Ethics Wales General practitioner Practice manager

Last updated:

Patient data systems in Wales

Audit +

Audit + is the current data quality system that is used by 97% practices across Wales to assist in two key areas:

  • Contract management - QOF (Achievement, tidy up searches etc.) and Enhanced Service achievement (e.g. flu and pneumococcal programmes)
  • Demonstrating engagement and achievement in specific quality areas (including many Enhanced Services, PCQUIS programmes)

Both elements are optional for practices but most practices have found Audit + to be very useful.

The contract is coming to an end - subject to their accepting the contract terms, BMJ Informatica were, the successful bidder going forward.


Individual Health Record (IHR)

The IHR in Wales is a more comprehensive view of the patients GP record with some of the major clinical conditions, drug history and allergy information included.

This record is currently viewed in Out of Hours (OOH), A&E and medical assessment units throughout Wales but is "view only" and protected by an audited "consent to view" model. Any extensions to its use are governed by strict processes and GPC Wales is involved in these decisions.

The only additions to this record come from the GP practice. Patients can opt out of the IHR if they choose.



SAIL is the Secure Anonymised Information Linkage system which is based in Swansea University.

In the SAIL system the patient information is subjected to two processes. The demographic data and the clinical data are separated and each dataset is given the same pseudonym. Each part of the record then is encrypted and goes to a different place.

Applications for access to SAIL are scrutinized by an Information Governance group which includes BMA members and patient groups.  

The clinical data goes straight to SAIL and the demographic data goes to NWIS (Welsh NHS data service) where they acquire a different pseudonym. Therefore two different organizations hold the two keys to the identity of the data. NWIS then sends the demographic data to SAIL where it can be re-joined to the clinical data but in a pseudonymised format that prevents any kind of re-identification.

The SAIL database never allows information to leave the system and has no print or overwrite facility. Researchers can physically visit the site in Swansea to work on the database or gain entry remotely but again there is no facility to take the dataset out of the SAIL database.

Applications for access to SAIL are scrutinized by a Information Governance group which includes BMA members and patient groups. There are researcher contracts in place and rules to cope with rare conditions and small numbers.

The SAIL database is reliant on practices deciding to contribute and allow their patients data to be used in this way. The system is anonymised and has many restrictions around it to ensure the highest quality information governance. GPC Wales believes that the process of double pseudonymisation and encryption would deter all but the most dedicated and illegal.

Practices have the option to sign up and we would encourage all practices to do so. There is no facility for individual patients to 'opt out' at present. Currently, a project to match up areas of deprivation to the resources available to practices is underway in SAIL. This will hopefully give us evidence to argue for more resources into primary care to begin to address the continuing inverse care law which is still operating in Wales.

Further details are available via the SAIL website.


Can GPs be confident about IHR, SAIL and AUDIT+?

All these programmes have been developed in conjunction with robust governance arrangements and any extensions of use of patient data has been carefully explored following best practice guidance.

Additionally, each of these programmes has engaged the national informatics governance board and GPC Wales (as well as other representatives of the profession) in their development. Patient safety has been placed at centre of all programmes.

Many have been concerned about ensuring their responsibilities as Caldicott Guardians has been discharged appropriately.

Whilst we are delighted that GPs are aware of the importance of their responsibilities, given the robust arrangements in place and consultation processes used (including advice from information commissioner) then practices can be confident that their engagement in these programmes is not putting patient information at risk.


In development

In Wales, there are additional patient data systems which are currently being developed.



Electronic transfer of records will commence in the spring.


My Health On Line

Should be available to all practices after migration as some legacy systems do not have functionality to link to My Health On Line.

  • Individual practices can choose which aspects it wishes to offer patients.
  • Work on phase 2 is about to be developed which will allow practices to consider enabling patients to have access to investigation results and parts of their record.



This trial is ongoing in ABMU and further roll out of the PRISM programme remains on hold whilst the evaluation is undertaken.


National Intelligent Audit Solution

A platform that is in development and will enable the careful scrutiny of all users accessing any patient information they may be able to allowed to, to ensure it is appropriate and necessary for direct patient care.