Sharing data with PRIMIS
When sharing GP practice data with PRIMIS:
- please do not send any data unless we ask you to do so
- check what we’ve asked for (we never require patient identifiable data, typically practice aggregate or one line per patient de-identified data)
- check that the data does not contain any patient identifiable data (check all rows when sending an MS Excel file)
- only send data if you have the permission of the GP practice (the data controller) to do so
- only send data in accordance with the provisions outlined in the data sharing agreement
- if sending via email:
- use the NHSmail encryption feature
- ensure that the recipient is expecting your email and is ready to handle the contents appropriately
- expect the recipient to contact you if they are not expecting your email
- only copy in parties with permission to access the data
If you are a GP practice and you have agreed to share your practice data with us for further analysis, we will do the following:
- only collect data to the scale and depth for the required purpose
- only share your data with the parties named in the data sharing agreement and in a format that means that your practice identity is not revealed
- refer any data breaches to our Governance Sub Committee, comprising a team of independent experts from the NHS, as well as information security specialists from the University of Nottingham
- notify you of any data breaches involving data that you have submitted to us
- only keep your data in accordance with the University of Nottingham's policies on records and information management
Visit the PRIMIS provacy notice for further information
PRIMIS privacy notice