Data and information

The health and care system continues to face an unprecedented challenge from both the response to the pandemic and in supporting the recovery of health services. COVID-19 Control of Patient Information (COPI) notices, issued by the Secretary of State for Health and Care enable health organisations, arm’s length bodies and local authorities to process and share the data they need to respond to coronavirus (COVID-19) effectively and to improve and benefit patient care, for example by treating and caring for patients and those at risk, managing the service and identifying patterns and risks.

These notices require that data is shared for purposes of managing coronavirus risks (COVID-19) and give health organisations and local authorities the security and confidence to share the data they need to respond to coronavirus pandemic (COVID-19).

For patients, this means that their data may be shared with organisations involved in the response to coronavirus (COVID-19), for example, enabling notification to members of the public most at risk and advising them to self-isolate.

The NHS COVID-19 Data Store, brings data sources from across the health and care system in England together into a single, secure location. All data held in the NHS COVID-19 Data Store always remains under the control of the NHS and is being processed in accordance with the law.

Data Protection Impact Assessment has been published and our Privacy Notice explains what this means for patients.

We have developed a data dissemination register which demonstrates how information relating to COVID-19 is being shared with external organisations. The register will be regularly reviewed and updated; processes will ensure that data access applications are properly approved and audited.

To ensure transparency, the dissemination register also includes details of the provision of vaccination data to support organisations managing the response to the coronavirus pandemic.

Managing access

single service desk manages requests for access to health and care data held by NHS England and NHS Improvement, NHS Digital or Public Health England in order to support the COVID-19 response.

You will need to demonstrate an involvement in the COVID-19 response to be approved for access to data. Examples of reasons for access are detailed in the General COPI Notice.

Each application for access to data will be considered on a case-by-case basis. This will include:

  • The purpose – which must be for COVID-19 purposes.
  • The type and amount of data requested – any request for data will need to be justified e.g. if requesting record level data, you will need to explain why.
  • Transparency – how you are being transparent about the data requested for COVID-19.
  • Legal Basis – the legal basis which supports the applicant to process the data.

If you are requesting access to confidential patient information you should also ensure that you have ethical approval from the Health Research Authority. The service desk will also work with the relevant organisations e.g. NHS Digital and Public Health England to process the request.

If you require access to locally held data (e.g. medical records for the identification of potential participants) and you require access to confidential patient information you should contact the Health Research Authority directly rather than the service desk.

Please e-mail the service desk with your query and they will support you with your request.

Related information