GPs instructed to make anonymised patient data available for research

The Government has instructed GP practices to make anonymous patient data available to a data sharing platform to further medical research.

A letter from NHS England to GPs said health secretary Wes Streeting has issued NHSE with ‘directions’ – a legal instrument – for practices to join the OpenSAFELY data analytics service by instructing their system providers to make the data available.

OpenSAFELY, developed by the University of Oxford, was used by researchers during the pandemic to analyse anonymised data from GP records and help identify new Covid-19 treatments, but it will expand to cover non-Covid research.

The BMA said that OpenSAFELY has the full support of GPC England and the BMA’s joint GP IT committee.

So far, the platform has enabled 195 research projects into a variety of Covid-related issues, including the demographics of those who get the virus and the efficacy of treatments.

Under the directions, NHSE has issued a Data Provision Notice (DPN) to practices which they have six weeks to ‘review and comply with’ by informing their systems provider.

The GPC said that the functionality to allow an opt-in for EMIS rolled out last week and the functionality for SystmOne is also already in place, while Medicus is ‘out of scope currently’.

Practices have to comply with the data provision notice by law but the GPC clarified that the data will not be able to be accessed until practices, as the data controller, ‘have signalled approval’.

According to the directions, the purpose is ‘for users approved by or on behalf of NHS England’ to access patient data held by existing GP IT systems suppliers, though the data is ‘pseudonymised’ and can only be accessed for set purposes.

These include research, health and social care policy ‘where agreed on a project specific basis’, and ‘health surveillance’.

A GPC statement said: ‘The original Covid-19 service grew out of the pandemic and was unique in the sense that it functioned as a trusted research environment where the most disclosive data (the GP data) stayed in the system suppliers’ systems, with the GP remaining as data controller, but, via the data direction/DPN in force, made those data available for querying by NHSE, with the subsequent outputs coming under the controllership of NHSE.

‘There is a level of transparency with OpenSAFELY not seen elsewhere – this has been a key factor in gaining our support.’

GP practices will remain the data controller for the pseudonymised records, according to NHS England.

However, once this data is queried by ‘approved users’ or linked to other NHS England datasets, NHS England would become the controller for the linked dataset. All projects using the service are approved by or on behalf of NHSE.

Researchers looking to access the data would need a ‘favourable opinion’ from an NHS Health Research Ethics Committee, according to OpenSAFELY.

Its scope covers ‘all general practices across England using TPP and Optum (formerly EMIS Group PLC) health record systems’, according to the accompanying DPN.

Patients who have registered a type 1 opt-out form with their GP practice will be exempt from the data sharing.

In February, Pulse reported that NHS England had shared draft documents with GP IT representatives to extend the legal basis of OpenSAFELY to make it a ‘general purpose resource’ for academic research.

And earlier this month, the Government’s 10-year plan for the NHS confirmed a ‘single patient record’ will be available on the NHS App by 2028, bringing a patient’s medical records and other relevant information into one place.

It will introduce new legislation placing a duty on providers, including GP practices, to make the information they record about patients available to them.

Safeguards included in the directions

In exercising functions under these Directions NHS England must operate the Service in accordance with the following safeguards:

7.1 The Service should not permit identifiable patient data to leave the GP System Suppliers’ environments and therefore the results of all queries disclosed to Approved Users should be in the form of aggregate and anonymous data only.

7.2 NHS England should ensure that the Service should not enable Approved Users to have direct access to the underlying pseudonymised GP and NHS England data, which should remain in the GP System Suppliers’ secure environments.

7.3 Subject to paragraph 7.4 below, the Service should exclude records of patients who have exercised a Type 1 opt out10 for planning and research purposes.

7.4 Records of patients who have registered a Type 1 opt out are not to be excluded where the Service is used for public health purposes and where it is agreed on a project specific basis under paragraph 5.2.6 that a Type 1 opt out is not to be upheld.

7.5 NHS England should ensure there should be no attempts by any Approved User or operators of the Service to re-identify any patients whose data is contained within the Service.

7.6 The Service should be transparent in relation to how it operates and the analysis which is being carried out. As a minimum, NHS England should ensure that the following information is published in relation to each query:

7.6.1 information about the data, which is processed through the OpenSAFELY technology,
7.6.2 the code which is used to carry out the processing of a query,
7.6.3 the outputs of the processing from a query approved for publication,
7.6.4 the specific Purposes for which the outputs of the query will be used,
7.6.5 the names of the organisations and the analysis leads who are the Approved Users using the Service, and

7.6.6 the research and all reports which use the outputs from the analysis.

7.7 The Service should be subject to an appropriate framework of audit and assurance to ensure that it is being operated in accordance with these safeguards and the Directions

Source: NHS OpenSAFELY Data Analytics Service Pilot Directions 2025

READERS' COMMENTS [3]

Please note, only GPs are permitted to add comments to articles

David Church 30 July, 2025 1:34 pm

Not sure I see how this is a GMS medical function, and also not sure I see how the GP can still be the ‘data controller’ when they have no control over ‘instructions’ to share it with no control over who uses it.
I am sure we have moved far enough now towards a situation where the NHS is de facto the ‘data controller’ under the DPR because they are the ones actually controlling it, by instructions, directives, contracts with Clinical Software and data storage suppliers, and not GPs.

Richard Greenway 30 July, 2025 3:43 pm

Agreed. If the government is going to grab data and give to whoever it chooses, then GPs are no longer Data Controllers.
GPs only seem to get the bad bits of being the data controller (i.e. SARs, being fined for data breach) but not the rights to actually control who has access. Time for GPs to relinquish this function perhaps?

Mary Hawking 30 July, 2025 8:03 pm

Any information on how – and by whom – queries/information requests will be assessed and/or approved within NHS England – and after NHS England is abolished and absorbed into DHSC?
And how independent – or patient centric – any approval mechanism would – or could – be?