NHS Digital data extraction
This will begin on 1st of September, If you do not want your dat to leave the practice you need to fill in aType 1 opt-out form and let us have it by then. This can be revoked at any time.
Please note that data sharing can be a great advantage if, for example hospitals need to know what medication you are on/allergies you have and major medical problems you have and need this data to treat you safely. It is also used to plan services so that a local populations needs are met and for research purposes.
Please look at the following page that should help to clarify the situation : https://digital.nhs.uk/data-and-information/data-collections-and-data-sets/data-collections/general-practice-data-for-planning-and-research/transparency-notice#our-legal-basis-for-collecting-analysing-and-sharing-patient-data.
We have also compiled some key exerts below:
How sharing patient data with NHS Digital helps the NHS and you
The NHS needs data about the patients it treats in order to plan and deliver its services and to ensure that care and treatment provided is safe and effective. The General Practice Data for Planning and Research data collection will help the NHS to improve health and care services for everyone by collecting patient data that can be used to do this. For example patient data can help the NHS to:
- monitor the long-term safety and effectiveness of care
- plan how to deliver better health and care services
- prevent the spread of infectious diseases
- identify new treatments and medicines through health research
GP practices already share patient data for these purposes, but this new data collection will be more efficient and effective.
This means that GPs can get on with looking after their patients, and NHS Digital can provide controlled access to patient data to the NHS and other organisations who need to use it, to improve health and care for everyone.
Contributing to research projects will benefit us all as better and safer treatments are introduced more quickly and effectively without compromising your privacy and confidentiality.
NHS Digital has engaged with the British Medical Association (BMA), Royal College of GPs (RCGP) and the National Data Guardian (NDG) to ensure relevant safeguards are in place for patients and GP practices.
Our purposes for processing patient data
Patient data from GP medical records kept by GP practices in England is used every day to improve health, care and services through planning and research, helping to find better treatments and improve patient care. The NHS is introducing an improved way to share this information - called the General Practice Data for Planning and Research data collection.
NHS Digital will collect, analyse, publish and share this patient data to improve health and care services for everyone. This includes:
- informing and developing health and social care policy
- planning and commissioning health and care services
- taking steps to protect public health (including managing and monitoring the coronavirus pandemic)
- in exceptional circumstances, providing you with individual care
- enabling healthcare and scientific research
Any data that NHS Digital collects will only be used for health and care purposes. It is never shared with marketing or insurance companies.
What patient data we collect
This collection will start from 1 July 2021. Patient data will be collected from GP medical records about:
- any living patient registered at a GP practice in England when the collection started - this includes children and adults
- any patient who died after the data collection started, and was previously registered at a GP practice in England when the data collection started
We will not collect your name or where you live. Any other data that could directly identify you, for example NHS number, General Practice Local Patient Number, full postcode and date of birth, is replaced with unique codes which are produced by de-identification software before the data is shared with NHS Digital.
This process is called pseudonymisation and means that no one will be able to directly identify you in the data. The diagram below helps to explain what this means. Using the terms in the diagram, the data we collect would be described as de-personalised.
Image provided by Understanding Patient Data under licence.
NHS Digital will be able to use the same software to convert the unique codes back to data that could directly identify you in certain circumstances, and where there is a valid legal reason. Only NHS Digital has the ability to do this. This would mean that the data became personally identifiable data in the diagram above. An example would be where you consent to your identifiable data being shared with a research project or clinical trial in which you are participating, as they need to know the data is about you.
More information about when we may be able to re-identify the data is in the who we share your patient data with section below.
The data we collect
We will only collect structured and coded data from patient medical records that is needed for specific health and social care purposes explained above.
Data that directly identifies you as an individual patient, including your NHS number, General Practice Local Patient Number, full postcode, date of birth and if relevant date of death, is replaced with unique codes produced by de-identification software before it is sent to NHS Digital. This means that no one will be able to directly identify you in the data.
