There are occasions where users need to perform transactions on NHS systems which are not "real". These may include staff training, deployment testing of new systems/versions or perhaps as part of live incident resolution. Real patient records must never be used for these purposes, therefore NHS Digital provides ‘synthetic data’ which can be used to separate these transactions from "live" transactions.
The use of synthetic data in systems which also handle real patient data carries risks. This can include:
- confusion between real patient and synthetic data - it could result in real data being recorded against a synthetic record and vice versa
- synthetic data booked in to real clinical appointment slots - it reduces the number of slots available for real patients and should be avoided at all costs
- inaccurate reporting for statistics or payments
- users becoming confused about which environment they are using at any one time where they have access to both live and test environments
These risks can be reduced in part by:
- keeping the use of synthetic transactions in live to an absolute minimum
- regularly auditing the use of synthetic data
- following this guidance on the best use of synthetic data
This guidance on the use of synthetic data in live must be followed to reduce the risk. This guidance should be read and understood by anyone making use of synthetic data in live.
Failure to follow the guidance may mean the synthetic records are revoked and could potentially lead to a live security incident. Before synthetic data is issued by NHS Digital the requestor must sign the Synthetic Data Usage Agreement.