Patient Data Choices Toolkit

The Patient Data Choices Toolkit is a collaboration between the NHS and the Royal College of General Practitioners to deliver a portfolio of resources to inform primary care teams on a new national data opt-out as recommended by the National Data Guardian' in her Review of Data Security, Consent and opt-outs.

The resources have been created to inform and enable primary care teams to confidently and accurately advise patients and carers on their data sharing options, and to support primary care teams to uphold the national data opt-out within their own practice.

 

Introduction

Summary

This toolkit provides English General Practices with the materials they need to understand the new national data opt-out.

Health and care organisations in England hold a wealth of patient information. This has significant potential for delivering benefits through uses such as research and planning. Such use requires that, as the National Data Guardian expresses “everyone who uses health and care services should be able to trust that their personal confidential data is protected". 

Following recommendations made by the National Data Guardian for health and care in England a new national data opt-out is available. It provides a secure and accessible way for the public to opt out of their confidential patient information being used for reasons other than their individual care and treatment subject to a number of exemptions. For a transitional period until the end of September 2018, GP practices may set a type 2 opt-out if requested and these will also be converted to the national data opt-out. From early October 2018, type 2 opt-out codes will be retired.

Confidential Patient Information is defined in the Operational Policy Guidance (see supporting information).

The national data opt-out, introduced from 25 May 2018, will apply across all of health and care by March 2020 in England. Practices will need to be able to: 

  • Inform patients appropriately about the use of data and the national data opt-out
  • Explain the differences between a national data opt-out and other opt-outs, for example,  type 1 opt-out, Summary Care Record, Local Care Records etc
  • Direct patients to where they can obtain further information or set a national data opt-out
  • Ensure that they are upholding the national data opt-out by March 2020

GP practices must continue to uphold type 1 opt-outs at least until March 2020.

Note: the information in this toolkit DOES NOT apply to the use of data to provide direct individual care (for example, Summary Care Record, Enhanced Summary Care Record, Local Detailed Care Record Sharing for individual care). Local data sharing agreements for the provision of direct care are covered by separate opt-out mechanisms which are not included in this toolkit.

This toolkit will support practices to:

  • Inform patients of how their data is used
  • Support patients to understand the benefits of data use
  • Build patient understanding of  how health and care services and the organisations which manage them use their data
  • Help patients to understand their opt out choices for their confidential patient information being used beyond their own individual care and the situations in which this opt-out will and will not apply
  • Explain to patients where they can obtain further information on how to register a national data opt-out should they so wish
  • Understand how the national data opt-out fits into wider data protection legislation and confidentiality frameworks

Each section includes:

  • Summary: giving the basic information
  • Detail: a more detailed review for those who wish to know more
  • Supporting information: a section of supporting information for those who wish to go deeper still

Supporting Information    

Key Points

  • The national data opt-out will provide a secure and accessible way for the public to opt out of their confidential patient information being used for reasons other than their individual care and treatment except for certain circumstances (for a detailed discussion of the situations where the opt-out does not apply (see section Applying the national data opt-out)
  • The national data opt-out will provide a secure and accessible way for the public to opt out of their confidential patient information being used for reasons other than their individual care and treatment except for certain circumstances (for a detailed discussion of the situations where the opt-out does not apply (see section Applying the national data opt-out)
  • All practice staff will need to be aware that there is a change in patients' opt-out options. They need to know where to direct patients for further information and to be aware of the need to ensure all documentation being supplied to patients is accurate and up to date
  • Existing privacy materials will need updating
  • Registration forms, existing leaflets, posters, website pages or other materials will need to be updated or replaced to include information about the national data opt-out and remove any information which is no longer valid, for example, if they refer to type 2 objections
  • Patients registered on PDS (and consequently with a NHS number allocated to them) will be able to set a national data opt-out
  • Young people can set their own opt-out from age 13. People with parental responsibility can set an opt-out for their children under 13 and those with a formal proxy relationship can set an opt-out choice on behalf of the person for whom they hold responsibility
  • NHS Digital will be the first organisation to uphold the national data opt out from this date
  • Not all organisations will be able to uphold the national data opt-out immediately, but by March 2020 it is expected that all health and care organisations including GP practices will be upholding the national data opt-out
  • The national data opt-out does NOT apply to information used for individual care, for example, Summary Care Record, Local Detailed Care Record. These are generally covered by other opt-out arrangements
  • All type 2 objections will be converted to national data opt-outs from 25 May 2018 and any patient wanting to opt-out after this date should be directed to the national data opt-out
  • From 25 May 2018 there will be a transition period until the end of September 2018, GP practices may set a type 2 opt-out if requested and these will also be converted to the national data opt-out. From early October 2018, type 2 opt-out codes will be retired
  • Existing type 1 opt-outs will be honoured until 2020 and the National Data Guardian will be consulted before confirming their removal
  • Supporting Information

How Patients set a National Data Opt-out

Summary

  • People will be able to set an opt out online, through a supported telephone service (like the eReferral service) or by submitting a paper request
  • Children under 13 and those who lack capacity may not be able to set an opt-out themselves. In such cases individuals who have a formal, legal relationship to act on behalf of the patient (i.e. somebody who has parental responsibility, a legal power of attorney or court appointed deputy) will be able to set a proxy opt-out on their behalf. This is to enable equality of opportunity for everyone to be able to opt out and will also reduce the burden on GP practices
  • The national data opt-out choice is set by the individual and does not require any action by the person’s General Practice

Detail

Routes to set an opt-out - Online

The preferred route for people to set a national data opt-out preference is through the nhs.uk website, which has information about the opt-out to help people make informed choices. Anyone using the website is required to verify their identity with their name, date of birth, NHS number, a mobile phone number, or an email address which is collected by their GP and recorded on the GP System to be transferred to the central Patient Demographic Service on a regular basis.

