Skip Ribbon Commands
Skip to main content
"Generating new knowledge to improve patient care"


QRESEARCH specialises in research & analyses
using primary care electronic health data

QResearch Confidentiality


QRESEARCH has extensive, robust protection of confidentiality for patients and the practices.

Key features

  • No patient identifiers are extracted from the practices. Patients are pseudoanonymised to protect their identity but allow their records to be updated
  • Researchers only receive anonymised data
  • Special protection is employed to protect practice identity
  • The QRESEARCH servers are in secure environments
  • Data transfers are encrypted
  • Use of the data is strictly controlled
  • QRESEARCH has ongoing approval from the Trent Multi-Centre Research Ethics Committee
Pseudo-anonymised data


No data is extracted from a practice database that contains any strong patient identifier, such as name, address, full postcode, date of birth etc. The practice computer allocates a unique number to each patient (a GUID). This GUID is used by the practice system to allocate later data to the same patient file. The collection server cannot identify which patient the GUID refers to. As an additional protection, this GUID is further encrypted at the point of collection by the collection server using a hash key. This additional protection prevents the potential for the GUID from the research database being taken back to the practice, the database being illegally accessed and the GUID cross referenced back to the patient. This process o pseudonymisation is much stronger than the MIQUEST identifiers.


Anonymised data


Researchers, having gone through the process of approval, are given, if appropriate, files that contain records for individual patients. However these records do not contain a GUID and are therefore truly anonymised.


When the database is interrogated for information for morbidity studies etc, the results do not contain any records for individual patients. The outputs are in tables, graphs etc and we refer to these as tabular analyses.

Protection for practice identity


One named member of staff in Nottingham and one in EMIS have a list of the practices that have given and returned signed consent to participate in QRESEARCH during recruitment. This list is kept on a separate computer from the EMIS file server or the research server in Nottingham; and is encrypted. The list of participating practices will not be released to other individuals or organisations by EMIS or Nottingham.


There are no patient identifiers on the database because of the anonymisation process outlined above. In this way, patient confidentiality will be completely secure. There may be occasions where researchers wish to relate practice characteristics (for example practice size) to some clinical process or outcome. However it might be possible to derive a limited number of practice level characteristics directly from the anonymised database held on the research computer in Nottingham for example, list size, average deprivation score and rurality. Only banded data (for example, the list size can be banded < 5,000; 5000-7999; 8000+) will be provided to prevent any possibility of identifying the practice.



There are several servers involved in the QRESEARCH project.


     (a)  The data collection server at EMIS. This server is linked to practices via the NHSnet in order to undertake the triggered upload ONLY after the practice has authorised the upload by activating the QRESEARCH module within its surgery system. 

(b) The research servers, which houses the resulting aggregated database, and which are located at The University of Nottingham. The research computers are dedicated isolated computer (i.e. it is not linked to the NHSnet or external networks). This computer is the single point of access to the data collected by QRESEARCH.


Each of the servers (at EMIS and at Nottingham) are used solely for the purposes of QRESEARCH.

Data transfers

EMIS only transfers QRESEARCH data to The University of Nottingham. The data transfer will be secure as the data are encrypted.

Use of the data

EMIS and The University of Nottingham are contractually bound not to use the data collected by QRESEARCH for any other purpose than QRESEARCH.

Access by researchers is carefully regulated since they will receive patient level sub-sets of the database. See Using it for Research.

Morbidity analyses will be undertaken as appropriate - see Using it for data analyses The results will be included on the website - see Current data analyses.

Section 251 compliance 

In order to clarify whether Section 60 support was necessary to cover the process of anonymisation/pseudo-anonymisation, we contacted Sean Kirwan from the Department of Health in 2002 with a copy of the protocol and details of the processes to be used. He advised us that Section 60 support was necessary only when patient identifiable information is required and it is not practicable to either obtain patient consent or use anonymised/pseudonymised data. With the process of pseudonymisation employed in QRESEARCH, no patient identifiable information will be shared with, or processed by, a third party (ie an individual or organisation not employed by the GP practice) and hence Section 60 support is not required for the QRESEARCH database. We repeated this exercise in 2011 when we approached the Ethics and Confidentiality Advisory Committee to advise on whether s251 was needed for our method of pseudonymised data linkage. Since no patient identifiable data is released by the practices or held by QRESEARCH, 251 support was not required.


Multi-Centre Research Ethics Committee


QRESEARCH has full approval from the Trent MREC [Ref: MREC 03/04/021]. Research studies which utilise QRESEARCH data need to obtain ethical approval from this committee. The contact for the MREC administrator is:

Trent MREC
Derwent Shared Services
6th Floor Laurie House
Colyear Street



Copyright © 2002-2012 University of Nottingham®. ALL RIGHTS RESERVED.
Materials on this web site are protected by copyright law. Access to the materials on this web site for the sole purpose of personal educational and research use only. Where appropriate a single print out of a reasonable proportion of these materials may be made for personal education, research and private study. Materials should not be further copied, photocopied or reproduced, or distributed in electronic form. Any use or distribution for commercial purposes is expressly forbidden. Any other use or distribution of the materials, particularly of a commercial nature, may constitute an infringement of the University's copyright and may lead to legal action.