Patient data sharing

How health data can be shared safely and appropriately to benefit people with dementia and medical research.

Patient data sharing policy statement


Health data is generated through the care of patients and in recent years there has been an exponential growth in the amount of health data that is created. With rapidly evolving information technology it is possible to integrate and analyse a range of data sets with the potential to improve the delivery of healthcare and increase scientific understanding. Within the UK there is a particularly rich source of potential information given the coverage and accessibility of the NHS.  Such development offers great potential for research, however there are potential risks and valid public concerns, particularly around data security and appropriate consent. This policy statement considers the current landscape, and explores the key next steps to ensure that data can be shared safely and appropriately to ensure mutual benefits for patients and medical research.

How can patient data sharing support dementia research?

Health information can be used to support medical research in several ways[1], such as better understanding of;

  • Factors that affect health and disease.
  • Effectiveness of treatments and interventions.
  • Finding people to take part in clinical trials.
  • Optimising the use of resources.
  • Planning services to meet patient needs.

There are different types of data that can be shared: there is anonymised information, where the information about an individual cannot be linked back to the original patient record it came from. There is key-coded information that replaces identifiers (e.g. name, address, NHS number) of a patient with a code. The data and the patient can be reconnected using a key that can re-link the information. Finally, there is identifiable information, where information, such as name or NHS number have been included. Researchers generally use anonymised data wherever possible. There is widespread public support for data to be shared to support research – a recent survey by The Wellcome Trust[2] found that 77% of people surveyed would be willing to allow their medical records to be used in a research study if there were anonymised.

Current issues

To offer joined up care and the best outcomes for patients, information in different parts of the NHS needs to be shared. Data systems between NHS organisations (whether GPs, hospitals or community services) have not historically supported the sharing of clinical data, as each organisation developed their own IT systems. This undermines the quality of care, and can also limit the potential benefit to research. Various initiatives have tried to improve connectivity between organisations, however there has been limited success in implementing these initiatives. There are multiple challenges to achieving this aim including fragmented decision making, limited budgets, and ongoing public mistrust.

There remains concern regarding the ability of public organisations to safeguard personal, sensitive information. There are worries that it could be relatively easy to de-anonymise the data and identify individuals, and also that data could be shared with private sector organisations, such as insurance companies. However, The Care Act (2014) specifically outlaws sharing of potentially identifiable data for the purposes of commercial insurance.

There is also a considerable challenge in how people should give consent for their data to be shared. A review by the National Data Guardian[3] in 2016 proposed a new consent/opt-out model for data sharing to help people make an informed decision about how their data will be used. At the time of writing we are still awaiting a response from the government regarding implementation of these proposals. It will be important to understand how informed consent will be sought from people who have impaired decision making.

Our policy

  • We support appropriate information sharing of patient data both to improve the delivery of healthcare and to support research. Appropriate means:
    • Data is anonymous.
    • Data is used only for research or improvement of care.
    • Data security policy and practice is high quality and regularly reviewed.
  • We recognise the need to ensure all data is treated with the greatest of respect.
  • We respect the right for any individual to withhold consent to share data, and that this should have no impact on the quality of care they receive. This may be particularly challenging for people with dementia, who may not be able to give informed consent. There should be appropriate processes and support in place to help people make clear their preferences.
  • There must be adequate safeguards and processes to ensure all data is stored and shared safely, accompanied by ongoing investment to ensure that security of data is maintained.
  • The public need ongoing engagement and information to help people understand the benefits and potential risks of patient data sharing. This needs to include outlining what patients are consenting to, and how data uses might change in the future.
  • The NHS and clinicians have an important role in communicating and supporting patients to consent to data sharing and also to become involved in research.
  • There must be broad reassurances from key industries (e.g. insurance and pharmaceutical) that the data will never be used for marketing or actuarial purposes, and there must be a strong and enforceable policy in case of any breach to this agreement.

Alzheimer’s Research UK supports the statement on the use of patient data for research by the Association of Medical Research Charities.


[1] Association of Medical Research Charities (2016). A matter of life and death.

[2] Wellcome Trust (2016) Wellcome Trust Monitor Summary Report Wave 3. Tracking public views on science and biomedical research.

[3] National Data Guardian (2016). Review of Data Security, Consent and Opt-Outs.