If a person cannot confirm their identity they can use the telephone service to guide them through the service or set a choice on their behalf. The website is available 24 hours a day, seven days a week, from 25 May 2018.  

Routes to set an opt-out - Supported telephone service

People can set their national data opt-out choice using a telephone service on 0300 303 5678. When calling this line patients will need to confirm their identity by providing their NHS number, name and date of birth. If the patient does not know their NHS number the contact centre may ask for their postcode to confirm a match. The patient will also need to have an email or mobile phone number recorded on PDS to receive a verification passcode.

Calls to this number should cost no more than calls to a normal personal or business geographic landline number (numbers starting with 01 or 02), whether calling from a landline, or mobile phone.

The telephone service is available 9am to 5pm, Monday to Friday, excluding English bank/ public holidays from 25 May 2018.

Routes to set an opt-out – Non-digital (Paper)

Patients can also obtain a form to fill in and post to register a national data opt-out preference. The form can be obtained via the nhs.uk website or the national telephone service. To use the non-digital route a patient can either use their NHS number, or two forms of identification one to confirm name and the other to confirm address. When a patient updates their choices through the non-digital paper route they will receive a letter confirming their choice.

Cannot be set via GP

The national data opt-out choice CANNOT be set by the GP or other member of the practice staff and is not stored or implemented through the use of codes in the GP system. National data opt-outs are held by NHS Digital on a central repository on the Spine. For a short transitional period until the end of September 2018, GP practices may set a type 2 opt-out if requested and these will also be converted to the national data opt-out. From early October 2018, type 2 opt-out codes will be retired.

Children and People with Lasting Power of Attorney

Patients can set their national data opt-out choice from the age of 13 through any of the available routes. This age is based on the minimum age in data protection legislation and is not based on any assessment of competence. Any national data opt-out set by a parent or guardian prior to age 13 will remain in place unless and until the patient reviews and changes it.

For children under the age of 13 a national data opt-out  choice can be recorded by someone with parental responsibility. Once a young person passes the age of 13 the person with parental responsibility will no longer be able to set a choice.

Someone with legal authority to act on behalf of an individual e.g. Lasting Power of Attorney (LPA) or court appointed deputy can set a national data opt-out choice on behalf of that individual. For example a daughter with LPA could set a choice for her elderly parent with dementia. Anyone who wishes to set a national data opt-out on behalf of someone else will need to use the ‘by post’ forms or speak to the telephone service.  

Tailored resources are available for young people and carers through the national data opt-out website

To set an opt-out on behalf of someone else people will need to supply their own name, address, postcode and proof of their right to act on behalf of the individual for whom they are setting a choice. They will also need either the name and NHS number for the person for whom they are setting the choice, or name and two identification documents (one for name and one for address).

Supporting Information

Accessibility

Summary

  • It is important that there is equality of opportunity to register a national data opt-out and that everyone has access to suitable information on the national data opt-out and what it means and can make an informed choice
  • A full Equality Impact Assessment has been undertaken and there is a range of accessible resources available.

Detail  

The NHS has worked with the voluntary sector to produce a resource and alternative format handouts to support organisations working with members of the public, particularly those who require additional support. This guide provides the information needed by the voluntary sector to be able to support their communities and members to inform them about the use of confidential patient information and the national data opt-out. It also provides signposting details to further information. The link for this resource is included in the supporting information section.

The following alternative formats of the handout will be available (see supporting information for link): 

  • Easy read
  • Large print
  • Audio
  • Braille
  • British Sign Language and other languages

There will also tailored versions of the handout for:

  • Young People
  • Carers
  • Black and minority ethnic (BME)

The national data opt-out is primarily a digital service but other routes to setting an opt-out are available to make it accessible to all. Alternative routes include being supported via the helpline to set an opt-out online or setting an opt-out via a paper based form.

The helpline aims to be accessible to all by offering a translation service, use of the Next Generation Text Service and an email enquiry service.

All of these will be available from the link in the Supporting Information section.

Supporting Information

Background

Summary

  • In 2016 the National Data Guardian recommended a new simplified opt-out model  for the use of personal confidential information for purposes beyond individual care, which would replace the existing arrangements for type 1 and type 2 objections subject to a full consultation
  • Following a public consultation, the recommendations were accepted by the Department of Health and Social Care and a single national data opt-out is being implemented
  • Patients have been able set the national data opt-out from 25 May 2018 and NHS Digital have been upholding the national data opt-outs since this time. A phased implementation across other health and care settings including GP Practices is in progress. By 2020 all health and care organisations are required to apply national data opt-outs where confidential patient information is used for research and planning purposes. 
  • The type 1 opt-out will remain at least until March 2020

Detail  

The National Data Guardian was commissioned to propose a new consent/opt out model for data sharing to enable people to make an informed decision about how their personal confidential data will be used.

