You may have seen developments in regard to OpenSAFELY, a new method for allowing anonymised aggregated data to be shared for research purposes. You should have received a letter which directed your practice to enable this in your practice system (SystmOne or EMIS/Optum).
We are happy to answer any questions you might have about OpenSAFELY, but have provided some information for your reference and to help you to address any queries from patients.
WHAT IS OpenSAFELY?
OpenSAFELY follows on from data sharing work which took place during the pandemic, where practices were mandated to share some patient information under the COPI notice. When the pandemic came to an end this requirement was ceased. However, it was recognised that this data could be very beneficial to population health. Work started through the OpenSAFELY programme to put into place the necessary safeguards, alongside public and professional engagement. The project is working to ensure transparency, compliance with required confidentiality and data protection legislation, while ensuring the public are on board. The initiative includes only coded data and must respect all Type 1 opt outs. The National data opt out is considered on a study by study basis, so this will be applied as appropriate.
A four minute video https://www.youtube.com/watch?v=GRjRqOAIVy8 explains the programme and is available on YouTube to be shared widely.
The RCGP has provided a guide to how practices should comply with the directive https://r1.dotdigital-pages.com/p/49LX-12T5/all-gp-practices-using-emis-web-optum-or-systmon-e-tpp-are-legally-required-to-activate-access-to-pseudonymised-gp-rec-ords-using-the-open-safely-research-platform-by-september-2025.
There are 4 actions listed on this page which practices must do:
- Activate the data sharing through EMIS (Optum)/SystmOne
- Update your practice privacy notice (suggested text below)
- Sign off a DPIA (template provided, or you can prepare your own)
- Update your existing practice record of processing activities (RoPA)
READ MORE
You can read more detail here: https://r1.dotdigital-pages.com/p/49LX-12T5/all-gp-practices-using-emis-web-optum-or-systmon-e-tpp-are-legally-required-to-activate-access-to-pseudonymised-gp-rec-ords-using-the-open-safely-research-platform-by-september-2025
NHS England has also provided some further detail for reference here: https://transform.england.nhs.uk/information-governance/frequently-asked-questions/#questions-about-opensafely
PRIVACY NOTICE
This suggested practice privacy notice has been taken from https://transform.england.nhs.uk/information-governance/frequently-asked-questions/#questions-about-opensafely
GP practices should ensure that their privacy notice reflects all the processing of data that happens in relation to patient records. GP practices are therefore advised to add the following paragraphs to their privacy notice, or to draft their own information if they prefer:
“NHS England has been directed by the government to establish and operate the OpenSAFELY COVID-19 Service and the OpenSAFELY Data Analytics Service. These services provide a secure environment that supports research, clinical audit, service evaluation and health surveillance for COVID-19 and other purposes.
Each GP practice remains the controller of its own GP patient data but is required to let approved users run queries on pseudonymised patient data. This means identifiers are removed and replaced with a pseudonym.
Only approved users are allowed to run these queries, and they will not be able to access information that directly or indirectly identifies individuals.
Patients who do not wish for their data to be used as part of this process can register a type 1 opt out with their GP.
Here you can find additional information about OpenSAFELY.”