We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
We may also be requested by the NHS in Scotland, Wales and Northern Ireland to collect, analyse and disseminate data for them, including information about residents of these countries.
Examples of some of the purposes for which NHS Digital may process personal data under the COVID-19 Directions and in response to these requests may include processing personal data for the purposes of:
- understanding COVID-19 and risks to public health, trends in COVID-19 and such risks, and controlling and preventing the spread of COVID-19 and such risks
- identifying and understanding information about patients or potential patients with, or at risk of COVID-19, information about incidents of patient exposure to COVID-19 and the management of patients with or at risk of COVID-19 including: locating, contacting, screening, flagging and monitoring such patients and collecting information about and providing services in relation to testing, diagnosis, self-isolation, fitness to work, treatment, medical and social interventions and recovery from COVID-19
- understanding information about patient access to health services and adult social care services as a direct or indirect result of COVID-19, and the availability and capacity of those services
- monitoring and managing the response to COVID-19 by health and social care bodies and the Government including providing information to the public about COVID-19 and its effectiveness and information about capacity, medicines, equipment, supplies, services and the workforce within the health services and adult social care services
- delivering services to patients, clinicians, the health services and adult social care services workforce and the public about and in connection with COVID-19, including the provision of information, fit notes and the provision of health care and adult social care services
- research and planning in relation to COVID-19
NHS Digital also has a number of legal powers under the Health and Social Care Act 2012 to share data with organisations where it is necessary for particular purposes.
We may, therefore, share your personal data using these powers, or under the legal notice mentioned above, with other health and care organisations for the purposes of your individual care and treatment or for planning, commissioning and research purposes.
We may also share your personal data with approved researchers outside NHS Digital (subject to a rigorous governance process), including for the purposes of carrying out clinical trials (for example, to invite you to join a trial). We will only share your data with other organisations where this is lawful and and in line with data protection law.
Types of organisations we may share your data with
The types of organisations we may share your data with include:
- the Department of Health and Social Care and other government departments, as part of the government response to coronavirus
- NHS England
- Public Health England
- GPs
- Clinical Commissioning Groups
- Local Authorities
- other NHS, health, or social care organisations
- NHS bodies in Scotland, Wales and Northern Ireland
- researchers involved in COVID-19 studies, such as university researchers, hospital researchers, pharmaceutical companies (for example, those who have developed a new vaccine), or clinical research organisations (private companies that help to run clinical trials)
We may also share your information with organisations who process personal data for us on our behalf. They are called Processors. Where we use Processors we have contracts in place with them which means that they can only process your personal data on our instructions. Our Processors are also required to comply with stringent security requirements when processing your personal data on our behalf.
We will also publish data we have obtained for COVID-19 purposes which is anonymous, so that no individuals can be identified from that data. This will enable NHS and other organisations to use this anonymous data for statistical analysis and for planning, commissioning and research purposes as part of the response to coronavirus.
Other organisations with whom we share your personal data have obligations to keep it for no longer than is necessary for the purposes for which we have shared your personal data. Information about this will be provided in their transparency or privacy notices which are published on their websites.