The Review made a number of points and recommendations including:

  • People are protected by the law
  • Information is essential for high quality care
  • Information is essential for other beneficial purposes such as research, planning and commissioning
  • People have the right to opt out of their personal confidential information being used for these other purposes beyond their individual care: 1) Providing local services and running the NHS and social care; 2) Supporting research and improving treatment and care
  • The national data opt-out will be respected by all organisations that use health and care information by March 2020
  • Individuals will continue to be able to give their consent for defined uses such as a specific research project as they do now
  • The national data opt-out will not apply to information anonymised in compliance with the ICO code of practice
  • The national data opt-out will not apply to where there is a mandatory legal requirement for the data to flow or an overriding public interest
  • There are a limited number of specific circumstances in which an individual’s decision to opt-out should not apply

Supporting Information

Use of Data

Summary

In addition to using data for individual care, the data gathered through health and care can be used to support planning and managing the NHS, and research to improve care. It is important that individuals understand how their data can be used in this way, and how this may have long-term benefits across the population. It is also vital that individuals have trust in those using their data, and understand how their health and care data is used.

Detail  

Individual Care

We are all familiar with using the information on patients' records when treating them. This may be reading the notes, sending referral letters or sharing patient records electronically, or through the use of local clinical audit by those providing this care. All of these uses are considered under the heading of “individual care”.

Planning and Research

In addition to data being used for individual care there is an important opportunity to use the data that we hold about our patients for other purposes related to the planning and commissioning of healthcare services and research to improve our ability to care for our patients. 

Using confidential patient information enables joining up of data from different sources and in many cases is required to: 

  • understand more about disease risks and causes
  • improve diagnosis
  • develop new treatments and prevent disease
  • plan and commission  NHS services
  • improve patient safety
  • evaluate government and NHS policy

Use of data under this heading must have a demonstrable benefit to the  delivery of health and care.

The Department of Health and Social Care’s clear policy position is that no confidential patient information should be used for marketing and insurance purposes unless a patient gives their explicit consent.

For a more detailed discussion of who uses the information and how see Understanding Patient Data “What you need to know” in supporting information section.

Trust

The National Data Guardian introduced her report “Everyone who uses health and care services should be able to trust that their personal confidential data is protected”. For us to practice medicine safely we need our patients to give us information, and so we must have their trust.

The Understanding Patient Data initiative, led by the Wellcome Trust has undertaken a major piece of work to provide the resources to “support conversations with the public, patients and healthcare professionals about how health and care data is used”(see supporting information).

This work has identified four factors in keeping data safe:

  • Removing identifying information where possible
  • An independent review process (of: why the data is needed,who is accessing the data, how the data will be protected)
  • Strict legal contract
  • Robust data security standards (see Understanding Patient Data “How is data kept safe” in supporting information section)

It is the responsibility of every organisation handling confidential patient information to ensure that they meet the standards of confidentiality and security that are required to be trustworthy. By March 2020 every organisation in health and care will be required to uphold the national data opt-out.

NHS Digital has controls in place to ensure that confidential patient information is held securely and appropriately. When data is used for purposes beyond individual care and treatment it is normally anonymised, which means that information that identifies an individual patient has been removed.

Sometimes, to understand and analyse the care and treatment patients are receiving and to undertake research, it is necessary to join data together. To join the data from different health and care organisations a single unique identifier is needed for each patient. This is the individual’s NHS number. Occasionally the NHS number may not be available or has been entered inaccurately so other facts about the patient, such as date of birth, may also be used. The more of a patient’s details that can be matched together the greater the certainty that the different sets of data relate to the same patient.

 Where confidential patient information is required to allow data from different organisations to be linked it will only be collected where there is a clear legal basis. All such confidential patient information is subject to the GDPR/Data Protection Act 2018 and the Common Law Duty of Confidentiality (CLDC).

NHS Digital and the Confidentiality Advisory Group publish registers of all approved data releases (see supporting information).

Where a person does not want their confidential patient information used for planning and research they can choose to opt-out of this use, although there are a number of situations where this opt-out will not apply (see section “Applying the national data opt-out”).

Benefits of use of data beyond individual care

The NHS and those providing adult social care services hold a large amount of patient data, which can and does deliver significant benefits in both planning and commissioning of services and research. In her report on data security, consent and opt-outs, the National Data Guardian emphasised the importance of data. Sharing data across health and care services and the organisations responsible for managing them benefits both patients and those providing the services and the organisations responsible for managing the service. These benefits include: gaining an understanding of the care and treatment patients are receiving and how they are passing through services, measuring the impact of services, monitoring the impact of guidelines and standards. Examples include: the National audit of management of Hepatitis B in pregnancy and the National Perinatal Mortality Review.

