Urgent help

Data Hub Records Management Protocol

Policy details

Prepared for: NHS Norfolk and Suffolk ICB
Status: Approved
Version: 1.0
Date: 1/04/2026

Document control details:

  • 29/02/2021 – Version 0.1, Initial draft
  • 5/09/2024 – Version 0.2, Incorporate changes required to be adopted by the ICB and the Joint Controller Group 
  • 8/05/2025 – Version 0.3, Updated document to new template
  • 1/04/2026 – Current version, Revised to apply to Norfolk and Suffolk ICB, instead of Norfolk and Waveney ICB

Purpose and overview

The Norfolk and Suffolk Data Hub is a collaborative initiative where health and care providers contribute their data to support various healthcare projects. Managed by our Processor, NHS Norfolk and Suffolk Integrated Care Board, (NSICB) the Hub ensures secure data hosting, management, and deletion. This protocol outlines the comprehensive records management approach for stakeholders, ensuring compliance with legal, ethical, and technical standards. 

This protocol is to support and follow the principles of the NHS Records Management Code of Practice and in aligns to NSICB’s Records Management Policy.  It does not replace either of these documents. It applies to all stakeholders, including health and care providers, who either act as Joint Controllers or participate in Joint Governance for the Norfolk and Suffolk Data Hub. It covers the entire data lifecycle, from collection and storage to use and eventual deletion.  

Data Collection and Approval

  • Data collection processes will potentially differ for each use case and will depend on nature of the extract and the provider systems. 
  • Secure routes must be established for any extraction mechanisms, and this must be noted in the Use Case documentation. 
  • GP Practices, hospitals and other health and care providers can securely transfer and integrate patient data into the Data Hub through various mechanisms such as Data Factory, SFTP (Secure File Transfer Protocol), SHIR (Self Hosted Integration Runtime) and an integration engine.
  • There are three main sources of data ingested into the Data Hub: 
    • Local Data from regional healthcare providers
    • National Data from the DSCRO
    • Workforce Data from the regional health care providers and NSICB

Each Use Case must undergo an approval process to ensure that Information Governance has been considered by the project stakeholders. This includes assessing the accuracy and contemporaneous nature of the data.

Data and Record Storage and Retention

  • Data will gradually accrue in the Data Hub through the approval of Use Cases. 
  • Data will be retained for the life of the project, as it remains necessary and useful for foreseeable future Use Cases and for creating a longitudinal care record. 
  • In line with ICO guidelines and where practicable, data will be erased or anonymised when no longer needed, but the foreseeable utility of the data justifies its ongoing retention. 
  • Records will be maintained of all use cases, approvals and meeting minutes to ensure evidence of governance processes. 
  • All system access, including user logins, will be logged and maintained. Changes to the data infrastructure—such as modifications or amendments—will be managed via the N&W Change Advisory Board (CAB) group. Upon implementation, all data retrievals from Snowflake will be fully auditable by User and Organisation.
  • Data will be controlled through metadata driven pipelines. The configuration information managed and created for these pipelines form a comprehensive asset register.  This configuration links to the audit repository identifying when data was last received from the provider, supporting the data retention processes.

Data Deletion and Sanitisation on Microsoft Azure

The Processor shall engage a supplier that ensures appropriate deletion and sanitisation processes; 

  • Azure ensures secure deletion of data. When data is deleted, it is first marked for deletion and then securely erased using methods that prevent recovery. 
  • Microsoft Azure follows stringent data sanitisation processes that comply with industry standards such as NIST SP 800-88 Guidelines for Media Sanitization. This ensures that all traces of deleted data are irrecoverable. 
  • The ICB will monitor and identify when items are due for deletion, these are presented to and agreed by the Joint Controller Group. The decision rests with the data controllers whose data it relates. They will agree as part of the appraisal process that this data can be deleted.

Data Governance

  • Joint Controller Governance Group: This group will oversee the data and records generated for the Data Hub, conducting regular reviews and ensuring compliance with legal and ethical standards. 
  • Periodic reviews will assess the necessity, accuracy, and utility of the data, ensuring it   remains fit for purpose. 
  • Record-Keeping: Detailed records of all use cases, extractions and approvals, and reviews will be maintained for audit purposes.