Whenever we go to a doctor or a hospital, they collect data about us, our health and our lifestyle. This is recorded and stored in our patient record. It may include our height and weight, whether we smoke, how much we drink, detail of any allergies, what aches, pains or infections we’ve got, and what medications we are taking. It may also include the results of blood tests, images from MRI scans, and any procedures we’ve had, together with contact information, date of birth, and next of kin information.  

Other specialists we see, for example dentists, physiotherapists and psychologists, will also create records. 

The NHS uses this information to help provide the best clinical care for us. Because a patient record contains sensitive information about our health, it must be handled very carefully and accessed safely and securely, to protect confidentiality.

Other types of health data include information collected during clinical trials and cohort studies or data generated by you; for example, health apps, fitness trackers or patient surveys.

Everyone in England should be able to access summary information from their GP records online. However, the number of people using this system is low, and the information that is available varies between different GP practices. If you want to access your health records online, speak to reception at your GP practice.

At the moment, very few people have online access to hospital records. The Government has committed that by April 2018 everyone will have access to an online personal health record that includes information from all of their health and care interactions. This is an important goal that will help us feel empowered to manage our care better.

Read how patient access to their medical records has transformed care from a patient's perspective and GP's perspective

You can find out more here:

The most important information in your patient record is also stored in a central ‘Summary Care Record’ (SCR). This means that if anything happens to you when you’re away from your usual GP surgery, for example in an emergency or when you’re on holiday, other healthcare professionals can access vital information so they can give you better and safer care.

The SCR includes data about:

  • current medicines
  • allergies and details of any previous bad reactions to medicines
  • your name, address, date of birth and NHS number.

You can also choose to include additional information in your SCR, including any long-term conditions, like diabetes or dementia; details of your carer; and your treatment preferences.

NHS staff have to ask your permission to look at your SCR for your individual care (except in an emergency where you are unconscious, for example).  Most pharmacists can also now access SCRs, but again only if you say it’s OK.

Find out more about Summary Care Records.

Good quality information is essential to inform our clinical care. Everyone should have access to information about their own healthcare, to check the information is accurate and to help manage any condition. Your whole care team, whether in a GP practice, a hospital or a care home, needs to have access to up-to-date information about you to inform your treatment, and to provide the best care.

In addition, if small amounts of data from many patients are linked up and pooled, researchers and doctors can look for patterns in the data, helping them develop new ways of predicting or diagnosing illness, and identify ways to improve clinical care. The information from patient records is really valuable to help understand more about disease, to develop new treatments, to monitor safety, to plan services and to evaluate NHS policy. 

Find out more about why patient data is used

People understandably have a lot of questions and concerns when they first hear about wider uses of patient data. Could something go wrong? How will it affect them? 

Public attitudes work suggests that people have three main types of concern: 

Evidence from the Information Commissioner’s Office, the UK’s data protection regulator, reports that the most common types of data breaches in the health sector are when data is posted, faxed or sent by email to the wrong person, usually as the result of an accidental mistake as part of routine care.

We recognise that sharing patient data will never be risk free, and there must be robust measures in place to reduce any risks as much as possible. We’ve been exploring the risks and looking at the evidence in more detail, and we’re now working on a resource to provide more information in an accessible way. This will include factors to consider when deciding how to weigh up the risks and benefits. For example, how do the risks of digital electronic records compare to paper records? How do the risks of sharing health data compare to sharing other types of data? What are the risks of not using the data?

It is essential that patient data is kept safe and secure, to protect your confidential information. 

There are four ways that privacy is protected:

  • by removing identifying information, particularly your name and contact details
  • using an independent review process to make sure the reason for using patient data is appropriate
  • ensuring strict legal contracts are in place before data is transferred
  • implementing robust IT security.​​​​​​

Safeguards explainer

People want to know whether they could be identified when data about them is used. There are different levels of identifiability which sit on a spectrum.  

Full spectrum

At one end of the spectrum, a person is fully identifiable. As you remove or encrypt information, you blur the image more and more, and it becomes more difficult to identify who that person is. At the other end of the spectrum, it is not possible to identify who someone is — they are effectively anonymous. Different controls are needed at different points along the spectrum depending on the risk of re-identification. The controls that are taken to protect the data are just as important as the data itself. It may also be possible to work out who someone is by joining together information from different sources — like joining together different pieces of a jigsaw puzzle.

Identifiability explainer

This data glossary, produced by Connected Health Cities, also clarifies other technical terms around patient data. 

There are strict rules on what’s allowed and not allowed depending on how identifiable the data is.

Personally identifiable information: you will usually be asked to give explicit consent for personally identifiable data to be used for purposes other than your individual care. For example, you would have to give consent for personally identifiable data to be used in a specific research or cohort study.

Personally identifiable information will always be stored in a highly secure way and there are sanctions under the Data Protection Act if personally identifiable data is misused. It can only be used if you give your permission or where required by law, and then only with robust safeguards. There are some occasions where the law allows the data to be used without consent, for example:

  • Notification of infectious diseases and food poisoning.
  • NHS fraud investigations.
  • Investigations by regulators of professionals (eg General Medical Council investigating a registered doctor’s fitness to practice).
  • Information must be provided to the police for road traffic offences and to prevent an act of terrorism.
  • Termination of pregnancy must be notified to the Chief Medical Officer (reference number, date of birth and postcode).
  • Notification of cancer to cancer registries.
  • NHS Digital (which has responsibility for collecting and publishing data and information from across the health and social care system in England) has the power to collect information from health and social care organisations as set out in the Health and Social Care Act 2012.
  • Section 251 of the NHS Act 2006 allows identifiable information to be used for research and other medical purposes without consent where the use is in the public interest but it would not be practical to seek consent because of very large numbers of people involved or where it may cause harm and distress. In these unusual cases, the research must first be approved by the Confidentiality Advisory Group of the Health Research Authority.

