Skip to main content
General Practice Information Governance

Find out how we handle requests for General Practice (GP) information.

The legal framework governing the use of personal confidential data in health care is complex. It includes the NHS Act 2006, the Health and Social Care Act 2012, the Data Protection Act 2018, and the Human Rights Act 1998.


GPES data collections information governance requirements

The Secretary of State for Health and Social Care (Secretary of State) or NHS England can ask us to collect information on specific topics so that they can improve patient care. They do this by issuing Directions.

When we receive such Directions to collect information from GPES, we need to obtain an assurance certificate. The assurance certificate confirms that the Information Standard, Collection or Extraction has been through assessment and is demonstrated to meet the quality assurance criteria set by the Data Coordination Board. On the basis of the evidence seen, it has been evaluated as being fit for the use as specified in the assured and published documents, within health and care in England.

We also issue a Data Provision Notice to GP practices. The Data Provision Notice provides details of the data collection including the purpose, benefits, how we intend to collect the information, form, manner, frequency and from which organisations. We also include any information governance, legal basis or burden/costs considerations.


Further information on how we look after your data


How the process works

Last edited: 30 June 2021 10:05 am