Table 1.
Comparing alignment of the UK healthcare IG regulations against the Five Safes dimensions
| Five Safes dimensions | Dimension description | Alignment with UK healthcare IG regulations |
| Safe project | Security measures in place to ensure that projects involving healthcare information adhere to privacy and data protection regulations | The Data Protection Act 2018, which incorporates the General Data Protection Regulation principles, requires organisations to have clear purposes for processing data, obtain consent from individuals and implement appropriate security measures to protect the data. |
| Safe people | Ensuring that only authorised individuals have access to healthcare information and that their access is appropriate and secure | UK healthcare IG regulations require organisations to implement strict access controls and authentication mechanisms to verify the identity of individuals accessing the data. The National Health Service (NHS) also provides guidelines and training programmes to ensure that healthcare professionals understand their responsibilities when handling patient information. |
| Safe data | Protection and management of healthcare data to prevent unauthorised access, loss or corruption | UK healthcare IG regulations mandate the implementation of robust security measures, including encryption, firewalls and secure storage, to protect healthcare data from breaches and cyberattacks. The NHS Digital Security and IG Standards provide guidelines on data protection and secure handling of healthcare information. |
| Safe settings | The physical and virtual environments where healthcare data is stored, processed and accessed | UK healthcare IG regulations require organisations to ensure that the settings where data are processed or stored, such as hospitals, clinics and healthcare systems, meet certain security standards. This includes measures to prevent unauthorised physical access to data storage facilities and the use of secure networks and infrastructure to protect data during transmission. |
| Safe outputs | Procedures in place to ensure that outputs generated from healthcare information analysis and research are appropriately managed and reported | UK healthcare IG regulations require organisations to deidentify data for research purposes to protect patient privacy. The NHS Digital Code of Practice for Data Release provides guidance on the safe and ethical use of data, ensuring that outputs are properly anonymised and comply with legal and ethical requirements. |
IG, information governance.