General Practice Data for Planning and Research – No.23

General Practice Data for Planning and Research – No.23

General Practice Data for Planning and Research (GPDPR)

Update 19th July 2021

GPs have been sent an update on GPDPR by the undersecretary of state for Primary Care and Health Promotion saying that NHSD is working with in collaboration with partners including the RCGP and the BMA and that a specific start date for the collection of data will not take place until:

  • Patients have the ability to delete data if they to opt-out of sharing their GP data with NHS Digital (even if this is after their data has been uploaded)
  • The backlog of opt-outs has been fully cleared
  • A Trusted Research Environment has been developed and implemented in NHS Digital
  • Patients have been made more aware of the scheme through a campaign of engagement and communication.


  • Patients do not need to register a Type 1 opt-out by 1st Septemberto ensure their GP data will not be uploaded
  • NHS Digital will allow GP data that has previously been uploaded to the system viathe GPDPR collection to be deleted when someone registers a Type 1 opt-out
  • The plan to retire Type 1 opt-outs will be deferred for at least 12 months

Administrative workload:

  • NHSD are looking into ways of reducing this
  • There is now no urgency to process Type 1 opt-outs specifically for GPDPR in order to get people opted out before September.
  • A template DPIA for practice use will be made available in good time to allow practices to complete it.

Data Security and Governance:

  • Trusted Research Environment (TRE) standards are being defined
  • Data collection will only start once the TRE is in place and when the BMA, RCGP and the National Data Guardian are satisfied with the standards
  • Once the data is collected, it will only be used for the purposes of improving health and care. Patient data is not for sale and will never be for sale

Transparency, communications and engagement

Because of concern about the lack of awareness amongst the healthcare system and patients, an engagement and communications campaign is underway to promote better understanding and informed choices.

Further information can be obtained here

Summary (Original Post 9th June 2021)

Practices have been asked to comply with a Data Provision Notice for GPDPR. Signing this will allow NHSD to extract structured coded data from their clinical system to be used for research and planning. There is a statutory obligation for GPs to sign up to the Data Provision Notice, although there is no mechanism for enforcing this. The BMA have asked for an extension to the deadline to allow time for further assessment and NHSD have now extended this to the 1st to September.

GP practices may wish to wait for further advice from their professional bodies or they may be happy to sign up now. Those practices signing up should add a paragraph to their Fair Processing Notice:

 “This practice is supporting vital health and care planning and research by sharing your data with NHS Digital. For more information about this see the GP Practice Privacy Notice for General Practice Data for Planning and Research.”

 In the interim, because of the publicity, practices may be receiving an increased number of type 1 opt-out requests from patients. On receipt of these requests the patient medical records should have the following code inserted :

 9Nu0 (827241000000103 |Dissent from secondary use of general practitioner patient identifiable data (finding)

 Or in the event of wishing to opt in after an opt-out:

 9Nu1 (827261000000102 |Dissent withdrawn for secondary use of general practitioner patient identifiable data (finding)



The General Practice Extraction Service (GPES) has been extracting much of this data from GP practices for some years. This programme had not been fit for purpose, but has now been redesigned to work as intended. The focus is on data for research and planning and at first glance there is little new here.


What Data will be extracted

  • data on sex, ethnicity and sexual orientation
  • clinical codes and data about diagnoses, symptoms, observations, test results, medications, allergies, immunisations, referrals, recalls and appointments, including information about physical, mental and sexual health
  • data about staff who have treated you


What data will not be extracted

  • name and address (except postcode in unique coded form)
  • written notes (free text), such as the details of conversations with doctors and nurses
  • images, letters and documents
  • coded data that is not needed due to its age – for example medication, referral and appointment data that is over 10 years old
  • coded data that cannot be share by law – for example certain codes about IVF treatment, and certain information about gender reassignment


Opt-out choices for patient remain unchanged

  • Type 1 opt-outs when coded into the GP record will prevent that data being extracted from the GP record.
  • National data opt-outs (formerly referred to as Type 2) managed through a central website will prevent the data being used after it has been extracted from the GP practice.


What’s New?

Because this is a new system, GPs do need to formally sign up to the data extract. NHSD have published information for GP practices advising them that they should comply with the Data Provision Notice.


Identifiable Data?

The data is described as pseudonymised or depersonalised which means to all intents and purposes it will not contain Personally Identifiable Data (PID), however it will be possible in specific circumstances to link back to PID. Beyond its use for planning and research the NHSD patient information page also says that the data may be used:

  • in exceptional circumstances, providing you with individual care

This short reference is significant as it shows that NHSD will be able to provide Personally Identifiable Data to health and care organisations (for example Local Authorities) for the provision of direct care. The data would be stored in secure NHS databases with robust access control mechanisms and only made available to organisations who can show that they have a valid need (i.e. a Legitimate Relationship to provide care) as well as having appropriate standards of Information Governance in place.


Who is responsible for the extracted data?

Once the data has been taken from GP systems the data controller for the extracted data will no longer be the GP but will be NHSD. (Note that this differs from data extracted into the local WSIC database where GP data controller rights and responsibilities are maintained and are pivotal to the use of the data, in this case for the provision of direct care).


Professional Bodies

See the LLMC statement which also contains links to an  explanation of patient opt-out choices and also the current BMA stance. The BMA have previously supported this programme but because of rising public awareness and increasing patient requests for their GPs to code them as type 1 op-outs, they will be reviewing and reconsidering the issues before the September deadline. The NHS need this data to plan and provide healthcare services and so it seems unlikely they will back down, rather that there will be be significant government pressure for the BMA to maintain their support.



If you have any questions please contact NWL Infogovernance Support

Comments are closed.