Governance

Find out about EPICare's governance

The EPICare platform adheres to stringent governance procedures to access, store and analyse data provided by patients. The EPICare platform has been approved by the Health Research Authority, and complies to the UK Data Protection Act, and each NHS Trust's governance procedures. Evaluation of data on the EPICare platform is overseen by an independent Programme Steering Committee which includes people with lived experience of psychosis. On this page you can find out more details about our governance.

Data collection and processing
Data storage / hosting
Data security and protection
Organisation roles and duties
Data access
Consent and opting out of EPICare
Ethics and required registrations
Funding

1. Data collection and processing

EPICare data are collected as part of clinical routine care. The data will be managed by NHS Trust IT and compliant with NHS Trust policy.

Data will be collected from the existing electronic patient record (EPR) system and converted into a comma-separated values (CSV) file format for upload to the Trust’s secure server and processing by EPICare-developed programme software. Processed data will populate the EPICare dashboard, which can be accessed only by authorised Trust users.

EPICare will collect such personal data as (but not limited to):

Patient Demographic Data

NHS Number

Marital status

Postcode at first referral/acceptance by EIP (not updated if moves in the future)

Accommodation type

Employment Status

Lower Super Output Area (LSOA)

Emergent psychosis start date

Manifest psychosis start date

Referral pathway

EIP discharge date

Transfer status

Allocated care professional

Special Category (Sensitive data)

Sex [and gender if available]

Ethnicity - what measure for ethnicity

National Clinical Audit of Psychosis (NCAP) 8 measures:

EIP referral date

First EIP treatment date

CBTp (offer)

Family interventions (offer)

Treatment with clozapine (offer)

Medication prescribing

Education & employment support (receipt)

Substance use

Data will be collected, processed and stored for patients who meet all eligibility criteria for inclusion:

- BMI
- Blood pressure
- Full blood count
- Blood glucose
- Lipid levels
- Liver function
- Healthy eating interventions (offer)
- Physical activity programmes (offer)
- Smoking cessation interventions (offer)
- Carer support (offer)
- New brief clinician reported outcome measure:
- CGI-SCH {CROM} - positive & negative symptom measure
- Current routinely collected outcome data
- Recovery and Quality of Life {PROM - via app}
- Goals and Goal Based Outcomes: GBO {PROM - via app}
- Health of the Nation Outcome Scales (HoNOS) {CROM}
- DIALOG {PROM - via app}
- Positive and Negative Symptom Scale (PANSS) {PROM - via app}
- Cognitive Measure
- Symbol to symbol substitution test (SSST) {PROM - via app}
- Medication data
- if available (lower priority)
- Other routinely collected data
- Physical health assessment and outcomes
- Migration status (if available)

CROMs

Patient demographic data, NCAP data, and Clinician-reported outcome measures (CROMs) are collected from the patient’s existing EHR.

PROMs

Patient-reported outcome measures (PROMs) data are pseudonymised and collected either via the CareLoop EI app or a different Trust-specific process. Where the Careloop EI app is used to collect PRONs, the data are transferred via secure API to the Trust server where they are viewable by the patient’s care team through the EPICare dashboard. No identifiable patient data are collected through the CareLoop EI app.

14 - 65 years old
Receiving EIP service care
Receiving care from an EPICare demonstrator NHS Trust

Data collection as part of the EPICare programme falls under the legal basis of:

Article 6 GDPR

Public interest or in exercise of official authority;

Legitimate interests pursued by the data controller except where those interests are overridden by the rights of the data subject;

Article 9 GDPR

Preventative or occupational medicine, assessing the work capacity of an employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems or a contract with a health professional;

Public interest in area of public health;

Historical, statistical or scientific purposes.

2. Data storage/hosting

EPICare data will be stored/hosted across several databases:

NHS Trust-housed database

Trust infrastructure, maintained by Trust technical teams, will host the EPICare dashboard. The data stored within these EPICare systems will be accessible to Trust clinicians, and all identifiable data will remain within the Trust. The database will contain both routinely collected data and digital patient-reported data:

Routinely collected data will be sourced from Trust EHRs and transferred securely between Trust-controlled systems for rendering within the EPICare Dashboard
Digital patient-reported data (including PROMs and a digitized version of the DSST cognitive task) will be collected via the CareLoop EI app on mobile devices and securely made available to Trust systems

Within each Trust, a local registry will store all relevant data in a form conducive to pooling data. Data will conform to a mature and adopted data standard (capable of supporting SNOMED-CT). The data form the local registry will then be pseudonymised and securely passed to the national registry, to be used for research purposes.

