Skip to main content
Creating a new NHS England: Health Education England, NHS Digital and NHS England have merged. More about the merger.

Patient data and confidential patient information

Understand if the data you plan to use or disclose is confidential patient information, and so is in scope of the national data opt-out policy.

The opt-out only applies to confidential patient information - data that includes both:

  • information that identifies or could be used to identify the patient
  • details about their health or treatment

Patient data and information

Data is collected every time a patient has contact with a health and care organisation. It falls into three broad categories:

  • demographic – name, address, contact details and NHS number
  • administrative – details of appointments, or whether they are waiting for a place in a health and care setting such as a care home or hospital ward
  • medical – information such as symptoms, diagnosis, weight, medicines, treatments and allergies

Patient information can be stored electronically, in paper records, in natural language and in codes such as SNOMED or other clinical coding. Whatever form it is stored in, the national data opt-out still applies.

Confidential patient information

Confidential patient information is information that both identifies the patient, and includes some information about their medical condition or treatment.

Any of the types of data could be confidential patient information under certain circumstances.

If data contains information about medical treatments or conditions along with demographic data that could identify the patient, this is confidential patient information.

Demographic information such as name and address would not normally be confidential patient information. It might be confidential patient information if the address gives an indication of the patient’s medical condition, for example it is a care home for patients with dementia.

If data contains demographic information and administrative information this might also be confidential patient information. If the administrative information relates to a particular care setting, for example mental health services or cancer wards, this, when combined with demographic information, would be considered confidential information as it reveals something about the patient’s condition as well as their identity.

Anonymised data

When data is used for purposes beyond individual care and treatment it is normally anonymised, which means that information that identifies an individual patient has been removed or pseudonymised. A pseudonym is a unique identifier which does not reveal the patient’s ‘real world’ identity.

The intent of anonymisation is to turn data into a form which does not directly identify individuals and where re-identification is not likely to take place.

If the anonymisation is carried out so that it meets the requirements of the Information Commissioner’s Office (ICO)’s anonymisation code of practice then the information will no longer be considered to be confidential patient information, and so the national data opt-out policy would not apply. 

The ICO's code covers a range of types of anonymised data from aggregate data through to de-identified individual-level data and sets out how this can meet the legal tests required under the Data Protection Act (DPA) when considering the risk of identification of an individual. 

You should make sure you're compliant with the latest guidance on anonymisation before you decide whether national data opt-outs need to be applied or not.

It's important to understand that data cannot be anonymised simply by removing the NHS number or other demographic details, as there is still a risk of the data being re-identified when compared with other data sets.

Further information about anonymisation can found at:

More information

Read more about the type of data covered by the national data opt-out in the operational policy guidance document.

Find a full definition of confidential patient information in Appendix 6 of the operational policy guidance document.

Last edited: 2 August 2019 9:41 am