NHS Digital will be able to use the software to convert the unique codes back to data that could directly identify you in certain circumstances, and where there is a valid legal reason. This would mean that the data became personally identifiable. It will still be held securely and protected, including when it is shared by NHS Digital.We will collect:
- data on your sex, ethnicity and sexual orientation
- clinical codes and data about diagnoses, symptoms, observations, test results, medications, allergies, immunisations, referrals and recalls, and appointments, including information about your physical, mental and sexual health
- data about staff who have treated you
More detailed information about the patient data we collect is contained in the Data Provision Notice issued to GP practices.NHS Digital does not collect:
- your name and address (except for your postcode in unique coded form)
- written notes (free text), such as the details of conversations with doctors and nurses
- images, letters and documents
- coded data that is not needed due to its age – for example medication, referral and appointment data that is over 10 years old
- coded data that GPs are not permitted to share by law – for example certain codes about IVF treatment, and certain information about gender re-assignment
Opting out of NHS Digital collecting your data (Type 1 Opt-out)
If you do not want your identifiable patient data (personally identifiable data in the diagram above) to be shared outside of your GP practice for purposes except for your own care, you can register an opt-out with your GP practice. This is known as a Type 1 Opt-out.
Type 1 Opt-outs were introduced in 2013 for data sharing from GP practices, but may be discontinued in the future as a new opt-out has since been introduced to cover the broader health and care system, called the National Data Opt-out. If this happens people who have registered a Type 1 Opt-out will be informed. More about National Data Opt-outs is in the section Who we share patient data with.
NHS Digital will not collect any patient data for patients who have already registered a Type 1 Opt-out in line with current policy. If this changes patients who have registered a Type 1 Opt-out will be informed.
If you do not want your patient data shared with NHS Digital, you can register a Type 1 Opt-out with your GP practice. You can register a Type 1 Opt-out at any time. You can also change your mind at any time and withdraw a Type 1 Opt-out.
Data sharing with NHS Digital will start on 1 July 2021.
If you have already registered a Type 1 Opt-out with your GP practice your data will not be shared with NHS Digital.
If you wish to register a Type 1 Opt-out with your GP practice before data sharing starts with NHS Digital, this should be done by returning this form to your GP practice by 23 June 2021 to allow time for processing it. If you have previously registered a Type 1 Opt-out and you would like to withdraw this, you can also use the form to do this. You can send the form by post or email to your GP practice or call 0300 3035678 for a form to be sent out to you.
If you register a Type 1 Opt-out after your patient data has already been shared with NHS Digital, no more of your data will be shared with NHS Digital. NHS Digital will however still hold the patient data which was shared with us before you registered the Type 1 Opt-out.
If you do not want NHS Digital to share your identifiable patient data (personally identifiable data in the diagram above) with anyone else for purposes beyond your own care, then you can also register a National Data Opt-out. There is more about National Data Opt-outs and when they apply in the National Data Opt-out section below.
Our legal basis for collecting, analysing and sharing patient data
When we collect, analyse, publish and share patient data, there are strict laws in place that we must follow. Under the UK General Data Protection Regulation (GDPR), this includes explaining to you what legal provisions apply under GDPR that allows us to process patient data. The GDPR protects everyone's data.
NHS Digital has been directed by the Secretary of State for Health and Social Care under the General Practice Data for Planning and Research Directions 2021 to collect and analyse data from GP practices for health and social care purposes including policy, planning, commissioning, public health and research purposes.
NHS Digital is the controller of the patient data collected and analysed under the GDPR jointly with the Secretary of State for Health and Social Care.
All GP practices in England are legally required to share data with NHS Digital for this purpose under the Health and Social Care Act 2012 (2012 Act). More information about this requirement is contained in the Data Provision Notice issued by NHS Digital to GP practices.
NHS Digital has various powers to publish anonymous statistical data and to share patient data under sections 260 and 261 of the 2012 Act. It also has powers to share data under other Acts, for example the Statistics and Registration Service Act 2007.
