This makes the site run faster and easier to use. Unfortunately, your browser is out of date and will not support some of these technologies.
We recommend that you use a modern browser such as Google Chrome or Microsoft Edge to view this website.
Under our collaborative Strategic Research Agreement model we ensure healthcare systems retain full control of their anonymised patient data.
We work closely with leading clinicians in our partner health systems to understand the patient journey on a clinical pathway, and how the different data sets available within each health system link to these pathways. This enables us to contextualise specific research questions and understand how the different data sets can be optimally used to provide solutions that support meaningful research.
Find out more about specific Strategic Research Agreements partners"Anonymised Data" is defined in Recital 26 of the GDPR as anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. Recital 26 goes on to provide that the GDPR and its principles of data protection does not therefore concern the processing of such anonymous information, including for statistical or research purposes. The ICO defines "anonymisation" as the process of stripping personal data of sufficient elements that mean the individual can no longer be identified.
For the data to be considered anonymous, it should not identify any individual and should be unlikely to allow any individual to be identified through its combination with other data.Sensyne Health manages risk in the processing of data using a certified Quality Management System (ISO13485 - Medical Devices Quality Management Systems and ISO27001- Information Security Management Systems) to ensure the safeguarding of data by implementing physical and digital controls and procedures from the data source through to transport, storage, analysis and disposal of anonymised data.Information Security compliance is ensured by means of external certification to ISO27001, which includes specific requirements dictated by GDPR and by internal procedures that address further defined requirements mandated by data protection legislation and security management system.
Sensyne Health is registered with the ICO (Information Commissioner’s Office) as required by GDPR and DPA 2018 (registration number ZA451278).
At the time that we make a request to an SRA partner health system for anonymised patient data, we submit a document to the health system containing specific key information concerning the request, in accordance with an agreed information governance framework and standard operating procedures. Our governance work with the health system is based upon and designed to satisfy the Caldicott Principles for data sharing and relevant data governance legislation such as GDPR. There are two distinct types of data requests that we can make:
The 6 GDPR principles listed in Article 5 are embedded in the process we use:
Sensyne’s primary position is that it will only ever receive from the health system datasets that have been anonymised in accordance with current ICO guidance on anonymisation, these therefore do not constitute personal data under GDPR Article 4 (1)
Notwithstanding this primary position, Sensyne imposes an additional layer of information governance, including a Data Processing Agreement (DPA) to support the Strategic Research Agreement (SRA) to address the situations where the datasets received from the health system are either (a) not properly anonymised in accordance with ICO guidance or (b) capable only of being pseudonymised in accordance with the ICO guidance (for example in the case of very small datasets in rare diseases where the appropriate health system approval would be requested).
For this reason, we predominantly provide a DPA which attributes joint controller status, in accordance with Article 26 of the GDPR, to the health system and Sensyne for the purposes of the SRA and with respect to the processing of this data. Data is reviewed by Sensyne’s Information Governance Team before being released to Sensyne’s data scientists. Should data in the dataset sent to Sensyne Health be found not to be anonymised, Sensyne Health’s Information Governance team will immediately quarantine and delete the affected records or part thereof. Sensyne will document each step of the foregoing process and file it within Sensyne’s QMS and inform the Trust of the affected records or any part thereof. If requested, Sensyne will provide the details of the QMS records to the health system.
Once the partner health system has agreed to the data access request, extracted the data and anonymised it, the anonymised patient data is encrypted by the health system and transferred to Sensyne Health via SFTP (secure file transfer protocol) for our teams to analyse.
All anonymous patient data transferred to Sensyne Health is stored and processed within ISO 27001 certified secure data center environments.
Network access to such networks is restricted via strict Firewall rules, NACLs (Network Access Control Lists), VPN connection and Bastion jump boxes. All Sensyne Health IT environments have multiple network access controls in place. Access to anonymised patient data is managed centrally by our IT Team and governed by our ISO certified QMS (quality management system) and IG (information governance) process. All network activity and network traffic flow within secure environments is monitored and controlled. Specific workstations within Life Sciences have controlled access to such data.
Sensyne Health uses Microsoft Azure for its cloud storage and processing environment, which offers greater flexibility, ease of data sharing and transfers, greater resiliency, and a continued robust security infrastructure.
All data will be anonymised and include only the minimum required amount of data necessary. Sensyne will be contractually required to access and use data within the highest standards of responsibility and obligation as per the contractual arrangements within the SRA and DPA.
The Azure environment offers improved speed-to-care, provision of cleansed and standardised datasets to improve clinical decision making for patient pathways. This model also offers:
In addition to the ISO, Data Protection and NHS Digital Data Protection and Security standards that Sensyne aligns to, Microsoft Azure is compliant with the following UK and global standards:
Sensyne’s robust Cyber Security framework, MFA (Multi-factor authentication), conditional access controls and Data Loss Prevention methodologies ensure not only that only permitted employees have access to Healthcare organisation data within the Azure environment but also access is restricted to trusted devices and locations. Sensyne Health is able to ensure service provision continuity and complete end-to-end security and protection built on the robustness and security principles of Microsoft Azure. The advanced infrastructure and security capabilities of Microsoft Azure enable greater flexibility and scalability of services whilst providing cutting edge security capabilities.
Raw patient level data will not be shared with a pharma client. Sensyne Health data scientists and biostatisticians will have access to the raw anonymised data for analysis and must do so from a secure network where the data is held for the duration of the analysis.
Sensyne Health does not sell anonymised patient data to any third parties.
