We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
Dissemination of the shielded patients list
Who can receive this list
The NHS shielded patients list will be disseminated by NHS Digital to recipients under data sharing terms of release which will set out the agreed purposes for which the data is to be used, commitments to secure handling and management of the list, and the scope of onward dissemination.
Organisations receiving the list
The following organisations are receiving the list:
The Cabinet Office
The Cabinet Office receive the list for the purpose of delivering the government's extremely vulnerable persons service which will provide additional support to clinically extremely vulnerable people and the local authorities affected by future lockdowns.
Local authorities receive the list for the purpose of understanding and identifying clinically extremely vulnerable people to provide targeted support before, during, and following local outbreaks, offering help, social care and support in coordination with other relevant organisations as part of the local COVID-19 response.
NHS clinical commissioning groups
Clinical commissioning groups (CCGs) receive the list for the purpose of providing GP practices with support, and patients in their CCG area with support and care.
Capita receive the list for the purpose of distributing letters to shielded patients, on behalf of NHS England as their data processor.
NHS Business Services Authority
The NHS Business Services Authority receive the list for the purpose of sending text messages to shielded patients, on behalf of DHSC as their data processor.
NHS Business Service Authority also operate the Prescription Payment Verification assurance function and following direction by NHS England, includes those functions for shielded patient pharmacy post payment verification. This is to ensure that the prescription delivery services provided to clinically extremely vulnerable patients who have been shielding and require prescription delivery support are operating effectively, and to ensure that public funds assigned for COVID-19 services to patients are being managed appropriately.
On behalf of DHSC and NHS England, NHS Digital’s data processor Gov.Notify, receive the list for the purpose of sending letters, emails and text messages to shielded patients.
Emails are being used in addition to letters to ensure where patients have an email address registered with the NHS, they receive timely information on their risk status, shielding policy, advice and guidance.
NHS England/NHS Improvement and TPP
Hospitals and GP practices
For the purpose of protecting patients in their care.
Data is disseminated to NHS England and NHS Improvement for the purposes of strategic commissioning. Data is pseudonymised and held on the NHS England data warehouse (NCDR). The NHS COVID‑19 Reference Library describes the datasets being used in the NHS COVID‑19 Data Store, and the sources of those datasets.
National Services Scotland
National Services Scotland are responsible for the Scottish Shielded Patient List. The purpose of sharing this information is so that NSS can contact the English patients to provide them with details of support they can obtain locally from Scottish local authorities where they are resident, including food parcels.
NHS Wales Informatics Service
NHS Wales Informatics Service (NWIS) are responsible for the Welsh Shielded Patient List. The purpose of sharing this information is so that NWIS can contact the English patients to provide them with details of support they can obtain locally from Welsh Local Authorities where they are resident, including food parcels.
Redbridge CCG are responsible for the 111 call handling systems for London. The purpose of sharing this information is to support an NHS England pilot programme, so that patients on the Shielded Patient List who call 111 and require referral to an emergency department will now be flagged as being on the Shielded Patient List - enabling clinicians to make appropriate care arrangements
Mental health providers
Mental health providers are responsible for mental health services commissioned by CCG’s. The purpose of sharing this information is to support an NHS England policy, so that patients on the Shielded Patients List who are in receipt of mental health services from the provider can be proactively contacted and have their care plans reviewed. This is because shielding is an extreme course of action likely to have had significant impact on the shielding individual’s mental health
Supermarkets do not receive the NHS Shielded Patient List. When patients register with the government’s extremely vulnerable persons service they can request support for food deliveries. It is this information that flows to the supermarkets or food distributors. For further information, see the privacy statement for the government service.
We will update this page with further recipients when required.
Terms of release
This is the terms of release agreed by NHS Digital with the Cabinet Office. Note that at the time of the letter, the list was known as the 'vulnerable patient list'.
This terms of release is currently under review as required by the terms of release and where applicable to reflect the extension to the COPI notice to the end of March 2021. Please refer to the overarching COPI notice for NHS Digital in parallel to the existing Letter of Release until a revised version is available.
The shielded patient list has been established in response to the COVID-19 pandemic, with data dissemination being underpinned by NHS Digital’s COPI notice or the Health and Social Care Act 2012. Organisations with whom NHS Digital shares personal data have obligations to keep it for no longer than is necessary for the agreed purposes and in compliance with any Terms of Release issued by NHS Digital.
At the expiry of the COPI notice (or any extension), organisations who have received the NHS shielded patient list will need to securely delete the information held except where it forms part of the patient’s medical record. NHS Digital will issue guidance in the future on the process and attestation that this has been completed.