National engagement on data: cohort 2 report
Published 6 June 2025
Executive summary
This publication was produced by:
- Thinks Insight & Strategy
- NHS England
- Department of Health and Social Care
Below you will find the executive summary.
The data deliberation: what we set out to cover
Thinks Insight & Strategy is a research and strategy agency. Early in 2024, we were commissioned by NHS England (NHSE) and the Department of Health and Social Care (DHSC) to conduct a large-scale public engagement programme, to build and maintain public trust in how data is used across health and social care.
Public engagement is crucial to the success of digital and data transformation, as policy and services must be informed by a detailed understanding of public attitudes and shaped by public recommendations. Meaningful engagement can help to build trust and confidence in the decisions taken by government and the NHS.
The second phase of the data deliberation, reported here, focused on:
- the approach to creating a single patient record including data across a range of health and care settings
- the use of general practitioner (GP) data beyond individual care, for planning NHS and care services and for research (referred to as ‘secondary uses’).
Note that this cohort of the national engagement on data took place before the announcement that NHS England will be integrated into DHSC, therefore the discussions and examples provided to participants sit within that context. Officials implementing these recommendations should consider that context, especially whether any additional measures are required to articulate where expectations placed on ‘NHSE’ will now differ.
Image description
The national engagement on data programme consists of 3 cohorts:
- Cohort 1: Data use and access
- Cohort 2: Primary care data
- Cohort 3: The opt-out landscape
Each cohort contains the same 3 tiers of work. These are:
- Tier 1: Core deliberation
- Tier 2: Inclusive engagement
- Tier 3: Deliberative survey
Two broad questions framed this round of deliberation:
- How should a single patient record be designed in a way that maximises the potential benefits and is trusted by the public?
- What is the best way of ensuring that data in the GP health record is used for planning and research, in a way that the public trust?
Within these two questions, participants deliberated on a single patient record and secondary uses of GP patient record data.
A single patient record included:
- initial feelings about and expectations around a single patient record
- the conditions that the public ask to be met in order to feel trust and confidence in a single patient record
- expectations for access to a single patient record, for health and care professionals and for patients
Secondary uses of GP patient record data included:
- initial reactions to current and potential planning and research uses of GP patient record data
- how the public feels GP patient record data compares to other health and care data
- who makes decisions about the use of GP patient record data for planning and research
We used a range of different methods, as shown in the diagram below, to ensure that the data deliberation generated a robust understanding of public attitudes. Our findings from all the three tiers have been consolidated into this report.
Image description
We first conducted an evidence review - a synthesis of existing research on public attitudes to linking primary and secondary care data, with a focus on the GP record.
Tier 1: Core deliberation
Who: 120 recruited, 98 by the end, a mix of sortition and purposive recruitment
What: 15 hours of deliberation over 3 full days
Where: Liverpool, Leicester, Portsmouth and South London
Why: To gain an in-depth understanding of attitudes
Tier 2: Inclusive engagement
Who: 76 people from seldom heard groups including those with health needs and in socially marginalised groups
What: Interviews and small groups, online and face to face
Why: To understand views of those missing from previous research
Tier 3: Deliberative survey
Who: 2,000 people, nationally representative sample
What: 10 minute survey
Where: Online
Why: To test findings with people who have not had the deliberative experience
A single patient record
In October 2024, the Secretary of State for Health and Social Care announced plans for a single patient record. This will bring together information about an individual's health treatment and care in one place.
Initial views on a single patient record
To start with, the concept of a single patient record was met with relief and enthusiasm across Tier 1 and Tier 2 participants. They could immediately – prior to any information given as part of the deliberative process – see the benefits of this (especially more frequent users of healthcare) through:
- better experiences using healthcare systems
- improved efficiency of care
- (ultimately) better health outcomes
Participants in Tiers 1 and 2 swiftly associated a single patient record with a common frustration: having to frequently repeat your health history when interacting with different aspects of the health and care system.
Initial reactions also included spontaneous concerns such as:
- data accuracy and how this would be maintained
- privacy
- security (such as fears that a single centralised record might increase the risk of cyber-attacks)
Yet, as they explored the issue further and learned more about what a single patient record could look like, the broad consensus across the whole of cohort 2 was that the benefits would outweigh these risks as long as high levels of security, accuracy of data, and transparency were ensured.
Conditions for a single patient record
Participants in Tiers 1 and 2 discussed what would make a single patient record system trustworthy to them. Alongside tiered access for health and care professionals (explored in its own chapter below), four broad themes emerged as priorities:
- Security: a high level of security, including staff training as well as technical measures
- Transparency: in the design and working of the record; providing information to the public about the move to a single patient record and the implications, including clarity on who would have access to the patient record
- Accountability: clear oversight structures of how data is managed and used, including clear processes and sanctions for when things go wrong
- Patient choice: ensuring that patients are informed and have a say on how data they consider sensitive is shared
Tiered access for health and care professionals
Tier 1 and Tier 2 participants rejected the idea that all health and care professionals should have full access to an individual’s single patient record. Instead, they favoured a tiered system of access, based primarily on urgency and breadth of care responsibilities. Within this, participants wanted access to be restricted to the relevant elements of a single patient record.
An audit trail was seen as an essential part of a record system, identifying who had accessed which parts of the record. Ensuring this is attached to every single patient record would bolster accountability and transparency.
The importance of an audit trail was particularly emphasised by the seldom heard audiences as an important safeguard. They hoped this would help deter any instances of misuse by healthcare professionals and provide patients with more confidence in a single patient record.
Participants wanted to know that any health and care professionals accessing a single patient record would be trained. This will reassure the public that their data is being used safely and appropriately.
