Speak To An Expert
Get clear, personalised advice for your situation.
Jot down a few questions to make the most of your conversation.
What is meant by sharing patient data?
The NHS collects a large amount of information about patients, including test results, prescriptions, appointments and hospital treatment. In some cases, this data is shared with other parts of the NHS, researchers, universities and trusted partners.
Sharing can help improve services, plan treatment and support medical research. It is usually done under strict legal and ethical rules, with safeguards in place to protect privacy.
Does the NHS make money from patient data?
The NHS does not generally “sell” identifiable patient data for profit in the way a private company might sell customer lists. Most sharing is designed to support care, public health or research, rather than to generate income.
In some situations, NHS data may support contracts, research partnerships or service development that involve payment. However, any money involved is usually intended to cover costs or fund NHS activity, not to create profit in a commercial sense.
Why is patient data shared?
Patient data can help doctors and researchers spot trends, improve treatment and understand how diseases spread. It can also help the NHS plan for demand, such as where more staff, beds or clinics are needed.
For example, anonymised data may be used to study cancer outcomes, waiting times or the effectiveness of medicines. This kind of work can lead to better care for patients across the UK.
What about privacy and consent?
Patient privacy remains a major concern, and the NHS is required to follow data protection law. In many cases, data is anonymised or pseudonymised before it is shared, which reduces the risk of identifying individuals.
Patients can sometimes object to certain uses of their data, especially where it is not needed for direct care. It is important for people to understand their rights and check how their information may be used.
So is there a financial benefit?
There can be financial benefits for the wider NHS if shared data helps improve efficiency, reduce waste or support funded research. Better use of data may also attract investment into healthcare innovation.
But calling this “profit” can be misleading. The main aim should be improving patient care, supporting the health service and making sure any financial gains are used for public benefit.
Frequently Asked Questions
It refers to whether the NHS can generate financial return, directly or indirectly, from allowing patient data to be shared with third parties for approved purposes such as research, service planning, or innovation.
It may be allowed only within strict legal, ethical, and contractual limits, and the exact position depends on the type of data, the purpose of sharing, consent or lawful basis, and any restrictions on commercial use.
Potential beneficiaries may include NHS organisations, research partners, or public programs, but any financial arrangements must comply with governance rules and cannot override patient confidentiality or public interest duties.
Charging for data access usually means recovering administrative or processing costs, while profit implies generating surplus beyond costs; these are treated differently and profit is subject to tighter scrutiny.
In some cases, revenue from data-related agreements may support NHS services, but this depends on the terms of the arrangement, accounting rules, and how the funds are allocated within the organisation.
The data may include identifiable, pseudonymised, or anonymised health information, and the level of identifiability strongly affects the legal and ethical limits on sharing and any possible financial return.
Consent is not always the only lawful basis for data use, but where it is required, patients must be properly informed; even when consent is not needed, transparency and fairness remain essential.
Privacy protection should rely on data minimisation, pseudonymisation or anonymisation where appropriate, access controls, security measures, impact assessments, and contractual restrictions on re-identification or misuse.
Private companies may gain commercial value from approved data access in some arrangements, but their use is governed by contracts, legal safeguards, and public interest rules, and they cannot use the data for unrestricted purposes.
NHS bodies are generally expected to explain what data is shared, with whom, for what purpose, on what legal basis, and whether any financial return or commercial arrangement is involved.
Oversight may involve data protection law, NHS governance, ethics review, contracts, information governance teams, and sometimes external regulators or approval bodies depending on the project.
Yes, but only in limited circumstances with stronger safeguards, because identifiable or pseudonymised data carry greater privacy risks and usually require a more robust lawful basis and governance framework.
Key concerns include exploitation of patient information, lack of informed public trust, unfair commercial gain, mission drift away from healthcare, and the risk that vulnerable groups may be disproportionately affected.
Opt-out options depend on the specific data use and legal basis, so patients should check the relevant NHS information-sharing policy, national data opt-out guidance, or local privacy notice for instructions.
Yes, research collaborations can be part of this area, but the primary aim is usually public benefit and knowledge generation, not profit, and any revenue arrangements must be carefully justified and controlled.
Safeguards should include a clear lawful basis, data protection impact assessment, minimisation of data, security measures, purpose limitation, contractual controls, transparency, and independent governance review.
Yes, conflicts can arise if financial incentives influence decisions about sharing, vendor selection, or research priorities, so governance arrangements should manage or disclose such conflicts.
People can review NHS privacy notices, public registers, board papers, procurement notices, and information governance policies, or submit freedom of information or subject access requests where appropriate.
Breaches may lead to investigation, contractual sanctions, regulatory action, legal claims, reputational damage, and the possible suspension or termination of the data-sharing arrangement.
It is controversial because health data are highly sensitive, patients expect confidentiality and public benefit, and many people worry that commercial value could be prioritised over trust, fairness, and care.
Useful Links
Ergsy Search Results
This website offers general information and is not a substitute for professional advice.
Always seek guidance from qualified professionals.
If you have any medical concerns or need urgent help, contact a healthcare professional or emergency services immediately.
Some of this content was generated with AI assistance. We've done our best to keep it accurate, helpful, and human-friendly.
- Ergsy carefully checks the information in the videos we provide here.
- Videos shown by Youtube after a video has completed, have NOT been reviewed by ERGSY.
- To view, click the arrow in centre of video.
- Most of the videos you find here will have subtitles and/or closed captions available.
- You may need to turn these on, and choose your preferred language.
- Go to the video you'd like to watch.
- If closed captions (CC) are available, settings will be visible on the bottom right of the video player.
- To turn on Captions, click settings.
- To turn off Captions, click settings again.