Privacy Notice

What is the aim of the SNAP-2 (EpiCCS) Study?

The Sprint National Anaesthesia Projects (SNAPs) are 'snapshot' evaluation studies of clinical activity and patient-centred outcomes that are important and relevant to both patients and anaesthetists.

The 2nd Sprint National Anaesthesia Project: Epidemiology of Critical Care provision after Surgery (SNAP-2: EpiCCS) will describe the epidemiology of perioperative risk and outcome, and critical care referral and admission after inpatient surgery in the UK. It also aims to examine whether planned postoperative critical care admission is effective as an intervention to reduce postoperative morbidity.

We know that after surgery, complications can sometimes occur, including mild ones like nausea, and more major ones such as infections, and very rarely death. One way which may help to prevent complications in some patients is to admit patients to a Critical Care Unit (CCU) after their operation, where they can receive more intensive nursing support, or particular treatments not available on other hospital wards.

Critical care would normally only be considered for people who are having either a very big operation, or who have a number of significant background illnesses. Previous research studies have shown that the proportion of patients admitted to CCU after surgery differs between hospitals and countries. We have conducted this study to try and uncover some of the reasons for these findings. We also hope to find out whether Critical Care admission after surgery improves patient recovery after surgery.

This study uses patient information to help improve care for people undergoing surgery.

Data Controller

The data controller for the study is the Royal College of Anaesthetists. 

Legal basis for processing personal data

Under GDPR the following legal basis applies: processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child) Article 6(1)(f).

Under the Common Law Duty of Confidentiality (CLDC), SNAP-2 EpiCCS uses Section 251 as its legal basis to meet the CLDC.  SNAP-2 EpiCCS was given approval under Section 251 to collect patient level data without consent (reference number: 16/CAG/0087) for all patients admitted to hospital throughout in England and Wales who underwent an operation between 21-27 March 2017 requiring an overnight hospital stay. Similar approvals were granted via the Scottish Public Benefit and Privacy Panel for Health and

Social Care (PBPP) for patients in Scotland (reference number: 1617-0126). In Northern Ireland, individual hospital Research and Development approvals were obtained to collect this data, but no patient-identifiable information was transmitted outside of the hospital trust where patients underwent surgery.

More information on section 251 is available here:

More information on the Scottish PBPP is available here:

The rationale for this is that some patients are very unwell before and after they have had an operation, so it would be very difficult to ask all patients for their consent. It is important that we got information from all patients in the UK having operations during the study week, not just those who were well enough to give consent. That is how we can obtain the most accurate information about the care patients have received.

Where is data collected from

SNAP-2 patient data is submitted directly to SNAP-2 by clinical teams lead treating the patient or from the hospital records.

How we protect your data

The study will abide by strict information governance and confidentiality procedures. The information you provide will be pseudonymized for analysis, which means it will not be possible to identify you from the data

Local clinical teams enter patient data into a secure web-based tool provided by Netsolving Ltd.  Only the hospitals participating via the doctors, nurses and clinical audit staff and the SNAP-2 project team will have access to the web-based tool.  Security and confidentiality is maintained through the use of passwords and a person specific registration process. 

None of the personal information will be made public. Some of the information about the treatment will be shared with a small group of NHS and University researchers to help us understand how to improve future patient care. Patients cannot be identified from this information.

Patient confidentiality and level of data collected

We collected information about the care received whilst patients are in hospital. This included information about any investigations and treatment received, and whether patients went to a CCU after your surgery. Full details of what has been collected can be found on the SNAP-2 website - 

The confidential information we have collected is name, date of birth, NHS number (everyone in the UK has a unique number), postcode and gender. We will send patient information to NHS Digital for the purpose of linkage to the Hospital Episodes Statistics datasets. This will allow us to match information about the hospital care with other sources of information that can give us a fuller picture of how patients recover from their operation (for example if patients are readmitted to hospital after going home).

The identifiers will also be sent to NHS Digital to link to the Office of National Statistics Mortality data in order to track longer-term patient outcomes. In the event of a death we will be informed of the date and cause of.

Patient information was entered into a very secure website and stored safely in accordance with NHS recommendations and standards.

Patient information will be kept securely for 10 years in order for long-term outcomes to be accurately studied.

SNAP-2 will not publish information that can enable individual patients to be identified.   

We maintain the confidentiality and security of patient information in the following ways:

  • All reports are produced at an aggregate level (national, regional, hospital).
  • In each audit publication, the statistical information is reviewed to ensure the risk of identification is minimised, and where necessary, small numbers are suppressed. This assessment follows guidelines issued by the Office for National Statistics - Review of the Dissemination of Health Statistics: Confidentiality Guidance (PDF).

Management of patient data by the SNAP-2 team

The SNAP-2 team are based at the Royal College of Anaesthetists (RCoA), University College London Hospitals NHS Foundation Trust (Surgical Outcomes Research Centre) and University College London (Department of Applied Health Research)

The RCoA, UCLH and UCL conform to the General Data Protection Regulation (GDPR) and other legislation that relates to the collection and use of patient data, and has strict security measures in place to safeguard patient information.

SNAP-2 stores the pseudonymised patient data on a secure computer to which only authorised audit team members have access. The IT system has various levels of security built into it, including:

  • ID password security: the data is stored on a password protected system, which prevents unauthorised users gaining access.
  • The stored data files are encrypted.

Who we share data with

SNAP-2 only shares patient-level data following a strict governance procedure to ensure compliance with the General Data Protection Regulation (GDPR). 

SNAP-2 has permission to link patient-level data with other national databases on a case-by-case basis with:

  • NHS Digital for the English hospital data (Hospital Episode Statistics)
  • Office for National Statistics for the death register

This linkage enables analyses about hospital care with other sources of information that can give us a fuller picture of how patients recover from their operation (for example if you are re-admitted to hospital after going home).

Linking with ONS data allows SNAP-2 to track longer-term patient outcomes. In the event of a death we will be informed of the date and cause of.

What if I do not want my information used by the Audit?

As a patient, you can choose to opt out of SNAP-2.  Opting out will not affect the care a patient receives.  Please email and put "Patient request to opt-out" in the subject line. We will then contact the hospital to request that they do not enter your details into the audit. Alternatively, please notify a member of your local care team that you wish to opt out.  If you prefer you can also call the SNAP-2 Helpline on 020 7092 1677.

If your details have already been entered into the SNAP-2 database, your rights to access, change or remove your information may be more limited, as we need to manage your information in specific ways in order for research and reports to be reliable and accurate.  If your data has not yet been used for analysis, it will be removed from the SNAP-2 database.  If your data has already been used for analysis, we will not be able to remove information about you that we have already obtained and used.  To safeguard your rights, we will use the minimum personally-identifiable information possible.

Changes to our privacy policy

We keep our privacy policy under regular review and we will always include the latest version on this web page.

The privacy policy was last updated in October 2018

How to contact us

Please contact the Data Protection Officer: Sharon Drake if you have any questions about our privacy policy or information we hold about you by email at

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the supervisory authority in the UK responsible for the implementation and enforcement of data protection law, if you have concerns about the way your personal data is being handled.  You can

contact the ICO via their website  - or by calling their helpline – 0303 123 1113.