Sensyne Health works to create potential patient benefit from the analysis of anonymised patient data in a number of ways, including but not limited to:
Whenever a data request is issued to a health system, we expressly state our reason for requesting the data and the potential patient benefit we expect to arise from our analysis.
Sensyne Health is a British tax paying, publicly listed company. The Company is accountable for its compliance with appropriate ethical oversight and information governance, including conformance with NHS principles, GDPR and the UK Data Protection Act 2018 and other applicable regulatory requirements.
Sensyne Health is committed to the use of international standards for the management of the Company’s quality systems and regulatory framework. These include standards such as ISO27001 (information security management systems) and ISO13485 (principles and requirements for medical device manufacturing).
Our processes to ensure compliance with all the principles, regulations, requirements, and standards outlined above have been described in other sections of this document.
Sensyne Health was an early signatory to the Department of Health and Social Care’s ‘Initial Code of Conduct for data-driven health and care technology’. We also abide by the principles set out in the DHSC’s Guidance document: ‘Creating the right framework to realise the benefits for patients and the NHS where data underpins innovation’, published on 15th July 2019.
We are committed to transparency and hold ourselves to the highest levels of account across every aspect of our business.
The Data Processing Protocol (DPP) specifies data retention times after which Sensyne Health will destroy the data sets.
Sensyne Health works on a broad range of therapeutic areas, typically with the highest unmet medical need. We have programmes in respiratory, cardiovascular, neurodegenerative and immunological diseases and cancer, but are continually evolving our internal R&D programmes based on the needs of our partners, both health systems and pharmaceutical.
Commercial value is created by the application of Clinical AI technology and expertise to the data to generate novel insights. When a partner health systems’ anonymised patient data is used to create commercial value, the health system will be entitled to a percentage royalty on the revenues calculated by reference to the proportion of their anonymised patient in the overall pool of data that helped to generate a new insight. This is in addition to the potential of equity ownership in Sensyne Health plc provided to health systems in consideration for entering into Strategic Research Agreements with the Company.
Our partner health systems now hold a significant number of the shares in Sensyne Health and have formed an Advisory Group to facilitate regular discussion with the company. We hope that the Advisory Group will:
Health systems that partner with Sensyne Health under Strategic Research Agreements (SRAs) are not restricted from using their patient data in any way. Sensyne Health does not require heath systems to enter into agreements which grant exclusive right of access to or use of raw data, either patient or operational data.
Sensyne Health is a signatory to the Department of Health and Social Care’s ‘Code of Conduct for data-driven health and care technology.’
Health systems that partner with Sensyne Health are not restricted from using their patient data in any way, either locally or nationally. In fact, Sensyne Health is working to help health systems improve the quality and curation of the data they have for the benefit of the health system audit, research, and quality improvement processes.
In order to obtain a longitudinal view of patients, Sensyne Health typically requires access to electronic data that includes prescribing data, demographic data, vital-signs, laboratory data, imaging data, genetic data (where available), procedures and diagnosis codes (usually expressed as ICD10-codes).
There is no minimum number of records required and we work with health systems to determine what is required and is possible, based on the specific requests we receive from our pharmaceutical partners.
Sensyne Health’s digital health applications include license provisions allowing us to extract both aggregated and anonymised patient data for the purposes of operational and product improvements as well as for medical research purposes. In this case, anonymisation is done as part of an automated pipeline and stored securely in the same way as health system data.
Where a partner health system has licensed our digital health applications and has a Strategic Research Agreement (SRA) with Sensyne Health, data from the applications can be integrated into the health systems’ electronic patient record systems where technically possible; in this situation, Sensyne Health may request data from the applications linked to other health system data in the normal way under the SRA, as set out in the previous paragraph.
We work closely with partner health systems to try to ensure that the data extraction process minimally impacts the workload of health system staff. Overall, we put patient benefit at the center of what we do, and work with our partner health systems to ensure we are not putting undue pressure on their existing staff.
When a request from a pharma client or one of our internal R&D programmes defines the need for a data request, we draft an AIR or DPP which outlines the data needed to answer the question. This data request is shared with our key point of contact in the health system who then shares this with their clinicians for review. This also allows the clinicians to add in relevant research questions which they would like answered as part of the research study for consideration by the Life Sciences team.
With regards to a DPP, once this is final, it goes through IG approval from both Sensyne Health and the health system and data is extracted, anonymised and shared via encryption, for analysis by Sensyne Health’s Life Sciences team. The outcomes from this analysis are finally shared with the pharmaceutical client.
The SRAs have an IT grant mechanism which can be drawn upon to fund additional IT resources to enable the creation and access to anonymised data sets within partner health systems.
We are interested in entering into separate Clinical Research Agreements (CRA) with health systems to develop clinical algorithms to provide real time clinical management support for clinicians across multiple conditions.
We provide IT investment funding within each SRA to pay for health system IT infrastructure development that will enable access to anonymised data sets that may support future health system research programmes.
For programmes that we run, we work with the clinicians within the partner health systems to ensure we can advance their research objectives.
We can work with teams within partner health systems to use Sensyne Health’s Clinical AI expertise and technology to answer questions aimed at improving patient care or improving a health systems’ operational efficiency.
Sensyne Health operates in complete alignment with all 5 of the principles set out in the Guidance document, published on 15th July 2019:
Access to clinically led expertise in machine learning team.
Development of structured, curated, contextualised data.
Data analysis to answer key health system questions in medical research, patient care and operational efficiency.
The creation of a link between the life sciences industry and health system clinicians.
Value and a financial return.