You can find out more here:

De-personalised information: there are strict safeguards on how de-personalised information can be used, because there is the potential that it might be possible to re-identify someone. The higher the possibility of re-identification, the greater the level of control needed. Provided the data is anonymised in line with the ICO code of anonymisation, it can be used without consent.

Anonymous information: because it would not be possible to identify someone, anonymous information does not need special protection and can be published openly. Provided the data is anonymised in line with the ICO code of anonymisation, it can be used without consent.

People have the choice to opt-out of their personally identifiable data being shared for purposes other than their individual care. You cannot opt-out of sharing data about you that has been anonymised.

The National Data Guardian proposed a new opt-out model in her review of data security and consent, and the Government has now accepted the recommendations. Detailed work is now underway to implement the model, and allow people to opt out of having personally identifiable information shared for reasons other than their individual care. The national data opt-out will begin to be offered from May 2018 and rolled out across the whole NHS and social care system by 2020.

More information will be available here in the run up to May 2018, on how to access the national data opt-out and about how your preference will be applied across the health and care system.

In relation to existing opt-outs:

  • The type 1 opt-outs will remain until 2020 to allow the new opt-out to be implemented, and the National Data Guardian will be consulted before their removal.
  • The type 2 opt-outs will be transferred into the new opt-out, with direct communication to those who opted out to explain what is happening.

Researchers use patient data to help us to understand more about disease, develop new treatments, monitor safety, plan services and evaluate NHS policies. This kind of research is vital to improve health and care for everyone.

Data about patients is held in many datasets, including:

  • GP records
  • Clinical audits eg National diabetes audit
  • Disease registers eg Cancer register
  • Hospital Episode Statistics
  • Diagnostic imaging datasets
  • Prescribing databases
  • Commission reporting and evaluation
  • Patient surveys eg Patient Reported Outcome Measures (PROMs).

Researchers apply to access data from several sources, including the Clinical Practice Research Datalink, NHS Digital and Public Health England. There are also tools available, such as the Health Data Finder for research, which help researchers look for relevant datasets.   

Before a researcher is granted access, their study must be assessed by an independent review committee, who check that the reason for using the data is appropriate. Wherever possible data will be anonymised, and researchers should only be given the minimum amount necessary to answer a question. Data must be stored securely, and a legal contract must be signed before data can be transferred.

Often a study will need to use data about an individual that is held in more than one dataset. When this happens, a trusted third party, usually NHS Digital, links the data using a unique identifier (such as NHS number which is then removed) to make sure the researcher cannot re-identify individuals.

You can find more examples of what data is used by researchers in our case studies.

Many people are uncomfortable with the idea of companies accessing health information. Find out why commercial organisations might need to use data, how the NHS works in partnership with companies, and the safeguards that are in place to protect your privacy.

  • Companies are involved in many ways in the delivery of care and research across the NHS, but there are strict controls on how companies can use patient data, to protect your privacy.
  • Personally identifiable patient data can only be used if there is a health benefit.
  • The NHS will never share your personally identifiable data for marketing or insurance purposes (unless you specifically say that it is OK).

Find out more about companies accessing patient data.

NHS Digital is responsible for collecting data from across the health and social care system, including from GPs and hospitals. NHS Digital also provides specialist skills and expertise to analyse the information, and publish insights to inform NHS services and research. NHS Digital helps support national IT services, and is the central access point for data across the NHS.

NHS Digital collects and stores data from a wide range of providers across England including hospitals and general practices. Information includes:

  • Information from General Practice collected under the Quality and Outcomes Framework
  • Clinical audits
  • Hospital Episode Statistics
  • NHS Blood and Organ Donor Register system
  • Prescribing databases
  • Information about vaccination programmes
  • Maternity datasets.

Information from every hospital is collected by NHS Digital each month, and added to the Hospital Episode Statistics (HES). HES is a database that includes records of all patients admitted to NHS hospitals in England. It contains details of inpatient care, outpatient appointments and A&E attendance records. HES data can be used to monitor trends and patterns in hospital activity, assess the delivery of care and support local service planning.  The information is also used to pay hospitals for the care they provide.

An HES record is created for each ‘episode’ of care a patient receives in an NHS hospital (or delivered in the independent sector but commissioned by the NHS). It will include a range of information about you, including:

  • clinical information about diagnoses and operations
  • demographic information, for example age group, gender and ethnicity
  • administrative information, for example time waited, date of admission and discharge
  • geographical information, for example the area where the patient lives.

Last year, 125 million records were added to the HES database.

The National Cancer Registration and Analysis Service, which is part of Public Health England, collects information about every cancer patient in England.  This is important to help understand cancer better, and to make sure that people living with cancer receive the best possible care and support.

The Cancer Registry includes information about the numbers and types of cancers across England, how this varies and is changing over time. Collecting data on all cancers across England helps the NHS to plan cancer services; track cancer rates; to make decisions about NHS facilities and services; compare survival statistics with other countries; improve and ensure the safety of the national cancer screening programmes; and help doctors find the most effective treatments. 

The information includes data about the patient and their tumour, collected from screening clinics, X-rays and pathology labs and from the patient’s care team.