Skip to main content

Synthetic data in live environments - NHS e-Referral Service

Why synthetic (test) data is needed and the principles that govern how synthetic test data should be used in live e-RS environments, including naming conventions. There is also an example synthetic data usage agreement.

Page contents

Introduction

There are occasions where users need to perform transactions on NHS systems which are not "real". These may include staff training, deployment testing of new systems/versions or perhaps as part of live incident resolution. Real patient records must never be used for these purposes, therefore NHS England provides ‘synthetic data’ which can be used to separate these transactions from "live" transactions.

The use of synthetic data in systems which also handle real patient data carries risks. This can include:

  • confusion between real patient and synthetic data -  it could result in real data being recorded against a synthetic record and vice versa
  • synthetic data booked in to real clinical appointment slots - it reduces the number of slots available for real patients and should be avoided at all costs
  • inaccurate reporting for statistics or payments
  • users becoming confused about which environment they are using at any one time where they have access to both live and test environments

These risks can be reduced in part by:

  • keeping the use of synthetic transactions in live to an absolute minimum
  • regularly auditing the use of synthetic data
  • following this guidance on the best use of synthetic data

This guidance on the use of synthetic data in live must be followed to reduce the risk. This guidance should be read and understood by anyone making use of synthetic data in live.

Failure to follow the guidance may mean the synthetic records are revoked and could potentially lead to a live security incident. Before synthetic data is issued by NHS England the requestor must sign the Synthetic Data Usage Agreement.

General principles

  1. Wherever possible testing or training should not be conducted in live. NHS England can provide access to testing and training environments which contain synthetic data and are purpose built to support NHS organisations to test in a safe, live-like environment to protect patient safety. See our assurance support portal for more detail.
  2. Where it's necessary to test or train in live, real patient records must not be used – synthetic patients can be requested from [email protected]. Please provide 5 working days’ notice for requests to be completed.
  3. Synthetic patients must be removed from the end systems once testing is completed – they should not be left for ongoing general use by live users. Failure to do so could have an unnecessary and detrimental impact on live services.
  4. You should only use the synthetic data which has been specifically allocated to your organisation. You can check this by emailing [email protected].
  5. Data in live (including synthetic data) should only be accessed by people holding valid smartcards in their own name – test user accounts are strictly forbidden in live.
  6. Anyone using synthetic data in live must read this document, and agree to the guidance, before doing so.

Synthetic data naming convention

Synthetic patient records in live are identified by their NHS number which always starts 999 (for example, 999 123 4566). The NHS number is valid but is from a range of numbers from which real NHS numbers will never be issued.

The Family Name of each record starts XXTESTPATIENT followed by random characters (such as XXTESTPATIENT-ABDF).

The address of the patients is the Test Data Manager at NHS England to ensure any post which is inadvertently sent does not get sent to real patients.

The test patients are registered to synthetic GP practices.

Demographics

Unless with express consent from the NHS Digital Test Data Manager (contact via [email protected]), you must not change the:

  • name
  • address
  • deceased Status
  • nominated pharmacy

If required, you can change the:

  • date of birth
  • gender
  • title
  • GP practice – only if consent is received from the GP practice concerned and it should be reverted to the synthetic practice as soon as possible.

NHS e-Referral Service

The synthetic test records may be used for e-RS deployment testing and training in live where necessary.

Do not refer into live services, unless it is a dummy service and you have express consent in writing from that service or you have express consent in writing from a live service.

You must manage the referral appropriately to ensure live/dummy services are not detrimentally affected by the referral. 

This will avoid test patients being referred into real services and taking real appointments from actual patients.

Referrals into live services are monitored by NHS England to avoid inappropriate use of synthetic patients.

Contact us

If you have questions regarding the use of synthetic data in live or any of the content in this guidance, please contact the test data team at [email protected].

Once a request for synthetic data is received, an agreement will be sent by the test data team to the requestor when their request is logged and allocated to an analyst. Below is an example of synthetic data usage agreement.

Example synthetic data usage agreement

1. NHS England reference: TD006776

2. Organisations

This Synthetic data Usage Agreement (Agreement) is drawn up between:

NHS England, 7 and 8 Wellington Place, Leeds, West Yorkshire, LS1 4AP

And: 

Kent & Canterbury Hospital, East Kent Hospitals University NHS Foundation Trust

3. Period of Agreement

This agreement commences on 08/08/2018 until further notice. This Agreement will be subject to review on an annual basis.

4. Synthetic data provided

<Summary details of synthetic data provided such as 10 demographics records>

5. Purpose for which the Data are to be used

Small number of real NHS numbers to allow for testing the merging of patients on our Electronic Master Patient Index and Infoflex

6. Permissions

This data is provided for the purposes expressly described in section 5. If the data will be used for purposes other than that described then the data requestor must seek permission from the NHS England Synthetic data Manager after which this agreement would be reviewed and updated as appropriate. The data must be used in accordance with the "Use of Synthetic data in Live Guidance" document (email [email protected] for a copy).

7. Synthetic data ownership and responsibility

The data requestor remains responsible for the use of the synthetic data which has been allocated even if shared and used by others at the organisation therefore a record of who the data has been shared with should be kept. The data requestor is responsible for ensuring the "Use of Synthetic data in Live Guidance" document is provided to users who have been given access to the synthetic data.

8. Storage of data

The data must be stored on a secure system with appropriate password protection.  Transmission of this data must also be via secure means e.g. NHS Mail.

9. Breach of conditions

Notification of breach: the beneficiary agrees to report immediately to NHS England instances of breach of any of the terms of this Agreement.

Right to terminate access: the breach of any of the terms of this Agreement may result in the immediate termination of access to the data. 

10. Changes to terms of agreement

NHS England has the right to change the terms of this agreement and these will be notified to the beneficiary in writing. The beneficiary also has the right to request changes to the agreement in writing to NHS England. These changes will be considered by NHS England and if appropriate an addendum to the agreement will be issued.

If the person signing on behalf of Kent & Canterbury Hospital, East Kent Hospitals University NHS Foundation Trust should leave their post or the responsibility for this agreement changes from them, then it is incumbent on that person to arrange a new signatory to this agreement and NHS England informed of this requirement immediately.

11. Agreement signatures

For and on behalf of: <Receiving Organisation> For and on behalf of: NHS England

Signed:

Print Name:

Post/Title:

Date:

Signed: Mr J S Rattanpal

Print Name: Jagatar Singh Rattanpal

Post/Title: Lead Practitioner

Date:    8 August 2018

Last edited: 20 February 2024 1:45 pm