Transparency statement

Disease Surveillance Programme

Transparency statement

(Version 1.5 11.02.2019)

The Royal College of General Practitioners, Research and Surveillance Centre (RCGP RSC) has worked for over 50 years in partnership with Public Health England (PHE) and its predecessor bodies in disease surveillance.  The Disease Surveillance Programme has developed through ongoing discussions with PHE, the commissioning organisation of the programme.  Currently the Disease Surveillance Programme covers 37 infectious diseases in 7 areas, namely: water & food borne disorders; environmentally sensitive disorders; respiratory infections; vaccine sensitive disorders; skin contagions; disorders affecting the nervous system; genitourinary system disorders.

The RCGP RSC, through its weekly upload of pseudonymised data, is the principal primary care surveillance system across England.  The RCGP RSC and the Research Group are co-data controllers of the Disease Surveillance Programme. The information technology, analysis capability, and clinical leadership of the RCGP RSC are based at the Clinical Informatics and Health Outcomes Research Group, University of Surrey (the Research Group).  The Research Group is compliant with Article 6 of the EU General Data Protection Regulation 2016/679 (GDPR) in the use of personal data, and Article 9 in the use of special category sensitive data (such as health data).

Data are extracted twice weekly from information systems of the RCGP RSC general practices by Apollo, part of Wellbeing Software ( on RCGP’s behalf within formal data sharing and service level agreements.  Data are pseudonymised by Apollo at source within the general practice domain.

The procedures for the uploading of data from Apollo-Wellbeing to University of Surrey are documented in a formal service specification agreement.  The Faculty IT Services of the University of Surrey hosts the ‘Apollo A2 Server transfer agent’ to allow for uploads of data from Apollo-Wellbeing. The password protected data files arrive in an encrypted form and are decrypted by running the Apollo application installed on the Apollo A2 Server once downloaded, this data is then transferred to the Research Group’s private network server and removed from the A2 server.