What is patient data, how can it be used, by who and why – find out more here. We will be adding to this list of questions, let us know what else you would like to find out about.
Whenever you interact with the health service, such as during a GP appointment or hospital visit, they collect data about you, your health and your lifestyle. This is recorded and stored in your patient record, whether that be a physical paper copy or in some cases digitally. It may include your height and weight, whether you smoke, how much you drink, detail of any allergies, what aches, pains or infections you’ve got, and what medications you’re taking. It may also include the results of blood tests, images from MRI scans, and any procedures you’ve had, together with contact information, date of birth, and next of kin information.
Other specialists you may see, for example dentists, physiotherapists and psychologists, will also create records. Other types of health data include information collected during clinical trials and cohort studies or data generated by you; for example, health apps, fitness trackers or patient surveys.
The NHS uses this information to help provide the best clinical care for us. It can also be used to improve NHS services, or for research to help identify effective treatments, monitor the safety of medicines, and understand the causes of disease and illness. Because a patient record contains sensitive information about your health, it must be handled very carefully and accessed safely and securely, to protect confidentiality. There are strict regulations in place to ensure that this is adhered to. See our page on how your data is kept safe for more information.
Good quality information is essential to inform clinical care. Everyone should have access to information about their own healthcare, to check the information is accurate and to help manage any condition. Your whole care team, whether in a GP practice, a hospital or a care home, needs to have access to up-to-date information about you to inform your treatment, and to provide you with the best care.
In addition, if small amounts of data from many patients are linked up and pooled, researchers and doctors can look for patterns in the data, helping them develop new ways of predicting or diagnosing illness, and identify ways to improve clinical care. The information from patient records is really valuable to help understand more about disease, to develop new treatments, to monitor safety, to plan services and to evaluate NHS policy.
Find out more about why patient data is used.
There are huge benefits when patient data is used responsibly to save lives, improve health and care, and advance medical research. However, it is true that sharing patient data will never be totally risk-free.
Some people are more willing to share personal data while others are more cautious. The acceptable balance between risk and benefit will vary from person to person, and individuals may change their own mind on this over time. People are primarily concerned about invasion of privacy, loss of control, and the risk of cyberattacks or hacking.
There must be robust measures in place to reduce the risks as much as possible. Wherever possible, anonymised data is used, but there are instances where this isn’t possible or has very limited value. If personally identifiable data is being used, without consent, there is still a principle of using the minimum amount necessary. There are audit processes to scrutinise those who are using data, and robust penalties where data is misused.
A data breach occurs when personally identifiable data is lost, destroyed, altered or disclosed, and this can be accidental or deliberate. Currently, most of the data breaches reported in the health sector in the UK are classified as ‘other non-cyber incidents’ which can include mistakes made during routine care. These can be tackled with staff training and robust IT systems. Even accidental breaches can carry heavy sanctions.
Find out more about each of these issues, what is being done to reduce the risks, and sanctions for the misuse of data here.
It is essential that patient data is kept safe and secure, to protect your confidential information. A common framework that is used for assessing and explaining how data is being kept safe is the ‘Five Safes’ Framework. This was initially developed by the Office for National Statistics and other data providers and has increasingly been adopted by other organisations as a framework for developing safe data access systems. The five elements are:
Safe People — are the users using the data appropriately? Are they trained on data protection? Are they authorised to access the data?
Safe Projects — is the project lawful, in the public interest, and approved by data owners?
Safe Data — has the data been processed to protect confidentiality and minimise the risk of identifying individuals?
Safe Settings — are there technical controls on access to the data? Does the data environment provide protections to prevent unauthorised use?
Safe Outputs — is the data checked and approved before leaving the system to minimise risk?
As well as this framework, there are also many laws, regulations and Government policies in place to protect your data.
Find out more about how data is kept safe.
Your patient record is accessible to people providing you with individual medical care, but there are audit trails in place to discourage inappropriate access to data, and accessing someone’s records without reason is a criminal offence.
Your data may be accessed by researchers or planners, but only for public benefit, and the data is in the vast majority of cases de-identified, unless there is a lawful reason and need to use identifiable data. Read more on our web page about how data is used.
The use of identifiable data is subject to strong safeguards to protect data.
Data can be identifiable (meaning it contains information such as name or date of birth that can be used to identify you), de-identified/pseudonynomised (meaning identifying details have been disguised or removed), or anonymous (meaning all identifying information is completely removed). Data in your medical records is identifiable. In most cases, when the same data is extracted and used for research or planning purposes, identifying details are removed or disguised. An explanation of these concepts can be found in the glossary on this page.
It is difficult to guarantee that data is 100% de-identified as people may in some circumstances be able to match de-identified data with publicly available data to re-identify a person, particularly when the group of patients the data could belong to is small. However, this is a criminal offence under the Data Protection Act 2018 and applying the ‘Five Safes’ to data minimises the likelihood of this being possible.
