This blog is predominantly about data policy and infrastructure in the NHS in England, although it may be relevant if you live elsewhere but receive care in England.  

It is written based on our current understanding, whilst all the facts aren’t clear yet – please keep this in mind. 


Understanding Patient Data welcomes the recent blog by the National Data Guardian about the Federated Data Platform (FDP) and building bridges with the public. It is important that discussions happen early and that there is genuine collaboration. NHS England has also published a recent blog responding to some of these concerns. We’ve written this blog to join the public conversation on this topic and bring in UPD’s unique role and experience.  

Healthy debate and public scrutiny are good things. Understandably, there are various reasons why people have questions and reservations about the FDP. As the National Data Guardian states, these may relate to ethics, privacy, its likelihood of success, procurement and cost. These issues are getting mixed together, and in some areas are leading to conversations about expressing dissatisfaction and “opting-out”, which has happened in other large scale NHS data projects previously. UPD is concerned about these issues getting mixed up and a lack of independent, neutral information to help people to have informed conversations and make informed choices where they want to. 

What is Data Federation? 

Federation, generally, is a term used to describe groups of people, regions, countries or political systems that have joined to form a larger organisation, or government, but still have self-governing powers. Think of countries like Germany and Mexico, for example. 

The NHS itself is like a federated system. We refer to it as ‘the NHS’, and to us it should feel like one big system, but it is composed of various national bodies, regional level bodies such as Integrated Care Systems, and then healthcare provider organisations split into different groups like primary care organisations, acute (hospital) trusts, mental health trusts, etc at a local level. These receive direction and guidance from NHS England and the Department of Health and Social Care.  

Th health and social care system as described above has developed over time, and during this time there have also been changes in the approach to collecting, managing, using and sharing data. Sometimes the focus has been on national, centralised approaches and other times it’s been focused on more localised, de-centralised ones. Our NHS, in England, is a system of nearly 7000 data controllers, and in addition, because of these changes over time, we have a complicated ecosystem of multiple data systems and data flows. 

Data federation can be seen as in the middle of these centralised and localised approaches, in that it allows data to stay where it is locally but enables it to be connected by providing a shared software layer over the top. This shared layer can help health and social care staff to better view and interpret data, producing insights from different places and answering questions across broader sets of information, without sending all the data to a specific place or creating copies. In the NHS, these data and insights are used for many activities – such as coordinating someone’s care between different services, analysing progress on reducing waiting lists, and identifying trends that can provide evidence for changing local health services – all of which provide benefits back to patients, but currently involve a lot of manual and time-consuming processes for NHS staff. 

What is the Federated Data Platform? 

The Federated Data Platform is software that links existing IT systems in the NHS. It’s not a data collection itself. The software will be provided by the private sector, as is the case for lots of other public sector infrastructure. 

As the King’s Fund states, private companies have always played a role in the NHS, with services such as dentistry, optical care and community pharmacy being provided by the private sector for decades, and most GP practices are private partnerships. 

Private companies have also been involved in providing digital and data services to the NHS as well as various other public sector organisations for a long time. Our page on “private sector access to data” provides some examples of these interactions.  

This doesn’t mean the involvement of private companies is without risk, just that it’s not new. However, given the scale of this service and its sensitivity, more transparency and safeguards must be in place. 

We currently understand that: 

  • The FDP will replace many existing point-to-point data flows (e.g. each hospital sending bed occupancy data to NHS England), providing consistency across the NHS and reducing risks relating to more insecure types of data sharing (e.g. creating a copy of the data and sending it)  

  • The FDP will abide by all existing laws. It will not introduce or change any information governance lawful rules such as legal basis, and fair and lawful processing  

  • There will be Role Based Access Controls, meaning that people will only have access to the minimum amount of information that they need to do their jobs 

  • Privacy Enhancing Technologies (PETs) will be used, which use technology to maximise data security and reduce the identifiability of personal data  

  • A large amount of data that will flow in FDP will be non-identifiable – any Personal Confidential Data will only be accessed in accordance with information governance principles and lawfully  

  • The supplier will have no right to use patient data for its own purposes.  

But there needs to be more information on ‘how’. 


Public-facing information about the Federated Data Platform is still quite unclear. Some of this may be because the procurement process is still underway, which means certain rules have to be followed, but some of it may also not be being communicated, not decided yet, or currently unknown until the successful supplier is in place. 

This communication also needs to include how the Federated Data Platform fits in with other policy and infrastructure developments. For example, the draft data access policy and the development of Secure Data Environments. It needs to include how people’s data is going to be kept demonstrably safe in the wake of numerous public sector data breaches and misuses. The Federated Data Platform and the Secure Data Environments are part of a move away from a system of ‘data dissemination’ (where data is copied and shared, leaving its original environment) to one of ‘data access by default’, (where people access the data where it is, without the need to share it around). This provides more opportunities to audit who is accessing the data and what they are doing with it. Ultimately it will create a safer, more transparent system, but the detail of how it will operate needs to be set out clearly. It also needs to include how it’s going to be used at a local level, across trusts and integrated care systems – we know they have the option of using it, but if they decide not to use it, what does that mean? 

Choices and opt-outs 

We’ve made the link between the Federated Data Platform and opt-outs in this blog because the two have already been associated in other online and in-person conversations. Some have suggested that opting out is a course of action people might wish to consider if they don’t trust the supplier of the FDP. Others have stated that opting out will not stop people’s data from being used in the FDP. Some have pointed out the damage that mass opt-outs could have on the NHS’s ability to plan its services and on researchers’ abilities to analyse variations in care. 

These conversations are quite telling about the spectrum of attitudes towards the FDP. However, they may also highlight a lack of information, gaps in understanding, or it may simply be that people don’t currently support it. 

People may be looking for answers as to whether opting-out is the right thing to do as a result. UPD isn’t here to give an answer, and we don’t feel like there is enough information available at the moment for people to make fully informed choices, but we aim to provide more information based on the situation as we currently understand it.  

Our current understanding is that the main use of the Federated Data Platform will be for individual care, so the data for everyone who receives care in England will go into the platform, regardless of whether you have a National Data Opt-Out in place. This is because opt-outs only apply to secondary uses of data, like health research and planning. They do not stop data from being used and shared for people’s individual care. 

However, having a National Data Opt-Out in place may mean your data isn’t used by the NHS for other activities inside the platform (e.g. for uses where the opt-out applies, such as using confidential patient information to analyse whether there are enough dialysis units in a particular area), and it will mean that your data isn’t used by external third parties where the opt-out applies (e.g. medical research by charities). Please bear in mind that this is only our understanding, and we would welcome more information from NHS England so we can check this is correct. 

As an organisation, UPD has been involved in policy about opt-outs since its inception. It’s a policy with good intentions that tries to maintain a balance between individual choices and ensuring the system has the data it needs to function. However, in its implementation it has become very complicated. Over time, an increasing number of exemptions have been granted for activities that the opt-out would typically apply to, such as the National Cancer Patient Experience Survey, meaning they don’t need to apply it. These exemptions are granted for good reasons, usually related to patient safety, but they make it difficult for people to know what their data is and isn’t being used for. 

It also isn’t an easy policy in other countries. Conversations about the opt-out policy for the European Health Data Space have highlighted different opinions and national processes across Member States. For example, in France, everyone has to be informed about their data being used for secondary purposes but it has caused practical challenges, Finland doesn’t have an opt-out all, and Denmark has gone from an opt-in, to an opt-out, to no opt-out. It’s a complicated topic and can be very emotive, but UPD thinks it is worth having regular conversations about opt-out policies and understanding public attitudes. 

UPD’s asks 

UPD echoes the calls from the National Data Guardian about more communication, asks that its questions are answered, and is warning that the impact of public opinion should not be underestimated.  

We are looking forward to seeing the progress on the public and patient advisory group and the development of the data pact, as mentioned in NHS England’s blog. 

UPD has updated its content on choices and opt-outs as well as private sector access to data, weighing up the risks of data use, what organisations make decisions regarding access to data, and how data is kept safe. We hope that the opt-out policy will continue to be looked at to ensure people’s choices remain clear and authentic as our data landscape and technology evolve. 

Let us know what you think – we’re very interested in feedback. We will also aim to update this article as and when more information becomes available. 

Update (13/10/2023): NHS England has updated its FAQs about the FDP. To read more, click here.