Fair processing guidelines for GPs

This page provides signposting to resources for GPs who are designing fair processing notices for the use of personal data for risk stratification.

What is ‘fair processing’?

Fair processing:

  • Requires your practice to tell patients about how you intend to use their information
  • Involves telling patients about what types of data the process will involve (for example, is it just patients’ name and address or will it include details about their health)
  • Reassures the patient that their data will be safe, confidential and used appropriately if they are share it with you
  • Enables patients to opt out of sharing their data

More about fair processing

Why is it important?

Fair processing is fundamentally about telling patients what you are doing with their data and why it is a good thing.

The first data protection principle of the Data Protection Act requires that the processing of patient data is ‘fair’. This is about being open and transparent about the ways in which personal data are used, ensuring people are told what is happening to their data, and their corresponding rights.

Do GPs have to do fair processing?

Yes. The responsibility for telling patients about the use of their data for risk stratification purposes falls on the GP or GP Practice as the ‘data controller.’

What information should a fair processing notice include?

In general terms, a fair processing notice needs to include:

  • The details of the General Practice
  • The purposes(s) for which the Practice intends to use the personal data – this case risk stratification. These need to be in terms that the patient will understand
  • Any additional information the Practice needs to give individuals in the circumstances to enable it to process the information fairly

Additional information that you need to consider including in a fair processing notice.

Can patients opt out of providing their data for risk stratification?

Yes. The NHS Constitution sets out patients’ rights to object to their confidential personal data being used for purposes beyond their own care and treatment, and to have those objections considered.

How do I design a fair processing notice?

Consideration must be given to the readability and accessibility of the fair processing notice. It should be clear and understandable by the audience for which it is intended – keeping it simple is the best approach. You will also need to consider the means by which the fair processing notice will be communicated to patients.

Designing a fair processing notice

How will I know that may fair processing notice meets all the necessary requirements?

NHS England has published a fair processing checklist for risk stratification programmes. This can be used to carry out a self-assessment exercise to provide assurance that your fair processing notices meet the requirements.