Safeguarding patient data

How patient data is protected

Protecting the confidentiality of patient data is paramount to CPRD. This page explains how CPRD protects the privacy of patient data that we receive, process and use in CPRD research services.

Collecting data from GP practices

  • GP practices choose to share patient data (primary care data) with CPRD for public health research purposes
  • The Royal College of GPs and the British Medical Association are supportive of GP practices sharing their data with CPRD
  • No information that can identify a patient is ever sent to CPRD
  • CPRD never receives any patient identifiers from a GP practice such as patient name, address, NHS number, full date of birth or medical notes
  • Because you can’t be identified from data a GP practice sends to CPRD, the GP practice doesn’t need to seek a patient’s consent to share data with CPRD
  • The anonymised data CPRD receives includes clinical information such as diagnoses, symptoms, prescriptions and laboratory tests
  • Individual patients can opt-out of sharing their data for research. CPRD does not collect data for these patients.

Providing data for public health and medical research

  • CPRD has ethics approval from the Health Research Authority to support research using anonymised patient data
  • CPRD must complete an annual NHS Data Security and Protection Toolkit assessment to demonstrate that it meets the required standard for holding data securely
  • Once CPRD receives anonymised data from a GP practice, we ensure the data is fully compliant with the Information Commissioner’s Office (ICO) anonymisation code of practice and that patient privacy is protected
  • The identity of GP practices that have contributed data is concealed
  • The data CPRD holds can only be used for public health research
  • Only bona fide researchers can receive the data
  • Checks are conducted on organisations carrying out and funding the research to assess whether they are suitable to receive CPRD data
  • Requests by researchers to access the data are reviewed via the CPRD Research Data Governance (RDG) Process to ensure that the proposed research is of benefit to patients and public health
  • Researchers must adhere to robust terms and conditions governing how the anonymised data is used.

Process and approvals required for providing anonymised data to researchers 

Process and approvals required for providing anonymised data to researchers

CPRD links data from GP practices in England to other datasets

The ability to link primary care data to other health datasets enables researchers to have a more complete picture of a patient’s medical history. This information is used to support vital public health research such as studies into the safety of medicines, causes of disease or improving delivery of care.

The datasets that are linked to CPRD primary care data include hospital data and data from disease registries such as the Cancer Registry. When CPRD receives these datasets, they have already been anonymised. The linkage process involves the following:

  • Each year CPRD must obtain Section 251 regulatory support through the Health Research Authority Confidentiality Advisory Group to enable data linkage to take place
  • A GP practice must give permission for primary care data from their practice to be linked to other datasets
  • Linkage is carried out via NHS Digital, the statutory body in England legally permitted to receive identifiable patient data
  • NHS Digital receives and processes identifiable patient data on behalf of CPRD and only sends anonymised data to CPRD
  • For NHS Digital to be able to link the data, a patient’s NHS number, full date of birth, postcode and gender together with a pseudonym for each patient is sent from the GP practice directly to NHS Digital. No clinical primary care patient data is sent to NHS Digital
  • NHS Digital receives a similar set of patient identifiable data for the other datasets to be linked
  • The patient identifiers from the two datasets are matched to generate a de-identified linkage file that does not contain any of the original patient identifiable information
  • NHS Digital sends the de-identified linkage file to CPRD which allows CPRD to link the two datasets without needing any patient identifiable data
  • CPRD never receives patient-identifiable data from GP practices or from NHS Digital or from any other source
  • All requests from researchers to gain access to linked data must be approved via the CPRD Research Data Governance (RDG) Process
  • The anonymised linked data can only be used for public health research by bona fide researchers.  

Process and approvals required for linking primary care data to other datasets 

Process and approvals required for linking primary care data to other datasets

Patient consented research studies supported by CPRD

Patient participation in clinical research is essential for the development of effective and safe medicines and medical devices, and to inform health policy and clinical care. Evidence shows that patients benefit from participating in clinical trials. CPRD can assist GPs in finding suitable patients who might benefit from taking part in clinical trials or other studies involving patient consent.

Finding patients suitable for participating in clinical studies

The process of finding patients who are suitable to take part in patient consented studies and clinical trials involves the following steps:

  • Using the data that CPRD receives from GP practices, CPRD is able to flag patients in the CPRD database whose medical history matches the criteria for participating in a clinical trial
  • CPRD does not know who these patients are, as CPRD never receives information that can identify an individual patient
  • CPRD can assist in finding patients by supplying a GP with the pseudonyms of their patients who have been flagged as being potentially suitable from a CPRD database search
  • The GP uses the pseudonym supplied by CPRD to identify the patient within their own systems. The GP then reviews the medical record of their patient to decide if they could be eligible for the trial
  • The GP then contacts their suitable patients to let them know about the opportunity to take part in a trial that they may benefit from
  • The patient then chooses whether or not they would like to take part in the trial
  • Confidentiality is maintained throughout the process as only the GP knows the identity of the patients
  • CPRD does not receive identifiable information about the patients the GP contacts in this process. 

Clinical trials managed by CPRD

CPRD provides a clinical trials management service for authorised clinical trials involving patients who have given their consent to be enrolled in a clinical trial. Clinical trials are subject to stringent legal, ethical and regulatory governance requirements. Along with all bodies involved in running a clinical trial, CPRD must demonstrate compliance with all required regulatory, legal and governance procedures associated with conducting a clinical trial.

Detailed information of the requirements for managing a clinical trial can be found on the Medicines and Healthcare products Regulatory Agency website 


[Page last reviewed 9 June 2021]