Policies for Researchers

This page provides important instructions that must be read before the sharing and publication of any OpenSAFELY project results released from the Level 4 results server.

If you have any questions, in the first instance contact your co-pilot; if you do not have a co-pilot, please contact team@opensafely.org.

WARNING: You MUST NOT screen share (or share via any other means) any results held on the Level 4 results server that have not been released through the official process, otherwise you will be in breach of your data access agreement.

All highlighted sections should be amended as appropriate; please discuss with your co-pilot or contact team@opensafely.org if you have any questions.

Permitted Study Results Policy

All outputs from the OpenSAFELY-EMIS/-TPP (NHS England COVID-19 research) platform must be aggregated data with small number suppression applied.

OpenSAFELY operates as a trusted research platform where no patient record level data is permitted to be extracted from the platform.

You MUST NOT request the release of any information (e.g. name, listsize) that identifies, or could identify, STPs, Local Authorities (including MSOA identifiers), CCGs and individual GP practices from the Level 4 results server.

Larger geographic / regional outputs can be released, such as NHS England operating regions, which are listed in relevant data tables in the OpenSAFELY platform. An example use of these regions is in Table 1, p.3 of this paper.

Authorship Policy

Our team is strongly committed to “team science”, and to recognising the deep technical and methodological contribution of research software engineers to research outputs. We have a strong preference, specifically during the pilot phase when all projects are delivered in close collaboration, for members of the OpenSAFELY team who materially contribute to your study and/or to the iterative development of the platform and analytic pipelines to be offered authorship on outputs. This is likely to change over time as the platform expands, and as external teams become more “customers” than “collaborators”. For clarity, this relates to platform contributions, and there is never any expectation of authorship for individual researchers involved in OpenSAFELY who are not involved in a research project. A formal authorship policy is under active development, please contact your co-pilot to discuss ahead of submission of presentations, papers, pre-prints or reports.

Acknowledgment and Data Sharing / Publication Policy

NHS England oversees the final approval for all publication ready papers, reports or presentations, principally to check that the outputs align with the stated application purpose; NHS England has been extremely supportive of all research and analyses to date. The usual response time for approval is 1-2 weeks.

The acknowledgment and sharing/publication of results guidelines are dependent on the datasets used for your project. The acknowledgement content must be used in all published papers, official reports and presentations given outside of your research team/collaborators.

Datasets used

All Datasets

Acknowledgement content

We are very grateful for all the support received from the [EMIS Technical Operations team] [TPP Technical Operations team] [EMIS and TPP Technical Operations teams] throughout this work, and for generous assistance from the information governance and database teams at NHS England and the NHS England Transformation Directorate.

If the High Cost Drug dataset was also used, add:

North East Commissioning Support Unit provided support on behalf of all Commissioning Support Units to aggregate the high cost drugs data for use in OpenSAFELY studies.


The results of ANY dataset can be shared IN CONFIDENCE and ONLY with key members of the wider research team / research collaborators (for the purpose of seeking feedback and contribution to inform the final paper or report), by a webinar or by email, but the following guidelines must be adhered to:

  1. Acceptable sharing examples include: the senior sponsor; analysts and senior manager in the NHS E/I/X department accountable for the specific policy activities being investigated (but NOT other departments); key members of the relevant scientific advisory groups; established relevant expert collaborators.

  2. If sharing your results, paper, report, etc., with individuals external to your immediate project team (e.g. key members of the relevant scientific advisory groups; relevant external expert collaborators) you must ensure the content being shared has been reviewed and approved by the senior sponsor (for service evaluations and audits) and your line manager/PI (for service evaluations, audits and research); and provide your co-pilot with a copy of the content.

  3. All recipients must be reminded that the content is shared in confidence and they must not distribute it further (see publication guidelines below).

If you are unsure that your planned sharing is appropriate, please contact your co-pilot in the first instance; or use the OpenSAFELY-users slack channel (if you have joined); or email publications@opensafely.org.

PUBLICATION OF RESULTS (e.g. papers, presentations, etc.)

You must seek NHS England approval for any publication or wider sharing of results, papers, presentations (e.g. submitting to a journal or a pre-print server, or uploading to any public facing website).

  1. Ensure the content has been reviewed and approved by the senior sponsor (for service evaluations and audits) and your line manager/PI (for service evaluations, audits and research)

  2. Email publications@opensafely.org (and copy your copilot) your proposed publication documents (specifying your project ID, see the list of approved projects ), alongside confirmation that the senior sponsor and line manager (for service evaluation/audit) or line manager/PI (for research) have read and approved them. The documents must be roughly “90%” finalised versions, but the results and conclusions must be final. It would be helpful, especially for quite technical papers, that the email provides a brief lay summary of the findings and also highlights anything that could be deemed contentious (we appreciate the notion of contentious is subjective).