National registry data

Trust EPICare data, once pseudonymised, are passed to the national registry where they are stored securely ready to support future linkage with other external datasets. The national registry acts as a database of pooled pseudonymised data from all EPICare Trusts for which access may be provided for legitimate research purposes. The pseudonymised nature of the EPICare data prevents re-identification by researchers. De-identification and re-identification processes will instead be overseen by the Trusted Research Environment (TRE) hosts of the national registry, SeRP, in collaboration with an NHS partner.

CareLoop EI app data

PROMs will be collected from patients via the CareLoop EI patient-facing mobile app. CareLoop EI app data will be transferred securely from the app to the Trust-hosted EPICare dashboard and then included within the pseudonymised pooled data passed to the national registry. CareLoop data may be stored on an intermediary CareLoop server or forwarded directly onto the Trust server depending on IT capabilities and preferences at the host Trust. CareLoop has no access to the data collected via the CareLoop EI app as the app uses unique identifiers for users, the keys for which are held within the Trust infrastructure, and therefore does not contain identifiable patient data.

The following diagrams also provide an overview of the data flow and storage between the EPICare systems:

Fig 1. CareLoop data is forwarded to the Trust server via an intermediary secure server

Fig 2. CareLoop data flows directly to the Trust server

Fig 3. EPICare system key

3. Data security and protection

We place high importance on the security, integrity and confidentiality of the data collected and stored as part of EPICare through:

Role-based access and MFA

Controlling access to data held by Trusts and within the national registry
Employing role-based access to data held by Trusts and within the national registry in alignment with security policies
Controlling access to privileged accounts and the EPICare database using multi-factor authentication (MFA)

Audit trails

Maintaining full audit trails of all actions made, with time-stamped logs, on data held within the secure database - these detailed audits capture actions carried out by clinical users and the logs are available to Trust staff for routine and spot inspections

EPICare server infrastructure

Providing all technical staff supporting the EPICare platform with appropriate training and requiring them to have relevant certifications
Maintaining EPICare server infrastructure – deployment, back up, restoration, access and monitoring of the dashboard by each participating NHS Trust in compliance with all applicable local and national guidance, policies, processes, and regulations
Restricting access to infrastructure to only trained and authorised personnel within restricted access buildings, as managed by the participating NHS Trusts

Physical security

Managing infrastructure in accordance with each host Trust's existing policy and practice and routine practice for security of health data, as managed by specialist Trust staff

Network security

Restricting access via firewalls
Maintaining servers through up-to-date antivirus software, routing security updates and patching

EPICare also features security features specific to the data infrastructure:

Trust-based secure hosting: Each NHS Trust are responsible for housing their electronic health record (EHR) data within each NHS Trust infrastructure and for ensuring compliance with all relevant NHS and statutory data laws and regulations
CareLoop server: The CareLoop EI data is housed within an ISO27001 secure hosting environment with Amazon Web Services, based in the London region, UK. The CareLoop app complies with NHS DSP Toolkit and is NHS DTAC compliant. The system is routinely scanned for vulnerabilities. All CareLoop technical staff are trained in the secure handling of sensitive data

National registry hosting: Hosting within the registry is managed by SeRP, which has ISO27001 and NHS Toolkit and Digital Economy Accreditation Information governance. The entire technical stack is managed by an expert trained Trusted Research Environment technical team with single management group responsibility. SeRP is widely used across the UK for the hosting and management of health data

Personal data

Personal data and sensitive personal data recorded on all documents (such as name, date of birth, NHS number, email or postal address, health information, medical history) will be regarded as strictly confidential and will be handled and stored in accordance with the Data Protection Act 2018 (and subsequent amendments).

In the case of specific issues and/or queries from the regulatory authorities, it will be necessary to have access to the complete study records. Representatives of the EPICare study team and sponsor may be required to have access to participants’ notes for quality assurance purposes, however, participant’s confidentiality will be respected at all times. The Study Office will maintain the confidentiality of all participant data and will not disclose information by which participants may be identified to any third party.

4. Organisation roles and duties

Data Oversight Committee (DOC)

The DOC provide study oversight and monitor progress and conduct. The group also advise on scientific credibility and the use of EPICare registry data in future research. The DOC feed into the MHM Operational Management Committee and is made up of both independent and non-independent members, with the membership and duties of these members outlined by the DOC charter. Members of the DOC are required to provide declarations on potential competing interests as part of their membership of the committees.

Project Management Group (PMG)

The PMG are tasked with monitoring study conduct and progress. They also ensure adherence to the protocol and take appropriate action to safeguard participants and the quality of the study itself.

