Whenever you interact with the health service, such as during a GP appointment or hospital visit, they collect data about you, your health and your lifestyle. This is recorded and stored in your patient record, whether that be a physical paper copy or in some cases digitally. It may include your height and weight, whether you smoke, how much you drink, detail of any allergies, what aches, pains or infections you’ve got, and what medications you’re taking. It may also include the results of blood tests, images from MRI scans, and any procedures you’ve had, together with contact information, date of birth, and next of kin information.   

Other specialists you may see, for example dentists, physiotherapists and psychologists, will also create records. Other types of health data include information collected during clinical trials and cohort studies or data generated by you; for example, health apps, fitness trackers or patient surveys. 

The NHS uses this information to help provide the best clinical care for us. It can also be used to improve NHS services, or for research to help identify effective treatments, monitor the safety of medicines, and understand the causes of disease and illness. Because a patient record contains sensitive information about your health, it must be handled very carefully and accessed safely and securely, to protect confidentiality. There are strict regulations in place to ensure that this is adhered to. See our page on how your data is kept safe for more information. 

Good quality information is essential to inform clinical care. Everyone should have access to information about their own healthcare, to check the information is accurate and to help manage any condition. Your whole care team, whether in a GP practice, a hospital or a care home, needs to have access to up-to-date information about you to inform your treatment, and to provide you with the best care. 

In addition, if small amounts of data from many patients are linked up and pooled, researchers and doctors can look for patterns in the data, helping them develop new ways of predicting or diagnosing illness, and identify ways to improve clinical care. The information from patient records is really valuable to help understand more about disease, to develop new treatments, to monitor safety, to plan services and to evaluate NHS policy.  

Find out more about why patient data is used.  

There are huge benefits when patient data is used responsibly to save lives, improve health and care, and advance medical research. However, it is true that sharing patient data will never be totally risk-free.  

Some people are more willing to share personal data while others are more cautious. The acceptable balance between risk and benefit will vary from person to person, and individuals may change their own mind on this over time. People are primarily concerned about invasion of privacy, loss of control, and the risk of cyberattacks or hacking.  

There must be robust measures in place to reduce the risks as much as possible. Wherever possible, anonymised data is used, but there are instances where this isn’t possible or has very limited value. If personally identifiable data is being used, without consent, there is still a principle of using the minimum amount necessary. There are audit processes to scrutinise those who are using data, and robust penalties where data is misused. 

A data breach occurs when personally identifiable data is lost, destroyed, altered or disclosed, and this can be accidental or deliberate. Currently, most of the data breaches reported in the health sector in the UK are classified as ‘other non-cyber incidents’ which can include mistakes made during routine care. These can be tackled with staff training and robust IT systems. Even accidental breaches can carry heavy sanctions. 

Find out more about each of these issues, what is being done to reduce the risks, and sanctions for the misuse of data here

It is essential that patient data is kept safe and secure, to protect your confidential information. A common framework that is used for assessing and explaining how data is being kept safe is the ‘Five Safes’ Framework. This was initially developed by the Office for National Statistics and other data providers and has increasingly been adopted by other organisations as a framework for developing safe data access systems. The five elements are:  

  • Safe People — are the users using the data appropriately? Are they trained on data protection? Are they authorised to access the data?  

  • Safe Projects — is the project lawful, in the public interest, and approved by data owners?  

  • Safe Data — has the data been processed to protect confidentiality and minimise the risk of identifying individuals?   

  • Safe Settings — are there technical controls on access to the data? Does the data environment provide protections to prevent unauthorised use?  

  • Safe Outputs — is the data checked and approved before leaving the system to minimise risk?  

As well as this framework, there are also many laws, regulations and Government policies in place to protect your data.  

Find out more about how data is kept safe

People want to know whether they could be identified when data about them is used, such as their name, date of birth or address. This depends on the way in which the data has been ‘de-identified’ - that is, how this personal information has been removed or disguised. For example, with anonymised data, personal information is completely removed, whereas with pseudonymised data it is disguised – for instance by replacing identifiable information with a string of numbers and letters. An explanation of these concepts can be found in the glossary on this page.  

It is difficult to guarantee that data is 100% de-identified as people may in some circumstances be able to match de-identified data with publicly available data to re-identify a person, particularly when the group of patients the data could belong to is small. However, this is a criminal offence under the Data Protection Act 2018 and applying the ‘Five Safes’ to data minimises the likelihood of this being possible. 

Take a look at the section on 'How my privacy is protected' in our guide to health datasets, to learn more

A national data opt-out was introduced in England in May 2018, following recommendations from the National Data Guardian. This allows people to choose to opt out of having their confidential patient information shared for reasons beyond their individual care, for example for research and planning. 

Find out more on our information page dedicated to the choices about how your health data is used beyond your individual care

Researchers use patient data to help us to understand more about disease, develop new treatments, monitor safety, plan and monitor services, and evaluate policy. This kind of research is vital to improve health and care for everyone. 

