How data is kept safe and used responsibly
Putting security and confidentiality first
The data we collect and analyse is used for research and healthcare planning. Patient data is never sold, and we ensure that every individual patient’s confidentiality is protected.
We analyse the data ourselves and we also share data with academics, clinicians and charities for research. In most cases, we share data that is anonymised or de-personalised.
Researchers, such as those working for a charity or university, can request permission to access patient data that is not anonymised under strict and secure arrangements. An application for data can be made through the Office for Data Release (ODR)*. Applicants must show that there is a justified purpose to use the data and an appropriate legal basis with safeguarding in place to protect the data.
*There is a current pause to the usual ODR approval process from 1 September 2021. This is to allow us to focus on the handover of data applications to the new system as part of our transition from PHE to NHS Digital. You can read the ODR temporary pause notice in full here.
The NDRS has legal permission to collect patient-level data and to use it to protect the health of the population. This permission is given under legal instructions known as Directions, from the Secretary of State for Health and Social Care, under section 254 of the Health and Social Care Act 2012 (2012 Act). Everyone working with patient data is trained in information governance and follows strict rules to make sure patient information stays safe .