CIPHA Frequently Asked Questions – for GP Practices and Primary Care networks

What is the project?

The proposal is to set up a near real-time person level linked dataset across Cheshire and Merseyside. This will enable combined intelligence to be produced that can support a set of COVID related population health analytics designed to inform both population level planning and targeting of direct care. The intelligence will be made available to appropriate users across the system in the form of a set of dashboards within an intelligence platform called Power BI.

What specifically will the linked dataset be used for?

It is proposed that the linked dataset will be used in three broad areas to produce population health intelligence in support of COVID recovery.

Automated Dashboards to support COVID Recovery: These split down into three ‘use cases’

Use Case 1: Capacity and Demand: This dashboard will monitor the changing demand across acute, community, mental health and local authority services in as near real time as possible, including the ability to understand if there is a possible surge or ‘second wave’ emerging. it will enable understanding of whether there is enough capacity to meet that demand. This dashboard is targeted at those user groups that are responsible for planning system capacity including Cheshire and Merseyside region, sub regional teams i.e. North Mersey, individual CCG’s and Primary Care Networks

Use Case 2: Epidemiology: This dashboard will enable monitoring of mortality and incidence over time at differing levels of geography. It will also provide insight in terms of demographic and health characteristics of individuals most affected by COVID. It will enable identification of geographical ‘hot spots’ of emerging infection. This dashboard is aimed at Public Health departments; The Out of Hospital and Acute Recovery Cells at Cheshire and Mersey Region that are responsible for planning and; those responsible for planning a COVID response with PCN’s.

Use Case 3: Population Stratification: This Dashboard enables GP practices and/or PCN’s responsible for a registered population to identify individuals with certain characteristics that will be vulnerable to adverse outcomes as a result of COVID and target services/interventions appropriately. (This is not the same as risk stratification in general practice that is most commonly used for stratifying the risk of unplanned admission to acute care)

Pseudonymised data for Place Based Intelligence Services (use Case 4); In addition to the reporting above being stepped up, the proposal is to make a set of person level pseudonymised data available to your local placed based intelligence teams that being the CCG and Local Authorities. This will. enable them to support the local system with COVID planning, which includes support to General Practice and PCN’s in intelligence required.

Pseudonymised and non re-identifiable data for COVID Research: In addition to the above, the intention would be to make a pseudonymised non-identifiable extract of the data available to the research community for COVID related research on a project by project basis. Applications to be made and to and approved by a Governance Board. See below sections for a description of Governance and Access Controls in this area.

Pseudonymised data is explained later in the FAQ

What are the benefits for patients?

Population stratification enables vulnerable individuals and their needs to be proactively identified and a more targeted individual response to be delivered from services that are available, to improve both their health and socio-economic outcomes.

What are the benefits for GP Practices and PCN’s?

The Population Stratification report will bring various data sources together to identify vulnerable groups will give practices and PCN’s a better understanding of vulnerable populations and their needs. Services can then be planned and targeted more appropriately. The epidemiology report will allow PCN’s to understand how COVID related mortality and incidence are changing within their geography and explore the characteristics of people who are affected by COVID in their populations. It will also enable PCNs to identify if infection hotspots are occurring in their local geography and respond appropriately.

What are the benefits for the Cheshire and Mersey Region?

Cheshire and Mersey region are responsible for planning enough system capacity to respond to any surge in demand due to the COVID pandemic, whilst also reintroducing planned care capacity cross both acute, community and mental health providers. The demand and capacity report will enable C&M and the sub-regional geographies be sighted on system demand to respond with capacity accordingly.

Who are System C/Graphnet?

System C/Graphnet are a third-party supplier of data services. They offer a service that automates the near real time collection of data from NHS and Local Authority systems into one central warehouse/data store. The data can then be either pushed back to clinical systems to support a shared care record, or it can be used to create Business Intelligence about populations to inform planning and targeting of direct care.