Regulation 3 of the Health Service (Control of Patient Information) Regulations 2002 (COPI) also allow confidential patient information to be used and shared appropriately and lawfully in a public health emergency. The Secretary of State has issued legal notices under COPI (COPI Notices) requiring NHS Digital, NHS England and Improvement, arm's-length bodies (such as Public Health England), local authorities, NHS trusts, clinical commissioning groups and GP practices to share confidential patient information to respond to the COVID-19 outbreak. Any information used or shared during the COVID-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use confidential patient information.
The legal basis under GDPR for General Practice Data for Planning and Research
Under GDPR we can only collect, analyse and share patient data if we have a legal basis under Articles 6 and 9 of the GDPR.
Our legal basis for collecting and analysing this patient data is Article 6(1)(c) legal obligation, as we require the data to comply with the General Practice Data for Planning and Research Directions 2021.
Our legal basis for collecting and analysing patient data relating to health is Article 9(2)(g) – substantial public interest, for the purposes of NHS Digital exercising its statutory functions under the General Practice Data for Planning and Research Directions. It is substantially in the public interest to process patient data for planning and research purposes to improve health and care services for everyone. This is permitted under paragraph 6 of Schedule 1 of the Data Protection Act 2018 (DPA).
Our legal basis for sharing patient data under GDPR will depend on the organisation we are sharing the data with and how they plan to use it.
This will include:
- Article 6(1)(c) – legal obligation, for example, where the NHS Digital Control of Patient Information (COPI) notice applies
- Article 6(1)(d) – vital interests, for example, where it is necessary to protect a patient’s vital interests
- Article 6(1)(e) – public task, for example, where we are sharing data with another public authority for the purposes of them exercising their statutory or governmental functions
- Article 6(1)(f) – legitimate interests of another organisation, for example, where we are sharing information with a pharmaceutical company or charity to carry out research
Our legal basis for sharing patient data under GDPR relating to health includes:
- Article 9(2)(g) – substantial public interest, where we are sharing data with another public authority for the purposes of them exercising their statutory or governmental functions - this is permitted under paragraph 6 of Schedule 1 of the DPA
- Article 9(2)(h) – health or social care purposes, for example where we are sharing data with another health or social care body for the purposes of managing the health and social care system - this is permitted under paragraph 2 of Schedule 1 of the DPA
- Article 9(2)(i) – public health purposes, for example where we are sharing data with other bodies to manage and monitor the coronavirus pandemic - this is permitted under paragraph 3 of the DPA
- Article 9(2)(j) – scientific research or statistical purposes, for example where we are sharing data with researchers to carry out health research - this is permitted under paragraph 4 of the DPA
How we use patient data
NHS Digital will analyse and link the patient data we collect with other patient data we hold to create national data sets and for data quality purposes.
NHS Digital will be able to use the de-identification software to convert the unique codes back to data that could directly identify you in certain circumstances for these purposes, where this is necessary and where there is a valid legal reason. There are strict internal approvals which need to be in place before we can do this and this will be subject to independent scrutiny and oversight by the Independent Group Advising on the Release of Data (IGARD).
These national data sets are analysed and used by NHS Digital to produce national statistics and management information, including public dashboards about health and social care which are published. We never publish any patient data that could identify you. All data we publish is anonymous statistical data.
We may also carry out analysis on national data sets for data quality purposes and to support the work of others for the purposes set out in Our purposes for processing patient data section above.
Who we share patient data with
All data which is shared by NHS Digital is subject to robust rules relating to privacy, security and confidentiality and only the minimum amount of data necessary to achieve the relevant health and social care purpose will be shared.
All requests to access patient data from this collection, other than anonymous aggregate statistical data, will be assessed by NHS Digital’s Data Access Request Service, to make sure that organisations have a legal basis to use the data and that it will be used safely, securely and appropriately.
