Skip to main content
Dissemination of the Shielded Patient List

Who can receive this list

The NHS Shielded Patient List will be disseminated by NHS Digital to recipients under data sharing terms of release which will set out the agreed purposes for which the data is to be used, commitments to secure handling and management of the list, and the scope of onward dissemination.


Organisations receiving the list

The following organisations are receiving the list:

The Cabinet Office

The Cabinet Office received the list for the purpose of delivering the government's extremely vulnerable persons service which will provide additional support to clinically extremely vulnerable people and the local authorities affected by future lockdowns. This sharing ceased on 17 September 2021 based upon the government’s announcement of the end of Shielding in England.

Local authorities

Local authorities receive the list for the purpose of understanding and identifying clinically extremely vulnerable people to provide targeted support before, during, and following local outbreaks, offering help, social care and support in coordination with other relevant organisations as part of the local COVID-19 response.  

Local Authorities are permitted to link SPL data with the Local Authority’s NHS Test and Trace data to identify people who are clinically extremely vulnerable that have come into contact with people recorded by NHS Test & Trace, and/or identify people who are clinically extremely vulnerable that have been directed to isolate by the NHS Test and Trace Service, in both cases to offer them appropriate advice and direct care.

NHS clinical commissioning groups

Clinical commissioning groups (CCGs) receive the list for the purpose of providing GP practices with support, and patients in their CCG area with support and care.

Capita

Capita receive the list for the purpose of distributing letters to shielded patients, on behalf of NHS England as their data processor.

APS Group Limited

APS Group receive the list for the purpose of distributing letters to shielded patients, on behalf of the Department of Health and Social Care as their data processor.

NHS Business Services Authority

The NHS Business Services Authority receive the list for the purpose of sending text messages to shielded patients, on behalf of DHSC as their data processor.

NHS Business Service Authority also operate the Prescription Payment Verification assurance function and following direction by NHS England, includes those functions for shielded patient pharmacy post payment verification. This is to ensure that the prescription delivery services provided to clinically extremely vulnerable patients who have been shielding and require prescription delivery support are operating effectively, and to ensure that public funds assigned for COVID-19 services to patients are being managed appropriately.

Gov.Notify

On behalf of DHSC and NHS England, NHS Digital’s data processor Gov.Notify, receive the list for the purpose of sending letters, emails and text messages to shielded patients.

Emails are being used in addition to letters to ensure where patients have an email address registered with the NHS, they receive timely information on their risk status, shielding policy, advice and guidance.

NHS England/NHS Improvement and TPP

NHS England/NHS Improvement and TPP receive the list for the purpose of identifying patients on the shielded patients list who are currently in prison and who need advice, support, and care.

Hospitals and GP practices

For the purpose of protecting patients in their care.

NHS England

Data is disseminated to NHS England and NHS Improvement for the purposes of strategic commissioning. Data is pseudonymised and held on the NHS England data warehouse (NCDR). The NHS COVID‑19 Reference Library describes the datasets being used in the NHS COVID‑19 Data Store, and the sources of those datasets.

Data is also disseminated to NHS England and Improvement for the purposes of providing an SPL feed into the COVID-19 vaccination programme (using National Immunisation Management System (NIMS)). This supports the Joint Commission for Vaccinations and Immunisations (JCVI) who identified that patients who are Clinically Extremely Vulnerable should be offered a priority vaccination.

National Services Scotland

National Services Scotland are responsible for the Scottish Shielded Patient List. The purpose of sharing this information is so that NSS can contact the English patients to provide them with details of support they can obtain locally from Scottish local authorities where they are resident, including food parcels.

NHS Wales Informatics Service

NHS Wales Informatics Service (NWIS) are responsible for the Welsh Shielded Patient List. The purpose of sharing this information is so that NWIS can contact the English patients to provide them with details of support they can obtain locally from Welsh Local Authorities where they are resident, including food parcels.

Redbridge CCG

Redbridge CCG are responsible for the 111 call handling systems for London. The purpose of sharing this information is to support an NHS England pilot programme, so that patients on the Shielded Patient List who call 111 and require referral to an emergency department will now be flagged as being on the Shielded Patient List - enabling clinicians to make appropriate care arrangements.

Mental health providers

Mental health providers are responsible for mental health services commissioned by CCG’s. The purpose of sharing this information is to support an NHS England policy, so that patients on the Shielded Patients List who are in receipt of mental health services from the provider can be proactively contacted and have their care plans reviewed. This is because shielding is an extreme course of action likely to have had significant impact on the shielding individual’s mental health.

Public Health England

Data has also been disseminated to Public Health England (PHE) for the purposes of COVID-19 vaccination programme surveillance. PHE has a role to monitor the delivery, safety and effectiveness of immunisation programmes in England and requires the SPL Data to improve the data set in order analyse the impact of COVID-19 vaccines for clinically extremely vulnerable people. 

Department of Health and Social Care (DHSC)

Data is disseminated to the DHSC’s service provider, Paragon, for the purposes of supplying those clinically extremely vulnerable people who have registered for a free Vitamin D supplement via the Get Vitamin D Supplements service. 

University of Oxford

SPL data was shared with the University of Oxford, for the development and validation of a risk prediction QCovid® risk calculator to estimate short term adverse outcomes from COVID-19 disease which can be used as a risk stratification tool and to inform national shielding policy.

Supermarkets do not receive the NHS Shielded Patient List. When patients register with the government’s extremely vulnerable persons service they can request support for food deliveries. It is this information that flows to the supermarkets or food distributors. For further information, see the privacy statement for the government service.

We will update this page with further recipients when required.


Terms of release

This is the terms of release agreed by NHS Digital with the Cabinet Office. Note that at the time of the letter, the list was known as the 'vulnerable patient list'.

This terms of release is currently under review as required by the terms of release and where applicable to reflect the extension to the COPI notice to the end of September 2021. Please refer to the overarching COPI notice for NHS Digital in parallel to the existing Letter of Release until a revised version is available.


Data Retention

The Shielded Patient List has been established in response to the COVID-19 pandemic, with data dissemination being underpinned by NHS Digital’s COPI notice or the Health and Social Care Act 2012. Organisations with whom NHS Digital shares personal data have obligations to keep it for no longer than is necessary for the agreed purposes and in compliance with any Terms of Release issued by NHS Digital.  

At the expiry of the COPI notice (or any extension), organisations who have received the NHS shielded patient list will need to securely delete the information held except where it forms part of the patient’s medical record. NHS Digital will issue guidance in the future on the process and attestation that this has been completed.
 

Last edited: 21 September 2021 8:21 am