Document is current
Any future updates will be listed below
-
Authors
Hayes, Dexter J. L.
Schaffer, Andrea L.
Mehrkar, Amir
Bacon, Sebastian C. J.
Goldacre, Ben
MacKenna, Brian https://orcid.org/0000-0002-3786-9063
Heazell, Alexander E. P.
van Staa, Tjeerd https://orcid.org/0000-0001-9363-742X
Palin, Victoria https://orcid.org/0000-0002-0851-8619
-
Funding
Funding for this research was provided by:
Tommy's Baby Charity
- License Information
-
More Information
Article History
Received: 2 May 2025
Accepted: 8 October 2025
First Online: 10 November 2025
Declarations
:
: NHS England is the data controller of the NHS England OpenSAFELY COVID-19 Service; TPP is the data processor; all study authors using OpenSAFELY have the approval of NHS England [ ]. This implementation of OpenSAFELY is hosted within the TPP environment, which is accredited to the ISO 27001 information security standard and is NHS IG Toolkit compliant; [ ].Patient data has been pseudonymised for analysis and linkage using industry-standard cryptographic hashing techniques; all pseudonymised datasets transmitted for linkage onto OpenSAFELY are encrypted; access to the NHS England OpenSAFELY COVID-19 service is via a virtual private network (VPN) connection; the researchers hold contracts with NHS England and only access the platform to initiate database queries and statistical models; all database activity is logged; only aggregate statistical outputs leave the platform environment following best practice for the anonymisation of results such as statistical disclosure control for low cell counts [ ].The service adheres to the obligations of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. The service previously operated under notices initially issued in February 2020 by the Secretary of State under Regulation 3(4) of the Health Service (Control of Patient Information) Regulations 2002 (COPI Regulations), which required organisations to process confidential patient information for COVID-19 purposes; this set aside the requirement for patient consent [ ]. As of 1 July 2023, the Secretary of State has requested that NHS England continue to operate the Service under the COVID-19 Directions 2020 [ ]. In some cases of data sharing, the common law duty of confidence is met using, for example, patient consent or support from the Health Research Authority Confidentiality Advisory Group [ ].Taken together, these provide the legal bases to link patient datasets using the service. GP practices, which provide access to the primary care data, are required to share relevant health information to support the public health response to the pandemic, and have been informed of how the service operates.This study was approved by the Health Research Authority REC reference 21/SC/0287 and by the Ethics Board IRAS 303631.
: Not applicable.
: BG has received research funding from the Bennett Foundation, the Laura and John Arnold Foundation, the NHS National Institute for Health Research (NIHR), the NIHR School of Primary Care Research, NHS England, the NIHR Oxford Biomedical Research Centre, the Mohn-Westlake Foundation, NIHR Applied Research Collaboration Oxford and Thames Valley, the Wellcome Trust, the Good Thinking Foundation, Health Data Research UK, the Health Foundation, the World Health Organisation, UKRI MRC, Asthma UK, the British Lung Foundation, and the Longitudinal Health and Wellbeing strand of the National Core Studies programme; he has previously been a Non-Executive Director at NHS Digital; he also receives personal income from speaking and writing for lay audiences on the misuse of science. BMK is also employed by NHS England working on medicines policy and clinical lead for primary care medicines data.
