Skip to main content

Information Governance (IG)

This page provides information and guidance for researchers on Information Governance (IG) requirements for projects using OpenSAFELY.

OpenSAFELY policies for researchers

Familiarise yourself with our policies to check your project meets all of our requirements.

Ethics

OpenSAFELY NHSE Data Access Agreement (DAA)

  • All members of your research team must read and sign the DAA on completion of their individual OpenSAFELY user forms.

How to report an IG incident

Sometimes, but not often, things go wrong.

If you identify a data security incident or suspect an incident has occurred, please contact the IG Team as a matter of urgency via incidents@opensafely.org

You must cease all project processing immediately, pending instruction from the Incident Manager. An Incident Manager will contact you to discuss the concerns raised and advise you of next steps.

While you are waiting for a response, consider any mitigating actions that you may be able to take in the meantime. These may include:

  • Preserve evidence without further modification
  • Contain the breach
  • Carry out reflective risk assessment activity

NHS Legal Directions

The NHS OpenSAFELY Data Analytics Service Pilot Directions 2025

  • Read about the new legal direction which has increased the scope of possible research using OpenSAFELY to include all aspects of healthcare.

The NHS England OpenSAFELY COVID-19 service – privacy notice

The Five Safes Framework

OpenSAFELY applies the principles of the Five Safes Framework, developed by the Office for National Statistics (ONS). Read about how the framework has been used in the design of the platform and how it informs our expectations of researchers who use it.