The National Diabetes Audit helps GP Practices identify priorities for improvement for patients with diabetes. The last audit found that patients under 65 were less likely to reach their treatment targets compared to older people. This has led to recommendations that new approaches should be developed for patients under 65. With the evidence provided by the National Clinical Audit we are able to improve care for all patients with diabetes.

Benefits of data sharing for research include the development of tools to support diagnosis and risk prediction, identifying appropriate treatments and guidelines and the identification of benefits and problems with treatments. Examples include the Clinical Practice Research Datalink (CPRD) study which identified improvements needed in the referral guidelines for suspected renal cancers to include patients aged over 40 with blood in the urine, and the development of the QRisk set of risk scores for cardiovascular disease which are now used universally to prevent cardiovascular events.

Supporting Information

What is the National Data Opt-out?

Summary

The national data opt-out enables patients to set or update their choice regarding how their confidential patient information is used for purposes of planning and research, except for certain circumstances.

The opt-out choice is set directly by the patient, either online or via a supported national telephone service without the involvement of the General Practice.

All type 2 objections will be converted to national data opt-outs from 25 May 2018 and any patient wanting to opt-out after this date should be directed to the national data opt-out.

Detail  

One question to make your choice

When setting a national data opt-out the patient will be asked the following question:

Your confidential patient information can be used for improving health, care and services, including:
*  planning to improve health and care services
*  research to find a cure for serious illnesses

I allow my data to be used for research and planning:

  • Yes
  • No

Applies across all of Health and Care

Once the person has set a preference it will apply across all health and care settings by 2020. Patients can change their mind at any time and change their setting.

When will it apply? 

Patients will be able to set their choice from 25 May 2018. NHS Digital will respect all choices set from this date, however, other health and care organisations may not have implemented the national data opt-out until 2020. Patients need to be aware that their national data opt-out choice may not be fully respected until this date.

GP practices should note that they will still have to uphold existing type 1 objections at least until March 2020.
 
Once an individual registers a national data opt-out, their confidential patient information may not be used  for the purposes of planning and research. Until a patient registers a national data opt-out their confidential patient information may be used for purposes of planning and research providing there is a legal basis to do so unless they have a type 1 objection in place in which case their GP data will not be used.

A national data opt-out will not apply retrospectively, meaning it does not need to be applied to data that has already been processed. At the point a particular dataset has been used or released, all patients who have opted out at that time will be removed. Data does not need to be recalled once released or otherwise processed. A patient may choose to change their opt-out decision at any time and their current choice will be respected at any given time, replacing any previous choices made. If a patient has previously opted-out, but then subsequently withdraws their opt-out, their confidential patient information (including any historic data) will become available for use beyond their individual care once again. This is true even where the data relates to a period where the patient had previously opted-out.

Further detail on the situations where or not the national data opt-out will apply are in the “Applying the national data opt-out” section

Supporting Information

Preparing your practice for the National Data Opt-out

Summary

The new national data opt-out will involve changes for the practice:

  • New posters and handouts with information on obtaining supplies are being supplied by the NHS and should be displayed. Old ones, for example, previous privacy notices or material relating to care data should be removed
  • The Type 2 objection will no longer apply, so all reference to this needs to be removed from patient literature. The practices' privacy notices will also need to be updated to ensure they are applicable with the changed opt out arrangements
  • Anyone with a type 2 in place will have it automatically converted to a national data opt-out which will be respected by NHS Digital, so wishes will still be respected
  • The type 1 objection remains in place at least until March 2020 and all literature should reflect this
  • All practice staff will need to be aware that there is a change in patients’ opt out options. They need to know where to direct patients for further information and to be aware of the need to ensure all documentation being supplied to patients is accurate and up to date
  • As the digital channel uses email or telephone details for verification practices should maintain their efforts to keep this information current on their system and up to date with PDS

Further guidance will be coming for practices on upholding the national data opt-out.

Detail

Ensure all staff are aware of the national data opt-out  and understand their role

All practice staff will need to be aware that there is a change in patients’ opt out options. They need to know where to direct patients for further information and to be aware of the need to ensure all documentation being supplied to patients is accurate and up to date. As the type 1 objections remain in place and the national data opt-out which replaces the type 2 objection will be upheld immediately by NHS Digital patients can be reassured that there will be no change to the sharing status of their GP records at present.

Some members of the team will need more detailed understanding, for example, clinicians who may be asked for information by their patients. Those members of the team with specific information governance roles will need to have a more detailed understanding of the changes so that they can ensure that the practice is compliant and can support and advise colleagues of their responsibilities.

Review all existing documentation and website content related to data choices

Practices will have a variety of pieces of documentation to support their fair processing obligations. These may include: notices given to new patients when they register, registration forms with options to select a variety of data choices, including requests for type 1 and type 2 objections.

All documentation should be reviewed and updated to include information about the national data opt-out and the type 1 opt-out and remove any references to the type 2 opt-out. Old copies will need to be removed from circulation.

