The Somerset Linked Data Platform (LDP) is jointly managed by several health organisations. These organisations needed a strong, legal way to share their data safely.
Building Trust in the Somerset Linked Data Platform
The Data Sharing & Access Framework
The work on the Data Sharing & Access Framework began in early 2024. Health and care data experts across Somerset created it to make sharing data easier.
The Framework solves common data sharing problems by providing:
- Simple but effective rules: Making sure data is shared safely and legally, without extra paperwork.
- Fewer separate agreements: Moving away from needing a new agreement for each project.
- Agreed purposes for data use: Creating a list of approved reasons to use data across the system.
- Legal protection: Making sure all data sharing follows the law, including UK GDPR and the Data Protection Act.
- Less duplicate work: Reducing repeated efforts and speeding up meaningful data use.
- Clear responsibilities: Helping organisations show they're handling data responsibly through a clear, open approach.
The Somerset LDP is the first project using this framework helping partners work together based on trust, openness, and shared decision-making.
Data Protection Impact Assessment (DPIA)
We have designed the Linked Data Platform (LDP) to put best practice safeguards in place; like data anonymisation, tracking who accesses data, and limiting access based on roles. This meets Somerset's needs while protecting people's privacy.
The Data Protection Impact Assessment (DPIA) helps identify and reduce privacy risks. To complete it partners provide technical, legal and ethical expertise. Critically it is a living document, the DPIA is constantly updated as we learn new things, making sure the platform stays legally sound.
Information Governance might seem strict, but it actually helps innovation by keeping projects safe and legal.
Working Together Openly
The Linked Data Platform (LDP) is built on openness, teamwork, and data protection. All partners in the discovery phase signed a Joint Data Controller Agreement (JDCA) under the Data Sharing Framework. This agreement clearly stated each organisation's responsibilities for the data. It made sure everyone understood their shared duty to protect data.
Openness has been key to our approach. We've made sure all partners have the information they need to update their Privacy Policies. We've worked closely with important groups like the Somerset Information Governance Group, the Local Medical Committee, and the GP Support Unit.
We've worked hard to explain what the Linked Data Platform is - and isn't. This helps set clear expectations, address concerns, and strengthen the project's ethical foundation.
Next Steps for the Somerset Linked Data Platform
Trial Phase Report: Looking Back at Progress
We'll publish a report about the information governance work from the trial phase. This will explain what we planned to do, what we achieved, and where we are now.
Expanding the Framework
We want more healthcare partners to join the Data Sharing & Access Framework, including GP Practices, Care Homes, and community organisations.
If you're an ICS partner interested in learning more about the Framework, please contact somicb.pophealth@nhs.net.
Special Legal Permission
We're applying for Section 251 approval from the Confidentiality Advisory Group. This will allow legal use of patient information when getting consent isn't practical, while ensuring transparency and following the law.
Privacy Assessment for the Build Phase
After the discovery phase ends, we'll create a new Data Protection Impact Assessment for the production phase. This will keep privacy and data protection at the center as we move forward.
Updated Agreements and Privacy Policies
As we move to the production phase, we'll create new agreements and privacy policies to reflect the growing scope and protections of the platform.