Skip to main content
Creating a new NHS England: Health Education England, NHS Digital and NHS England have merged. More about the merger.


New plans to increase protection and strengthen security for GP data collection programme

Patient data used for life-saving research will benefit from even greater protection and assurances owing to tougher safeguards that will be put in place ahead of the GP Data for Planning and Research programme commencing.

New plans to increase protection and strengthen security for GP data collection programme

  • Minister for Primary Care and Health Promotion sets out three new tests for commencing data collection in letter to GPs  
  • Patient data will no longer be collected from 1 September and only once three tests have been met 
  • Changes provide patients with more choice and opportunity to opt in and out of data sharing flexibly and bolster data privacy.

Patient data used for life-saving research will benefit from even greater protection and assurances owing to tougher safeguards that will be put in place ahead of the GP Data for Planning and Research programme commencing. 

Patient data saves lives. GP data has been used to prove there are no links between the MMR vaccine and autism, to identify support for a range of health issues including blindness, diabetes and learning disabilities, and help identify those most vulnerable to COVID-19 and prioritise cohorts to receive their vaccine.

Protecting privacy and security of patient data has been at the core of the programme. NHS Digital has listened to feedback on proposals, and is determined to continue working with the sector on key elements to inform further safeguards, reduce the bureaucratic burden on GPs and step-up communications for GPs and the public ahead of confirming a new implementation date.

In a letter to all GP’s today [19 July] Minister for Primary Care and Health Promotion, Jo Churchill set out a new process for commencing data collection, moving away from a previously fixed date of 1 September. Data collection will now only begin when the following criteria have been met:

  • The ability for patients to opt out or back in to sharing their GP data with NHS Digital, with data being deleted even if it has been uploaded, and outstanding opt outs being processed.
  • A Trusted Research Environment is available where approved researchers can work securely on de-identified patient data which does not leave the environment, offering further protections and privacy while enabling collaboration amongst trusted researchers to further benefit patients.  
  • A campaign of engagement and communication has increased public awareness of the programme, explaining how data is used and patient choices

Data informs planning and research across the health and social care sector saving lives through the creation of new treatments and diagnostics as well as allowing the NHS and Local Authorities to plan care and staffing levels in their areas.

NHS Digital Interim CEO, Simon Bolton, said:

“Patient data is vital to healthcare planning and research. It is being used to develop treatments for cancer, diabetes, long COVID and heart disease, and to plan how NHS services recover from COVID-19.

“This research and planning is only as good as the data it is based upon. We know we need to take people with us on this mission and this decision demonstrates our absolute commitment to do just that.

“We will continue to work with patients, clinicians, researchers and charities to further improve the programme with patient choice, privacy, security and transparency at its heart.”

The letter makes clear that patient data is not and never will be for sale. Data will only ever be used to deliver clear benefits to health and care, by organisations that have a legal basis and legitimate need to use the data.

The public and GPs can be assured data collection will only begin once NHS Digital’s Trusted Research Environment (TRE) has been fully developed, in line with best practice including projects like OpenSAFELY and the Office for National Statistics’ Secure Research Service, and to the satisfaction of the BMA, RCGP and the National Data Guardian. This is so both GPs and the public can have a high degree of confidence that their data will be safe, and their privacy protected.

By empowering patients through giving them choice and looking to allow them to flexibly opt in and out of their data being shared with NHS Digital at any time, the aim is to build confidence and trust in sharing data, leading to better care for individuals, families and communities.

This includes deleting all data collected under the programme if patients chose to opt out of their data being shared with NHS Digital at a later date.

Work continues with colleagues across general practice to explore a way of centralising the GP data Type 1 opt-out process to remove this burden on GPs and make it easier for patients to exercise this choice.


Notes for editors

  1. You can find more case studies of how data is used for healthcare planning and research here:

    o   The EAVE 2 study, which was the first data study in the world to show the effectiveness of the single dose of vaccine in reducing hospitalisation at 28 days.

    o   A study funded by Cancer Research UK using data from the Genomes Project found a new way to identify tumours which could be sensitive to particular cancer therapies. The new algorithm, called MMRDetect, allows researchers to see which tumour cells have weaknesses in their ability to repair themselves and means cancer patients can receive personalised treatments.

    o   Studying differences in diabetes incidence between different ethnic groups

    o   Redesigning patient pathways for back pain

    o   Contributing to the development of guidelines for managing hypertension

    Trusted research environments

    TREs provide approved researchers with access to the data that they require for ethically and legally approved research projects and which has been de-identified to ensure patients cannot be directly identified from the data. Data is accessed in a secure environment and its use tracked and published. Safeguards ensure that no identifiable data leaves the secure environment, providing greater assurance that sensitive data is handled securely.

    As part of the TRE data access process, NHS Digital will seek advice from the Independent Group Advising on the Release of Data (IGARD) and from the GP Professional Advisory Group to ensure that the highest standards of governance are upheld.  All approved access to data in the TRE will also be published on the Data Release Register.

    TREs are already being used to further lifesaving research. For example, NHS Digital is working with the BHF Data Science Centre as part of the CVD-COVID-UK initiative to provide approved researchers with access to de-identified data in an NHS Digital TRE. This is being used for research investigating the impact of COVID on cardiovascular diseases, and the safety of vaccines. These studies are using data from general practice and demonstrate the importance of linking data across health settings. 

Last edited: 22 March 2023 12:35 pm