These requests for access to patient data will also be subject to independent scrutiny and oversight by the Independent Group Advising on the Release of Data (IGARD). Organisations approved to use this data will be required to enter into a data sharing agreement with NHS Digital regulating the use of the data.
There are a number of organisations who are likely to need access to different elements of patient data from the General Practice Data for Planning and Research collection. These include but may not be limited to:
- the Department of Health and Social Care and its executive agencies, including Public Health England and other government departments
- NHS England and NHS Improvement
- primary care networks (PCNs), clinical commissioning groups (CCGs) and integrated care organisations (ICOs)
- local authorities
- research organisations, including universities, charities, clinical research organisations that run clinical trials and pharmaceutical companies
If the request is approved, the data will either be made available within a secure data access environment within NHS Digital infrastructure, or where the needs of the recipient cannot be met this way, as a direct dissemination of data. We plan to reduce the amount of data being processed outside central, secure data environments and increase the data we make available to be accessed via our secure data access environment. For more information read about improved data access in improving our data processing services.
Data will always be shared in the uniquely coded form (de-personalised data in the diagram above) unless in the circumstances of any specific request it is necessary for it to be provided in an identifiable form. For example, when express patient consent has been given to a researcher to link patient data from the General Practice for Planning and Research collection to data the researcher has already obtained from the patient.
It is therefore possible for NHS Digital to convert the unique codes back to data that could directly identify you in certain circumstances, and where there is a valid legal reason which permits this without breaching the common law duty of confidentiality. This would include:
- where the data was needed by a health professional for your own care and treatment
- where you have expressly consented to this, for example to participate in a clinical trial
- where there is a legal obligation, for example where the COPI Notices apply - see Our legal basis for collecting, analysing and sharing patient data above for more information on this
- where approval has been provided by the Health Research Authority or the Secretary of State with support from the Confidentiality Advisory Group (CAG) under Regulation 5 of the Health Service (Control of Patient Information) Regulations 2002 (COPI) - this is sometimes known as a ‘section 251 approval’
This would mean that the data was personally identifiable. Re-identification of the data would only take place following approval of the specific request through the Data Access Request Service, and subject to independent assurance by IGARD and consultation with the Professional Advisory Group, which is made up of representatives from the BMA and the RCGP. If you have registered a National Data Opt-out, this would be applied in accordance with the National Data Opt-out policy before any identifiable patient data (personally identifiable data in the diagram above) about you was shared. More about the National Data Opt-out is in the section below.
Details of who we have shared data with, in what form and for what purposes are published on our data release register.
National Data Opt-out (opting out of NHS Digital sharing your data)
This applies to identifiable patient data about your health (personally identifiable data in the diagram above), which is called confidential patient information. If you don’t want your confidential patient information to be shared by NHS Digital for purposes except your own care - either GP data, or other data we hold, such as hospital data - you can register a National Data Opt-out.
If you have registered a National Data Opt-out, NHS Digital won’t share any confidential patient information about you with other organisations unless there is an exemption to this, such as where there is a legal requirement or where it is in the public interest to do so, such as helping to manage contagious diseases like coronavirus. You can find out more about exemptions on the NHS website.
From 1 October 2021, the National Data Opt-out will also apply to any confidential patient information shared by your GP practice with other organisations for purposes except your individual care. It won't apply to this data being shared by GP practices with NHS Digital, as it is a legal requirement for GP practices to share this data with NHS Digital and the National Data Opt-out does not apply where there is a legal requirement to share data.
You can find out more about and register a National Data Opt-out or change your choice on nhs.uk/your-nhs-data-matters or by calling 0300 3035678.
How long we keep patient data for
We will keep your patient data for as long as is necessary for the purposes outlined above in accordance with the Records Management Code of Practice for Health and Social Care 2016 and NHS Digital's Records Management Policy.
