Get in touch with us

Our Databases

Optimum Patient Care Research Database

The Optimum Patient Care Research Database (OPCRD) is a real-world, longitudinal research database, to provide anonymised data for research purposes. It currently holds de-identified data for over 15 million patients and is a high-quality data source used regularly in clinical, epidemiological, and pharmaceutical research.

OPCRD has been purposefully designed to facilitate real-world data collection and address the growing demand for observational and pragmatic medical research.

>15,000,000

De-identified electronic medical records 

>1,000

Practice network facilitating enhanced data quality and research

>70,000

Linked patient reported outcomes 

Compatibility

Compatibility with all primary care clinical systems in the UK 

Optimum Patient Care holds several large electronic medical record databases, including:

  • International Severe Asthma Registry, the world’s largest database for severe asthma patients, comprising data from over 21 countries (ISAR)
  • Optimum Patient Care Research Database Australia (OPCRDA
  • Optimum Patient Care Research Database (OPCRD)
  • Optimum Patient Care Research Database – NEXUS (OPCRD-NEXUS)
  • APEX COPD Registry (APEX)
  • International Helping Asthma in Real-life Patients (iHARP)

 

Data Protection and Transparency

What this information is about

The information on this page explains how Optimum Patient Care Limited (OPC) collects, stores and uses data from its quality improvement and research support services. Information on how OPC handles personal data is provided in our Privacy Notice.

Important Definitions

To help understand the information on this page, the types of data mentioned are defined below.

Personal data

This is information that identifies the person that it relates to. Personal data contains information or identifiers that either by itself or when combined with other information, can identify the person the data relates e.g. name, date of birth, address, contact information, etc.

Pseudonymised or de-identified data

This is patient data where information that will identify the person it relates to such as name, date of birth, address, contact information, have been removed and replaced by a code that cannot be traced back to the person the information relates to. The patient data contributed by GP practices to OPC is de-identified before it is sent to OPC.

Anonymised data

This is information which cannot be traced back to an individual and you cannot identify the person the information relates to. This kind of data is not personal data. The research data that OPC provides for ethics approved research is anonymised data.

About Optimum Patient Care (OPC)

OPC is a not-for-profit, social enterprise that provides free quality improvement and research support services to GP practices in the UK since 2005. We help practices with reports and activitiesproviding considerations for the practices to assist them in improving the care they provide for patients with chronic and public health conditions such as asthma, COPD and Covid-19, rare diseases and many more. We also help practiceswho are looking to take part in real-life research andclinical and pragmatic trials.

Read more about our company, our team, our partners and all the quality improvement and research support services we provide

 

Data OPC holds and why 

  • Quality improvement data

Participating practices share pseudonymised or de-identified patient data with OPC, for us to support them with their improvements and NHS approved research. We provide free quality improvement programmes for practices in asthma, COPD, Covid-19, rare diseases and many more.

The de-identified data is collected from GP electronic health records using secure extraction software. Any information that will identify a person (e.g. name, date of birth, address, contact information) is removed and a unique code (pseudonym) is given to each patient’s data. The pseudonym enables only the practice to identify their patients. The data is then encrypted and transferred through a secure network called HSCN to OPC.

The de-identified data is held securely in the OPC Service Database (OPCSD). We use OPCSD for ongoing provision of services to practices and to make improvements to our services for practices.

Patients cannot be identified from the data OPC receives from practices. We do not collect data for patients who have opted out from the sharing of their medical data for planning or research purposes. A practice can request at any time for their patients’ data to be removed from OPC databases without disclosing the identity of patients.

  • Research data

Practices contribute de-identified patient data to our NHS research ethics approved database called the Optimum Patient Care Research Database or OPCRD. We have approval to give access to anonymised data for research purposes. Research done with anonymised data from OPCRD helps improve science and public health, understanding of medical conditions and how we treat and manage them.

OPCRD enables anonymous information of patients from contributing practices to be represented in research which matters and makes a difference. OPCRD data has been used in over eighty 80 published research articles.

OPC receives de-identified data from practices who have agreed for the data they provide to be used for ethically approved research purposes. OPCRD has NHS research ethics committee (REC) approval to provide access to anonymised research data for studies with scientific or patient benefits that have ethics approval.

A study-specific anonymised research dataset is provided to a user of OPCRD only subject to first receiving approval from the Anonymised Data Ethics and Protocol Transparency Committee (ADEPT), an independent governing body (ADEPT Committee – REG – Respiratory Effectiveness Group (regresearchnetwork.org)). The access is provided under a limited data sharing and licence agreement, for a limited time, usually 12 months, for the research to complete its analysis. The researcher(s) must sign and follow a strict obligations regarding data security, compliance with relevant legislation and applicable laws and obligations to ensure data deletion following completion of the analysis. This approach ensures the researcher keeps the data secure and uses it only for the purposes that have been approved. The data is destroyed when the research is completed and the results must be published for public benefit.