Update your privacy notice

In addition to other updates in line with the Data Protection Legislation  the practice privacy notice will need to be updated to reflect:

  • The new national data opt-out (see template statement in support resources)
  • The requirements of GDPR including all relevant rights

Supporting Information

Transition from the existing Type 1 and Type 2 objections

Summary

  • From 25 May 2018 all type 2 objections will be automatically converted to the new national data opt-out and any patient wanting to opt-out after this date should be directed to the national data opt-out. Initially this will mean that NHS Digital continues to uphold the already expressed choice, as other organisations uphold the opt-out this choice will be applied in a wider set of situations
  • Patients who have registered a type 2 objection will be directly notified by letter from NHS Digital with an information leaflet and national contact telephone number for any questions
  • For a short transitional period until the end of September 2018, GP practices may set a type 2 opt out if requested and these will also be converted to the national data opt-out.  From early October 2018, type 2 opt out codes will be retired
  • Existing type 1 opt-outs will be honoured until 2020 and the National Data Guardian will be consulted before confirming their removal.

Further guidance will be coming for practices on upholding the national data opt-out.

Detail

Type 1 objections

The type 1 objection ‘Dissent from secondary use of general practitioner patient identifiable data’ prevents any identifiable information leaving the GP record for purposes other than individual care.

These objections are coded in the GP record and will continue to be upheld until at least  March 2020. Before a decision is taken to revoke these objections, there will be a consultation with the National Data Guardian. Patients can therefore continue to register a type 1 objection if they so wish and should be kept aware of this.

Type 2 objections

The Type 2 objection ‘Dissent from disclosure of personal confidential data by Health and Social Care Information Centre’ has been replaced by the new national data opt-out. On 25 May 2018 any existing type 2 objection will be automatically converted to a national data opt-out.

After 25 May 2018 there will be a transition period during which any type 2 objections, which are coded by practices will be collected on a monthly basis and converted to a national data opt-out. It is important that all staff are aware that type 2 objection codes must not be added after the end of this transition period. Any existing processes in the practice for adding these codes must be reviewed and amended.

Supporting Information

What the National Data Opt-out applies to

Summary

  • The national data opt-out will apply to any confidential patient information generated or processed by a Health or Adult Social care organisation within England under the NHS Act, as defined by the Department of Health and Social Care, subject to regulation by CQC or any other Health or Care related professional body
  • It will also apply to confidential patient information held by other organisations relating to care provided or co-ordinated by a public body
  • The national data opt-out is defined on purpose and applies to any disclosure of data for purposes beyond individual care (see section 2.3 of the operational policy guidance)

For further guidance on upholding see "Upholding the national data opt-out".

Detail

England

The national data opt-out will apply to confidential patient information generated and processed in England, this will include any data collected in England which is flowing out of England, including where it is flowing to another home nation. For a definition of confidential patient information see the section “Applying the national data opt-out”.

The national data opt-out will not apply to information flowing from outside England, including from the other home nations directly to a research or planning body. However, when information from another home nation comes into a health or adult social care organisation in England, for example, a GP surgery, where the national data opt-out applies, then the information will become subject to the national data opt-out.

For example, if a patient registered with a GP in England is treated in hospital in Wales the information held by the hospital in Wales will be treated in compliance with Welsh policy, and the opt-out will not apply. Any information held by the English GP which has been received from the hospital will be subject to the opt-out by March 2020.

Health and Social Care Organisations

The national data opt-out applies to confidential patient information generated and processed by health and care organisations in England. This includes:

  • Organisations and services which fall under the policy jurisdiction of the Department for Health and Social Care, for example Arm’s Length Bodies, Clinical Commissioning Groups, NHS Trusts 
  • Health service bodies or relevant social care bodies as defined within S.251 of the NHS Act 2006 (as amended by the Cities and Local Government Devolution Act 2016 (s. 7) Schedule This essentially covers organisations where a S.251 application may be made for the processing of confidential patient information
  • Organisations or services regulated by the Care Quality Commission (CQC) and professionals regulated by health or care related professional body, for example the General Pharmaceutical Council).

For these organisations the national data opt-out will apply even where the care is privately funded, for example,  a private patient in an NHS hospital. The national data opt-out will also apply to data from other organisations where the care is coordinated by the public body, usually a Local Authority, or funded publicly, for example NHS funded care in a private hospital. The national data opt-outdoes not apply to data originating in providers of Children’s services (including children’s social care, education services and schools) which are regulated by Ofsted or otherwise within the policy responsibility of Department of Education (N.B. child health services provided through organisations regulated by CQC do remain in scope)


Privately Funded Care in the Private Sector

The national data opt-out does not apply to health and care data for privately-funded care or treatment by a private provider organisation, unless it is coordinated by a public body, such as a local authority.

Supporting Information

Applying the National Data Opt-out

Summary

The national data opt-out applies to confidential patent information being used for purposes other than individual care except for certain circumstances. Applying the national data opt-out depends on the lawful basis for the use of the data not the organisations requesting or using it. If the basis for use is regulation 2 or 5 of the Control of Patient Information Regulations made under S251 of the National Health Service Act 2006 then the national data opt-out will apply.

The opt-out will apply unless:

  • the patient has consented to a specific data use, for example consent to a specific research project
  • where the data is required by law, for example, data provision under s259 of the Health and Social Care Act
  • where it is in the public interest for the opt-out not to apply, for example, where a patient has given information indicating they pose a serious risk to others
  • certain other specific exemptions (see supporting information)

The national data opt-out does not apply to data anonymised in compliance with the ICO code of practice on anonymisation.

