NHS England have issued a Data Provision Notice (DPN) to GP practices for the OpenSAFELY Data Analytics Service Pilot. Developed from the OpenSAFELY COVID-19 Service, the new platform allows GPs and NHS England to access pseudonymised patient data for secondary uses purposes. The platform and pilot are supported by the BMA and RCGP.
The DPN legally requires GP Practices to provide the OpenSAFELY Data Analytics Service Pilot with access to pseudonymised GP patient data for studies beyond COVID-19. The full pseudonymised GP data processed by the service contains structured and coded data only. It does not contain free text or information such as letters, images, and correspondence. Type 1 Opt-out is applied by default for all studies approved to use the service. The National Data Opt-out will be applied on a study specific basis.
The DPN applies to TPP (SystmOne) and Optum (EmisWeb) practices only. (Medicus practices are out of scope). Practices have 6 weeks from the date of the DPN to review and accept it.
The actions that practices are required to take are:
- Instruct their clinical system supplier to make their GP data available to the service. Practices will be able to confirm acceptance of the DPN by clicking a button on their GP System. They can access this button via the system menus as detailed below:
- EmisWeb – Configuration → Data Sharing Module and search for “NHS England OpenSAFELY Data Analytics Service”
- TPPSystmOne – Setup → Users & Policies → Organisation Preferences → OpenSAFELY (or use search bar)
TPP and Optum will provide regular reports to NHS England; this information will allow NHS England to support practices to meet their legal obligation to comply with the DPN. The collection, and sharing of these reports with NHS England, has the support of the BMA and RCGP
representatives of the Joint GP IT Committee.
- Update their practice privacy notice. NHS England have provided the below paragraphs to explain the processing of data for this service which practices can add to their own privacy notices or to draft their own information if they prefer.
“NHS England has been directed by the government to establish and operate the OpenSAFELY COVID-19 Service and the OpenSAFELY Data Analytics Service. These services provide a secure environment that supports research, clinical audit, service evaluation and health surveillance for COVID-19 and other purposes.
“Each GP practice remains the controller of its own GP patient data but is required to let approved users run queries on pseudonymised patient data. This means identifiers are removed and replaced with a pseudonym.
“Only approved users are allowed to run these queries, and they will not be able to access information that directly or indirectly identifies individuals.
“Patients who do not wish for their data to be used as part of this process can register a type 1 opt out with their GP.
“Here you can find additional information about OpenSAFELY.”
- Review the draft Data Protection Impact Assessment (DPIA) for the OpenSAFELY Data Analytics Service which has been provided by NHS England to practices to cover their role as controller of the pseudonymised dataset. Practices may choose to use or adapt this DPIA, or to develop their own. They may wish to seek advice from their DPO regarding this.
- Update their practice Record of Processing Activity or Information Assets register to reflect the data flows in the DPIA.
Legal basis for processing the data
For the data analytics service, the data will be processed under the legal basis provided under the OpenSAFELY Data Analytics Service Pilot Directions 2025 and its associated data provision notice (DPN).
- UK GDPR Article 6(1)(c) – processing is necessary for compliance with a legal obligation to which the controller is subject (the DPN).
- UK GDPR Article 9 basis: · UK GDPR Article 9(2)(g) – processing is necessary for reasons of substantial public interest, on the basis of domestic law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject, by virtue of compliance with a DPN supplemented by: Data Protection Act 2018 basis which is Data Protection Act 2018 (DPA 2018) Schedule 1, Part 2, paragraph 6: Statutory etc and government purposes.
- Under the common law duty of confidentiality, legal requirements as GP Practices are required by law to process and share the data identified in the DPN with NHS England.
The service will be delivered under the OpenSAFELY Data Analytics Directions 2025 until 31 March 2027.
For each study submitted to access the Service: NHS England must consult with the BMA and RCGP for advice and NHS England must consult with the NHS England Advisory Group for Data. The types of studies permitted: Clinical Audit, Service Evaluation, Health Surveillance, Research. There are also two new types of studies permitted: Health & Social care policy, planning and commissioning and public health purposes. (These studies must have the support of nominated representative of the BMA and RCGP). Evaluation of the Service.
GP practices remain the controller for the pseudonymised GP patients records, in the same way as they are for the data they input into their clinical systems. Through the DPN, GP practices give NHS England permission to remotely query that data and to do essential technical work to keep it safe and effective. Once the pseudonymised GP data is queried, and potentially linked to other NHS England datasets, NHS England rather than the GP practice becomes the controller for the linked pseudonymised dataset. This dataset never leaves the system supplier boundary and is not accessed by approved users. Approved users use these smaller, linked datasets to run other remote queries and return anonymised, aggregate results.
NHS England have additional FAQs and a dedicated mailbox for further comments, questions or concerns: england.secureanalyticservice@nhs.net .