Sharing data with PRIMIS

When sharing GP practice data with PRIMIS:

• please do not send any data unless we ask you to do so
• check what we’ve asked for (we rarely request patient identifiable data, typically practice aggregate or one line per patient de-identified data)
• only send data if you have the permission of the GP practice (the data controller) to do so
• only send data in accordance with the provisions outlined in the data sharing agreement
• if sending via email: 
  • use the NHSmail encryption feature
  • ensure that the recipient is expecting your email and is ready to handle the contents appropriately
  • expect the recipient to contact you if they are not expecting your email
  • only copy in parties with permission to access the data
• check that the data does not contain any patient identifiable data (check all rows when sending an MS Excel file)
  
  

If you are a GP practice and you have agreed to share your practice data with us for further analysis, we will do the following:

• only collect data to the scale and depth for the required purpose
• only share your data with the parties named in the data sharing agreement and in a format that means that your practice identity is not revealed
• refer any data breaches to our Governance Sub Committee, comprising a team of independent experts from the NHS, as well as information security specialists from the University of Nottingham
• notify you of any data breaches involving data that you have submitted to us
• only keep your data in accordance with the University of Nottingham's policies on records and information management

PRIMIS privacy notice