Applying the national data opt-out depends on the lawful basis for the use of the data not the organisations requesting or using it.

Detail

When the national data opt-out applies

Planning and Research Purposes

The national data opt-out applies to the use of confidential patient information for purposes other than individual care, for example, where data is used for planning and research purposes. In particular, it has been made clear that such confidential patient information will never be used for insurance or marketing purposes without explicit patient consent regardless of whether they have an opt-out in place or not (Individual care is defined below).

Confidential Patient Information (CPI)

The national data opt-out will only apply to the use of confidential patient information. This is defined in section 251 of the National Health Service Act 2006.  Broadly it is information that meets the following 3 requirements: 

  • identifiable or likely identifiable e.g. from other data likely to be in the possession of the data recipient; (see example below)
  • given in circumstances where the individual is owed an obligation of confidence; and
  • conveys some information about the physical or mental health or condition of an individual, a diagnosis of their condition; and/or their care or treatment

It should be noted that Section 251 has been updated to ensure that the definitions used expressly include local authority social care (i.e. care provided for, or arranged by, a local authority). In practice the CPI definition covers anything that could be described as “special category of personal data” under the DPA 2018 and indeed goes beyond this as it also covers information about the deceased.

Any information given by a patient to a GP practice that could be considered related to their health or treatment is confidential patient information.

Even if the data is not identifiable when you send it the recipient may be able to identify it with information they hold. For example if you send a list of patients with cancer with no identifiers, but including the dates and times of their hospital appointments then someone with access to the appointments list may be able to identify the confidential information by linking the information you have supplied with the appointments data.

Section 251 of the NHS Act

With the policy in place, the national data opt-out will apply where S251 support is relied upon (i.e. under regulation 2 or 5 of the Health Service (Control of Patient Information) Regulations 2002). As a rule of thumb, the legal basis for disclosure if GP practices are disclosing data based on section 251, then national data opt-out will apply.

Under the Common Law Duty of Confidentiality (CLDC) there must be a legal basis for sharing CPI. Most often this will be consent, but there are times when obtaining consent is not practicable, and so there are processes to allow some lawful sharing of CPI.

One of these is the process under section 251 of the Health Service (Control of Patient Information) Regulations 2002. Under this process applications go to an independent review body the Confidentiality Advisory Group (CAG). This group provides independent oversight and advises the decision maker i.e. Health Research Authority (HRA) for research related applications, and the Secretary of State for non-research applications, as to whether an application should be approved. One of the standard conditions of S251 approvals is for patient opt-outs to be allowed. Under exceptional circumstances CAG may advise that the opt-outs should not be upheld, but for the majority of cases where data is obtained under CAG approval then the opt-outs will be upheld.

Examples:

CAG-approved projects for research purposes: GP Reminders for Bowel Scope Screening non-Participants; Mortality outcome in the London COPD Cohort.

CAG-approved projects for non-research purposes: National COPD Audit; An evaluation of 12-month all-cause mortality in patients with hip fracture; Disclosure of commissioning data sets and GP data for risk stratification purposes to data processors working on behalf of GPs.

When the national data opt-out does not apply

Individual care

The national data opt-out does not apply to the use of data for individual care. This means that setting an Opt Out will not have an adverse effect on an individual. In particular it will have no impact on Summary Care Record or local Detailed Care Record services.

The National Data Guardian review considered local clinical audit part of individual care, so a practice does not need to uphold the national data opt-out when undertaking local clinical audit. The National Data Guardian review defined local clinical audit as follows:
The use of personal confidential data for local clinical audit is permissible within an organisation with the participation of a health and social care professional with a legitimate relationship to the patient through implied consent. For audit across organisations, the use of personal confidential data is permissible where there is approval under Regulation 5 of the Health Service (Control of Patient Information) Regulations 2002”.

Screening Programmes

The national data opt-out will not apply to disclosures of confidential patient information for the purpose of allowing participation in National Screening Programmes endorsed by the UK National Screening Committee. This includes the oversight and provision of population screening programmes.

Mandatory Legal Requirements

There are a number of mandatory legal requirements to release information without the need for patient consent. These include court orders (i.e. a judge requiring information), notification of infectious diseases, CQC requirements (e.g. access to records during a practice inspection) and section 259 of the Health and Social Care Act 2012, for example, collection of data for the National Diabetes Audit. For a longer list of the mandatory legal requirements please see the operational policy guidance referenced in the supporting information.

Public Interest

There are exceptional circumstances where it can be deemed that the public interest over-rides the CLDC. Any such case should always be considered on its individual merits, and it would be advisable to seek expert advice, for example, from the BMA, indemnity organisation or the General Medical Council. A disclosure in the public interest would over-ride a national data opt-out.

Consent to Disclosure

A person may consent directly to any disclosure of data, for example, a specific research programme. Where a patient has specifically consented then the national data opt-out will not apply to that specific data use, and that use only.

