Collecting Patient Data
The NHS needs data to make sure its services are safe, efficient and make best use of public funds and resource. Patient data is used every day to improve health and care services through planning and research in England, helping to find better treatments and improve patient care.
The NHS collects patient data from:
- all NHS organisations, including GP practices and hospitals
- local authorities who provide social care
- private organisations, such as private hospitals or care homes providing NHS funded care.
This information is used by NHS organisations and researchers to help run and improve health and care services for patients, for example to:
- plan and improve health and care services. For example, helping to decide what new health or care services are required in a local area
- prevent disease, promote health and prolong life. For example, patient data helps clinicians, scientists, public health bodies and the government to provide guidance and develop policies to respond to the COVID-19 pandemic
- research and develop cures for serious illnesses. For example, patient data is being used by the RECOVERY trial, which has found ways to improve the treatment for people with COVID-19.
Improving how patient data from GP practices is collected
The NHS is already collecting patient data from your GP practice to help run and improve health and care services, to support research into COVID-19 treatments and vaccines, and to help monitor and manage the outbreak.
NHS Digital is the national custodian for health and care data in England and it collects, analyses, publishes and shares health and care data safely, securely and appropriately as part of its statutory functions.
NHS Digital has developed an improved way to collect patient data from GP practices. The process builds on what happens already and will continue after the COVID-19 pandemic ends.
In a letter to all GPs, 19 July 2021, Parliamentary Under Secretary of State Jo Churchill set out a new process for commencing data collection, moving away from a previously fixed date of 1 September.
NHS Digital will collect data from your GP medical record that includes:
- data about diagnoses, symptoms, observations, test results, medications, allergies, immunisations, referrals and recalls, and appointments
- data about staff who have treated you
- data on your sex, ethnicity and sexual orientation
- your NHS number, practice reference number, full postcode and date of birth. Extra protection is applied to this data before it is sent to NHS Digital which means that no one will be able to identify you directly in the data without your consent or a valid legal reason
NHS Digital will not collect from your GP record data that includes:
- your name and address (except for postcode in encrypted form)
- written notes (free text), such as the details of conversations with doctors and nurses
- images, letters and documents
- coded data that is not needed due to its age – for example medication, referral and appointment data that is over 10 years old
- coded data that GPs are not permitted to share by law – for example certain codes about IVF treatment, and certain information about gender re-assignment
More information about what data is collected from GP practices and Type 1 Opt-outs is in our General Practice Data for Planning and Research Transparency Notice.
How NHS Digital makes data available
NHS Digital will only allow trusted organisations to access patient data where there are clear benefits to improving health and care. Access to patient data is not allowed for marketing or insurance purposes. NHS Digital publishes details of the data that it has shared with other organisations.
Options for opting out
If you don’t want data from your GP record to be collected or shared, you have two options.
You can opt out of sharing identifiable patient data from your GP record, except that which is used for your own care and treatment, by registering a Type 1 Opt-out. You can find out more about registering a Type 1 Opt-out here.
You can opt out of identifiable patient data about you being shared for research and planning by NHS Digital or other organisations by registering a National Data Opt-out The National Data Opt-out will be applied by NHS Digital in line with the National Data Opt-out policy.
What is a Type 1 Opt-out?
A Type 1 Opt-out prevents your data leaving your GP Practice (other than for your direct care).
What was a Type 2 Opt-out?
Previously you could tell your GP practice if you did not want us, NHS Digital, to share your confidential patient information that we collect from across the health and care service for purposes other than your individual care. This was called a Type 2 Opt-out.
The Type 2 Opt-out was replaced by the National Data Opt-out. Type 2 Opt-outs recorded on or before 11 October 2018 have been automatically converted to National Data Opt-outs.
What is a National Data Opt-out?
The national data opt-out was introduced on 25 May 2018, enabling patients to opt out from the use of their data for research or planning purposes, in line with the recommendations of the National Data Guardian in her Review of Data Security, Consent and Opt-Outs
Patients can view or change their national data opt-out choice at any time by using the online service at www.nhs.uk/your-nhs-data-matters or by clicking on "Your Health" in the NHS App, and selecting "Choose if data from your health records is shared for research and planning".
How to opt out
To register a Type 1 Opt-out, you need to complete a form and return it to your GP surgery by post or email.
The quickest way to register a National Data Opt-out is using our online service, you will need to provide your name, date of birth and postcode or NHS number. You can also do by telephone, email or post.
All NHS organisations must provide patients with information on the type of patient data they collect and how and why it is used. You can read more about how patient data from your GP practice is used for planning and research in the NHS Digital Transparency Notice.
Why we’re doing this?
1. Collecting patient data
We need patient data to run the NHS, to plan and improve care for patients, decide what health or care services are needed in a local area and develop better treatments for serious illnesses such as heart disease, diabetes and cancer.
2. Moving to a new system
NHS Digital is one organisation that already collects patient data from GP practices to improve health and care services, but the system we use to do this is now over 10 years old and needs to be updated. This new way of collecting data reduces pressure on GP practices and provides more consistent protection and control than other channels, allowing doctors and other staff to focus on caring for patients. The new system will mean that data is collected, stored and accessed in a secure and consistent way and only ever shared for public benefit.
3. How the system is kept secure
We follow strict rules around privacy, security and confidentiality. This new service has been designed to the highest standards and all data collected, stored and shared by us is securely encrypted. As well as an Independent Group Advising on the Release of Data (IGARD) a Professional Advisory Group made up of GPs provides an extra layer of scrutiny and security for GP data.
We will not collect your name or full address, and any other information that could readily identify you will be replaced with unique codes before it leaves your GP practice – this form of protection and data minimisation is known as pseudonymisation.
We will only re-identify the data in very specific circumstances, and if there is a lawful reason to do so in line with data protection law. For example, if you agree to take part in a clinical trial and provide consent to your data being shared with the researchers.
If lots of people opt out the data becomes less useful
If a large number of people choose to opt out then the data becomes less useful for planning services and conducting research. This is a particular problem if people from certain areas or groups are more likely to opt out. If that happens then services may not reflect the needs of those groups or areas and research may reach misleading conclusions.
Understanding Patient Data have provided more information on this topic, including specific examples on their website.
Who data will and won’t be shared with/selling data
We will only share data with trusted NHS / NHS commissioned or research organisations who will use it to improve health and care. We will never share it for marketing, advertising or insurance purposes and do not allow data to be used solely for commercial purposes.
We do not sell data, but we do charge NHS and research organisations to access data so we can cover the costs of making it available to them. These charges only cover the cost of running the service and we do not make a profit.
Things we do and don’t collect
We will collect most of the structured and coded information in your GP record. This includes data about diagnosis, symptoms, test results, medicines, allergies, vaccinations and appointments, as well as data about your sex, ethnicity and sexual orientation. We also collect data about the members of staff who have treated you.
We will not collect your name or full address, written notes (such as details of conversations between you and clinicians), images or documents, data that is more than 10 years old, or data that GPs are not permitted to share by law.