Other organisations with whom we share your personal data must only keep it for as long as is necessary and as set out in the Data Sharing Agreement with that organisation. Information about this will be provided in their privacy notices on their websites.
General Practice Extraction Service (GPES)
- The GPES is replacing and extending the large number of individual data provision notices (DPNs) currently required
- NHS Digital are assuming data controller rights for the extract – this was always the legal position, but not before exercised
- Patients can opt out completely via the Type 1 opt out (but this may be removed)
- Patients can opt out for research and planning via the National Data Opt-Out but only for identifiable data, not anonymous data, and GPES data will still be collected
What is GPES?
Currently, the system for obtaining data for managing the health service from GPs and other data controllers who provide service has always been:
- Secretary of state issues a Data Provision Notice (DPN) under sections 259(1)(a) and 259(1)(b) of the Health and Social Care Act 2012.
- It’s extracted from the controller systems, generally with controllers having to switch it on
- Type 1 opt-outs (no sharing beyond practice) are respected unless there is a COPI notice saying they should not (e.g. the current pandemic notice)
- The National Data Opt-Out is respected, unless there is a COPI notice
- Data is used for the specified purpose only
This means they are commonly extracting the same data multiple times and a lot (350 per year) of extracts need to be done.
GPES simplifies this to a smaller number of extractions, which can be then used for ANY purpose defined by NHS Digital – in other words, they become the data controller. This means that the National Data Opt-Out (NDOP) is NOT respected as in their view this is a direct care (a “planning of healthcare provision” purpose). It should be respected for onward use, but they appear to be taking the position that anonymised data isn’t personal data and therefore the NDOP only restricts them from using your identifiable data.
NHSD have stated they will be respecting patient Type 1 opt out where a patient does not want their record to leave the GP practice other than for direct care. Given the extraction is for Planning and Research and NHSD is adopting Controller responsibility we will challenge NHSX's policy steer and NHSDs DPO and programme and their documented necessity to use the Type 1 optout rather than the national opt out option for patients to opt out of secondary uses which seems most appropriate in this case and to meet the intentions of the GPDPR.
The initial data model, so you can see what they are extracting, is at the link below:
Do we need to do anything?
Your privacy notices (if you’re using the one we sent out with the DPO briefings, revised from the initial GDPR pack), already has the use of data provision notices in it – so strictly speaking, no.
However, an information page for patients has been provided which we would recommend you link to from your privacy notices:
The section that needs changing is shown in the appendix, with the recommended changes.
Prepare for a possible increase in type 1 opt-outs…
Are the NHS now selling our patient’s data?
NHS Digital state on their pages “NHS Digital will never sell your data”.
NHS Digital are also able to fulfil requests via the Data Access Request Service, which are subject to independent oversight by IGARD.
Do patients have an opt-out?
Sort of, but not really.
To opt out the patient must request type 1 opt-out – which means their data won’t be shared with other healthcare providers too, which is to their detriment. The first extract is being done on 1 July, so patients need to create a type 1 opt out by 23 June.
There is a form available for patients which is now being published in the press, so these will be the most likely thing you will receive.
The government has also previously stated its intent to remove type 1 opt-outs, so I would expect that to come down the line fairly quickly if a lot of patients start exercising type 1 opt-outs. The notice is clear they intend to review this, it states:
This may change in the future if NHS Digital is directed otherwise in the event of a change in policy following a review of Type 1 opt-outs by NHSx, with implementation being subject to consultation with the profession via the Joint GP IT Committee, a representative body comprised of elected members from RCGP and BMA.
It may also change if NHS Digital agrees with the British Medical Association (BMA) and the Royal College of General Practitioners (RCGP), and the Department of Health and Social Care (DHSC) that it has put in place appropriate organisational and technical measures and controls to enable it to collect and process pseudonymised Type 1 opt-out records by means which continue to uphold the Type 1 opt-out and do not enable the patient to be directly identified except for the purposes of their own care.
Is there an “official” information page for us?