Policy details
Prepared for: NHS Norfolk and Suffolk ICB
Status: Approved
Version: 1.0
Date: 1/04/2026
Document control details:
- 7/01/2021 – Version 0.1, Initial draft for review
- 7/03/2021 – Version 0.2, Updated content included
- 28/04/2025 – Version 0.3, Full review to align to operational procedures
- 1/04/2026 – Current version, Revised to apply to Norfolk and Suffolk ICB, instead of Norfolk and Waveney ICB
Introduction
Purpose
Access to health and care data is vital for improving services, understanding population needs, and planning future provision. However, the sensitive nature of this data means that strong safeguards must be in place to ensure that access is appropriate, proportionate, and controlled.
This policy outlines how the Norfolk and Suffolk Integrated Care Board (ICB) manages access to the Data Hub, balancing the need to make best use of data with the duty to protect patient confidentiality and comply with data protection law. It defines how access is granted, managed, monitored, and, where necessary, withdrawn.
This document’s intended audience is all organisations within the Norfolk and Suffolk Integrated Care System.
Scope
This policy covers all forms of access to the Norfolk and Suffolk Data Hub. It applies to different types of users, including analysts, report viewers, system administrators, and, in some cases, contractors. It also applies to provider-specific isolated areas within the Data Hub where local organisations manage their own data processing in line with wider governance requirements.
The policy defines different types of access depending on the user’s role, the purpose for which access is needed, and the appropriate level of technical control. It applies equally to all organisations, staff, subcontractors, and temporary users operating under the Data Hub Use Agreement.
Roles and responsibilities
Clear roles and responsibilities are essential to maintaining strong governance over Data Hub access. Responsibility for data security and compliance is shared between the ICB Data Hub Team, partner organisations, and individual users. Each has a distinct but interconnected role to play, ensuring that data is used safely and appropriately at all times. This section sets out what each group must do to fulfil their obligations under this policy.
ICB Data Hub Team
The ICB Data Hub Team acts as the overall owner and controller of the Data Hub platform and its core datasets. The team’s role is to define standards, maintain technical security controls, provide guidance and training, and monitor compliance.
They are responsible for maintaining access control systems (RBAC groups), approving system administrator access, auditing use where necessary, and supporting the development of isolated provider areas within the Hub.
Partner organisations
Partner organisations accessing the Data Hub play a critical role in day-to-day compliance. They are responsible for identifying who within their organisation requires access, ensuring only appropriate individuals are nominated, and maintaining up-to-date records of access permissions.
Partner organisations must monitor how data is being used locally and ensure compliance with data access and sharing rules, track all outputs generated using Data Hub data, and cooperate fully with the ICB’s audits and compliance processes.
System administrators
System administrators are authorised technical personnel responsible for maintaining the Data Hub’s underlying systems, user access, and platform security.
In addition to infrastructure management, System Administrators may require controlled access to pseudonymised datasets where necessary to support the technical functioning of the Data Hub — including data flows, pipeline development, and system enhancement activities.
Such access must be strictly limited to technical purposes and must not be used for business analysis or reporting.
System Administrators must maintain full audit trails of all dataset access and comply with higher standards of technical governance and security. All access must be proportionate, justified, and subject to review.
Individual users
All individuals granted access to the Data Hub, whether analysts, report viewers, or administrators, have a duty to use data responsibly.
Users must only access the data they are authorised to use, only for approved purposes, and in accordance with the access controls that apply to their role. Any misuse, suspected breach, or concern must be reported immediately and may result in access being removed and further action being taken.
Access management
Managing who has access to the Data Hub, and at what level, is crucial to ensuring appropriate use of sensitive information.
Access is based on a “minimum necessary” principle with users only being given access to the data and tools they need to fulfil their specific role. Different types of access are granted depending on the user’s function, and technical safeguards (such as RBAC groups) are used to enforce limits.
This section explains the different access types and how each is managed.
Analytical access (dataset Access)
Analytical access is designed for professional analysts who require direct access to pseudonymised datasets within the Data Hub.
To ensure that confidentiality is protected, users in this category must not have access to source system data that could allow re-identification and there must have an approved use case identifying the need for access. Analytical access is tightly controlled and monitored, and users must complete specific Data Hub training before gaining access.
System reporting access (report viewers)
System reporting access provides a way for a wider group of users to benefit from the insights generated by the Data Hub without handling raw data.
Users can view pre-prepared reports but cannot manipulate datasets directly. This lower-risk form of access is suitable for operational managers, planners, and other staff who need information to support decision-making.
Partner organisations are responsible for maintaining an up-to-date list of report viewers and sharing with the Data Hub team via agreed methods.
Report viewers are subdivided into two district categories, those who can access pseudonymised level data and those who can access only small number supressed, aggregated or anonymised data.
System administrator access
System administrator access is restricted to authorised technical personnel responsible for managing the infrastructure, user permissions, and the flow and development of data within the Data Hub.
System Administrators may access pseudonymised datasets where necessary to support technical operations, such as pipeline development or system updates.
However, data must only be accessed for technical purposes, not for analytical or business reporting use. Strict access controls, audit logging, and governance training are mandatory for all System Administrators.
Administrative roles are restricted to technical members of the ICB.
Isolated Data Hub areas (e.g. provider-controlled zones)
In some cases, specific areas of the Data Hub have been developed for use by individual provider organisations.
These isolated zones allow providers greater control over their own data and reports, while still operating under the overarching governance framework of the Data Hub.
Each isolated area has its own dedicated RBAC group, and providers are responsible for managing user access and monitoring compliance, supported by oversight from the ICB.
Contractor and temporary access
Contractors and temporary users may occasionally require access to the Data Hub to deliver specific pieces of work.
Such access is not granted by default and must be subject to strict conditions: a clearly defined purpose, approval by Information Governance leads, and time-limited access using dedicated RBAC groups.
All contractor access must comply fully with this policy and must be monitored closely.
RBAC management and accountability
Role-Based Access Control (RBAC) is the technical mechanism used to enforce access restrictions within the Data Hub.
All users are assigned to RBAC groups based on their approved access type. The ICB Data Hub Team is responsible for creating and maintaining these groups, while partner organisations must manage nominations and updates.
Access lists are reviewed at least annually by the Data Hub Joint Controller Group and may be audited at any time by the ICB.
Monitoring and compliance
Strong monitoring and compliance processes inline with The Data Hub DPIA and DSPT requirements protect the Data Hub against misuse, ensure legal and policy obligations are met, and maintain public trust.
Monitoring responsibilities are shared: partner organisations monitor use locally, while the ICB carries out periodic audits to verify compliance.
Breaches of this policy are treated seriously and may lead to suspension or withdrawal of access rights, investigation, and potential further action.
Training and awareness
Effective training is essential to ensure that all users understand their responsibilities and how to comply with them.
The ICB Data Hub Team provides formal training for users with Analytical Access. This training covers data governance, technical use, and reporting standards.
Partner organisations are responsible for ensuring that report viewers are aware of and comply with relevant policies and guidance, including insuring that any staff accessing the reports or data environment are compliance with all relevant local IG training requirements.
Training must be completed before access is granted and refreshed periodically. See below for details.
Policy review
The Data Hub Access Management Policy must remain current and fit for purpose.
To achieve this, the policy will be formally reviewed by the data hub team every three years, or when any significant change comes into effect. Reviews will take account of changes in legislation, national guidance, operational practices, and any lessons learned through audits or incidents.