Specific Cases

The National Cancer Registration Service and the National Congenital Anomalies and Rare Diseases Registration Service already have an established separate opt-out system.  This will continue to be applied and the new national data opt-out will not apply to the provision of information to these services. The national data opt-out will apply to any flows of confidential patient information from the registries - see Operational Policy Guidance and National Disease Registration Service in supporting information.

Anonymised Data

The national data opt-out will not apply when the data being disclosed is anonymised in line with the ICO Code of Practice. To be considered anonymised the data being disclosed must conform to the Information Commissioner’s Office code of practice for Anonymisation (see resources section for more information).

Assuring Transformation 
The national data opt-out will not apply to confidential patient information about people with learning disabilities and/or autism who are in hospital for mental and/or behavioural healthcare reasons which is disclosed under the following approval:

  • Assuring Transformation: Enhanced Quality Assurance Process Data flow (CAG 8-02 (a-c)/2014)

These flows will continue to operate a separate opt-out mechanism that is currently time limited until March 2019. See Assuring Transformation in supporting information.

Upholding the opt-out in GP practices

By March 2020, GP practices will be expected to uphold the national data opt-out. NHS Digital is working closely with GP system suppliers to implement this functionality. Further detailed guidance for this will be made available as it is developed.

Examples of applying the opt-out to flows from the practice

Supporting Information

Communicable diseases and risks to public health

The national data opt-out does not apply to the disclosure of confidential patient information required for the monitoring and control of communicable disease and other risks to public health.

This includes any data disclosed where Regulation 3 of The Health Service (Control of Patient Information) Regulations 2002 provides the lawful basis for the common law duty of confidentiality to be lifted.

 

 

How does the National Data Opt-out fit with Data Protection Legislation?

Summary

In May 2018, the strict rules about how this data can and cannot be used were strengthened. The NHS is committed to keeping patient information safe and always being clear about how it is used.  The ICO is running a campaign called Your Data Matters from May 2018 and the NHS will be making it clear how Data Matters to the NHS.

The national data opt-out sits alongside the General Data Protection Regulation (GDPR), the Data Protection Act (DPA) and the Common Law Duty of Confidence (CLDC). It does not replace any of the provisions of these but compliments them. This is a complex area and is likely of interest mainly to Information Governance leads and Caldicott Guardians.

Detail

GDPR and the DPA

The General Data Protection Regulation (GDPR) and the Data Protection Act (DPA) require  that processing data is fair, lawful and transparent.

GDPR specifies that this means the processing must meet one of the conditions specified in:

  • Article 6 (personal data). For GP practices this will be  6(1)(e) ‘...necessary for the performance of a task carried out in the public interest or in the exercise of official authority...’ and
  • Article 9 (health being a special category of data). For GP practices this will generally be 9(2)(h) ‘...medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems...’

NOTE: the requirements for GDPR-compliant consent mean that this is generally not an appropriate basis to use in Health and Care settings. For a detailed discussion of the issues regarding consent see Factsheet 1B and Factsheet 6 in the Supporting Information Section.

Common Law Duty of Confidentiality  (CLDC)

In addition for the disclosure of confidential patient information for purposes other than individual care practices must respect confidentiality under the CLDC. For this there must be either:

  • consent from the patient, but note this is a different standard of consent from GDPR-compliant and includes the concepts of explicit and implied consent or
  • a specific legal basis for the CLDC to be set aside, for example, Section 251 (NHS Act 2006) support, or a mandatory legal requirement, for example, data provision notice from NHS Digital under section 259 of the Health and Social Care Act
  • disclosure in the public interest -  see GMC Principles of Confidentiality in supporting information

Regardless of whether a patient does or does not have an Opt Out in place the practice must still comply with the above provisions.

Duty of Transparency and Privacy Notices

With GDPR and in the DPA 2018 the requirements for privacy notices are strengthened. This is about being clear with patients and the public about what data is collected and how it is processed.

The NHS has provided suggested text  to include in privacy notices to support the national data opt-out (see supporting information).

Practices need to review their Privacy Policy in line with GDPR. Patients can see the NHS Digital information on how they handle the data they hold at https://digital.nhs.uk/about-nhs-digital/our-work/keeping-patient-data-safe

Supporting Information

Upholding the National Data Opt-out

Summary

Between now and the deadline of March 2020, GP Practices will need to become compliant with "upholding" the national data opt-out. To fulfil this obligation the practice will need to ensure that there is an understanding of:

  • the legal obligations of the practice
  • the involvement of the practice in research and planning
  • how the practice as a data controller relates to the people and organisations who process data on their behalf
  • how the national data opt-out is applied in different situations and how the obligations of the data controller apply in each scenario
  • what the obligations of the practice are as a data controller to communicate with the people whose data they hold.

Detail

Legal obligations of the practice

By nature of their independent contractor status GP practices are the data controllers for the information they hold. This means that they must satisfy the requirements of the Data Protection Act (DPA 2018) and the General Data Protection Regulation (GDPR). In addition, they must also abide by the Common Law Duty of Confidentiality (CLDC) and GPs and Nurses must abide by their professional requirements laid down by the GMC and NMC respectively.

Supporting information

Research and planning in general practice

In addition to service delivery the patient data held by practices could be used in supporting research and for commissioning and health and social care service planning and provision. This involves providing information in a variety of forms to different organisations.

