Skip to main content
Creating a new NHS England: Health Education England, NHS Digital and NHS England have merged. More about the merger.

How we created the Shielded Patient List

Mark Reynolds, Chief Technology Officer at NHS Digital, explains the architecture behind the NHS Shielded Patient List, which is helping to protect the most vulnerable members of society during the coronavirus pandemic.

On 21 March 2020 it was announced that people at highest risk of complications from coronavirus (COVID-19) would need to shield themselves from society. We needed a way to quickly identify and inform this group of people so they could take immediate action to help protect themselves.

Little girl touching her grandparent's hands through a window.

We created the NHS Shielded Patient List to provide a record of these people identified from GP and hospital (HES) data.

The service initially went live on 20 March 2020 and grew in scope in response to the COVID-19 pandemic, allowing those identified to be at risk to receive care support, food parcels and preferential access to online delivery from the supermarkets.

The architecture behind the list

During the first few weeks of the project people across government were becoming confused by the different flows of information and their frequency. Our Enterprise Architecture team documented the flows which helped to explain how GPs, NHS Digital, clinical commissioning groups (CCGs), government and others are related to each other.

At its heart, the Shielded Patient list consumes data from a range of sources, creates lists using a set of business rules and then makes the file available for dissemination. The diagram below illustrates this in more detail. 

Diagram of the technical architecture behind the Shielded Patient List showing data flows and dissemination

The diagram shows how the Shielded Patient List combines the Data Management Environment (DME) and Data Processing Service (DPS) data and uses data flow and extraction technologies (for example, Message Exchange Health and Social Care (MESH) and the General Practice Extraction Service (GPES)) to obtain clinical data. 

The clinical data is taken from a patient’s GP record and demographic information (including name, date of birth and address) is taken from the Master Patient Service (also known as the Master Person Service) on the left-hand side. The data is used with a set of rules to determine which patients are at highest risk. 

The “product” is the actual Shielded Patient List service (top yellow boxes) and the list is sent to other organisations such as Public Health England via the Secure Electronic File Transfer and other mechanisms shown on the right (the Shielded Patient List viewer and the Shielding Note Service).

The black box indicates the external Gov.UK Notify service which was used to contact those at risk to inform them that they were on the list and needed to shield.

The end to end process

A more detailed end to end process is shown below, to be read from left to right – essentially showing the collection of the data  from hospital trusts and GP practices that is processed through the algorithm. The Shielded Patient List is then generated and disseminated to the organisations which use that information via the services (Secure Electronic File Transfer and Gov.UK Notify, in blue) on the right.

Diagram of the end to end process showing the collection of the data  from hospital trusts and GP practices that is processed through the algorithm

Data collection

Data for shielding is collected via several routes:

  • demographics information is gathered from the Personal Demographics Service and shared via the Master Patient Service. The Master Patient Service operates internally in NHS Digital, sharing information between transactional and batch systems
  • data flows from primary care (GP and prison health IT) via the General Practice Extraction Service. This includes information about patients’ conditions, medications and whether they have been flagged as high risk
  • data is also collected via the Strategic Data Collection Service from hospital trusts. In this case, trusts complete a spreadsheet of patients to be added or deducted from the list. Whilst low tech, the approach meant that data collection could be rapidly rolled out across the NHS and supports both manual completion and extracts from trust IT systems

Alongside these new flows, the Shielded Patient List also uses data sets already held by NHS Digital, for example the Maternity Services Data Set.

Data processing

The Shielded Patient List is updated weekly in the Data Management Environment as follows:

1. Data is loaded from source data sets on a daily, weekly and monthly basis. For example, information on deceased patients is processed daily, primary care data weekly and hospital data monthly.

2. The system identifies patients whose data matches one of the algorithm rules that adds patients to the Shielded Patient List. These are recorded in a database table. Rules can combine a condition, timescale and/or medication. For example:

  • the patient has ever had a medical condition, for example an organ transplant. This requires a review of the entire record
  • the patient has a medical condition in a time period – for example, cancer treatment in the last 2 years
  • the patient has a medical condition AND is on a current medication

3. Additions and deduction requests from GPs and hospital doctors are recorded.

4. The individual rules are combined to identify who should be on the list with rules dealing with changes in conditions, requests for additions and deductions, code deletion and so forth.

5. The final list is checked to remove deceased patients – there is a human check on data quality and then is approved for release.


Data is disseminated via the Secure Electronic File Transfer service to the Government Digital Service, the National Commissioning Data Repository and other endpoints. It is also returned to the GP and prison health IT suppliers who use it to add codes to patient records to indicate they are on the list.

The data is made available to the Shielding Note Service. This is a web service that allows patients to request evidence of shielding status for statutory sick pay purposes. The Shielding Note Service went live in September 2020.

Initially the data was shared with NHS England and the NHS BSA to send letters and text messages respectively to patients. During September 2020, the team transitioned to using Gov Notify to contact patients via emails as well as sending a letter.

Anonymous data also flows to the Data Dashboard application in NHS Digital where it is used in dashboards including those published publicly.

The significance

The Shielded Patient List demonstrated that clinical records can be used for tailored cohort selection. Patients are added to the list based upon information in their records and a rich set of rules. This contrasts with, for example, cancer screening, where age and gender are the main determinants. It has required the team to really understand the data and characteristics around how it is recorded.

The incredible pace at which the shielding scheme needed to be deployed showed the importance of having flexible, national scale applications that can be brought together for a specific purpose. The programme was only successful because systems like the General Practice Extraction Service and Strategic Data Collections Service were already in place. Going forward, we're continuing to maintain the Shielded Patient List service for both local and national lockdowns.

Interested in working at NHS Digital? Search our latest job opportunities.

Related subjects

NHS Digital published the Shielded Patient List (SPL), to enable partner organisations across government to support and protect those who were shielding.


Last edited: 24 July 2023 1:17 pm