The SUDGT provides a structured pathway to develop a data governance model to support integrated care, based on a number of core principles:

  1. Care systems need to develop comprehensive collaboration between data management, business intelligence and information governance subject matter experts
  2. Integrated care requires a single, or small number of, data management solution/s across a care system's component organisations
  3. The primary focus of SUDGT is to support secondary use activities across integrated care - it is not designed to support data governance requirements for individual care
  4. The SUDGT approach supports integrated care systems to access individual level pseudonymised data which has the capability to be linked together for specific purposes
  5. Care systems need to access and use the minimum amount of data to support accurate and effective analysis across integrated care
  6. Care systems need to undertake data minimisation and ensure that personal data is used for appropriate, specified and documented purposes

The six steps of the tool will take you through the following approach:

Step 1: care system structure and governance

    • Identify and describe the component organisations within the integrated care system
    • Assess the readiness of the care system's governance mechanisms to oversee the lawful use of data
    • Identify the system's preferred approach to managing, linking, pseudonymising and hosting personal data
    • Ensure appropriate governance processes are integrated, so that robust assessments of proposals are performed by appropriate personnel


Step 2: activities and data management across the care system

  • Determine the care system's high level analytical requirements, in terms of population health management functions and activities
  • Identify which, if any, component organisations have the lawful basis to perform those activities
  • Identify the data types and sources that will support the data analysis requirements and understand the data flows to the organisation storing the data

Step 3: activities and data management within specific organisations

  • Establish which organisations will conduct the analysis and their individual data requirements
  • Identify data controllers and processors for the required activities and purposes
  • Understand data flows from the organisation storing the data to the organisations conducting analysis

Step 4: organisational and technical controls

  • Ensure all organisations receiving data to analyse possess and can demonstrate robust controls to protect personal data that has undergone pseudonymisation

Step 5: contracts and agreements

  • Ensure all required contracts and agreements are in place

Step 6: fair processing and transparency

  • Ensure data subjects are kept informed through a robust and lawful approach to fair processing and transparency


The outputs from each step can be captured in the optional SUDGT input tool.