Skip to main content

How to activate the OpenSAFELY analytics platform

OpenSAFELY is a secure data analytics platform that enables timely access to pseudonymised patient data for research and planning purposes. It was developed by a team at the Bennett Institute for Applied Data Science. It has support from the BMA, RCGP, and privacy campaigners medConfidential.

Page contents

All GP practices using EMIS Web (Optum) or SystmOne (TPP) are legally required to activate access, in line with the recent announcement of new legal directions governing use of the OpenSAFELY analytics platform. Follow the instructions below. 

An easy read version that describes the service for a wider audience has been created for practices to use on their website, or as a patient leaflet.  

Activate the DPN

If you use EMIS Web (Optum)

  1. From the EMIS Orb/Ball click Configuration from the list.
  2. Click Configuration in the sidebar.
  3. Click Data Sharing Manager; this should open a tab.
  4. In the Data Sharing Manager tab, click Data Distribution in the panel in the lower left.
  5. Click NHSE OpenSAFELY Secure Data Analytics Service in the sidebar, to select it.
  6. Click the Activate Agreement button at top left.
  7. You should see a green confirmation message saying This agreement is currently active.

If you use SystmOne (TPP)

  1. Click Setup in the menu bar.
  2. Click Users & Policy in the sidebar.
  3. Click Organisation Preferences.
  4. Choose OpenSAFELY from the list on the left.
  5. Tick the box on the right labelled Opt-in to the OpenSAFELY service.

What to do next

Additional steps to occur hand-in-hand with activation

1. GP practices (as data controller, or through their DPO) can choose to rely on the single national DPIA as the appropriate risk assessment document for the practice’s contribution to the OpenSAFELY service.

The national DPIA has been reviewed as accurate by the Joint GP IT Committee of the BMA and RCGP (representing GP practices), and by NHS England. It incorporates the full end-to-end activities of the service and associated risks, covering the GP practice’s limited role, alongside NHS England’s governance and operational functions.

Previously, a GP DPIA template had been developed, which practices can continue to use.

2. Update your practice Privacy Notice.

Suggested text

NHS England has been directed by the government to establish and operate the OpenSAFELY COVID-19 Service and the OpenSAFELY Data Analytics Service. These services provide a secure environment that supports research, clinical audit, service evaluation and health surveillance for COVID-19 and other purposes.

Each GP practice remains the controller of its own GP patient data but is required to let approved users run queries on pseudonymised patient data. This means identifiers are removed and replaced with a pseudonym.

Only approved users are allowed to run these queries, and they will not be able to access information that directly or indirectly identifies individuals.

Patients who do not wish for their data to be used as part of this process can register type 1 opt out with their GP.

Find additional information about OpenSAFELY.

3. Update your Record of Processing Activities (ROPA)

Suggested text

  • the creation and maintenance of a pseudonymised GP dataset (only coded patient data), held within Optum/TPP [delete as appropriate], made available to NHS England–approved studies via the OpenSAFELY platform
  • the GP data remains under practice control and is retained for the duration of the DPN, with only study-specific cohorts and results transferring to NHS England control
  • the DPN establishes a legal obligation (UK GDPR Article 6(1)(c)) on practices, with purposes and safeguards set out in the DPN

Last edited: 22 October 2025 8:30 am