Categories of personal data

Personal Data that is processed in the FDP varies depending on the Product and the purposes for which the data is processed. Personal Data that identifies an individual will be used in local Instances, as the Products used by NHS Trusts and Integrated Care Boards bring data together which is used to provide those individuals with care and treatment. In the national Instances of FDP, most Personal Data will not include information that directly identifies individuals as it will have gone through a process called pseudonymisation, which means that the data will be referred to as De-Identified Data.

Local instances

Directly Identifiable Data is processed in Local Instances as most Products enable clinicians to provide individual care to patients who they treat. Access to this information is still restricted to only the information that a clinician and their care team need to know for the specific purpose of providing care to an individual. This information may include an individual’s:

  • name
  • address
  • date of birth or age
  • gender
  • sex
  • NHS number or hospital record number
  • telephone number
  • email address
  • marital status
  • health information, including information about their symptoms, medical conditions, diagnosis, medication and treatment
  • race and/or ethnicity
  • religious and/or other beliefs
  • sexual life and/or sexual orientation (where this is relevant to their care)
  • living arrangements, living habits and diet
  • genetic information

National instances

De-Identified Data processed in Products within the national Instances will be used by NHS England to understand how the NHS is operating and to help NHS Trusts and Integrated Care Boards to plan and manage how they deliver care to patients.

For example, De-Identified Data is used by NHS England analysts to produce dashboards which share Anonymous Aggregated Data with users of the dashboard. Only the minimum amount of De-Identified Data that is necessary for the specific purpose of producing the dashboard is used in a Product. Access to the data is strictly controlled. In most cases only analysts within NHS England will have access to the De-Identified Data in national Products, so they can create and maintain the dashboard. Most users of the dashboard will only be able to see Anonymous Aggregated Data and Operational Data that is displayed to them in the dashboard.

De-Identified Data does not directly identify any individuals, so it does not include a name or contact details. It may include information about:

  • the area they live in
  • their age
  • their gender or sex
  • their race or ethnicity
  • their care and treatment including information about hospital admission and stays, health conditions, diagnosis, treatment, discharge, and their outcome from treatment.

More information about the specific categories of Personal Data that are processed in each Product are contained in the Product Privacy Notices.