Take a look at the section on 'How my privacy is protected' in our guide to health datasets, to learn more. It can be helpful to think about identifiability as a spectrum rather than a binary, with data being more or less identifiable. Read more in our 'identifiability demystified' guide.
Private sector organisations in this context refers to organisations that are not part of the state or voluntary sector.
It is important to note that there are some private sector organisations that work within the NHS. For instance, GP surgeries are owned by GPs, most often in a partnership arrangements, and provide NHS services by contract, but they bound by law to manage your data in an appropriate way.
Private sector companies also provide the IT systems used to store medical records. Other private sector organisations might work with the NHS in a public-private partnerships and therefore access data to help deliver a service or a project.
Private companies can also apply to access data for research, for instance to be able to research and manufacture potential new treatments. The NHS will only grant access to data if there is a clear public benefit and they will never share identifiable data for marketing and insurance purposes.
In the vast majority of cases, private sector organisations can only access de-identified data. For more information on identifiable and de-identified data, see our guide to identifiability and guide to large datasets.
There are always contracts in place to protect data and strict controls on how organisations can use data.
Find out more about why private sector organisations access data, how the NHS works in partnership with them, and the safeguards that are in place to protect your privacy.
Researchers use patient data to help us to understand more about disease, develop new treatments, monitor safety, plan and monitor services, and evaluate policy. This kind of research is vital to improve health and care for everyone.
Researchers can apply to access data such as that from GP or hospital records, or national registers. There are also tools and support available through organisations like the National Institute for Health and Care Research, who fund initiatives to help researchers access the health data they need, or Health Data Research UK. Before a researcher is granted access, their study is usually assessed by an independent review committee, who check that the reason for using the data is appropriate. Learn more here about the different organisations and approvals involved in this.
As the NHS moves away from data ‘sharing’ towards a model of data ‘access’ by default, more and more researchers will be required to access data via approved environments, known as Trusted Research Environments or Secure Data Environments. You can find out more about SDEs in the glossary on this FAQ page.
Find more examples of what data is used by researchers in our case studies. The video below answers questions about how patient data is used by university researchers.
Video produced by Connected Health Cities and The Farr Institute.
At a national level, some key organisations hold patient data or have responsibility for oversight about the purposes for which it can be used. They work with others to make decisions about how to safeguard data and set the conditions under which it can be accessed.
Find out more about how decisions are made on who can access and use patient data.
The NHS is not allowed to sell your data for profit, and will only share data when there is a strong and valid reason to do so. It publishes details of every organisation that uses NHS data. It is prohibited by law for NHS patient data to be shared for marketing, insurance of other solely commercial purposes.
However, it does operate on a cost recovery basis, so it is allowed to charge for the cost of processing and delivering the data, but not for data itself. The charge depends on the type of application, amount of data requested, and the amount of work that the NHS will need to do.
Individual NHS organisations (e.g. Trusts) will enter into different arrangements when working in partnership with private sector organisations.
As new digital technologies develop, we are beginning to understand more about the value of data. While people may feel uncomfortable with the idea of the NHS receiving any sort of payment related to data, there would also be concerns if valuable data is given away to private sector organisations for free as the NHS still needs to prepare the data and put in work to provide access to it.
There needs to be much more discussion about how the NHS and patients can benefit from the unique resource of NHS data. NHS England has published a Value Sharing Framework for NHS data partnerships that sets out the NHS’s thinking on these issues in more detail. According to the Framework, the NHS should seek a share of commercial value arising from the use of NHS data, proportional to the NHS’s contribution to the project. However, more detail is needed about how this will work in practice. We wrote a blog post about this in August 2023.
The Data Protection Act 2018 says that individuals have a right to access their own health records. This is important as it helps people to feel empowered to manage their care better. When it comes to your GP record, different GPs use different online portals where patients can access summary information from their GP records – speak to reception at your GP practice for more information.
When it comes to other medical records, like hospital records, an access request needs to be made at the service you went to, such as the hospital where you received your care. Ideally, in time, access to all health and care interactions will be accessible on one portal for patients.
The NHS app also offers a way of accessing many of your records. As of November 2022, patients are able to view new entries in their clinical record, including appointments, care plans, prescriptions and test results in their NHS App or via their GP’s online services.
You can find out more here:
Just as your GP will have a record of your information and interactions with their service, so too do hospitals. Information from every hospital is collected by NHS England each month, and added to the Hospital Episode Statistics (HES). HES is a database that includes records of all patients admitted to NHS hospitals in England. It contains details of inpatient care, outpatient appointments and A&E attendance records.
