(This Privacy Notice is to run alongside our standard Practice Privacy Notice)
As we move away from the initial response to COVID-19 the health and social care system
will need to continue to take action to manage and mitigate the spread and impact of the
outbreak. This includes ensuring that approved researchers can continue to securely access
pseudonymised data held by GP IT systems to assist the health and care service’s response
to COVID-19 by, for example:
- recognising trends in COVID-19 diseases and identifying risks it poses
- controlling and preventing the spread of COVID-19
- monitoring and managing outbreaks
The OpenSAFELY COVID-19 research service provides a secure analytics service that
supports COVID-19 research, COVID-19 clinical audit, COVID-19 service evaluation and
COVID-19 health surveillance purposes.
Under the COVID-19 Public Health Directions 2020 NHS England has been directed by the
Secretary of State for Health and Social Care to establish and operate the OpenSAFELY
service. While each GP practice remains the data controller of its own patient data, they are
required under the provisions of s259 of the Health and Social Care Act 2012 to provide
access to de-identified (pseudonymised) patient data through the OpenSAFELY service.
The service enables individuals (academics, analysts and data scientists) approved by NHS
England to run queries on pseudonymised GP and NHS England patient data which is held
within the GP system suppliers’ data environments. Controls are in place to ensure that
individuals only have access to aggregated outputs from the service (i.e. they cannot access
information that either directly or indirectly identifies individuals).
Purpose of this Notice
OpenSAFELY service is used to analyse de-identified (pseudonymised) data within the
EMIS and TPP boundaries, to support COVID-19 related research.
This is a continuation of a service which is supported by the BMA which has been operating
since 2020. The permanent legal basis (the COVID-19 Direction) above allows the practice
to provide this data to NHSE as an ongoing service.
The OpenSAFELY service is a Trusted Research Environment (TRE) established within the secure environment of EMIS and TPP. Researchers write their analysis code away from the
patient data; the code is run automatically on de-identified (pseudonymised) patient data;
and only the aggregated outputs (now anonymous) are shared with researchers to be used,
for example, in journal publications, reports or presentations.
These controls keep patient data secure inside EMIS and TPP and confidential from
researchers. The use of TREs and the data processing principles which OpenSAFELY
represents is supported by the RCGP.
To date, this service has supported a range of important COVID-19 related research,
including one of the world’s first and largest studies to identify the clinical factors associated
with COVID-19 related death, which informed the national COVID-19 vaccination strategy
and Green Book guidance. Other studies have also informed COVID-19 related NICE
guidance and decisions made by SAGE.
All NHS England approved research studies are published online, including sharing the
exact analysis code each study used to analyse the patient data, by whom and when such
code was run. In future, NHSE will also publish approvals on our data release register.
During the pandemic, and in the recovery phase, de-identified data has been crucial in
helping to save lives. It has supported research into COVID-19 and the ways that it has
affected our lives, our health, and to identify effective medicines and treatments.
Research has helped to identify new treatments for COVID-19 and to understand how we
can keep our communities safe. Data has helped us to prioritise the right care to the most
vulnerable in our society and to develop vaccines to protect against COVID-19.
If you have any questions, please contact us at gpdata@nhs.net
Recording of processing
A record will be kept by Steppingstones Medical Practice of all data processed under this
Notice.
Sending Public Health Messages
Data protection and electronic communication laws will not stop Steppingstones Medical
Practice from sending public health messages to you, either by phone, text or email as these
messages are not direct marketing.
Digital Consultations
It may also be necessary, where the latest technology allows Steppingstones Medical
Practice to do so, to use your information and health data to facilitate digital consultations and diagnoses and we will always do this with your security in mind.
Creating a new NHS England: NHS England and NHS Digital merged on 1 February 2023. All references to NHS Digital now, or in the future, relate to NHS England.