Five Safes framework

In considering potential uses of patient data, ICNARC aims to adhere to the Five Safes Framework, pioneered by the Office for National Statistics and adopted by Health Data Research UK

The Five Safes Framework requires that ICNARC consider the following five dimensions with respect to data access and use: 


Safe people: Can the data user be trusted to use the data in an appropriate manner? Do the researchers have the knowledge and skills to act in accordance with the required standards of behaviour? 


Safe projects: Is the use of this data appropriate, lawful, ethical, and sensible? Is the project expected to deliver public benefit?


Safe settings: Does the tool that the researcher is using to access the data prevent unauthorised use or mistakes? Are there controls on the way the data is accessed, both from a technology perspective and considering the physical environment?


Safe data: Is there a disclosure risk in the data itself? Has the data been treated appropriately to minimise the potential for identification of individuals or organisations?


Safe outputs: Do the results of the research using the data prevent someone from identifying individuals from the data? What can be done to minimise risk when releasing the findings of the project? 

What we implement:


Safe people: People wishing to access ICNARC data are required to provide details of relevant training in information governance and disclosure control.   


Safe projects: All uses of ICNARC data must demonstrate legal bases for processing under relevant legislation (including General Data Protection Regulations) and case law (Common Law Duty of Confidentiality). Applicants must outline the expected public benefit arising from data use and ICNARC’s Data Access Committee considers the intended use within this context.


Safe settings: People wishing to access ICNARC data are expected to detail the environment within which data will be stored and controls on data access. Where compatible with the needs of the research, access is provided via a Trusted Research Environment. 


Safe data: ICNARC only provides access to the minimum data necessary to achieve the aims of the project. Access to sensitive or identifiable data is provided strictly on a need-to-know basis, with appropriate levels of information governance oversight and access controls.


Safe outputs: Applicants are typically bound by legal and contractual requirements limiting disclosure of sensitive or personal information in project outputs. ICNARC monitor the outputs of all data requests, and report these in our data use register