDRS Cancer registration (pre-1995) |
Identifiable, Non-Sensitive |
1985 - 1994 |
|
NDRS Cancer Registrations |
Identifiable, Sensitive |
Latest available |
|
NDRS National Radiotherapy Dataset (RTDS) |
Identifiable, Non-Sensitive |
Latest available |
|
NDRS Somatic Molecular Dataset |
Identifiable, Sensitive |
Latest available |
|
NDRS Systemic Anti-Cancer Therapy Dataset |
Identifiable, Sensitive |
Latest available |
The Controller is OFH and the Processors are Microsoft Azure Limited and DNAnexus Inc. Microsoft Azure Limited provides Cloud storage and DNAnexus Inc provide the Trusted Research Environment (TRE) software functionality. The DSA allows the Controller to share data with other organisations under a sub-license agreement.
OFH was formed as part of the UK Life Sciences Industrial Strategy. It is designed to be the UK’s largest ever health research programme with the goal to recruit up to 5 million adult participants from across the UK to create a detailed picture that reflects the whole of the population.
The interviews during the audit were conducted through video conferencing.
This is an exception report based on the criteria expressed in the Data Sharing Audit Guide version 4.
Audit type and scope
|
Audit type |
Routine |
|
Scope areas |
Information Transfer Access Control Data Use and Benefits, including sub-licencing Risk Management Operational Management and Control Data Destruction |
|
Restrictions |
Access control - limited visibility of physical controls |
Overall risk statement
Based on evidence presented during the audit and the type of data being shared the following risk has been assigned from the options of Critical - High - Medium - Low
Current risk statement: Low
This risk represents a deviation from the terms and conditions of the contractual documents, signed by both parties. In deriving this risk, the Audit Team takes into account compliance, duty of care, confidentiality and integrity, as appropriate.
Data recipient’s acceptance statement
OFH has reviewed this report and confirmed that it is accurate.
Data recipient’s action plan
OFH will establish a corrective action plan to address each finding shown in the findings table in section 2. The Audit Team will validate this plan and the resultant actions at a post audit review (PAR) with OFH to confirm the findings have been satisfactorily addressed. The PAR will also consider the outstanding evidence at which point the Audit Team may raise further findings.
The Audit Team has identified 2 opportunities for improvement in section 3 which is provided for reference only and will not be followed up as part of any PAR.
Findings
The following table identifies the 3 agreement nonconformities, 2 observations and 1 point for follow-up raised as part of the audit.
Findings
| Ref | Finding | Link to area | Clause | Designation |
|---|---|---|---|---|
|
|
Only high-level information on the datasets provided under the DSA has been recorded in the Information Asset Register (IAR). |
Operational Management |
DSFC Schedule 2, Section A, Clause 3.2 |
Agreement nonconformity |
|
|
OFH have staff with enhanced privileged access to systems and information. In many but not yet all systems privilege is subject to automatic expiration (acting as an access review), however in other systems the review for privileged access is not formalised and scheduled. This creates a risk that staff no longer requiring this level of access retain it when not required. |
Access Control |
DSFC Schedule 2, Section A, Clause 4.11
|
Agreement nonconformity |
|
|
A process for identifying and managing dormant accounts would enhance security processes. |
Access Control |
DSFC Schedule 2, Section A, Clause 4.1 |
Agreement nonconformity |
|
|
There is no reference to DSFC incident reporting requirements in OFH documents. |
Operational Management |
DSFC Part 2: Clause 4.1.8 |
Observation |
|
|
The OFH password standard follows national guidance on the complexity and recommended requirements for access to systems and networks. However no mention is included of any action to be taken in the event of a major cyber attack. |
Access Control |
OFH Password Standard v1.0 |
Observation |
|
|
Within the DSA a declaration has been made that outputs from the cohort will be published in 2024. At the time of the audit no outputs were evidenced. |
Use and Benefits |
DSA Annex A, Section 5c |
Follow-up |
Opportunities for improvement
The following table identifies 2 opportunities for improvement which could help an organisation improve its controls and processes.
Opportunities for improvement
|
Ref |
Opportunities for improvement |
Link to Area |
|
1 |
Additional monitoring of the automation that ensures organisational leavers and movers are removed from access to systems should be developed. |
Access Control |
|
2 |
All OFH policies and procedures would benefit from the addition of a review date section within each document. This would support the timely review and change to these documents whenever an update in practice, law or a stipulated review period required it. |
Operational Management |
Use of data
OFH confirmed that the datasets were only being processed and used for the purposes defined in the DSA and were not being linked with another dataset.
Data location
OFH confirmed that processing and storage locations, including disaster recovery and backups, of the datasets were limited to the location shown in the following table. These locations conform with the territory of use defined in section 2c of the DSA
| Organisation | Territory of Use |
|---|---|
|
OFH |
Worldwide |
|
Microsoft Ltd |
Worldwide |
|
DNAnexus Inc |
Worldwide |
Backup retention
The duration for which data may be retained on backup media is:
| Organisation | Media type | Period |
|---|---|---|
|
Microsoft Ltd |
Cloud |
30 days |
Disclaimer
The audit was based upon a sample of the data recipient’s activities, as observed by the Audit Team. The findings detailed in this audit report may not include all possible nonconformities which may exist. In addition, as the audit interviews were conducted through a video conference platform, certain controls that would normally be assessed whilst onsite could not be witnessed.
NHS England has prepared this audit report for its own purposes. As a result, NHS England does not assume any liability to any person or organisation for any loss or damage suffered or costs incurred by it arising out of, or in connection with, this report, however such loss or damage is caused. NHS England does not assume liability for any loss occasioned to any person or organisation acting or refraining from acting as a result of any information contained in this report.
Last edited: 18 March 2025 2:00 pm