Data submissions from February 2025 onwards
Data submissions from February 2025 onwards are not directly comparable to previous months due to new submissions from independent providers that have resulted in an increase in the number of open referrals.
4 December 2025 13:00 PM
Acknowledgements
The OpenSAFELY platform (https://www.opensafely.org/) is principally funded by grants from:
- NHS England [2023-2025];
- The Wellcome Trust (222097/Z/20/Z) [2020-2024];
- MRC (MR/V015737/1) [2020-2021].
Additional contributions to OpenSAFELY have been funded by grants from:
- MRC via the National Core Study programme, Longitudinal Health and Wellbeing strand (MC_PC_20030, MC_PC_20059) [2020-2022] and the Data and Connectivity strand (MC_PC_20058) [2021-2022];
- NIHR and MRC via the CONVALESCENCE programme (COV-LT-0009, MC_PC_20051) [2021-2024];
- NHS England via the Primary Care Medicines Analytics Unit [2021-2024].
The views expressed are those of the authors and not necessarily those of the NIHR, UK Health Security Agency (UKHSA), the Department of Health and Social Care, or other funders. Funders had no role in the study design, collection, analysis, and interpretation of data; in the writing of the report; and in the decision to submit the article for publication.
NHS England is the data controller of the NHS England OpenSAFELY COVID-19 Service; TPP is the data processor all study authors using OpenSAFELY have the approval of NHS England . This implementation of OpenSAFELY is hosted within the TPP environment which is accredited to the ISO 27001 information security standard and [s NHS IG Toolkit compliant
Patient data has been pseudonymised for analysis and linkage using industry standard cryptographic hashing techniques; all pseudonymised datasets transmitted for linkage onto OpenSAFELY are encrypted; access to the NHS England OpenSAFELY COVID-19 service is via a virtual private network (VPN) connection; the researchers hold contracts with NHS England and only access the platform to initiate database queries and statistical models; all database activity is logged; only aggregate statistical outputs leave the platform environment following best practice for anonymisation of results such as statistical disclosure control for low cell counts
The service adheres to the obligations of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. The service previously operated under notices initially issued in February 2020 by the Secretary of State under Regulation 3(4) of the Health Service (Control of Patient Information) Regulations 2002 (COPI Regulations), which required organisations to process confidential patient information for COVID-19 purposes; this set aside the requirement for patient consent . As of 1 July 2023, the Secretary of State has requested that NHS England continue to operate the Service under the COVID-19 Directions 2020 . In some cases of data sharing, the common law duty of confidence is met using, for example, patient consent or support from the Health Research Authority Confidentiality Advisory Group .
Taken together, these provide the legal bases to link patient datasets using the service. GP practices, which provide access to the primary care data, are required to share relevant health information to support the public health response to the pandemic and have been informed of how the service operates.
The OpenSAFELY git hub repository is available here: https://github.com/OpenSAFELY-core
The data management and analysis code for this paper was led and contributed to by Kenneth (Kin) Quan and Jennifer Struthers, NHS England.
The OpenSAFELY platform is principally funded by grants from:
- NHS England [2023-2025];
- The Wellcome Trust (222097/Z/20/Z) [2020-2024];
- MRC (MR/V015737/1) [2020-2021].
Additional contributions to OpenSAFELY have been funded by grants from:
- MRC via the National Core Study programme, Longitudinal Health and Wellbeing strand (MC_PC_20030, MC_PC_20059) [2020-2022] and the Data and Connectivity strand (MC_PC_20058) [2021-2022];
- NIHR and MRC via the CONVALESCENCE programme (COV-LT-0009, MC_PC_20051) [2021-2024];
- NHS England via the Primary Care Medicines Analytics Unit [2021-2024].
The views expressed are those of the authors and not necessarily those of the NIHR, UK Health Security Agency (UKHSA), the Department of Health and Social Care, or other funders. Funders had no role in the study design, collection, analysis, and interpretation of data; in the writing of the report; and in the decision to submit the article for publication.
NHS England is the data controller of the NHS England OpenSAFELY COVID-19 Service; TPP is the data processor all study authors using OpenSAFELY have the approval of NHS England . This implementation of OpenSAFELY is hosted within the TPP environment which is accredited to the ISO 27001 information security standard and [s NHS IG Toolkit compliant
Patient data has been pseudonymised for analysis and linkage using industry standard cryptographic hashing techniques; all pseudonymised datasets transmitted for linkage onto OpenSAFELY are encrypted; access to the NHS England OpenSAFELY COVID-19 service is via a virtual private network (VPN) connection; the researchers hold contracts with NHS England and only access the platform to initiate database queries and statistical models; all database activity is logged; only aggregate statistical outputs leave the platform environment following best practice for anonymisation of results such as statistical disclosure control for low cell counts
The service adheres to the obligations of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. The service previously operated under notices initially issued in February 2020 by the Secretary of State under Regulation 3(4) of the Health Service (Control of Patient Information) Regulations 2002 (COPI Regulations), which required organisations to process confidential patient information for COVID-19 purposes; this set aside the requirement for patient consent . As of 1 July 2023, the Secretary of State has requested that NHS England continue to operate the Service under the COVID-19 Directions 2020 . In some cases of data sharing, the common law duty of confidence is met using, for example, patient consent or support from the Health Research Authority Confidentiality Advisory Group .
Taken together, these provide the legal bases to link patient datasets using the service. GP practices, which provide access to the primary care data, are required to share relevant health information to support the public health response to the pandemic and have been informed of how the service operates.
The OpenSAFELY git hub repository is available here: https://github.com/OpenSAFELY-core
OpenSAFELY authors: Milan Wiedemann and the OpenSAFELY collaborative.
The data management and analysis code for this paper was led and contributed to by Kenneth (Kin) Quan and Jennifer Struthers, NHS England.
Last edited: 4 December 2025 1:13 pm