We take our responsibility to safeguard patient data extremely seriously. Data shared by NHS Digital is subject to strict rules around privacy, security and confidentiality and the new service has been designed to the highest standards.
We do not collect patients’ names or exactly where they live. Any other data that could directly identify someone, for example their NHS number, full postcode and date of birth, is pseudonymised before it leaves their GP practice. This means that this data is replaced with unique codes so patients cannot be directly identified in the data which is shared with us. The data is also securely encrypted.
We would only ever re-identify the data if there was a lawful reason to do so and it would need to be compliant with data protection law. For example, a patient may have agreed to take part in a research project or clinical trial and has already provided consent to their data being shared with the researchers for this purpose.
The law allows research projects which need to find volunteers for their research to contact patients directly about taking part in research or a clinical trial if the Health Research Authority has approved the request.
This would also need to be agreed through the Independent Group Advising on the Release of Data (IGARD) and the GP Professional Advisory Group (PAG), which is made up of representatives from the British Medical Association and the Royal College of General Practitioners.