Graphnet currently cover a population of 16 million with their services and are the provider of data services also to Bath and North East Somerset, Berkshire, Buckinghamshire, Cheshire, Greater Manchester, Kent, Northamptonshire, Staffordshire, St Helens, Whittington, Wolverhampton, Walsall

The following link provides more information about Graphnet/System C

What data will flow to System C/Graphnet from GP systems and how?

The data being flowed via Graphnet from GP systems will include patient identifiable data of names, address, date of birth and post code. It will also include other demographic and health information, test results and medications. It will not include free text.

Once the data flow has been switched on the data will be taken automatically, once daily.

Will people who opt out of data sharing be excluded appropriately?

Yes. People who opted out of data sharing for purposes other than direct care (Type 1 objections) will be excluded from the flow of data from the GP system into the Graphnet solution.  

Where will the data be stored when it flows to Graphnet/System C?

Data will be stored on ‘Azure cloud’, which is compliant with Information Governance standards and is safe and secure. Azure is assessed to ISO 27001, ISO 27017, ISO 27018, and many other internationally recognized standards. The scope and proof of certification and assessment reports are published on the Azure Trust Centre section for ISO certification here: The ISO 27001 assessment was performed by the BSI.

How will access to the data be governed?

Role Based Access Controls will be implemented (RBAC) which means the data will be split into four different categories and only those with the appropriate Information Governance approval will be able to access the data in each category. The four categories of data are explained below.

Identifiable: Data will be wholly identifiable to the end user.

Pseudonymised: This data will still be at person-level, but the identifiable fields will be removed from the data. This includes removal of names and addresses. Date of Birth will be formatted to age; post code will be shortened to the first 4 digits and the NHS number will be encrypted into an alpha-numeric. Pseudonyms will be linkable across datasets. Re-identification will be possible via a set of controlled processes.

Pseudonymised not identifiable: This data will be the same as above with two differences. Pseudonyms will not be linkable across datasets and re-identification will not be possible.

Anonymised-Aggregate: This data will be fully anonymised and aggregated against the national NHS anonymisation standard, meaning small number suppression (<5) will be implemented and no person level data will be available

The table below explains who will have access to each category of data and how this will be governed

Data Type

Reporting Examples

Who has access?

For what Purpose?

How is Access Granted?


Drill down patient lists in the Epidemiology and Patient Stratification reports on the portal

Those with a legitimate direct care relationship i.e. GP and PCN staff


Graphnet for the purposes of data processing

Direct Care





Via individual GP practices for the populations they serve


The data is made available in a secure warehouse to Intelligence teams to run bespoke analysis

Placed Based intelligence teams including CCG and Local Authorities and teams supporting regional analytics, including those with honorary contracts

COVID Recovery Planning; responding to COVID intelligence needs of the local system including General Practice and Primary Care Networks

People from the organisations listed will be granted access via the Governance Approval Board

A Project Matrix will be published to general practice monthly

Pseudonymised not re identifiable :

The data will be made available in a secure warehouse to the research community

Projects and organisation to be determined via Governance Approval Process

COVID Recovery Planning and COVID Research

Project approved via the Governance Approval Board. A Project Matrix will be published to General Practice Monthly


Aggregate views in the Epidemiology and Capacity and Demand Reports

Cheshire and Merseyside Providers, Commissioners and Local Authorities

COVID Recovery Planning

People from the organisations listed will be granted access  


How will the Governance work?

 The programme will maintain and strictly enforce a Data Access and Data Asset matrix to ensure requests to use the CIPHA regional data sources ensure full compliance to the COVID-19 purposes as outlined in the sharing agreement.

This process will be governed through a regional group that will draw its membership from: the regional Clinical Informatics Advisory Group (CIAG); GP and Local Medical Committees; clinical IG specialists; and the regional Data Services for Commissioners Regional Offices (DSCRO) service.

This matrix will detail projects undertaken with the pseudonymised data by the place-based intelligence Teams and be made available to parties within the sharing agreement including GP Practices on a monthly basis, so they are informed of the specific uses of the data.

A process will be put in place for approval of projects on a case by case basis for organisations other than place-based intelligence teams eg research bodies using the following principles.