These considerations were felt to ensure that access would be both sufficiently justified and constrained. These desires were rooted in concerns about data misuse, breaches, and patient privacy – especially for data considered the most sensitive in a single patient record.
Patient access
When asked whether they would want to have access to their own record, the answer was a clear yes from most participants in Tier 1 – 94 were in favour compared to just 8 saying no. Tier 2 participants similarly wanted patients to have access to their own records.
The perceived benefits of this included improving care, helping family carers, and enabling access to their health information while travelling abroad or around the UK. Some concerns were raised around cybersecurity, patients being pressured by others with ill-intent to access their record and health anxiety. However, participants felt these could be mitigated, particularly by limiting what sensitive information is shared, or providing patients with a summary record only.
Policy recommendations
Proceed at pace. A single patient record feels like a long-overdue solution to many of the frustrations the public feel across multiple health and care settings.
Include a record of access. An audit trail will provide reassurance that access is subject to constraints and oversight.
Tiered access is essential. Constraints on access are essential to the public trusting a single patient record. The idea of open access to all health and care professionals is roundly rejected.
Ensure rigorous training in data use and data security. Any health and care professionals accessing a single patient record should be trained. This will reassure the public that their data is being used safely and appropriately.
Patient access is a must. This can help patients better manage their own health, and many felt they had the right to access data about them. While patient access is important, it was a lesser implementation priority compared to access for health and care professionals – which, they assumed, would have more immediate benefits for health outcomes.
Focus on and demonstrate high levels of data security.
Be transparent from the start during implementation, as well as in day-to-day operation – acknowledge risks up front and ensure patients have a say in implementation.
Secondary uses of GP patient record data
The GP health record is the most complete source of information about a person’s health. And it is held separately from all other health and care data. Individual GPs are the ‘data controllers’ for the data held in this GP health record. This means that individual GPs are the ultimate decision makers as to whether or not data is shared. It also means that GPs could be held responsible if there are any data breaches, or if something goes wrong.
Initial views on primary care data for secondary uses
Participants across all three tiers were largely unaware of the secondary uses of GP patient record data, which aligns with general learnings from cohort 1.
Initially, what made Tier 1 participants feel comfortable about secondary uses of GP patient record data were ideas of public benefit – for example, saving lives, improving care and prevention, and greater speed and efficiency in delivery of services.
What made them initially feel uncomfortable were concerns around data breaches, incorrect data, misuse, sensitivity of data being shared, bias against individuals, and concerns around re-identification.
GP patient record data compared to other health and care data
Participants in Tier 1 expressed mixed views on whether GP patient record data should be treated differently to other health and care data when it comes to planning and research use. On the one hand, those participants who felt that GP patient record data needs to be treated differently did so because it is likely to contain more intimate information – and therefore there is a greater risk to the individual patient if the data is misused. Conversely, there were those who felt that GP patient record data should not be treated any differently to the rest of their health record. They believed it should be included alongside secondary care data to ensure a comprehensive dataset is available, in order to achieve high-quality planning and research outputs. Participants overall were reassured by the safeguards that are in place including de-identification, training for staff in data handling and security, and data regulation (including UK GPDPR and Data Protection Act 2018, Control of Patient Information, Common Law Duty of Confidentiality and the Human Rights Act).
Tier 2 participants largely expressed that GP patient record data is more sensitive than other health and care data – among the most sensitive data, in fact. However, despite the sensitivity of the data, they felt that this should not preclude GP patient record data being used for research and planning as long as strict safeguards are in place to ensure security and privacy.
Controllership and who decides how data is used for secondary purposes
There was a widespread feeling among Tier 1 and Tier 2 participants that the current model of the GP being the data controller for both direct care and secondary uses placed too much of a burden on GPs when it came to how data is used for secondary purposes. They wanted to see a new model which would allow for greater consistency of approach, transparency, and accountability.
Participants in Tier 1 overwhelmingly supported a move to national or regional decision-making approach around uses of GP patient record data for secondary purposes, although identified positives and negatives between different models. They wanted an approach which would allow for the efficiency and consistency of a national approach while allowing for regional priorities to be taken into consideration. The composition of any advisory group – for example, data access committees (DACs) – was essential in making this model successful. Participants wanted to see professionals from a wide range of health – and other – backgrounds (including GPs), and representation of people across the country.
However, Tier 3 respondents – with less time and space to engage with the topics – were more resistant to a move away from the model of GPs as sole data controllers. This greater reluctance to change demonstrates the need for careful communication with the public about this topic as changes are made, and continued involvement of the public.
Policy recommendations
Decision making should move to a model that balances the need for national consistency and regional responsiveness. When they consider the topic in detail, participants conclude that new arrangements should be put in place so that decisions about use of GP patient record data for secondary uses does not sit with individual practices. But it’s not obvious to those considering the topic for the first time, so there’s a need for clear communications.
Participants gave clear justification for changing how these decisions are made. The core reason people want change, is to let GPs focus on their primary role of delivering care, not managing data access. People also see the benefits of secondary uses of primary care data, and want to remove the barriers around using it for public good that occur within the current system.
There are clear criteria for a new approach to decision making. Any new decision-making model should include the voices of lay people, experts in data security, and GPs. Any new approach must demonstrably support GPs to focus even more on their role as care providers. And GPs should not be liable for any mistakes or errors that happen during secondary uses of this data. Additionally, any new approach must be transparent (including public communications), with some independence from political control (thus ensuring long-term thinking and consistency), and be consistently applied across the country.
And sensitive data must be secure. GP patient record data is sensitive, and people want to know what steps are being taken to keep it secure, for example through secure data environments (SDEs).
Download the full report
National engagement on data - Cohort 2 report, PDF (1MB)
Download the workshop discussion guides
Workshop 1 discussion guide, PDF (251KB)