Safeguarding patient data

How patient data is protected

Protecting the confidentiality of patient data is paramount to CPRD. This page explains how CPRD protects the privacy of patient data that we receive, process and use in CPRD research services.

Collecting data from GP practices

  • GP practices choose to share patient data (primary care data) with CPRD for public health research purposes
  • The Royal College of GPs and the British Medical Association are supportive of GP practices sharing their data with CPRD
  • No information that can identify a patient is ever sent to CPRD from the contributing GP practices
  • CPRD never receives any patient identifiers from a GP practice such as patient name, address, NHS number, full date of birth or medical notes
  • Because you can’t be identified from data a GP practice sends to CPRD, the GP practice doesn’t need to seek a patient’s consent to share data with CPRD
  • The anonymised data CPRD receives includes clinical information such as diagnoses, symptoms, prescriptions and laboratory tests
  • Individual patients can opt-out of sharing their data for research. CPRD does not collect data for these patients. 

Providing data for public health and medical research

  • CPRD has ethics approval from the Health Research Authority to support research using anonymised patient data
  • CPRD must complete an annual NHS Data Security and Protection Toolkit assessment to demonstrate that it meets the required standard for holding data securely
  • Once CPRD receives anonymised data from a GP practice, we ensure the data is fully compliant with the Information Commissioner’s Office (ICO) anonymisation code of practice and that patient privacy is protected
  • The identity of GP practices that have contributed data is concealed
  • The data CPRD holds can only be used for public health research
  • Only bona fide researchers can receive the data
  • Checks are conducted on organisations carrying out and funding the research to assess whether they are suitable to receive CPRD data
  • Requests by researchers to access the data are reviewed via the CPRD Research Data Governance (RDG) Process to ensure that the proposed research is of benefit to patients and public health
  • Researchers must adhere to robust terms and conditions governing how the anonymised data is used.
Process and approvals required for providing anonymised data to researchers 
Diagram showing process and approvals required for providing anonymised data to researchers


CPRD links data from GP practices in England to other datasets

The ability to link primary care data to other health datasets enables researchers to have a more complete picture of a patient’s medical history. This information is used to support vital public health research such as studies into the safety of medicines, causes of disease or improving delivery of care.

The datasets that are linked to CPRD primary care data include hospital data and data from disease registries such as the Cancer Registry. When CPRD receives these datasets, they have already been anonymised. The linkage process involves the following:

  • Each year CPRD must obtain Section 251 regulatory support through the Health Research Authority Confidentiality Advisory Group to enable data linkage to take place
  • A GP practice must give permission for primary care data from their practice to be linked to other datasets
  • Linkage is carried out via NHS England, the statutory body in England legally permitted to receive identifiable patient data
  • NHS England receives and processes identifiable patient data on behalf of CPRD and only sends anonymised data to CPRD
  • For NHS England to be able to link the data, a patient’s NHS number, full date of birth, postcode and gender together with a pseudonym for each patient is sent from the GP practice directly to NHS England. No clinical primary care patient data is sent to NHS England
  • NHS England receives a similar set of patient identifiable data for the other datasets to be linked
  • The patient identifiers from the two datasets are matched to generate a de-identified linkage file that does not contain any of the original patient identifiable information
  • NHS England sends the de-identified linkage file to CPRD which allows CPRD to link the two datasets without needing any patient identifiable data
  • CPRD never receives patient-identifiable data from GP practices or from NHS England or from any other source, unless a patient has agreed to take part in a clinical research study. When this happens, a patient will provide explicit consent for their information to be provided
  • All requests from researchers to gain access to linked data must be approved via the CPRD Research Data Governance (RDG) Process
  • The anonymised linked data can only be used for public health research by bona fide researchers.  
Process and approvals required for linking primary care data to other datasets 
Diagram showing the process and approvals required for linking primary care data to other datasets

Patient consented research studies supported by CPRD

Patient participation in clinical research is essential for the development of effective and safe medicines and medical devices, and to inform health policy and clinical care. Evidence shows that patients benefit from participating in clinical trials. CPRD can assist GPs in finding suitable patients who might benefit from taking part in clinical trials or other studies involving patient consent.

Finding patients suitable for participating in clinical studies

The process of finding patients who are suitable to take part in patient consented studies and clinical trials involves the following steps:

  • Using the data that CPRD receives from GP practices, CPRD is able to flag patients in the CPRD database whose medical history matches the criteria for participating in a clinical trial
  • CPRD does not know who these patients are. During the process of finding patients who are suitable to take part in clinical studies CPRD never receives information that can identify an individual patient
  • CPRD can assist in finding patients by supplying a GP with the pseudonyms of their patients who have been flagged as being potentially suitable from a CPRD database search
  • The GP uses the pseudonym supplied by CPRD to identify the patient within their own systems. The GP then reviews the medical record of their patient to decide if they could be eligible for the trial
  • The GP then contacts their suitable patients to let them know about the opportunity to take part in a trial that they may benefit from
  • The patient then chooses whether or not they would like to take part in the trial
  • Confidentiality is maintained throughout the process as only the GP knows the identity of the patients
  • CPRD does not receive identifiable information about the patients as they are contacted by their GPs in this process. CPRD may receive patient-identifiable data once a patient has enrolled in a clinical research study and the patient has provided explicit consent for their information to be provided as part of the study.

Clinical trials managed by CPRD

CPRD provides a clinical trials management service for authorised clinical trials involving patients who have given their consent to be enrolled in a clinical trial. Clinical trials are subject to stringent legal, ethical and regulatory governance requirements. Along with all bodies involved in running a clinical trial, CPRD must demonstrate compliance with all required regulatory, legal and governance procedures associated with conducting a clinical trial.

It is important to note, that where patients have provided consent to take part in a clinical trial or study, personal information such as name and contact details may be provided by the patient to the Interventional Research team at CPRD to support operational delivery during the study. As part of the consent process, the patient will also be asked to agree that the information provided as part of the study may be accessed by nominated members of the study team and during any audit, such as an inspection of the study by a regulatory body.

Where personal data is provided, this information is stored securely and independently from all other CPRD data, with access only by delegated members of the study team. Personal information is provided by the patient to enable operational delivery (e.g. sending notifications by email) and is deleted when the study closes. However, some information (for e.g., a record of the consent form) may be kept for a longer period of time as determined by the study protocol and regulatory requirements.

Where consent is given, any other data collected as part of the study will only be supplied to researchers as pseudonymised data. This means that all personal identifiers are removed and a study specific record key used instead. This also means that any data collected as part of an individual study cannot be associated with any other CPRD data.

Patients who agree to take part in a study will always have the opportunity to withdraw from the study at any time, and any data provided as part of the study will be managed in line with what has been agreed as part of the study consent process. 

Further information 

CPRD Interventional studies web page 

Detailed information of the requirements for managing a clinical trial can be found on the Medicines and Healthcare products Regulatory Agency website 

Patient data and research leaflet on the Health Research Authority website 

Understanding Patient Data, an initiative that aims to make uses of patient data more visible, understandable and trustworthy, for patients, the public and health professionals. 

Page last reviewed