  • Purpose aligns with the purpose of this agreement
  • Any application includes a separate data sharing agreement where the group acts on behalf of the signatories to this agreement.
  • Individual data controllers will have 5 working days to opt out.

The schematic below describes the model to support the COVID-19

What is the Legal Basis under GDPR?

The legal basis under GDPR is 6 (1) (e) Necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

9(2)(h) Necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care, or treatment or the management of health or social care systems and service.

9(2)(i) Necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

What’s the Control of Patient Information Notice (COPI)?

A ‘Control of Patient Information Notice’ (COPI) was issued for COVID-19. Under the COPI notice for COVID-19 all providers of healthcare, GP Practices and Local Authorities have been given legal notice to support the processing and sharing of information to help the COVID-19 response under Health Service Control of Patient Information Regulations 2002. This is to support the processing and sharing of information to help the COVID-19 response. This sets out that confidential patient information can be used and shared appropriately and lawfully for purposes related to the COVID-19 response.

Please see link to the COPI Notice here.

This allows the processing of confidential patient information, including disseminating to a person or organisation permitted to process confidential patient information, including disseminating to a person or organisation permitted to process confidential patient information under Regulation 3(3) of COPI.

The Notice will be reviewed on or before 30 September 2020 and may be extended by further notice in writing.

 What is the Common Law Duty of Confidentiality and how is this being satisfied?

The Common Law Duty of Confidentiality requires that there should be no use or disclosure of any confidential patient information for any purpose other than the direct clinical care of the patient to whom it relates, however there are some broad exceptions:-

  • The patient explicitly consents to the use or disclosure.
  • The disclosure is required by law, or the disclosure is permitted under a statutory process that sets aside the duty of confidentiality.
  • The disclosure can be justified in the public interest. Whilst the COPI Notice provides the lawful basis to set aside the Common Law Duty of Confidentiality, under this Data Sharing Agreement the Common Law Duty of Confidentiality will be upheld. This is explained below. Uses of data other than for direct care are known as ‘secondary uses’. Secondary uses of data include analysis done for population or service planning purposes that don’t directly relate to the individual. Despite the COPI Notice, the Common Law Duty of Confidentiality will be upheld in this project. This means that people using data for ‘secondary uses’ will only be granted access to the pseudonymised extract of data, therefore upholding the common law duty of confidentiality. Sometimes re-identification of individuals is required. This will be achieved in a controlled way and only to those who have a direct care relationship with the patient.

What happens after the COPI notice for COVID is withdrawn?

The longer-term aim would be to set up a broader (than COVID) population health intelligence approach. However, we recognise we’re on a journey with data sharing and an incremental approach needs to be taken to build trust in the system and process.

To that end, the DSA is being limited to COVID specific purposes and is being underpinned legally by the Control of Patient Information notice (see FAQ). This sets aside the Common Law Duty of Confidentiality. The data flow is GDPR compliant as explained in the DSA

The COPI notice is due to expire on the 30th September 2020. If this is extended the Data Sharing Agreement would also then be extended in line with the COPI Notice, but to no later than the 30th March 2021.

The aim is to return to data controllers in January 2021 to engage with them on the benefits of the project to date and also to establish a broader purpose for population intelligence with a new legal basis for data sharing beyond March 2021 that would satisfy both GDPR and the Common Law Duty of Confidentiality, negating the need for the use of COPI.  

Do I need to update my privacy notice?

You will already have a privacy notice that explains to patients how their data is used. You can update your existing notice and/or you can adapt the COVID specific privacy notice at the following link


If you adapt this notice, then we suggest you insert the following paragraph where it states ‘[Is there anyone else information will be shared with, for purposes beyond individual care relating to Covid-19?]’

Locally across Cheshire and Merseyside, data is being shared securely with a data processor called System C for the purposes of protecting public health, providing healthcare services to the public and monitoring and managing the outbreak. No data that identifies a person will be used for purposes other than direct care. If you have previously opted out of data sharing your data will not be used.