The group comprises the individuals responsible for the day-to-day management of the study, as required:

Chief Investigator (CI)
Study manager
Representatives from the sponsor and co-investigators (including site leads from each participating NHS Early Intervention in Psychosis (EIP) service, clinically active academics, data provider sites, representatives of research governance and information governance, and other Mental Health TRC Early Psychosis Workstream members)

NHS Trust responsibilities

Each participating Trust is responsible for the data security and protection of the EPICare dashboard as it is deployed within Trust-controlled and monitored systems. The NHS Trust is also responsible for the support and maintenance of software deployed within Trust infrastructure. Comprehensive testing to assure data exchange and rendering is correct to the underlying data will be regularly and automatically carried out with each software update. These tests will guarantee data that are presented in the match the underlying data passed over for rendering.

Each participating NHS Trust will support data isolated validation checks to assure imported and exported data exchanged with the dashboard or national registry match the source data.

Each Trust site is also requested to notify the Study Office of any suspected study-related serious breach of Good Clinical Practice (GCP) and/or the study protocol as soon as they become aware of them so that these can be investigated by the Study Office. Trusts are also requested to co-operate with the Study Office in providing sufficient information to report the breach to the REC where required and in undertaking any corrective and/or preventive action.

The Sponsor for this study is Birmingham Women’s and Children’s NHS Foundation Trust and the study coordinating centre (Study Office) is EPICare at the University of Birmingham Institute for Mental Health. The sponsor is responsible for notifying the Research Ethics Committee (REC) of any serious breach of the conditions and principles of GCP in connection with that study or of the protocol relating to that study.

5. Data access

Accessing EPICare

The EPICare dashboard can be launched via the existing Trust Electronic Health Record (EHR) system (e.g. Carenotes, RiO) and used by clinicians to view the data collected as part of the EPICare programme (patient demographics, data corresponding to the NICE psychosis care standards, Clinician-reported outcome measures (CROMs), and Patient-reported outcome measures (PROMs).

Learn more about the data collected by EPICare

Each partner Trust will deploy the EPICare system independently, as best suited to the Trust’s existing infrastructure, and EPICare data will be managed by NHS Trust IT and be NHS Trust policy compliant.

Data sharing

EPICare will invite data sharing applications to access the EPICare registry data for research purposes which will be reviewed by the EPICare Project Management Group, advised by the Data Oversight Committee (DOC). Such applications will only be granted for scientifically sound proposals from appropriately qualified Research Groups. Upon data release approval, a formal Data Sharing Agreement (DSA) may be required between respective organisations, and data will be fully de-identified (anonymised) unless the DSA covers transfer of participant identifiable information. Any data transfer will use a secure and encrypted method.

The Academics & Policymakers section of the website will be updated with more information about data sharing, including when applications open.

Visit the Academics & Policymakers section of the website

6. Consent and opting out of EPICare

Individual patient consent for inclusion of their data in the Trust-level dashboard is not required or sought to ensure a true representation of all patients receiving EIP services in England. The Confidentiality Advisory Group (CAG) has also confirmed that no Section 251 waiver is required.

Therefore, data for all patients who meet the inclusion criteria will be included in the national psychosis registry unless they have opted-out via the NHS National Data Opt-Out. You can find out more about this at the link below:

Visit the NHS National Data Opt-Out website

If a patient’s data are included in the EPICare registry, they will be contact within the first 12 months to opt out of being contacted about future research.

7. Ethics and required registrations

The East Midlands – Derby Research Ethics Committee reviewed the application and approved the project on 08/06/2024 IRAS ID: 334905, REC reference: 24/EM/0151

This study will be conducted in accordance with the UK Policy Framework for Health and Social Care Research and applicable UK Acts of Parliament and Statutory Instruments (and relevant subsequent amendments) (which include Data Protection Act 2018 and Mental Capacity Act 2005) and the Principles of GCP as set out in the UK Statutory Instrument (2004/1031; and subsequent amendments).

ICO Registration Number

BWC: Z6078102

CareLoop Health Ltd: ZB255439

Department of Health’s Data Security and Protection Toolkit (DSPT) Registration and Score

DSPT Registration Number

BWC: RQ3

CareLoop Health Ltd: !5W5K

CareLoop Health Cyber Essentials certificate number: eabe-4822-b972-411a-9386-3b5f7f43b939

CareLoop Health is ISO13485 certified.

8. Funding

This research was funded by the Office for Life Sciences and the National Institute for Health and Care Research (NIHR) Mental Health Translational Research Collaboration, hosted by the NIHR Oxford Health Biomedical Research Centre.

There are no financial or other competing interests related to the results of this study. Members of the Data Oversight Committee (DOC) are required to provide declarations on potential competing interests as part of their membership of the committees. Authors are similarly required to provide declarations at the time of submission to publishers.

If you have any further questions about EPICare governance, get in touch via our contact form

You can also find out more about EPICare at the link below

Find out more about EPICare