Examples covering a range of research networks include QResearch, Clinical Practice Research Datalink (CPRD), the NIHR Clinical Research Network (CRN) and the RCGP Research and Surveillance Centre (RSC). Planning activity may include the provision of data to primary care organisations to support local commissioning, planning of service pathways and analysis of current patient pathways.

Whenever practices participate in such data use for research or planning they must be aware of the legal basis for the use of this information. The practice must also understand how and when the national data opt-out will, and will not, apply. Every request to use such data needs to be considered against the criteria for the application of the national data opt-out. (See sections: “What the national data opt-out applies to” and “Applying the national data opt-out”).

Supporting information




Data processors and the data controller

Much of the processing of the data for practices is undertaken by third parties, for example, no practice would be able to set up, develop and run their own electronic health record system  . Practices therefore must have relationships with other organisations who do this work on their behalf, these organisations are the data processors. The practice (data controller) is responsible for ensuring that the data processor performs this processing activity appropriately and legally.

These data processors may be the provider of the principal clinical system (EMIS, TPP, Vision or Microtest), or one of a number of other service providers providing either direct care services (e.g. appointments systems or document management), or support for research or commissioning (e.g. Apollo Medical Software Solutions).

The practice must understand how the requirement for a data processing contract is met for each provider processing their data. For the principal system suppliers this will be the Deed of Undertaking signed by the suppliers in 2014. For other providers the practice will need to ensure that this is included in the practice contract. If the data processor contract is with another organisation then the practice must have a data processing contract or Deed of Undertaking in their own right.

Supporting information

The implementation of the national data opt-out

The national data opt-out applies in certain situations where data is being used beyond individual care e.g. to support research and healthcare planning. Specifically, it applies where the data being used is confidential patient information where the legal basis for overriding the Common Law Duty of Confidentiality (CLDC) is a s251 recommendation by the Health Research Authority Confidentiality Advisory Group (HRA CAG) to either the HRA (in the case of research) or the Secretary of State (for non-research uses e.g. risk stratification). For more detail see the section “Applying the National Data Opt-out”.     The practice as data controller is responsible for ensuring that any opt out choices set by their patients are upheld by the practice itself and the relevant data processors prior to release to another data controller.

The practice must be aware of all situations in which information is leaving the practice to be used   for purposes other than individual care and be satisfied that this use meets the necessary criteria. There should therefore be a process in the practice for assessing all requests for data to ensure that there is an appropriate legal basis under both GDPR and where appropriate the CLDC.

Part of this assessment will   include whether the national data opt-out should apply. If the national data opt-out should apply the practice must be satisfied that the data processor has a process in place to ensure this happens. There are three principal scenarios to consider:

  • Where data is collected through an established mechanism with the principal clinical system (PCS): in this scenario the mechanisms developed between the supplier and NHS Digital will ensure that the national data opt-out register is interrogated to ensure the national data opt-out will apply appropriately.  
  • Where data is collected by a third-party data processor (e.g. Apollo): in this situation the practice will need to ensure that their data processing contract covers the application of the national data opt-out and satisfy themselves that the data processor has mechanisms in place to apply the national data opt-out.
  • Where data is being submitted by the practice directly, or collected by a visiting person on behalf of a planning or research organisation: when this happens, the practice will be responsible for identifying and removing the records of any patient with an opt out in place before sending, or giving the visiting person access to, the records 

Supporting information

Communicating with patients

Part of the legal requirement on practices as data controllers is that they communicate clearly with their patients on how they use their patients’ data. Practices must therefore have clear information regarding the national data opt-out as part of their  “Information privacy notice”.

To assist with meeting this obligation with regard to the national data opt-out, NHS Digital has provided a template text which   practices may choose to use in their information privacy notice (see link below).

Practices should note that this template only relates to the national data opt-out and they must still ensure that the rest of their privacy information is complete in line with wider legal obligations under GDPR.

It is also important for practices to review existing materials and remove any which are no longer applicable (e.g. any which refer to the type 2 objection).

Supporting information

Webinars

Patient Data Choices webinar 1: Understanding the National Data Opt-out

This webinar provides an overview of the national data opt-out and includes discussions on the key points and resources available to support GP teams.

Patient Data Choices webinar 2: Understanding the National Data Opt-out

This webinar includes a discussion of different scenarios where the national data opt-out will and will not apply.

Patient Data Choices webinar 3: Caldicott Guardians and Upholding the National Data Opt-out

This webinar includes a discussion of different scenarios where the national data opt-out will and will not apply.

Patient Data Choices webinar 4: Upholding the National Data Opt-out: Research and Commissioning

This webinar explores how the national data opt-out can be upheld in the context of research and commissioning and what support is available to them. 

This toolkit has been developed in partnership between the RCGP Clinical Innovation and Research Centre and NHS Digital.

Please send any feedback or suggestions to circ@rcgp.org.uk

The item has been added to your basket.

Continue shopping

Go to basket

This item is out of stock.

Continue shopping

The item is out of stock.

Yes Continue shopping

An error occured adding your item to the basket:

Continue shopping