Compliance7 min read

Is It Safe to Put NHS Patient Data Into AI?

No — pasting identifiable NHS patient data into a public ChatGPT isn't approved and exposes you to ICO action and a Caldicott breach.

By Pierre de ONYRI

No. Pasting identifiable NHS patient data into a public AI tool like ChatGPT isn't approved, and it exposes you to a breach. This health data is « special category data » under the UK GDPR: the UK's data protection law. It's also covered by the Common Law Duty of Confidentiality and the Caldicott Principles. A public tool has not been assessed or contracted for this use. The only safe fix: de-identify the data before any AI use, or go through an approved tool.

Why NHS patient data is so protected

Health data is sensitive personal data. Under the UK GDPR, it's part of « special category data ». That group also includes racial origin, genetic data and biometric data used for identification. The ICO, the UK's data protection regulator, explains why this protection is stronger. Such data can harm fundamental rights or lead to discrimination.

The protection doesn't stop there. The NHS number matters too. It's a unique 10-digit identifier given to every patient in England, Wales and the Isle of Man. It never changes. So it's the most reliable way to identify a patient in electronic systems. Leaving it in text sent to an AI makes the data directly identifiable.

Processing health data needs two green lights, not one. You need a lawful basis under Article 6 of the UK GDPR. You also need a separate condition under Article 9. The ICO lists ten conditions in Article 9(2). Health and social care fall under Article 9(2)(h). And Article 9(3) adds a safeguard: the processing must be done by a professional bound by a duty of confidentiality.

Common law and Caldicott: the double lock

Beyond the UK GDPR, a second rule protects the patient: the Common Law Duty of Confidentiality. The principle is simple. When a patient shares information with a clinician, it's shared in confidence. You can't disclose it without a legal basis. That basis can be consent, a legal duty, an overriding public interest, or a statutory power like « section 251 support ». This basis is separate from the UK GDPR one and adds to it.

Then come the Caldicott Principles. These are eight principles published by the National Data Guardian on gov.uk. They make sure people's information stays confidential and is used properly. They apply to all health and social care data where the patient is identifiable. Three of them matter here:

  • Principle 3: use the minimum necessary confidential information. Pasting a whole record into an AI goes against this rule.
  • Principle 6: comply with the law. An unapproved tool doesn't give that guarantee.
  • For any new or difficult judgement, it's advised to involve a Caldicott Guardian.
Two-stage diagram. At top, an NHS patient record with NHS number and name in the clear (amber) is pasted into a ChatGPT that receives the real data. At bottom, the same de-identified record shows the AI only tokens (cobalt), with a checkmark.
After the ICO (special category data), the Caldicott Principles (National Data Guardian / GOV.UK) and NHS England (the NHS number).

A public tool hasn't passed NHS checks

To be adopted in the NHS, a digital tool must pass an assessment. It's called the Digital Technology Assessment Criteria (DTAC), run by the NHS England Transformation Directorate. It's the assurance framework introduced in 2021. It even covers administrative AI not classed as a medical device. The DTAC assesses five areas:

  1. 1Clinical safety.
  2. 2Data protection.
  3. 3Technical security.
  4. 4Interoperability.
  5. 5Usability and accessibility.

A public ChatGPT has passed none of these five gates. It's neither assessed nor contracted for patient use. So it doesn't meet the criteria. The frameworks the NHS points to say the same. See the NHS England Confidentiality policy. See the Confidential Patient Information (CPI) definition from NHS England Digital. And the NHS AI and Digital Regulations Service covers the common law duty of confidentiality.

You assumeThe reality
“It's just a tool, like a Google search”Public ChatGPT isn't approved for patient data (no DTAC)
“Health data is normal data”It's « special category data » under the UK GDPR
“The UK GDPR covers the whole thing”Common law and Caldicott add to the UK GDPR
“I drop the name, so it's anonymous”Local area + rare disease + age can re-identify the patient
Common myths about NHS patient data and AI, against the real rules.

The fix: de-identify or use an approved tool

Two safe paths exist. The first: never enter personal or sensitive information into a public AI. The second: de-identify the data before any use. That means removing the NHS number, name, address and date of birth. But watch out for a trap. The NHS policy cited warns that a combination of details can re-identify a patient. A local geographic area, plus a rare disease, plus a very young age: that's sometimes enough, even without the usual identifiers. The data must then be treated as personal.

The stakes are not theoretical. A breach of patient data confidentiality can be costly. It can lead to regulatory action, including from the ICO. It can lead to legal action. It can also trigger internal disciplinary procedures. The duty of confidentiality is written into NHS employment contracts and professional codes of conduct.

That's exactly what ONYRI Sanitize is for. The engine detects sensitive data and replaces it with reversible tokens before sending. Detection and the mapping stay in your browser. Only anonymized text reaches the AI. The NHS number and the patient's name never leave your device — the external tool only sees tokens.

Frequently asked questions

Is it safe to put NHS patient data into an AI like ChatGPT?
No, not identifiable patient data in a public tool: it isn't approved and it exposes you to a breach. This health data is « special category data » under the UK GDPR, also protected by the Common Law Duty of Confidentiality and the Caldicott Principles. De-identify the data or use an assessed tool (DTAC).
Does the NHS number make text identifiable?
Yes. The NHS number is a unique 10-digit identifier that never changes. It's the most reliable way to identify a patient in electronic systems. Leaving it in text sent to an AI makes the data directly identifiable — it must be removed before any use.
Is removing the name enough to anonymize a patient record?
No, not always. Remove the NHS number, name, address and date of birth. But a combination of details — local area, rare disease, very young age — can re-identify a patient even without direct identifiers. In that case the data stays personal and must be treated as such.

Sources & references

Keep your sensitive data in your browser

ONYRI Sanitize detects and masks your sensitive data before it reaches the AI, then restores the answer — from names to API keys.

Anonymize my prompt

Read next