Frequently Asked Questions
This page has been divided to respond to the questions of three major groups, but many of the answers will be relevant to all parties.

For researchers

Those who apply to undertake research using UKMED.

For medical students, trainees and doctors

The ‘data subjects’ whose data may be included in UKMED.

For data contributors

Organisations which contribute data to UKMED.

Information about the UK Medical Applicant Cohort Study

For researchers

What data are held in the database?

For full details of the data held in UKMED, including date ranges and count of records, please consult the data dictionary The data are comprised of:

  • Data from the University and Colleges Admissions service – UCAS
    • Applications to medical school
    • Demographic data including ethnicity and measures of socio-economic status
    • Data on qualifications declared in applications

  • Data from aptitude test providers used by medical schools in their selection processes
    • UK Clinical Aptitude Test (UKCAT)
    • Graduate Medical School Admissions Test (GAMSAT)
    • The BioMedical Admissions Test (BMAT)

  • Data from the Higher Education Statistics Agency – HESA
    • The medical schools attended, including whether the student successfully completed an undergraduate medical course
    • Demographic data including ethnicity and measures of socio-economic status
    • Data on the students’ entry qualifications (A-levels/Highers and equivalents)

  • Data from undergraduate assessments taken by students while at medical school
    • Includes details of the assessments held by medical schools and student attainment in these assessments

  • Data from applications to foundation training
    • Situational Judgement Test scores
    • Educational Performance Measures

  • Data on postgraduate markers of trainees’ progression
    • Annual Review of Competence Progression (ARCP) outcomes from deaneries and Local Education Training Boards
    • Outcome of applications to nationally recruited specialty training programmes
    • Royal College Membership exams

  • Fitness to practise data (held by GMC)
    • Declarations of fitness to practise made on application for provisional registration with a licence to practise
    • Fitness to practise data

  • Data on doctors’ experiences of training from the National Training Survey (held by GMC)

For more information, see the full list of existing datasets.

How are the data collected?

Data are collated from pre-existing databases used to administer entry to medical school, medical school assessment, entry to postgraduate training programmes, the management of postgraduate training programmes and the evaluation of postgraduate training programmes.

How can I find out more about UKMED?

Agendas and minutes from meetings of the Advisory Board are published on this website, as well as supporting documents.

Who is responsible for UKMED’s compliance with the General Data Protection Regulation (UK GDPR)?

UKMED is a partnership between various organisations. The governance structure of UKMED means the GMC is the sole data controller under the UK GDPR. The GMC is responsible for ensuring compliance with the data protection legislation and responding to requests about the handling of personal data.

How are the data stored?

Files submitted by data contributors are stored in a secure system by the General Medical Council or in a secure Safe Haven environment. The General Medical Council is committed to maintaining high levels of information security and data protection to ensure the secure processing and storage of personal data. It has maintained certification to the international information security standard ISO 27001 since 2006 and has been compliant with the NHS' Information Governance Toolkit since 2011.

How does UKMED comply with the UK GDPR?

The use of personal data within UKMED is fully compliant with data protection legislation. The General Medical Council is the data controller for UKMED data and is carrying out this work to fulfil its statutory functions under the Medical Act 1983. The UK GDPR does not require the General Medical Council to obtain consent when it is processing personal data needed to perform its statutory functions

The UK GDPR requires that personal data is processed fairly. This is achieved in various ways:

  • Organisations that share data with the GMC have to include this in their privacy notices or terms and conditions.
  • UKMED data are not used to monitor or make decisions about individual medical students or doctors.
  • Researchers wanting access to UKMED data have to submit a proposal for assessment by the UKMED research sub-group. The group includes senior academics, test providers and GMC advisors.
  • The data extracts provided to researchers are subject to an anonymisation process and only accessed through a Safe Haven under strict research agreements which prevent reidentification.

How can I access the data?

The next window for application will be advertised on our homepage. If you are considering applying to conduct research using UKMED, please contact ukmed@gmc-uk.org to receive advice and support in understanding the data available.

We recommend that you look at the Accepted Applications page to check how similar research topics are being addressed.

What ethical approval do I need before I can submit my research proposal to UKMED?

The UKMED is committed to supporting ethical research practices as well as ensuring broader compliance with data protection law. Researchers must seek a favourable ethical opinion (or approval), or confirmation that ethical approval is not required, from the appropriate local committee for any research project. They will need to provide proof of their approval or exemption to the UKMED, ideally as part of the initial application. For more information, please see our guidance document on ethical approval.

Researchers proposing bringing in third-party data (i.e. data not held by UKMED) for their project will be required to demonstrate they have obtained the appropriate ethics approval or exemption for use of that third-party data in a UKMED context.

Can I use the dataset outside of the safe haven?

No, the data will only be available within the safe haven, to ensure data security and compliance with data protection regulation.

I’m not a researcher – can I still access the data?

No, the data are available only for the purpose of approved research projects analysing the UK medical education pathway.

For medical students, trainees and doctors

What reassurances are there for the data subjects?

There are strict disclosure controls on accessing the data and rigorous procedures in place to ensure that the data available for research do not identify individuals. The purpose of the database is not to monitor individuals, or to support measures or decisions taken with respect to individuals; its purpose is to analyse broader trends across the population of medical students and trainees and to evaluate medical training pathways.

To link data from multiple sources the GMC receives data in an identifiable format. Only the data team in the GMC working on UKMED have access to this identifiable data, for the purpose of maintaining the dataset and creating research extracts. Data is pseudonymised when it is provided to researchers.

Can I request to see the data UKMED holds on me?

In the first instance we would recommend that you approach the organisation which provided the data for UKMED, as it will be processing those data for their initial purpose and is more likely to be able to provide useful context for the data.