You cannot identify a person from the anonymised data provided from OPCRD for research. Read more about how OPCRD receives de-identified patient data from GP practices and provides only anonymised data for approved research

  • Clinical research data

OPC supported clinical trials or research is where patients have been invited by their GP practice or doctor to participate in a study, and the patients have given their consent to take part and for their data to be used for research. De-identified data from clinical trials is contributed to OPCRD for ethically approved research.

Please visit the Understanding Patient Data website for more information about the importance of patient medical data for research.

 

How long we hold data

OPC will continue to hold the de-identified data received from participating practices for the provision of services to practices. A GP practice can request at any time for their patients’ data to be removed from OPC databases without disclosing the identity of patients; subject to any requirements on data retention by GDPR or DPA 2018.

It is not possible to remove a practice or patient data from anonymised research datasets, results or publications, as the practice or patients cannot be identified.

Lawful basis for data OPC holds

OPC is a data processor on behalf of participating GP practices who are the data controllers of the de-identified patient data shared with OPC as part of receiving services from OPC. Each practice enters into a service, data processing and sharing agreement with OPC, which permits OPC to collect, pseudonymise and hold the data for providing services to the practice and to make it available for anonymised research purposes.

The legal basis for processing personal data where applicable are:

OPC as a data processor for GP practices – GDPR Article 6(1)(e) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Medical research and statistics – Article 6(1)(e) and Article 9(2)(j) – for public interest and scientific research purposes.

Medicines and medical device monitoring – Article 6(1)(e) and Article 9(2)(i) – for public interest in the area of public health

Approvals and governance

OPCRD is approved by the NHS Health Research Authority Research Ethics Committee (HRA REC reference: 20/EM/0148) to receive and provide data for scientific, exploratory and public health research.

OPCRD also has HRA CAG approval for confidential identifiable patient information to be sent from participating practices to NHS Digital for HES hospital data linkage (OPCRD Section 251 approval CAG reference: 21/CAG/0001). OPC does not have access to this information and NHS Digital destroys the information after linkage.

All research requiring the use of anonymised data from OPCRD must get approval from the Anonymised Data Ethics and Protocol Transparency committee (ADEPT). ADEPT is an independent body of experts who control which research gets access to OPCRD data. If the research involves patient participation, then ADEPT will require the study to also have NHS research ethics approval.

All approved research must be conducted under, and comply with, a signed strict Data Sharing and Limited Licence Agreement. It places responsibility on the approved researcher/entity to keep the data secure; to use it only for the approved study; and to destroy it when the study is completed. All studies must have an intent to publish their results for public benefit.

OPCRD data is never sold or provided for insurance or marketing purposes.

OPC works with the DATA-CAN patient and public engagement group to involve patients and the public in how we collect, handle and use patient data for research. Clinical trials also have to involve patients and the public in how trials are designed and carried out.

How we are funded

OPCRD is available to academic organisations such as universities, and non-academic organisations such as charities and commercial companies, for ethically approved research.

OPC also receives data access fees from researchers who access OPCRD. The money is used to provide free quality improvement and research support services to practices across the UK and to maintain the database for health and scientific research. OPC receives funding from organisations that conduct NHS approved studies when it helps practices with taking part in the studies. We also receive support from our affiliates organisations  – OPC Global and OPRI.

Data from our databases is never sold, or provided for insurance or marketing purposes.

Your data rights

The General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA 2018) provide every individual with data rights and these are:

  • the right to be informed about the processing of any data about you;
  • the right of access to see or receive a printed copy of any personal data relating to you;
  • the right to rectification i.e. to correct any material errors in the personal data we may hold about you;
  • the right to erasure i.e. where appropriate, to ask that all personal data about you is erased;
  • the right to restrict processing i.e. to ask that some or all processing ceases – this would generally involve you requesting this through your GP or through the National Data Opt-out scheme if you live in England, or withdrawing from a clinical research study directly;
  • the right to data portability – this only applies to data you have provided directly;
  • the right to object to and not to be subject to automated decision-making, including profiling. We do not have any automated decision-making.

OPC respects data rights. A practice can request at any time for their patients’ data to be removed from OPC databases without disclosing the identity of patients.

OPC does not collect data for patients who have expressed that their data should not be shared for planning or research, including those who opt out through the National Data Opt-out Policy scheme in England.

Any data collected from OPC supported clinical research is given with patients’ informed consent. If you have questions about the use of your data in a clinical research study, please contact your GP practice or the study who will hold records about your involvement.

