Common law duty of confidentiality: Under the common law duty of confidentiality, if information is given in circumstances where it is expected that a duty of confidence applies, that information cannot normally be disclosed without patient consent.

Confidential patient data: Personal information that is identifiable or likely identifiable (e.g. from other data in possession of the recipient) and given in circumstances where the individual is owed a duty of confidence and conveys some information about the physical or mental health or condition of an individual. Source: section 251 of the National Health Service Act 2006

Data Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Source: GDPR text Article 4(7)

Data Processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Source: GDPR text Article 4(8)

Data Store: Technical infrastructure where integrated data is stored for secondary uses.

Individual care (Direct care): A clinical, social or public health activity concerned with the prevention, investigation and treatment of illness and the alleviation of suffering of an identified individual.

Personal data: Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Primary Care Networks (PCNs): PCNs are based on general practice registered lists, typically serving natural communities of around 30,000 to 50,000 patients. The networks provide the structure and funding for services to be developed locally, in response to the needs of the patients they serve. Source: NHS England website

Re-identification: The process of analysing data or combining it with other data which results in individuals becoming identifiable. This can be done intentionally for the purpose of clinical intervention, inadvertantly or with malicious intent.

Research: The attempt to derive generalisable or transferable new knowledge to answer questions with scientifically sound methods including studies that aim to generate hypotheses as well as studies that aim to test them, in addition to simply descriptive studies. This differs from service evaluation, clinical audit and the investigation the health issues in a population in order to improve population health. This decision tool can help you decide whether or not a study is research as defined by the UK Policy Framework for Health and Social Care Research. Source: Medical research Council

Secondary use (Indirect care): Activities that contribute to the overall provision of services to a population as a whole or a group of patients with a particular condition. It also covers health services management, preventative medicine, and medical research.