Safeguarding patient data

How CPRD receives de-identified data from GP practices and provides anonymised data for public health research

Protecting the confidentiality of patient data is paramount, and only anonymised patient data is provided to researchers.

This is how it works:

  • GP practices choose to contribute their patients’ de-identified data to CPRD
  • Individual patients can opt-out of contributing data to CPRD
  • Once a practice has joined CPRD, only de-identified patient data flows from the practice to CPRD
  • This means patients cannot be identified from the information sent to CPRD from GP practices
  • CPRD never receives any patient personal identifiers from a GP practice such as name, address, NHS number or full date of birth
  • CPRD obtains ethics approval to receive and supply patient data for public health research
  • All requests by researchers to access the data held by CPRD are reviewed by an Independent Scientific Advisory Committee (ISAC)
  • Only researchers carrying out public health studies can receive the data
  • Contractual controls ensure researchers adhere to robust terms and conditions governing how the data is used.

More detail on our processing, the legal bases for that processing, and your personal rights is available at our transparency information page

Diagram showing how CPRD receives and provides data

How CPRD links data from GP practices in England to other datasets

The ability to link primary care data to other health datasets, such as secondary care and disease registries enables CPRD to provide a fuller picture of a patient’s medical history to support vital public health research, in drug safety and improving delivery of care.

This is how it works in England:

  • Each year CPRD must get Section 251 regulatory approval through the Confidentiality Advisory Group for NHS Digital to process patient data on behalf of CPRD to allow CPRD to supply anonymised linked data for public health research
  • To be able to link the data, the GP practices send a restricted dataset(s) containing only patient identifiers (CPRD pseudonym, NHS number, full date of birth, postcode and gender) to NHS Digital
  • NHS Digital is the statutory body in England legally permitted to receive identifiable patient data
  • NHS Digital matches the patient identifiers from two datasets to generate a ‘linkage file’ that does not contain any direct patient identifiers
  • NHS Digital sends the linkage file to CPRD which enables CPRD to link the datasets without needing any personal identifiers to combine the data
  • CPRD never receives patient-identifiable data from GP practices or from NHS Digital
  • All requests from researchers to gain access to linked data must be approved by an Independent Scientific Advisory Committee (ISAC), and only for public health research purposes

Diagram showing how CPRD links data to other datasets

 

[Page last reviewed 24 September 2018]