HES records are created for each ‘episode’ of care a patient receives in an NHS hospital (or delivered in the independent sector but commissioned by the NHS). An episode refers to a discrete period of time or experience of being under the medical responsibility of the healthcare professionals in hospital.
The record will include a range of information about you, including:
clinical information about diagnoses and operations
demographic information, for example age group, gender and ethnicity
administrative information, for example time waited, date of admission and discharge
geographical information, for example the area where the patient lives.
HES data is primarily used for “secondary purposes”, such as to monitor trends and patterns in hospital activity, assess the delivery of care, and support local service planning. Learn more about your choices around data access for secondary purposes here.
Important safety information in your patient record, such as medications, allergies, and communication needs, is also stored in a central ‘Summary Care Record’ (SCR). This information, which originates from your GP record, is accessible to authorised healthcare workers who are legitimately involved in your care. For example, if anything happens to you outside of your usual GP surgery, such as when you call 111 or attend A&E, the healthcare professionals you engage with can access this vital information so they can give you better and safer care.
Following the COVID-19 pandemic, your SCR now also includes additional information such as any long-term conditions, like diabetes or dementia; details of your carer; and your treatment preferences. You can opt out of including additional information in your SCR, and can opt out of having an SCR altogether.
NHS staff must ask for your permission to look at your SCR for your individual care (except in an emergency where you are unconscious, for example). Not all care services have access to your SCR, such as dentistry, private providers, and optometry. If you have important information that you would like these services to be aware of, ensure that you have shared this with them when you attend.
Health workers can only access your SCR on a secure NHS network which also has access controls. Each access attempt is electronically recorded, and patients can make Subject Access Requests to find out more about when their record has been accessed.
Find out more about Summary Care Records.
A disease registry is a database containing information about people diagnosed with a specific type of disease or condition. They provide a rich and detailed source of information that allows a long-term picture to be built of each patient with the disease.
For example, the National Cancer Registration and Analysis Service collects information about every cancer patient in England. It is estimated that 500,000 people are diagnosed with cancer in England each year, so it is important for us to understand cancer better, and to make sure that people living with cancer receive the best possible care and support.
The Cancer Registry includes information such as data about the patient and their diagnosis, which is collected from screening clinics, X-rays and pathology labs and from the patient’s care team. Collecting data on all cancers across England helps the NHS to plan cancer services; track cancer rates; to make decisions about NHS facilities and services; compare survival statistics with other countries; improve and ensure the safety of the national cancer screening programmes; and help doctors find the most effective treatments.
Secure Data Environments (SDEs)/Trusted Research Environments (TREs):
Private and secure data storage and access platforms which contain NHS health and social care data for research and analysis. SDEs (or TREs outside of the NHS) give approved users access to health data for analysis within the SDE, without them needing to receive a shared copy of the data. The organisation providing the SDE can control many factors, including who can be a user, the data they can access, what they can do in the environment, and the findings they can remove from the system. Many SDEs are already in use but the NHS aims to roll them out in England such that their use is practice by default. Read more about SDEs here. You can also read about the use of these systems across the four nations on our ‘how data is kept safe’ page.
Federated Data Platform (FDPs):
A type of software which the NHS is currently investing in which will connect data that currently sit in different systems together in one safe and secure place. For example, hospital staff would be able to view the number of beds available on a ward, or the size of waiting lists, allowing them to better plan their services. An FDP is not a collection of data, but is rather the software used to connect collections of data together securely. Read more about the plans for FDPs here.
Integrated Care Systems (ICSs):
Partnerships of organisations that come together to plan and deliver joined up health and care services in one local area. ICSs became a statutory requirement in England from July 2022 Read more about the purpose and benefits of ICSs here.
General Practice Data for Planning and Research (GPDPR):
An NHS programme designed to collect and analyse data from GP practices for health and social care purposes including policy, planning, commissioning, public health and research purposes. This programme has been put on hold as of Summer 2021 following substantial public, patient and professional concerns were raised about the changes being proposed. Read more about the programme here.
Deidentification:
An umbrella term for removing or disguising your personal information so that it is difficult to single you out in a dataset. Examples of this include anonymiszation and pseudonymization (see below). Read more in our guide to large datasets.
Anonymisation:
A common method use to process personal information whereby all identifying information, such as a name or address, is completely removed, so that an individual cannot be re-linked to the data in any straightforward way. The data is then no longer considered confidential. However, it could be possible to identify individual personal information, for example by using other sources to narrow down the individuals that the data may refer to, but this would take substantial effort and is illegal without consent from the person who deidentified the data. Read more in our guide to large datasets.
Pseudonymisation:
A common method used to process personal information whereby a unique marker is used in place of identifying information, such as a name. It is often created by scrambling a string of numbers or letters which cannot reveal the individual’s identity, but distinguishes them within the data set. Read more in our guide to large datasets.