How data is kept safe and used responsibly

Putting security and confidentiality first

The data we collect and analyse is used for research and healthcare planning. Patient data is never sold, and we ensure that every individual patient’s confidentiality is protected.

We analyse the data ourselves and we also share data with academics, clinicians and charities for research. In most cases, we share data that is anonymised or de-personalised.

Researchers, such as those working for a charity or university, can request permission to access patient data that is not anonymised under strict and secure arrangements. An application for data can be made through the Office for Data Release (ODR)*. Applicants must prove that there is a justified purpose to use the data and an appropriate legal basis with safeguarding in place to protect the data.

*There is currently a pause on receiving and processing ODR applications. This is to allow us to focus on the handover of data applications to the new system as part of our transition from PHE to NHS Digital. However, ODR will reopen on Monday 6th December which you can read more about here.

The NDRS has legal permission to collect patient-level data and to use it to protect the health of the population. This permission is given under legal instructions known as Directions, from the Secretary of State for Health and Social Care, under section 254  of the Health and Social Care Act 2012 (2012 Act). Everyone working with patient data is trained in information governance and follows strict rules to make sure patient information stays safe .

Webpage last updated: December 2021