You can opt out of sharing data

You have the right to opt-out of the sharing of your patient data by your GP practice with OPC. Opting-out of sharing your health information will not affect the care you receive.

If you do not wish for your data to be shared by your practice, or you would like your data to be removed from our databases, please contact your GP practice who can provide OPC with a code to remove your data without disclosing your identity. Individuals in England can also opt-out of data sharing through the National Data Opt-out policy.

It is not possible to remove a patient from anonymised research data, research results or publications, as patients cannot be identified from anonymised information.

Data protection and security

OPC quality improvement and research support services are provided under strict data security and protection policies to assure patients, practices and researchers that we collect and use data securely and lawfully in compliance with data protection laws – the GDPR and the Data Protection Act 2018 (DPA 2018). OPC is a registered data controller with the Information Commissioner’s Office, registration number: ZA197058.

OPC undertakes and complies with the NHS Data Security and Protection Toolkit (ref: 8HR85) assessment annually. The assessment ensures OPC complies with the National Data Guardian’s data security standards.

OPC has ISO 27001 and ISO9001 certification (certificate number 385342022). This accreditation demonstrates that OPC operates in accordance with a global framework of information security and quality assurance and management.

OPC staff are regularly trained on data security and protection, including compulsory annual certified training provided by NHS Digital, and NIHR certified Good Clinical Practice (GCP) training. We conduct regular checks and audits to ensure compliance with the GDPR and DPA 2018.

How OPCRD receives de-identified data from practices but provides anonymised data for research

The process of how OPCRD receives de-identified data from practices, but only provides anonymised data for approved research is described below:

  • GP practice agrees to contribute their de-identified patient data to OPCRD.
  • GP practice is supported by OPC to set-up their electronic health record system to allow only patient data that has been de-identified to flow to OPC. This means patients cannot be identified from the data the GP practice sends to OPC.
  • Patients who have opted-out of data sharing are not included in data shared with OPC.
  • OPCRD has NHS research ethics approval to provide anonymised data for research purposes.
  • Researchers request to access data from OPCRD for a specific study.
  • All requests are reviewed by an independent body  called ADEPT. Only research studies approved by ADEPT can access anonymised research data from OPCRD.
  • The de-identified data required for the approved research is anonymised before it is provided to the researcher. This involves removing any information which by itself or when combined with other information may possibly identify a person. You cannot identify a patient from anonymised data or from any results or reports from anonymised data.
  • Researchers sign a contract called a Data Sharing Agreement, which ensures researchers follow strict rules on how the data is used and how long they can hold the data. The data is destroyed when the study is finished.

How OPCRD links hospital data

OPCRD-NEXUS is a secure database that will hold de-identified GP patient data from OPCRD and de-identified hospital patient data such as Hospital Episode Statistics (HES). Hospital data for practices in England is provided by NHS Digital. OPCRD-NEXUS is hosted securely by Harvey Walsh Limited.

The process is described below:

  • OPCRD has CAG approval for participating GP practices to send patient identifiers to NHS Digital for the only purpose of providing hospital or HES data.
  • GP practices send a secure file containing patient identifiers (NHS number, date of birth and sex) to Harvey Walsh, who collect the files from many practices and send it to NHS Digital.
  • NHS Digital provides only de-identified hospital data for the requested patient identifiers.
  • NHS Digital send the de-identified hospital data to Harvey Walsh.
  • Harvey Walsh also receives de-identified GP data from OPCRD.
  • Harvey Walsh joins the de-identified GP data to the de-identified hospital data to form the GP-hospital linked dataset, which is stored securely in a database called OPCRD-NEXUS.
  • OPCRD-NEXUS never receives any patient identifiable information from GP practices or from NHS Digital.
  • OPCRD-NEXUS data is then used to conduct research for studies which have received approval from an independent body called ADEPT.
  • Only research results or outputs are provided to the researcher. All outputs are fully anonymous and you cannot identify a person from anonymous data.

Data Protection Policies and DPIAs

For access to our data security and protection policies, please contact us using the information below.

For access to OPC data protection impact assessments (DPIAs) completed for our quality improvement and research support services for general practices please contact using the information below.

Contact us

If you have any queries or feedback about our data protection, or you have a complaint, please contact us:

Optimum Patient Care Ltd

5 Coles Lane, Oakington, Cambridge, CB24 3BA

Email:   dataprotection@optimumpatientcare.org

Phone: 01223 967855

 

Complaints

You have the right to make a complaint to the Information Commissioner’s Office through their website or their helpline 0303 123 1113.

Optimum Patient Care is a not-for-profit, social enterprise, improving the diagnosis, treatment and management of chronic diseases within primary care.

| Search for help
Terms of Use | Privacy Policy | Contact Us
OPC UK 2022 All Rights Reserved