top of page


Anonymised data
  • Anonymised data is data where the unique patient number that links it to an individual has been replaced by a random number, so that it is virtually impossible to link that data back to an individual patient. In some cases (for example, with extremely rare conditions) it could be possible to re-identify an individual from their anonymised data. To avoid this, INSIGHT will ensure that data susceptible to being re-identified is removed from any datasets before they are made available for research (see re-identification below).

  • For comparison, see pseudonymised data below

  • Find out more about keeping data safe on the Understanding Patient Data website​​​​​​​​

  • A dataset is a collection of data. The different datasets INSIGHT makes available for researchers relate to collections of specific types of eye data from the patient population served by individual NHS Foundation Trusts. These may be disease-specific, or based on a particular type of data.  The datasets may contain millions of pieces of data - for example, eye scans collected from patients with a particular eye condition over months or years. When researchers want to analyse a particular type of data, we can extract it from a dataset to ensure only the minimum amount of data is shared. We only ever provide access to datasets that have been anonymised, which means any information that could be used to identify a patient has been completely removed. 

Data Use Application
  • When researchers have decided that they would like to access an INSIGHT dataset, they must fill out our 'Data Use Application' form. This is the start of a rigorous process to check 1) that the researchers are from an appropriate organisation 2) that their research is likely to benefit patients 3) that the research will be conducted in a secure environment 4) that any risk of patient identification is minimised 5)  that the views of patients and the public have been taken into account.  

Data Controller
  • A Data Controller determines the purposes for which, and the manner in which, personal data is processed. In the case of INSIGHT, there are currently two Data Controllers: Moorfields Eye Hospital NHS Foundation Trust (MEH) and University Hospitals Birmingham NHS Foundation Trust (UHB). 

  • Find out more about how and why patient data is collected, stored and used on the MEH  and UHB websites.

Data Custodians
  • INSIGHT's data custodians are responsible for applying our strict rules on the safe custody, transport and storage of data. They look after the technical environment and database structure which allows INSIGHT's datasets to be anonymised, catalogued and made available for research queries. 

Data Processor
  • A Data Processor is responsible for processing personal data on behalf of a Data Controller. Data Processors have specific legal obligations and are required to maintain records of personal data and processing activities. 

Five Safes
  • The 'Five Safes' are a nationally approved framework for making decisions about the safe and effective use of data considered to be confidential or sensitive, which includes health data. The Five Safes are: Safe Projects, Safe People, Safe Settings, Safe Data, and Safe Outputs. They were devised by the UK Office for National Statistics to ensure that personal data is used safely and that the analysis of data for research does not result in the identification of individuals. INSIGHT use the Five Safes as the basis for considering Data Use Applications. You can find out more about how they are applied on our Data Trust Advisory Board page.

  • Find out more about the Five Safes on the UK Data Service website

Google Cloud
  • Cloud computing makes computer system resources available to individuals and organisations on demand, especially large-scale data storage (cloud storage) and high-capacity computing power. Like other 'clouds', Google Cloud is set of physical assets, such as computers and hard disk drives, and virtual resources that are contained in Google's data centres. INSIGHT only uses Google data centres within the UK for data processing and storage. 

  • Find out more on the Google Cloud website

Health Data Research UK (HDR UK)
  • Established in 2017, HDR UK is the national institute for health data science. It is an independent, non-profit organisation whose work spans academia, healthcare, industry and charities, as well as  patients and the public. Its staff include some of the world’s leading experts in health data research and innovation, who are working together to develop and apply cutting-edge approaches to clinical, biological, genomic and other multi-dimensional health data to address the most pressing health research.

  • Find out more on the HDR UK website

Health Data Research (HDR) Innovation Gateway
Information governance / governance screening
  • In the case of INSIGHT, 'information governance' is the way in which personal health data is handled or processed. The framework used to make decisions about how data is collected, stored, anonymised and shared is governed by a number of laws and guidelines, including the Data Protection Act 2018, known as the General data Protection Regulation or 'GDPR'.  INSIGHT has a strict and transparent system of Information governance at its core. We ensure that data is always held securely and only used for purposes that will benefit patients. Records of patients who have opted out of sharing their health data for planning and research is removed; only the minimum amount of data required is shared with researchers, for a limited period, and under strict legal constraints as to its storage and use. 

