What should GP practices include in their privacy notices?
GP practices should ensure that their privacy notice reflects all the processing of data that happens in relation to patient records. GP practices are therefore advised to add the following paragraphs to their privacy notice, or to draft their own information if they prefer:
- NHS England has been directed by the government to establish and operate the OpenSAFELY COVID-19 Service and the OpenSAFELY Data Analytics Service. These services provide a secure environment that supports research, clinical audit, service evaluation and health surveillance for COVID-19 and other purposes.
- Each GP practice remains the controller of its own GP patient data but is required to let approved users run queries on pseudonymised patient data. This means identifiers are removed and replaced with a pseudonym.
- Only approved users are allowed to run these queries, and they will not be able to access information that directly or indirectly identifies individuals.
Patients who do not wish for their data to be used as part of this process can register a type 1 opt out with their GP.
Here you can find additional information about OpenSAFELY.
For more information please click on our Privacy Notice.