Whenever we go to a GP, a hospital or a pharmacy, information will be collected about us and our medical history. Only healthcare professionals who are directly involved in your care will be able to access your full patient record. But some of the information from your record may also be useful for specific purposes beyond your individual care, to improve health, care and services across the NHS. People need to be able to find out what’s allowed and what’s not, and how data is kept safe.

Who can access patient data?

Your full patient record will only be seen by healthcare professionals who are directly involved in your care.

There are strict controls on how anyone else can access patient information. The purpose must be approved before anyone can use data, and they are only given access to the minimum amount of data necessary. The types of organisations that can use patient data include:

  • NHS providers and commissioners: use data to monitor trends and patterns in hospital activity, to assess how care is provided, and to support local service planning.

  • University researchers: use data to understand more about the causes of disease, to develop new ways of diagnosing illness or to identify ways to develop new treatments. Explore our case studies for some examples. 

  • Charities: use data to evaluate services and identify ways to improve care.

  • Companies: use data if they are partnering with the NHS to provide care and research. The NHS can’t do all of the analysis on its own, and companies may have the best expertise and technologies for making sense of large and complex data from hospitals, or for developing new treatments. People often have lots of questions about how and why companies can access data. Find out more about companies using patient data.

Find out more about how decisions are made on who can access and use patient data.

How are decisions made about who can access patient data?

At a national level, some key organisations hold patient data or have responsibility for oversight about the purposes for which it can be used. They work with others to make decisions about how to safeguard data and set the conditions under which it can be accessed. 

Find out more about how decisions are made on who can access and use patient data.

Can I be identified from the data?

People want to know whether they could be identified when data about them is used. Often, it is only a row of numbers and codes that can be seen. But what does this really mean in practice, is it ever possible to re-identify someone?

Take a look at the section on 'How my privacy is protected' in our guide to health datasets, to learn more

Some data will be used to produce statistics that are published monthly by the NHS, for example A&E waiting times or vaccination coverage. The information can only be openly published if the data is anonymous, so it is not possible to identify any individual.

How is data kept safe in the NHS?

When people use health services, information is added to their patient record and is sometimes shared between services to support safe and effective care. 

The NHS works hard to protect your data, but sometimes things can go wrong.

Find out more about how data is kept safe, as well as how we prevent and respond to data breaches here.

How is data kept safe in research and beyond?

It is essential that patient data is kept safe and secure, to protect your confidential information.

The Five Safes Framework is a set of principles designed to ensure safe and secure access to data for researchers, helping data providers manage risks when giving access to data.

Find out more about the framework or explore our explainers on Secure Data Environments/Trusted Research Environments.

What choices do I have?

In England, a national data opt-out was introduced in May 2018, following recommendations from the National Data Guardian. People can opt out of having their confidential patient information shared for reasons beyond their individual care, for example for research and planning.

Find out more about the national data opt-out.

 

View all FAQs