This section provides answers to questions you may have about the Innovation Gateway, health data and how it is used.

The Gateway does not store, hold or process any patient or health data, so many responses in the ‘General Health FAQs’ section relates to the work of the organisations/individuals who control the data i.e. data custodians/data controllers rather than the Gateway itself.

Much of the content on this page has been informed by the work of Understanding Patient Data and has been shaped by representatives from Health Data Research UK’s Public Advisory Board. You can find additional information about health data that is broader than the Gateway on Health Data Research UK’s website.


The Gateway FAQs


Health datasets in the UK are held by thousands of different organisations in the UK. It can therefore be difficult for researchers, innovators and also members of the public and patients, to discover what datasets exist. The Gateway was established in 2020 as a common entry point for researchers and innovators to discover and request access to UK health datasets. The Gateway lists information about each dataset (such as description, size of the population contained within that dataset, and the legal basis for access) that can help researchers and innovators decide whether a dataset could be useful to their research and help them to make further health discoveries.

The Gateway was created with input from patients, the public, researchers and innovators working in health and care in the UK. Health Data Research UK is committed to its continued partnership with these groups as the Gateway develops.

You can find out more in our Gateway introduction video here.

You can think of the Gateway as a search-engine or ‘portal’ to help you find health datasets that exist in the UK, but also associated health data resources such as tools, data uses and papers. All the resources the Gateway exist elsewhere but being listed on the Gateway makes them more discoverable. If you are a researcher or innovator and you would like to request any of the datasets listed for your research then you can find an overview of the process here or more detailed instructions here. You can also find other how-to-videos here.

The Gateway lists a growing number of UK health datasets that are from a range of organisations that form the UK Health Data Research Alliance. The Gateway also lists a number of other resources:

  • Courses
  • Data uses
  • Tools
  • Papers

Primarily the Gateway is for researchers and innovators, allowing them to discover UK health datasets (and other health data resources) and enquire about access to datasets which can enable their research and health discoveries. However, by listing health datasets and resources transparently on the Gateway can also be a useful resource for members of the public and patients to see what UK health datasets exist and how they are being used to make further health discoveries that ultimately benefit them.

The community forum allows people in the health data research community – this could be researchers, industry, patient representatives, data controllers – to engage in wide ranging discussions about relevant themes or topics and also give feedback on the Gateway. The Gateway uses an open-source forum software called Discourse that is deployed and hosted by Health Data Research UK. No identifiable patient data will be shared or stored in the community forum. Any other data, relating to individual users from the community, and the content of discussions within Discourse are subject to the privacy policy of the Gateway.

We ask that use of the Innovation Gateway be attributed in any resulting research outputs. Please include the following statement in the acknowledgments: 'Data discovery and access was facilitated by the Health Data Research Innovation Gateway' [insert year]

This statement is in addition to, and does not replace, any other acknowledgements required by the data custodian.

As a researcher or innovator needing health data for your work, a data controller wishing to join the Alliance or a patient or member of the public wanting to find out more information, we want to help you find the information you need. If you have a question then please email us at gateway@hdruk.ac.uk or visit our contact us page and we’ll be back in touch.

Our Development and Improvement Group (DIG) makes sure we have a broad range of audiences and voices involved in future development and gives members the opportunity to get involved in our design workshops and give feedback on our prototypes. To find out more visit our DIG page.

To ensure that users have the best experience when using the Gateway we have a list of approved browsers which are fully supported.

The supported browsers for the Innovation Gateway are:

The Gateway should also work on any other modern web browser which is compatible with HTML5 and CSS3.

Datasets on the Gateway FAQs


No. The datasets you can discover on the Gateway are just listed in the Gateway with associated information rather than ‘stored’. Anyone can see which datasets are available but they will not be able to access and view the data itself. If anyone wants to access the dataset then they will still need to go through a rigorous data access process and be approved by the data controller.

Each dataset listed on the Gateway has a ‘How to request access’ button which users can click (you will need to be registered for a Gateway account and signed in). You can find an overview of this process here. This button will take users to a simple enquiry form or a data access application form based on the Office for National Statistics framework developed in collaboration with data custodians. Either form will then connect the user with the data custodian for that dataset, who will ask for details on why the user needs the dataset for their research and they will ultimately make the decision on whether access is granted (see more detail in ‘What happens when a researcher or innovator requests access to data?’ FAQ below). There is also more info on data access in our how to video here.

The Gateway was ultimately created for researchers and innovators to discover and enquire about access to datasets for their research. Individuals requesting access will need to explain why they need access to the dataset for their research and how by gaining access they will use the data to improve health and care services and generate public benefit. Therefore it would not be appropriate for members of the public and patients to apply for access.