You can also ask the General Medical Council, as the data controller for UKMED, for a copy of the data it holds about you. Requests for copies of personal data held about you, also know as “subject access requests”, can be made to the General Medical Council via FOI@gmc-uk.org. You should be aware that there are some exemptions from the right of access which may apply where data is only being processed for research purposes. You can find more information on the GMC website.

The UKMED data dictionary provides a detailed overview of the data contained in UKMED. The dictionary also highlights which data will not be released to researchers because of the risk of identification. Data provided to researchers through the Safe Haven are also subject to further pseudonymisation techniques to prevent the identification of individuals.

Can I request data related to me to be removed?

It is important to include the full cohort of medical students and resident doctors in UKMED, to ensure that the evaluation of selection and assessment hurdles is as robust as possible. UKMED does not provide an opt-out from the study cohort because of the impact that an incomplete dataset would have on the research. In exceptional circumstances, where inclusion in UKMED is causing substantial damage or distress, we can consider such issues on a case-by-case basis. If you have any questions about the inclusion of your data, please email FOI@gmc-uk.org

Can medical schools be identified in the data?

It is possible that research will identify specific medical schools and courses, and that this will be part of the published research outputs. The Medical Schools Council considered this in signing up to support UKMED, and, like all data contributors, agrees that transparency will best inform the development of medical education and assessment.

I’m an undergraduate or postgraduate student who would like to run a research project – can I access the data?

You are welcome to apply once you secure supervision from a faculty member to help ensure accountability and a supportive governance structure for the project. We would encourage students to contact page if they are interested in using UKMED data.

For data contributors

What data can be included in UKMED?

The UK Medical Education Database (UKMED) project brings together undergraduate and postgraduate data into a single repository of data describing doctors’ progression from entry to medical school through to the first few years of training and practice.

The purpose of UKMED is to improve understanding of medical education, from selection to career outcomes through undergraduate and postgraduate training. This will support the regulation of training pathways and ensure that selection and assessment hurdles are valid. The General Medical Council will consider any data for inclusion which help achieve this aim.

Do we need consent from individuals to provide their data?

The use of personal data in UKMED is not reliant on individual consent from data subjects, as it is not a necessary condition for processing under the UK General Data Protection Regulation (UK GDPR). The UK GDPR allows personal data to be used without consent where it is necessary for statutory functions. The Medical Act 1983 gives the General Medical Council a legal responsibility to promote high standards of medical education and co-ordinate all stages of medical education. UKMED supports the General Medical Council to fulfil this function by enabling investigation of training pathways, educational programmes, and selection and assessment tools. This enables the creation of the database and the disclosure of data by other providers in compliance with the UK GDPR.

The Information Commissioner's Office guidance on consent under General Data Protection Regulation encourages public authorities to rely on their statutory functions instead of consent to enable the use of personal data. The validity of UKMED relies on the General Medical Council having a complete dataset for its cohorts of students and doctors. If the General Medical Council used consent as the basis for inclusion this would reduce the number of subjects and severely limit the value of UKMED as a research tool.

UKMED data are only disclosed to researchers in a pseudonymised form through a Safe Haven which prevents identification. The data cannot be used to make decisions about individuals. On that basis the General Medical Council believes it is a lawful and proportionate use of its statutory functions to use UKMED without obtaining consent.

How do we make sure our contribution to UKMED complies with the UK GDPR?

Your organisation is a data controller and is responsible for ensuring your own compliance with the UK GDPR. You need to ensure that when you share data you are doing so fairly, as required by the UK GDPR’s first principle. The General Medical Council is not prescriptive about how you do this, but data should be disclosed in line with individuals’ reasonable expectations. We encourage all UKMED contributors to be transparent and, while not always necessary to comply with the UK GDPR, we encourage data contributors to make students and applicants aware that personal data is shared with the General Medical Council in order to support its statutory functions and that data will be shared to facilitate research into medical education.

The General Medical Council reviews privacy notices from potential contributors as part of the governance process, and where possible will provide advice about data protection compliance.

What governance arrangements are in place between data contributors and the General Medical Council?

The General Medical Council acts as Data Controller for UKMED. Among other things, the General Medical Council is responsible for the security of the data. The General Medical Council has data sharing agreements in place with contributors. These ensure that the purpose of the data sharing and the responsibilities of each party are clearly understood. All our data contributors are currently represented on our advisory board, where issues relating to the governance and use of the data are discussed.

How are UKMED data used and shared?

Data users (researchers) are provided with a pseudonymised dataset which can only be accessed through a Safe Haven based at the University of Dundee. This ensures that users are not able to identify individuals within the data or use the data for other purposes. These technical arrangements are bolstered by a data sharing agreement for each research project, signed by the GMC and the researchers.

Does contributing data to UKMED entitle contributors to use the full dataset for our own research?

UKMED contributors, including the GMC, can apply for access to the dataset through the research application process. Contributor requests will be treated in exactly the same way as an external request to use the data. If the research proposal is approved, the data will be pseudonymised and accessed through the Safe Haven and supported by a legally binding agreement, which prevents contributors conducting research from attempting to re-identify individuals in the data.

What identifiers are needed to match new data to UKMED?

The following identifiers are used to match your data with the data held in UKMED:

If no identifiers are available, the minimum requirement is name, date of birth, and at least one of the pieces of information from the following: medical school attended and year of commencing study; postcode on application to medical school.

How does the General Medical Council ensure that only data relevant for UKMED are imported from contributors’ datasets?

It is a two-stage process. First the identifiers and demographics are used to match the individuals in the new data set to the UKMED population. Then the full dataset (e.g. the exam scores) is requested for only the individuals which have matched to the UKMED database.