  3. NHS England publication review windows occur on a two weekly basis. Please ensure you have sent your documents for review to publications@opensafely.org by 5pm on the Wednesday of the review week. Submissions deadlines being:
    5pm Wednesday 30th November 2022;
    Break over Christmas and New Year;
    Restarting 5pm Wednesday 4th January 2023;
    5pm 18th January; and so on.

    Consult the users forum for upcoming deadlines. A response will usually be provided within 1-2 weeks.

  4. Upon publication of any associated papers, presentations, etc (and in any case within 12 months of first code execution) you must publish your Github repository.

For the Datasets listed below

The following additional acknowledgement and publication of results guidelines must be followed if your study uses data from ICNARC, ISARIC, ONS-CIS, PHOSP.


Acknowledgement content

Use the All Datasets acknowledgement above and the following:

This publication is based on data derived from the Intensive Care National Audit & Research Centre (ICNARC) Case Mix Programme Database. The Case Mix Programme is the national, comparative audit of patient outcomes from adult critical care coordinated by ICNARC. We thank all the staff in the critical care units participating in the Case Mix Programme. For more information on the representativeness and quality of these data, please contact ICNARC. Disclaimer: The views and opinions expressed therein are those of the authors and do not necessarily reflect those of ICNARC.


Use the All Datasets Sharing of Results guide above.

PUBLICATION OF RESULTS (e.g. papers, presentations, etc.)

Use the All Datasets Publication of Results guide above and the following:

Contact and email ICNARC if any safety concerns are identified.
020 7831 6878

Email icnarc@icnarc.org (and copy publications@opensafely.org and your copilot) one draft copy of any proposed publication or presentation at the same time as submission for publication or at least 28 days before the date intended for publication/presentation, whichever is earlier.


Acknowledgement content

Use the All Datasets acknowledgement above and the following:

This report is independent research which used data provided by the MRC funded ISARIC 4C Consortium and which the Consortium collected under a research contract funded by the National Institute for Health Research. The views expressed in this publication are those of the author(s) and not necessarily those of the ISARIC 4C consortium.


Use the All Datasets Sharing of Results guide above.

PUBLICATION OF RESULTS (e.g. papers, presentations, etc.)

Use the All Datasets Publication of Results guide above and the following:

Email isaric4c-samples@roslin.ed.ac.uk (and copy publications@opensafely.org and your copilot) a copy of any publication at least 7 days in advance of submission for publication.

Submit the results to an open access platform and in accordance with normal academic practice; publication to a bona-fide pre-print service is encouraged where possible.

ONS-CIS data

Acknowledgement content

Use the All Datasets acknowledgement above and the following:

The Coronavirus (Covid-19) infection survey is delivered by the Office for National Statistics in partnership with the University of Oxford, University of Manchester, UK Health Security Agency and Wellcome Trust. The study is funded by the Department of Health and Social Care with in-kind support from the Welsh Government, the Department of Health on behalf of the Northern Ireland Government and the Scottish Government. The collection and testing of samples is carried out by the Lighthouse laboratory. Genome sequencing is funded by the COVID-19 Genomics UK (COG-UK) consortium. COG-UK is supported by funding from the Medical Research Council (MRC) part of UK Research and Innovation (UKRI), the National Institute of Health Research (NIHR), and Genome Research Limited operating as the Wellcome Sanger Institute.

The views expressed are those of the authors and not necessarily those of the funding organisations or those involved in the delivery of the survey.


Use the All Datasets Sharing of Results guide above.

PUBLICATION OF RESULTS (e.g. papers, presentations, etc.)

Use the All Datasets Publication of Results guide above and the following:

Email Infection.Survey.Analysis@ons.gov.uk (and copy publications@opensafely.org and your copilot) a copy of all proposed publications and presentations arising from agreed analysis to the ONS not less than 7 days in advance of submission for publication or presentation, for approval; such approval shall not be unreasonably withheld or delayed by ONS.

PHOSP data

Acknowledgement content

Use the All Datasets acknowledgement above and the following:

Awaiting additional acknowledgement content.


Use the All Datasets Sharing of Results guide above.

PUBLICATION OF RESULTS (e.g. papers, presentations, etc.)

In discussion.

Information Governance and Ethics content policy

For published papers, official reports and presentations you must use the following content for the relevant section headings.

Note: the naming conventions for EMIS and TPP versions of the OpenSAFELY platform are OpenSAFELY-EMIS and OpenSAFELY-TPP. If a study uses both EMIS and TPP you can reference them both separately, or as OpenSAFELY-EMIS/-TPP.


  • Must add: “With the approval of NHS England we…”

Methods - Data Sharing or Data Source headings

  • Must add: All data were linked, stored and analysed securely within the OpenSAFELY platform: https://opensafely.org/. Data include pseudonymised data such as coded diagnoses, medications and physiological parameters. No free text data are included. All code is shared openly for review and re-use under MIT open license [LINK TO GITHUB REPO OF PAPER BEING SUBMITTED]. Detailed pseudonymised patient data is potentially re-identifiable and therefore not shared.
  • When listing data sources, suggested phrase: Primary care records managed by the GP software provider, TPP/EMIS were linked to [ONS death data, etc.] through OpenSAFELY.

