Date published: 22 September, 2025
Date last updated: 22 September, 2025
Board meetings

Summary of NHS OpenSAFELY data analytics service pilot directions 2025 issued to NHS England by the Secretary of State for Health and Social Care in June 2025

Agenda item: 11 (public session)
Report by: Jackie Gray, Director of Privacy, Transparency and Trust
Paper type: For information
23 September 2025

Executive summary

This paper is for the Board’s information to provide an overview of the NHS OpenSAFELY Data Analytics Service Pilot Directions 2025 (Directions) issued to NHS England in June 2025 by the Secretary of State for Health and Social Care (SoS).

The purpose of the Directions is to is to enable NHS England to establish a secure data analytics service using the OpenSAFELY technology, for users approved by or on behalf of NHS England to run queries on pseudonymised GP and NHS England patient data held by GP IT system suppliers within the GP system suppliers’ secure environments for the purposes set out in the associated requirements specification. The service will run as a pilot until 31 March 2027 unless extended by the Secretary of State.

The Directions have been issued under section 254 of the Health and Social Care Act 2012 (2012 Act), section 13ZC and 272(7) and (8) of the National Health Service Act 2006 (the 2006 Act) and Regulation 32 of the National Institute for Health and Care Excellence (Constitution and Functions) and NHS England (Information Functions) Regulations 2013.

Action required

The Board is asked to note the new Directions and the information provided in this Paper regarding their purpose, effect, and requirements.

Background

1. Under section 254 of the 2012 Act, the SoS may direct NHS England to establish and operate a system for the collection or analysis of information in connection with the provision of health services in England. Under section 13ZC of the 2006 Act, the SoS may give NHS England directions as to the exercise of any of its functions. The Directions are issued by the SoS to NHS England under these provisions.

Purpose of the Direction

2. The purpose of the Directions is to is to enable NHS England to establish a secure data analytics service using the OpenSAFELY technology, for users approved by or on behalf of NHS England to run queries on pseudonymised GP and NHS England patient data held by GP IT system suppliers, for the following purposes:

  1. clinical audit (a way to check if healthcare is being provided in line with care standards to help improve the quality of healthcare services).
  2. service evaluation (to assess how well a healthcare service is achieving its intended aims).
  3. health surveillance (to better understand the health of the population).
  4. research, (to find new treatments, improve early diagnosis of disease and prevent ill-health).
  5. where agreed on a project specific basis by the Department of Helath and Social Care (DHSC), NHS England and the Joint GP IT Committee of the BMA and the RCGP, projects may also be approved for health and social care policy, planning and commissioning purposes and public health purposes (eg to identify and monitor diseases that pose a risk to the health of population).

3. This is a pilot service which builds upon the success of the NHS England OpenSAFELY COVID-19 service, which was introduced to support approved users to undertake projects for COVID-19 research, COVID-19 clinical audit, COVID-19 service evaluation and COVID-19 health surveillance purposes.

4. The NHS OpenSAFELY Data Analytics Service will be available to approved users (such as academics, data analysts, data scientists and researchers) to help them to analyse patient data which is held by GP practices’ and by NHS England, in a safe and secure way that protects patient privacy, subject to a number of safeguards laid out in the Directions.  The service will initially run as a pilot enabling the implementation of the service to develop and evaluate the OpenSAFELY technology for the wider non-COVID-19 purposes.

5. The service uses a software platform called OpenSAFELY which is designed with the following privacy safeguards:

  1. OpenSAFELY uses pseudonymised data, held by a persons’ GP practice and by NHS England;
  2. The OpenSAFELY software does not move patient data outside of the GP system suppliers secure IT environments. Instead, the software is implemented inside the data centres of the two largest GP IT system suppliers, TPP and Optum (formerly EMIS) so that when approved users of OpenSAFELY run code to analyse the pseudonymised data, it never leaves the GP system suppliers secure IT environment;
  3. Approved users are given access to an off-line development environment, where they can build and develop their data analysis code using ‘dummy’ (pretend / fictional) data rather than real patient data;
  4. A record (a log) is kept of all user activity and code which has been executed on the OpenSAFELY software platform and is published: https://jobs.opensafely.org/
  5. Only aggregated and anonymous output data from the queries run and logs to identify and fix errors in analysis code and, is made available to users outside of the GP system suppliers secure IT environment, which are subject to output checking before being released.

Effect and requirements of the direction

6. From the date of signature of the Directions, NHS England will have a legal duty to comply with the Directions, which will require it to establish and operate a system for the collection and analysis of the information set out in the Requirements Specification attached to the Directions (as they may be updated from time to time). Those functions are to be exercised in accordance with the Requirements Specification, the service levels, support and monitoring requirements, and the reporting and governance requirements notified by the SoS in writing to NHS England.

7. The exercise by NHS England of the functions set out in the Directions is also subject to the statutory guidance issued by the SoS to NHS England under section 274A of the 2012 Act: NHS England’s protection of patient data, 23 May 2023 which is guidance that NHS England has a duty to have regard to when discharing its functions under these Directions.

Publication

8. NHS England is directed not to publish any data obtained by virtue of these Directions.

Approval of acceptance of Directions and publication

9. The Clinical Transformation Director and National Medical Director approved acceptance of the Directions in June 2025 on behalf of the Accounting Officer as set out in the NHS England Scheme of Delegation.  The Directions have been published on the NHS England website.

Annex 1 – NHS OpenSAFELY Data Analytics Service Pilot Directions 2025

Date published: 22 September, 2025
Date last updated: 22 September, 2025