Before a researcher is granted access, their study is usually assessed by an independent review committee or other decision-making group, who ensure that the reason for using the data is appropriate. If a researcher or innovator wants to access a dataset, they can send a request via the Gateway (as detailed in the ‘How do I request access to data through the Gateway' FAQ above) and this will be considered by the organisation that looks after that dataset. Each of these organisations (who sit within the UK Health Data Research Alliance) will have their own data access requirements and processes.

Wherever possible, identifying information will be removed from that data, and researchers should only be given the minimum amount necessary to answer a question. Data must be stored securely, and a legal data sharing agreement must be signed before data can be accessed.

Often a study will need to use data about an individual that is held in more than one dataset. When this happens, a trusted third party, usually NHS England, links the data using a unique identifier (such as NHS number which is then removed) to make sure the researcher cannot re-identify individuals.

There is no identifiable patient data in the Innovation Gateway. If access to the data is granted to a research/innovator then there are various safeguards in place work to reduce the risk of data being re-identifiable. This will include:

  • Identifiable information being removed and data being anonymised where possible
  • Only linking data through a unique identifier (which is then removed) by a trusted third party (e.g. NHS England)
  • Providing access through Trusted Research Environments [link to glossary] or Safe Havens to minimise the risk of data being downloaded or transferred and used to identify any individual person.

For a helpful description of what is meant by identifiable data, please read Understanding Patient Data’s factsheet.

The Gateway is a work in progress, and uses metadata from across the UK Health Data Research Alliance and Health Data Research Hubs. A full set of metadata is not yet available for all datasets, and more metadata will be added as the Gateway develops.

General Health Data FAQs


Whenever we go to a doctor or a hospital, they collect data about us, our health and our lifestyle. This is recorded and stored in our patient record. It may include our height and weight, whether we smoke, how much we drink, detail of any allergies, what aches, pains or infections we’ve got, and what medications we are taking. It may also include the results of blood tests, images from MRI scans, and any procedures we’ve had, together with contact information, date of birth, and next of kin information.

Other specialists we see, for example dentists, physiotherapists and psychologists, will also create records.

The NHS uses this information to help provide the best clinical care for us. As a patient record contains sensitive information about our health, it must be handled very carefully and accessed safely and securely, to protect confidentiality.

Other types of health data include information collected during clinical trials and cohort studies or data generated by you; for example, health apps, fitness trackers or patient surveys.

If data from many different patients is linked up and pooled, researchers and doctors can look for patterns in the data, helping them develop new ways of predicting or diagnosing illnesses, and identify ways to improve clinical care. The information from health data is extremely valuable to help understand more about disease, to develop new treatments, to monitor safety, to plan services and to evaluate NHS policy.

Providing access to health data will never be completely risk-free, but there are appropriate measures in place to make any risks as low as reasonably possible. Evidence suggests there are three key areas that people are concerned about when health data is used and the following provides a brief overview of some of the measures in place to address those key concerns.

1. Invasion of privacy, or information about medical history being revealed to others

Data is anonymised wherever possible and although it is extremely difficult to guarantee individuals could not potentially be identified if data is linked to other sources, there are multiple safeguards in place – both by Health Data Research UK and the organisations that manage the data – to reduce the risk of data being reidentified. There are audit processes to check who is accessing data, and robust penalties can be issued where data is misused.

The General Data Protection Regulation (GDPR) specifically makes it a criminal offence to deliberately attempt to, or to re-identify someone (conditions apply).

2. Loss of control if data is passed outside the NHS

Currently, most of the ‘data breaches’ in the health sector occur when information is accidentally posted, faxed or emailed to the wrong person.

The Gateway does not hold or store any patient or health data. If access is provided by the data controller, research on the data will be carried out in what is known as a Trusted Research Environment or Safe Haven. These are highly secure places – either physical servers often in a locked room or on a Safe Cloud – that can only be used by researchers who have been permitted entry. Any technology companies involved in providing or supporting the Safe Havens will not be able to see or access the data.

This minimises the risk that any data can be downloaded or transferred and then used to identify any individual patient.

3. The possibility of cyber attacks or hacking

The Gateway does not hold or store health data nor does health data flow into it for any processing or analysis. It does hold metadata [link to Glossary] that describes the datasets but metadata does not contain any personal information. The other data held within the Gateway is user profile information, which is held securely and encrypted, and information about health data research projects and tools. The community forum also holds data relating to members of the health data research community who participate in discussions. These data are subject to the privacy policy of the Gateway.

Key to the development of the Innovation Gateway is that it operates securely and will be subjected to regular security testing including penetration testing. Should these security controls fail and a hacker were to gain access to the site they will not have access to either health data nor to unencrypted user profile information.

It is usually possible to opt out of sharing health data held in personal records about you. To do this, contact the organisation that holds the record (such as your GP practice or hospital). If you live in: