Whenever we go to a doctor or a hospital, they collect data about us, our health and our lifestyle. This is recorded and stored in our patient record. It may include our height and weight, whether we smoke, how much we drink, detail of any allergies, what aches, pains or infections we’ve got, and what medications we are taking. It may also include the results of blood tests, images from MRI scans, and any procedures we’ve had, together with contact information, date of birth, and next of kin information.  

Other specialists we see, for example dentists, physiotherapists and psychologists, will also create records. 

The NHS uses this information to help provide the best clinical care for us. Because a patient record contains sensitive information about our health, it must be handled very carefully and accessed safely and securely, to protect confidentiality.

Other types of health data include information collected during clinical trials and cohort studies or data generated by you, for example health apps, fitness trackers or patient surveys.

Everyone in England should be able to access summary information from their GP records online. However, the number of people using this system is low, and the information that is available varies between different GP practices. If you want to access your health records online, speak to reception at your GP practice.

At the moment, very few people have online access to hospital records. The Government has committed that by April 2018 everyone will have access to an online personal health record that includes information from all of their health and care interactions. This is an important goal that will help us feel empowered to manage our care better.

NHS Choices

Patient Information Forum: Personal Health Records

Uses of patient data wheel

Download flyer 

Good quality information is essential to inform our clinical care. Everyone should have access to information about their own healthcare, to check the information is accurate and to help manage any condition. Your whole care team, whether in a GP practice, a hospital or a care home, needs to have access to up-to-date information about you to inform your treatment, and to provide the best care.

In addition, if small amounts of data from many patients are linked up and pooled, researchers and doctors can look for patterns in the data, helping them develop new ways of predicting or diagnosing illness, and identify ways to improve clinical care. The information from patient records is really valuable to help understand more about disease, to develop new treatments, to monitor safety, to plan services and to evaluate NHS policy. 

The NHS can’t do all of this analysis on its own. For example, academic researchers may be able to answer important new questions using the data, or commercial organisations may have the best expertise and technologies for making sense of large and complex data from hospitals and GP practices.

You can find examples of how data is used below:

Case studies

A matter of life and death: how your health information can make a difference (AMRC, 2016)

My data, my care: how better use of data improves health and wellbeing (Richmond Group, 2017)

What can big data do for mental health treatment? (MQ Mental Health, 2017)

It’s important we’re able to talk about the risks, and perceived risks, of sharing patient data. People want to know what the potential harms are if data is misused or an individual re-identified. While it will never be possible to eliminate risk entirely, there will be ways to reduce the risks and potential harms. In weighing up the costs and benefits, it is important to consider the risks of not using the data, and to consider how the risks of sharing health data compare to sharing other types of data. 

These are really complex issues, so we want to tackle them objectively providing more resources on how to better talk about risks. These will be available here soon.

It is essential that patient data is kept safe and secure, to protect privacy. 

There are four ways that your privacy is shielded:

  • by removing identifying information
  • using an independent review process
  • ensuring strict legal contracts are in place before data is transferred
  • and implementing robust data ​security standards.​​​​​​

Safeguards explainer

People want to know whether they could be identified when data about them is used. There are different levels of identifiability which sit on a spectrum.  

Full spectrum

At one end of the spectrum, a person is fully identifiable. As you remove or encrypt information, you blur the image more and more, and it becomes more difficult to identify who that person is. At the other end of the spectrum, it is not possible to identify who someone is — they are effectively anonymous. Different controls are needed at different points along the spectrum depending on the risk of re-identification. The controls that are taken to protect the data are just as important as the data itself. It may also be possible to work out who someone is by joining together information from different sources — like joining together different pieces of a jigsaw puzzle.

Identifiability explainer

This data glossary, produced by Connected Health Cities, also clarifies other technical terms around patient data. 

There are strict rules on what’s allowed and not allowed depending on how identifiable the data is.

Personally identifiable information: you will usually be asked to give explicit consent for personally identifiable data to be used for purposes other than your individual care. For example, you would have to give consent for personally identifiable data to be used in a specific research or cohort study.

