Introducing patient data

Everyone should be able to find out how patient data is used and why, what the safeguards are, and how decisions are made.

Watch video
  • Why is it important to use patient data?

    There is huge potential to use patient data to improve health, care and services across the NHS. The information can help to:

    • improve individual care and patient safety
    • understand more about disease to improve diagnosis
    • plan and evaluate NHS services
    Why it is important to use patient data
  • How is patient data used?

    Patient data must be kept safe and secure. Everyone should be able to find out how data is used and the answers to common questions like:

    • Who can access patient data?
    • How is data kept safe?
    • Can I be identified from the data?
    • What choices do I have?
    How patient data is used and kept safe

Why do we need to talk about patient data?

Hear people explain why it's important to use patient data and why we need to talk about it more. 

Watch video

Frequently asked questions

Whenever you interact with the health service, such as during a GP appointment or hospital visit, they collect data about you, your health and your lifestyle. This is recorded and stored in your patient record, whether that be a physical paper copy or in some cases digitally. It may include your height and weight, whether you smoke, how much you drink, detail of any allergies, what aches, pains or infections you’ve got, and what medications you’re taking. It may also include the results of blood tests, images from MRI scans, and any procedures you’ve had, together with contact information, date of birth, and next of kin information.   

Other specialists you may see, for example dentists, physiotherapists and psychologists, will also create records. Other types of health data include information collected during clinical trials and cohort studies or data generated by you; for example, health apps, fitness trackers or patient surveys. 

The NHS uses this information to help provide the best clinical care for us. It can also be used to improve NHS services, or for research to help identify effective treatments, monitor the safety of medicines, and understand the causes of disease and illness. Because a patient record contains sensitive information about your health, it must be handled very carefully and accessed safely and securely, to protect confidentiality. There are strict regulations in place to ensure that this is adhered to. See our page on how your data is kept safe for more information. 

It is essential that patient data is kept safe and secure, to protect your confidential information. A common framework that is used for assessing and explaining how data is being kept safe is the ‘Five Safes’ Framework. This was initially developed by the Office for National Statistics and other data providers and has increasingly been adopted by other organisations as a framework for developing safe data access systems. The five elements are:  

  • Safe People — are the users using the data appropriately? Are they trained on data protection? Are they authorised to access the data?  

  • Safe Projects — is the project lawful, in the public interest, and approved by data owners?  

  • Safe Data — has the data been processed to protect confidentiality and minimise the risk of identifying individuals?   

  • Safe Settings — are there technical controls on access to the data? Does the data environment provide protections to prevent unauthorised use?  

  • Safe Outputs — is the data checked and approved before leaving the system to minimise risk?  

As well as this framework, there are also many laws, regulations and Government policies in place to protect your data.  

Find out more about how data is kept safe

A national data opt-out was introduced in England in May 2018, following recommendations from the National Data Guardian. This allows people to choose to opt out of having their confidential patient information shared for reasons beyond their individual care, for example for research and planning. 

Find out more on our information page dedicated to the choices about how your health data is used beyond your individual care

The NHS is not allowed to sell your data for profit, and will only share data when there is a strong and valid reason to do so. It publishes details of every organisation that uses NHS data. It is prohibited by law for NHS patient data to be shared for marketing, insurance of other solely commercial purposes.  

However, it does operate on a cost recovery basis, so it is allowed to charge for the cost of processing and delivering the Data Access Request service, but not for data itself. The charge depends on the type of application, amount of data requested, and the amount of work that the NHS will need to do. 

Individual NHS Trusts will enter into different arrangements when working in partnership with private sector organisations, depending on their requirements and the services that are offered.   

As new digital technologies develop, we are beginning to understand more about the value of data. While people may feel uncomfortable with the idea of the NHS receiving any sort of payment related to data, there would also be concerns if valuable data is given away to private sector organisations for free. There needs to be much more discussion about how the NHS and patients can benefit from the unique resource of NHS data. NHS England have recently published their new Value Sharing Framework for NHS data partnerships that sets out the NHS’s thinking on these issues in more detail. According to the Framework, the NHS should seek a share of commercial value arising from the use of NHS data, proportional to the NHS’s contribution to the project. However, more detail is needed about how this will work in practice.