Researchers can apply to access data such as that from GP or hospital records, or national registers. There are also tools and support available through organisations like the National Institute for Health and Care Research, who fund initiatives to help researchers access the health data they need, or Health Data Research UK. Before a researcher is granted access, their study is usually assessed by an independent review committee, who check that the reason for using the data is appropriate. Learn more here about the different organisations and approvals involved in this.  

As the NHS moves away from data ‘sharing’ towards a model of data ‘access’ by default, more and more researchers will be required to access data via approved environments, known as Trusted Research Environments or Secure Data Environments. You can find out more about SDEs in the glossary on this FAQ page. 

Find more examples of what data is used by researchers in our case studies. The video below answers questions about how patient data is used by university researchers.  

 

 Video produced by Connected Health Cities and The Farr Institute. 

Many people are uncomfortable with the idea of private sector organisations accessing health data. Private sector organisations in this context refers to organisations that are not part of the state or voluntary sector. They are for-profit but can work with the public sector in public-private partnerships.  

  • Private sector organisations are involved in many ways in the delivery of care and research across the NHS, but to protect your privacy, there are strict controls on how they can use patient data. 

  • Most of the time, private sector organisations can only access pseudonymised data for the purposes of helping deliver an NHS service or to undertake approved research projects. For more information on identifiability, please see our guide to large datasets.  

  • The NHS will never share your personally identifiable data for marketing or insurance purposes (unless you specifically say that it is OK). 

Find out more here about why private sector organisations might need to use data, how the NHS works in partnership with them, and the safeguards that are in place to protect your privacy. 

At a national level, some key organisations hold patient data or have responsibility for oversight about the purposes for which it can be used. They work with others to make decisions about how to safeguard data and set the conditions under which it can be accessed.  

Find out more about how decisions are made on who can access and use patient data. 

 

Previously, NHS Digital was responsible for data collection across the health and social care system, providing specialist skills and expertise to analyse the information, and publishing insights to inform NHS services and research. It was the central access point for data across the NHS. 

However, an independent review in 2021 recommended merging organisations in the NHS to bring its national data and technology expertise together into one organisation. Therefore, in February 2023, NHS Digital was merged under NHS England, who now hold these responsibilities related to data. Read more about the different organisations responsible for data here

The NHS is not allowed to sell your data for profit, and will only share data when there is a strong and valid reason to do so. It publishes details of every organisation that uses NHS data. It is prohibited by law for NHS patient data to be shared for marketing, insurance of other solely commercial purposes.  

However, it does operate on a cost recovery basis, so it is allowed to charge for the cost of processing and delivering the Data Access Request service, but not for data itself. The charge depends on the type of application, amount of data requested, and the amount of work that the NHS will need to do. 

Individual NHS Trusts will enter into different arrangements when working in partnership with private sector organisations, depending on their requirements and the services that are offered.   

As new digital technologies develop, we are beginning to understand more about the value of data. While people may feel uncomfortable with the idea of the NHS receiving any sort of payment related to data, there would also be concerns if valuable data is given away to private sector organisations for free. There needs to be much more discussion about how the NHS and patients can benefit from the unique resource of NHS data. NHS England have recently published their new Value Sharing Framework for NHS data partnerships that sets out the NHS’s thinking on these issues in more detail. According to the Framework, the NHS should seek a share of commercial value arising from the use of NHS data, proportional to the NHS’s contribution to the project. However, more detail is needed about how this will work in practice. We wrote a blog post about this in August 2023. 

The Data Protection Act 2018 says that individuals have a right to access their own health records. This is important as it helps people to feel empowered to manage their care better. When it comes to your GP record, different GPs use different online portals where patients can access summary information from their GP records – speak to reception at your GP practice for more information.  

When it comes to other medical records, like hospital records, an access request needs to be made at the service you went to, such as the hospital where you received your care. Ideally, in time, access to all health and care interactions will be accessible on one portal for patients. 

The NHS app also offers a way of accessing many of your records. As of November 2022, patients are able to view new entries in their clinical record, including appointments, care plans, prescriptions and test results in their NHS App or via their GP’s online services. 

You can find out more here: 

Just as your GP will have a record of your information and interactions with their service, so too do hospitals. Information from every hospital is collected by NHS England each month, and added to the Hospital Episode Statistics (HES). HES is a database that includes records of all patients admitted to NHS hospitals in England. It contains details of inpatient care, outpatient appointments and A&E attendance records.  

HES records are created for each ‘episode’ of care a patient receives in an NHS hospital (or delivered in the independent sector but commissioned by the NHS). An episode refers to a discrete period of time or experience of being under the medical responsibility of the healthcare professionals in hospital.  

The record will include a range of information about you, including: 

  • clinical information about diagnoses and operations 

  • demographic information, for example age group, gender and ethnicity 

  • administrative information, for example time waited, date of admission and discharge 

  • geographical information, for example the area where the patient lives. 

