Leicester, Leicestershire & Rutland Local Medical Committee

OpenSAFELY

NHS England issued a Data Provision Notice (DPN) in July 2025 which requires GP Practices to provide the OpenSAFELY Data Analytics Service.

This has the support of the Joint GP IT Committee, which is co-chaired by GPC and RCGP, who are encouraging practices to accept the DPN as soon as possible.

The OpenSAFELY COVID-19 Service was established under the COVID-19 Public Health Directions 20201 (COVID-19 Public Health Directions) in June 2023 and provides a secure analytics service for users, approved by or on behalf of NHS England, to run queries on pseudonymised patient data held by GP practices and NHS England (GP and NHS England pseudonymised patient data) for COVID-19 Purposes.

Learning from the OpenSAFELY COVID-19 Service (the COVID-19 Service), it has been decided that an additional service should be developed and tested on a pilot basis to enable GP and NHS England pseudonymised patient data to be accessed through the OpenSAFELY platform for further secondary uses purposes (Pilot).

The purpose of the Pilot is to establish a secure analytics service using the OpenSAFELY platform (the Service), for users approved by or on behalf of NHS England (Approved Users), to run queries on GP and NHS England pseudonymised patient data for the purposes of the Pilot as set out below.

The Service, and the purpose of running the queries and obtaining the aggregate outputs is limited to the following purposes:

  • clinical audit
  • service evaluation
  • health surveillance
  • research
  • health and social care policy, planning and commissioning purposes and public health purposes, where
    agreed on a project specific basis by or on behalf of:
    • the Deputy Director of Data Policy on behalf of the Department of Health and Social Care, and
    • the Chief Data & Analytics Officer on behalf of NHS England, and
    • a nominated representative of each of the Royal College of General Practitioners and the British Medical Association on behalf of the Joint GP IT Committee.
  • evaluaion of the Service.

The Service is designed to keep patient data confidential: Approved Users write analysis code away from the patient data and test it on dummy data; the Service then automates the running of code (the Queries) to generate intermediate pseudonymised patient level data sets specifically tailored to the needs of the project (Intermediate Outputs). Further Queries are run to generate aggregated outputs (the Aggregated Outputs)and logs to help identify and fix errors in the analysis code (Error Logs).

Approved Users only have access to the Aggregated Outputs and Error Logs generated by their Query.
Aggregated Outputs are released outside the GP System Suppliers’ secure environment only after disclosure controls have been applied within the GP System Suppliers’ secure environment and the results reviewed and cleared by trained output-checkers. All actions in the Service are logged in public, in real-time and all Queries are logged and published.

More information can be found on NHS England Website.

In addition the RCGP has produced guidance which can be accessed here which includes:

NHS England provide further FAQs regarding OpenSAFELY on a webpage which also covers other frequently asked questions and answers to common information governance queries.

We are advised than many practices have still not signed up for this. Following feedback, GPCE has been working with the RCGP, NHS England and the OpenSAFELY team to reduce the burden on Optum/EMIS Web and TPP/SystmOne practices in England in accepting the OpenSAFELY Data Provision Notice.

The NHS England website has been updated this week with clearer instructions:
How to activate the OpenSAFELY analytics platform – NHS England Digital

There is now also an agreement over a single national Data Protection Impact Assessment (DPIA) which practices can note, reducing any need to construct their own. The Joint GP IT Committee reviews are now referenced within this national DPIA. No additional work is needed by practices. The national DPIA is available via the above web page.

There is also has a link to a 2-page “easy read” version of what OpenSAFELY is
(https://digital.nhs.uk/binaries/content/assets/website-assets/services/opensafely/the-nhs-opensafely-dataanalytics-service.pdf) including a link to a short video (https://www.youtube.com/watch?v=GRjRqOAIVy8).

All practices need to do now is activate the service, note the national DPIA, update their website privacy notice (suggested text is in the above web page) and update their Record of Processing Activity (ROPA).

Last Updated on 16 December 2025

NHS Health Checks – City Practices

Following the communication in the September newsletter regarding the new NHS Health Checks contract with Leicester City Council. The council has informed us that they have now completed their internal

Read More

Rabies (Post Exposure) guidance

POST-EXPOSURE This does not happen very often, but when it does, practices need to know what to do. Details are per Chapter 27 of the Green Book. If a

Read More

Treatment for Dental Problems

A common query from practices is whether they can or should provide treatment to a patient with a dental problem. Treating patients with dental problems is not a GP

Read More

DDRB Uplift 2025

The Review Body on Doctors’ and Dentists’ Remuneration has published it 53rd Report which includes recommendations for increases for GP Contractors and Salaried GPs. The government has accepted the

Read More