Personally identifiable information will always be stored in a highly secure way and there are sanctions under the Data Protection Act if personally identifiable data is misused. It can only be used if you give your permission or where required by law, and then only with robust safeguards. There are some occasions where the law allows the data to be used without consent, for example:

  • Notification of infectious diseases and food poisoning.
  • NHS fraud investigations.
  • Investigations by regulators of professionals (eg General Medical Council investigating a registered doctor’s fitness to practice).
  • Information must be provided to the police for road traffic offences and to prevent an act of terrorism.
  • Termination of pregnancy must be notified to the Chief Medical Officer (reference number, date of birth and postcode).
  • Notification of cancer to cancer registries.
  • NHS Digital (which has responsibility for collecting and publishing data and information from across the health and social care system in England) has the power to collect information from health and social care organisations as set out in the Health and Social Care Act 2012.
  • Section 251 of the NHS Act 2006 allows identifiable information to be used for research and other medical purposes without consent where the use is in the public interest but it would not be practical to seek consent because of very large numbers of people involved or where it may cause harm and distress. In these unusual cases, the research must first be approved by the Confidentiality Advisory Group of the Health Research Authority.

You can find out more here:

De-personalised information: there are strict safeguards on how de-personalised information can be used, because there is the potential that it might be possible to re-identify someone. The higher the possibility of re-identification, the greater the level of control needed. Provided the data is anonymised in line with the ICO code of anonymisation, it can be used without consent.

Anonymous information: because it would not be possible to identify someone, anonymous information does not need special protection and can be published openly. Provided the data is anonymised in line with the ICO code of anonymisation, it can be used without consent.

People have the choice to opt-out of their personally identifiable data being shared for purposes other than their individual care. You cannot opt-out of sharing data about you that has been anonymised.

The National Data Guardian proposed a new opt-out model in her review of data security and consent, and the Government has now accepted the recommendations. Detailed work is now underway to implement the model, and allow people to opt out of having personally identifiable information shared for reasons other than their individual care. The national data opt-out will begin to be offered from March 2018 and rolled out across the whole NHS and social care system by 2020.

More information will be available here in the run up to March 2018, on how to access the national data opt-out and about how your preference will be applied across the health and care system.

In relation to existing opt-outs:

  • The type 1 opt-outs will remain until 2020 to allow the new opt-out to be implemented, and the National Data Guardian will be consulted before their removal.
  • The type 2 opt-outs will be transferred into the new opt-out, with direct communication to those who opted out to explain what is happening.


Researchers use patient data to help us to understand more about disease, develop new treatments, monitor safety, plan services and evaluate NHS policies. This kind of research is vital to improve health and care for everyone.

Data about patients is held in many datasets, including:

  • GP records
  • Clinical audits eg National diabetes audit
  • Disease registers eg Cancer register
  • Hospital Episode Statistics
  • Diagnostic imaging datasets
  • Prescribing databases
  • Commission reporting and evaluation
  • Patient surveys eg Patient Reported Outcome Measures (PROMs).

Researchers apply to access data from several sources, including the Clinical Practice Research Datalink, NHS Digital and Public Health England. There are also tools available, such as the Health Data Finder for research, which help researchers look for relevant datasets.   

Before a researcher is granted access, their study must be assessed by an independent review committee, who check that the reason for using the data is appropriate. Wherever possible data will be anonymised, and researchers should only be given the minimum amount necessary to answer a question. Data must be stored securely, and a legal contract must be signed before data can be transferred.

Often a study will need to use data about an individual that is held in more than one dataset. When this happens, a trusted third party, usually NHS Digital, links the data using a unique identifier (such as NHS number which is then removed) to make sure the researcher cannot re-identify individuals.

You can find more examples of what data is used by researchers in our case studies.

Many people are concerned about commercial organisations having access to data. There are many different types of companies that might want to access patient data, for example:

  • A pharmaceutical company: to monitor the long-term effects of a drug it has developed, to see if there are any adverse side effects in the population who use it. 
  • A business intelligence company: to work with an NHS Trust to analyse data on how patients move along a care pathway, to identify patterns and potential areas where the service could be made more efficient.
  • A software developer: to access real patient data to help create an app that quickly alerts clinicians when inpatients might be at risk of complications. Hospital systems are complex and often systems don’t work well together, so developers need to understand the architecture of these systems to create useful tools.
  • A diagnostics company: to partner with an academic research group to use patient genetic and clinical data to devise a new genetic test for a rare disease.

It is also important to note that many health care services may be delivered by third parties who need access to patient data to provide individual care, such as GP appointment logins, screenings and blood tests.

In a study Wellcome commissioned in 2016, it was found that people are supportive of companies having access to patient data but only if there is a clear public benefit as well as a benefit to the company. However, a minority of people object to the idea of commercial organisations accessing data under any circumstances. Some research would not be possible without the expertise and resources of commercial organisations, but any access to data has to be strictly controlled whoever the user.  Personally identifiable patient data cannot be used for insurance or marketing purposes, and all users have to sign contracts that set out what they can and cannot do with the data.

The One Way Mirror (Ipsos MORI, 2016)