HES data is primarily used for “secondary purposes”, such as to monitor trends and patterns in hospital activity, assess the delivery of care, and support local service planning. Learn more about your choices around data access for secondary purposes here

Important safety information in your patient record, such as medications, allergies, and communication needs, is also stored in a central ‘Summary Care Record’ (SCR). This information, which originates from your GP record, is accessible to authorised healthcare workers who are legitimately involved in your care. For example, if anything happens to you outside of your usual GP surgery, such as when you call 111 or attend A&E, the healthcare professionals you engage with can access this vital information so they can give you better and safer care. 

Following the COVID-19 pandemic, your SCR now also includes additional information such as any long-term conditions, like diabetes or dementia; details of your carer; and your treatment preferences. You can opt out of including additional information in your SCR, and can opt out of having an SCR altogether.  

NHS staff must ask for your permission to look at your SCR for your individual care (except in an emergency where you are unconscious, for example). Not all care services have access to your SCR, such as dentistry, private providers, and optometry. If you have important information that you would like these services to be aware of, ensure that you have shared this with them when you attend. 

Health workers can only access your SCR on a secure NHS network which also has access controls. Each access attempt is electronically recorded, and patients can make Subject Access Requests to find out more about when their record has been accessed. 

Find out more about Summary Care Records

A disease registry is a database containing information about people diagnosed with a specific type of disease or condition. They provide a rich and detailed source of information that allows a long-term picture to be built of each patient with the disease.  

For example, the National Cancer Registration and Analysis Service collects information about every cancer patient in England. It is estimated that 500,000 people are diagnosed with cancer in England each year, so it is important for us to understand cancer better, and to make sure that people living with cancer receive the best possible care and support.   

The Cancer Registry includes information such as data about the patient and their diagnosis, which is collected from screening clinics, X-rays and pathology labs and from the patient’s care team. Collecting data on all cancers across England helps the NHS to plan cancer services; track cancer rates; to make decisions about NHS facilities and services; compare survival statistics with other countries; improve and ensure the safety of the national cancer screening programmes; and help doctors find the most effective treatments.  

  • Secure Data Environments (SDEs)/Trusted Research Environments (TREs):  
    Private and secure data storage and access platforms which contain NHS health and social care data for research and analysis. SDEs (or TREs outside of the NHS) give approved users access to health data for analysis within the SDE, without them needing to receive a shared copy of the data. The organisation providing the SDE can control many factors, including who can be a user, the data they can access, what they can do in the environment, and the findings they can remove from the system. Many SDEs are already in use but the NHS aims to roll them out in England such that their use is practice by default. Read more about SDEs here. You can also read about the use of these systems across the four nations on our ‘how data is kept safe’ page. 

  • Federated Data Platform (FDPs): 
    A type of software which the NHS is currently investing in which will connect data that currently sit in different systems together in one safe and secure place. For example, hospital staff would be able to view the number of beds available on a ward, or the size of waiting lists, allowing them to better plan their services. An FDP is not a collection of data, but is rather the software used to connect collections of data together securely. Read more about the plans for FDPs here

  • Integrated Care Systems (ICSs): 
    Partnerships of organisations that come together to plan and deliver joined up health and care services in one local area. ICSs became a statutory requirement in England from July 2022 Read more about the purpose and benefits of ICSs here.  

  • General Practice Data for Planning and Research (GPDPR): 
    An NHS programme designed to collect and analyse data from GP practices for health and social care purposes including policy, planning, commissioning, public health and research purposes. This programme has been put on hold as of Summer 2021 following substantial public, patient and professional concerns were raised about the changes being proposed. Read more about the programme here.  

  • Deidentification: 
    An umbrella term for removing or disguising your personal information so that it is difficult to single you out in a dataset. Examples of this include anonymiszation and pseudonymization (see below). Read more in our guide to large datasets.  

  • Anonymisation: 
    A common method use to process personal information whereby all identifying information, such as a name or address, is completely removed, so that an individual cannot be re-linked to the data in any straightforward way. The data is then no longer considered confidential. However, it could be possible to identify individual personal information, for example by using other sources to narrow down the individuals that the data may refer to, but this would take substantial effort and is illegal without consent from the person who deidentified the data. Read more in our guide to large datasets

  • Pseudonymisation: 
    A common method used to process personal information whereby a unique marker is used in place of identifying information, such as a name. It is often created by scrambling a string of numbers or letters which cannot reveal the individual’s identity, but distinguishes them within the data set. Read more in our guide to large datasets.  

Transparency is important for creating trustworthy systems for data use. However, there is often no common understanding of what transparency means in practice. Transparency matters because it lets people understand what data you're holding or using, how it's managed, who is accountable for its protection and where they can find out more.

Essentially, transparency means: say what you do, do what you say.

Learn more from the findings of a workshop we held to explore how data custodians and users interpret what it means to be transparent in practice.