PANORAMIC: Transparency notice

The National Institute for Health Research (NIHR) has funded the University of Oxford to carry out a first-of-its-kind clinical trial. They will be working with other UK universities to test new antiviral coronavirus (COVID-19) treatments with people who have COVID-19 and are at higher risk of complications. The treatments need to be given early in the illness to be most effective.

The PANORAMIC Trial is a national priority trial. They are recruiting volunteers, whether they have been vaccinated or not. It is open to people with ongoing symptoms of COVID-19 and a positive Polymerase Chain Reaction (PCR) test or Lateral Flow Test (LFT).

NHS England and the Department of Health and Social Care have directed NHS Digital to provide a system to find people who would be eligible for the Panoramic Trial. This will be via a secure GP web viewer on the NHS Digital platform (NHS Digital Web Viewer). A person’s GP Practice and associated GP hub (GPs) will be able to see a list of their patients who meet the criteria. They will contact the patient to discuss if they would like to take part in the trial.

The inclusion criteria are:

• aged 50 and over without comorbidity 
• aged 18 to 49 with comorbidity as defined below in the clinical criteria

And:

• have a positive PCR or LFT 
• are within 7 days of positive PCR or LFT test 

The following groups of people will be excluded:

• people already identified as requiring immediate treatments for COVID-19 – people who are considered to be suitable for immediate treatment and are already having a clinical assessment to get the treatment for direct care purposes are excluded from the list being provided to GPs
• people who are deceased

If a person has provided their (or their carer’s) mobile or email contact information when they register their COVID-19 test and they test positive, they will be contacted by text/email to signpost them to the Trial. This messaging will begin mid-February 2022. 

This notice should be read alongside our Coronavirus (COVID-19) response transparency notice.

Under the UK General Data Protection Regulation 2016 (GDPR), NHS Digital is the controller of your personal data where we are directed or requested to process personal data for COVID-19 purposes.

We are also a joint controller with the person who has directed or requested us to do this work. In this case this is NHS England who are directing NHS Digital to carry out processing for COVID-19 purposes.

Where we share data, NHS Digital is the sole controller for the sharing of your personal data.

We identify patients to include in the COVID-19 Medications Service by using data we already hold as the national safe haven for health and care data in England.

Data used to identify whether you would be suitable for the Trial includes:

• NHS number
• name
• date of birth
• sex registered at birth
• address
• postcode
• date and time of positive polymerase chain reaction (PCR) test or lateral flow test (LFT)
• registered GP practice
• contact information provided by the patient or their carer at the point of registering their PCR test or LFT
• contact information, mobile number and email address from the patients’ medical record
• health related data (in the form of condition codes held in central NHS records), where the data matches the clinical conditions and ruleset established by NHS England and NIHR

The health and social care system is taking action to manage and mitigate the spread and impact of COVID-19.

This action requires the collection, analysis and sharing of information, including confidential patient information where necessary and lawful, amongst health organisations and other appropriate bodies. This is due to the urgent need to protect public health and respond to the COVID-19 outbreak. 

To support the healthcare response to COVID-19, NHS Digital has been directed by NHS England under the COVID-19 Directions to both:

• establish information systems to collect and analyse data in connection with COVID-19; and 
• develop and operate IT systems to deliver services in connection with COVID-19

Where we are directed to process personal data for COVID-19 purposes, this is a legal obligation, and we are allowed to do this under Article 6 (1)(c) of UK GPDR.

NHS England is directing NHS Digital to process personal data as part of their statutory functions. This is part of their public task and are allowed to do this under Article 6(1)(e) of UK GDPR.

Where we need to process health data and other special categories of personal data, we will only do this where it is necessary as part of our statutory functions. Under UK GPDR we are allowed to do this where it is necessary for substantial public interest reasons (Article 9(2)(g)), and where it is necessary for healthcare purposes (Article 9(2)(h)). 

We are also allowed to share your personal data under GDPR where it is necessary for us to do so for one of the purposes explained above.

More information can be found in the 'Who we share your personal data with' section below.

NHS Digital will share information with your GP practice and its associated GP hub. They will use that information to contact you and discuss whether you would like to join the PANORAMIC Trial.

The information shared will include:

• NHS number
• name
• date of birth
• postcode
• date and time of positive polymerase chain reaction (PCR) test or lateral flow test (LFT)
• contact information, mobile number and email address, provided by the patient or carer at the point of registering  their PCR test or LFT 
• contact information, mobile number and email address from the patients’ medical record
• the clinical condition group

Your GP will only pass on your information to the Trial with your consent.

NHS Digital will share your contact information with NHS Business Service Authority. They are responsible for messaging people in England their test results on behalf of the Department of Health and Social Care. If the test is positive for COVID-19, they will text or email you (using the information you or your carer provided when you booked your test) to signpost you to the Trial page. This messaging will begin mid-February 2022. 

We will also provide aggregate reporting to NHS England and the Panoramic Trial to support management, performance monitoring and administration of the Panoramic Trial. Data is fully anonymised so individuals cannot be identified from that data.

We will also use and share information for planning, commissioning and research purposes, including clinical trials, relating to coronavirus. This will include sharing information with NHS organisations, government departments, other public authorities and research organisations.

We will also publish and share data which we have fully anonymised, so that no individuals can be identified from that data.

We will only share identifiable information about you where it is lawful for us to do so and under a terms of release which:

• details the terms of release and the agreed purposes for which the data can be used
• identifies other organisations who may be allowed to use or receive the data and for what agreed purposes
• sets out the lawful basis for sharing and using the data
• obtains commitments from the recipient to the secure handling and management of the data, including its destruction once the agreed purposes have been met
   

We will keep your personal data for as long as is needed for the purpose outlined above in accordance with the Records Management Code of Practice 2021 and NHS Digital’s Records Management Policy.

Other organisations with whom we share your personal data may only keep it for as long as it is needed for the reasons we have shared your personal data. Information about this will be in their transparency or privacy notices which are published on their websites.

NHS Digital only stores and processes your personal data for this service within the United Kingdom.

Fully anonymous data, for example statistical data (which does not allow you to be identified), may be stored and processed outside of the UK.

To read more about the health and care information NHS Digital collects, our legal basis for collecting this information and what choices and rights you have, see how we look after your health and care information, our general transparency notice and our Coronavirus (COVID-19) response transparency notice.

You can read more about how NHS England processes your data for COVID-19 purposes at NHS England and NHS Improvement privacy notices.

We may make changes to this transparency notice. If we do, the ‘last updated’ date at the bottom of the notice will also change. Any changes to this notice will apply immediately from the date of any change.