Software and Reproducibility

  • If required use: Data management was performed using Python [XX], with analysis carried out using [Stata 16.1/Python/R]. Code for data management and analysis, as well as codelists, are archived online [link your project github repo]. [All iterations of the pre-specified study protocol are archived with version control https://github.com/opensafely/xxxxxx/protocol].
  • For any federated analyses (involving EMIS and TPP) please contact the OpenSAFELY team first.

Patient and Public Involvement and Engagement (PPIE)

  • Where relevant: Insert any project specific PPIE.
  • Consider: OpenSAFELY has developed a publicly available website https://opensafely.org/ through which they invite any patient or member of the public to make contact regarding the broader OpenSAFELY project.

Information governance and ethical approval

  • Must add: NHS England is the data controller for [OpenSAFELY-EMIS] [OpenSAFELY-TPP] [OpenSAFELY-EMIS and OpenSAFELY-TPP]; [TPP is the data processor] [EMIS is the data processor] [EMIS and TPP are the data processors]; all study authors using OpenSAFELY have the approval of NHS England. This implementation of OpenSAFELY is hosted within the [EMIS environment which is] [TPP environment which is] [EMIS and TPP environments which are] accredited to the ISO 27001 information security standard and [is][are] NHS IG Toolkit compliant;1

    Patient data has been pseudonymised for analysis and linkage using industry standard cryptographic hashing techniques; all pseudonymised datasets transmitted for linkage onto OpenSAFELY are encrypted; access to the platform is via a virtual private network (VPN) connection, restricted to a small group of researchers; the researchers hold contracts with NHS England and only access the platform to initiate database queries and statistical models; all database activity is logged; only aggregate statistical outputs leave the platform environment following best practice for anonymisation of results such as statistical disclosure control for low cell counts.2

    The OpenSAFELY research platform adheres to the obligations of the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018. In March 2020, the Secretary of State for Health and Social Care used powers under the UK Health Service (Control of Patient Information) Regulations 2002 (COPI) to require organisations to process confidential patient information for the purposes of protecting public health, providing healthcare services to the public and monitoring and managing the COVID-19 outbreak and incidents of exposure; this sets aside the requirement for patient consent.3 This was extended in July 2022 for the NHS England OpenSAFELY COVID-19 research platform.4 In some cases of data sharing, the common law duty of confidence is met using, for example, patient consent or support from the Health Research Authority Confidentiality Advisory Group.5

    Taken together, these provide the legal bases to link patient datasets on the OpenSAFELY platform. GP practices, from which the primary care data are obtained, are required to share relevant health information to support the public health response to the pandemic, and have been informed of the OpenSAFELY analytics platform.

  • For RESEARCH, you must add: This study was approved by the Health Research Authority [REC reference XXX] and by the XXX Ethics Board [reference XXX].

  • For SERVICE EVALUATION/AUDIT, you must add: This study was supported by [NAME + OFFICIAL ROLE] as senior sponsor, and approved by the XXX Ethics Board [reference XXX]. (NHS England service evaluations/audits are currently not required to have Ethics approval.)

  • NOTE: remember to add additional governance and ethical content pertaining to data not processed within OpenSAFELY.

Data access and verification

  • If requested, use the following: Access to the underlying identifiable and potentially re-identifiable pseudonymised electronic health record data is tightly governed by various legislative and regulatory frameworks, and restricted by best practice. The data in OpenSAFELY is drawn from General Practice data across England where [EMIS is the data processor][TPP is the data processor][EMIS and TPP are the data processors].

    [EMIS][tpp][EMIS and TPP] developers (XX - please contact your co-pilot or OpenSAFELY to obtain this named list) initiate an automated process to create pseudonymised records in the core OpenSAFELY database, which are copies of key structured data tables in the identifiable records. These pseudonymised records are linked onto key external data resources that have also been pseudonymised via SHA-512 one-way hashing of NHS numbers using a shared salt. Bennett Institute for Applied Data Science developers and PIs (XX - please contact your co-pilot or OpenSAFELY to obtain this named list) holding contracts with NHS England have access to the OpenSAFELY pseudonymised data tables as needed to develop the OpenSAFELY tools.

    These tools in turn enable researchers with OpenSAFELY data access agreements to write and execute code for data management and data analysis without direct access to the underlying raw pseudonymised patient data, and to review the outputs of this code. All code for the full data management pipeline—from raw data to completed results for this analysis—and for the OpenSAFELY platform as a whole is available for review at github.com/OpenSAFELY.

    The data management and analysis code for this paper was led by (XX) and contributed to by (XX).