Linking of data (data linkage)
  • When data from multiple sources is linked, this is known as 'data linkage'. It can be a powerful tool for researchers looking to make connections between different but related pieces of data in order to improve health outcomes. However, there are risks associated with linking sets of patient data, because it increases the risk of identification of anonymous individuals within a particular dataset. As part of its Data Use Application process, INSIGHT checks whether researchers are planning to link any INSIGHT datasets with other sources of data to ensure these risks are minimised. 

  • Oculomics is the science of examining biological signs in the eye in order to i) assess someone’s general health; and ii) detect or monitor specific diseases affecting other parts of the body. Importantly, these biological signs, known as biomarkers, can be assessed using simple, minimally invasive imaging techniques. These includeoptical coherence tomography (OCT), Fundus Autofluorescence (FAF) and digital retinal photographs.

Patient opt-out
  • Anyone who does not wish to share their personal data for research or health planning can opt out at any time using the NHS national data opt-out. This will mean your data is removed not only from INSIGHT, but from all other applicable uses across the whole NHS. 

  • Find out more about the NHS national data opt-out on the NHS website or call the NHS Digital Contact Centre on
    0300 303 5678 (Monday to Friday, 9am-5pm)

  • You can also opt out using the NHS App by going to ‘Your health’.

Pseudonymised data
  • This is data where identifying details (such as name and address) are replaced by a unique code. Pseudonymised data is not shared, but is instead held in a secure environment, accessible only by accredited INSIGHT staff. If necessary, an individual's data can be identified using their unique code – for example, if a patient decides to opt out of sharing their data for research purposes.

Patient and Public and Patient Involvement and Engagement (PPIE)
  • In terms of research, 'patient and public involvement' means it is done 'with' or 'by' the public, not 'to', 'about' or 'for' them. It is when patients and members of the public contribute to how research is designed, conducted and disseminated. It is different to when participants actually take part in a study, for example as patients in a clinical trial.  

  • Public and patient engagement is when information and knowledge about research is shared publicly, for example through a leaflet, a website or a public information campaign aimed at patients or the general public.

  • You can find out more about INSIGHT's PPIE work here.

Re-identification (of data)
  • When it comes to personal data, re-identification or de-anonymisation is a process whereby anonymous data (also known as de-identified data) is matched with publicly available information, or other data, with the aim of finding out the identity of the people whose data is being analysed. It is a risk associated with the use of anonymised patient data, and something which INSIGHT takes very seriously. Our Data Custodians take every step necessary to ensure this risk is minimised before any data is shared with researchers - for example, by removing data from a patients with rare conditions. Researchers who apply to use data from INSIGHT must sign a strict legal agreement to ensure they will not attempt to re-identify any data supplied by INSIGHT. 

Research outputs
  • A research output is the result of a research study or project. It could be something as simple as the publication of research results in a journal, a PhD thesis or a seminar. Or it could be a major breakthrough in the form of a new treatment, new guidelines for clinicians or a piece of technology that improves disease diagnosis. It also includes public dissemination of findings, for example through a press release, media campaign or public event. As part of INSIGHT's Data Use Application process, applicants have to give details of what research outputs they are planning, including any public dissemination of their findings.

​​Trusted Research Environment (TRE), also known as a ‘Safe Haven’
  • TREs are designed to protect the privacy of individuals whose health data they hold while facilitating large-scale data analysis using High Performance Computing that increases understanding of disease and improvements in health and care.

  • Find out more about TREs on the HDR UK website

UK Health Data Research Alliance
  • Convened by HDR UK, this is an alliance of leading health, care and research organisations in the UK, united to establish best practice around the ethical use of UK health data for research and innovation at scale. Moorfields Eye Hospital and University Hospitals Birmingham are part of the Alliance.

  • Find out more on the UK Health Data Research Alliance website

bottom of page