Patient Data Choices Toolkit

Summary

This toolkit provides English General Practices with the materials they need to understand the new national data opt-out.

Health and care organisations in England hold a wealth of patient information. This has significant potential for delivering benefits through uses such as research and planning. Such use requires that, as the National Data Guardian expresses “everyone who uses health and care services should be able to trust that their personal confidential data is protected". 

Following recommendations made by the National Data Guardian for health and care in England a new national data opt-out is available. It provides a secure and accessible way for the public to opt out of their confidential patient information being used for reasons other than their individual care and treatment subject to a number of exemptions. From October 2018, type 2 opt-out codes can no longer be set.

Confidential Patient Information is defined in the Operational Policy Guidance (see supporting information).

The national data opt-out, introduced from 25 May 2018, will apply across all health and care by September 2020 in England. Practices will need to be able to: 

• Inform patients appropriately about the use of data and the national data opt-out
• Explain the differences between a national data opt-out and other opt-outs, for example, type 1 opt-out, Summary Care Record, Local Care Records etc
• Direct patients to where they can obtain further information or set a national data opt-out
• Ensure that they are upholding the national data opt-out by September 2020. This deadline has been pushed back from March 2020 as a result of the COVID-19 pandemic.

GP practices must continue to uphold type 1 opt-outs at least until September 2020.

Note: the information in this toolkit DOES NOT apply to the use of data to provide individual care (for example, Summary Care Record, Enhanced Summary Care Record, Local Detailed Care Record Sharing for individual care). Local data sharing agreements for the provision of individual care are covered by separate opt-out mechanisms which are not included in this toolkit.

This toolkit will support practices to:

• Inform patients of how their data is used
• Support patients to understand the benefits of data use
• Build patient understanding of how health and care services and the organisations which manage them use their data
• Help patients to understand their opt out choices for their confidential patient information being used beyond their own individual care and the situations in which this opt-out will and will not apply
• Explain to patients where they can obtain further information on how to register a national data opt-out should they so wish
• Understand how the national data opt-out fits into wider data protection legislation and confidentiality frameworks
• Understand their responsibilities for upholding national data opt-outs

Each section includes:

• Summary: giving the basic information
• Detail: a more detailed review for those who wish to know more
• Supporting information: a section of supporting information for those who wish to go deeper still

Supporting Information    

• Patient facing materials including accessible formats
• Review of Data Security, Consent and opt-outs
• Your Data: Better Security, Better Choice, Better Care
• Readiness Checklist for GP Practices
• National data opt-out – Operational Policy Guidance
• Compliance with national data opt-out

• The national data opt-out, introduced on 25 May 2018, provides a secure and accessible way for patients to opt out of their confidential patient information being used for purposes other than their individual care and treatment except for certain exemptions
• All practice staff need to be aware that there is a change in patients' opt-out options. They need to know where to direct patients for further information and to be aware of the need to ensure all documentation being supplied to patients is accurate and up to date
• Existing privacy materials will need updating
• Registration forms, existing leaflets, posters, website pages or other materials will need to be updated or replaced to include information about the national data opt-out and remove any information which is no longer valid, for example, if they refer to type 2 objections
• Patients registered on PDS (and consequently with a NHS number allocated to them) will be able to set a national data opt-out
• Young people can set their own opt-out from age 13. People with parental responsibility can set an opt-out for their children under 13 and those with a formal proxy relationship can set an opt-out choice on behalf of the person for whom they hold responsibility
• NHS Digital were the first organisation to uphold the national data opt out
• Not all organisations will be able to uphold the national data opt-out immediately, but by September 2020 it is expected that all health and care organisations including GP practices will uphold the national data opt-out
• The national data opt-out does NOT apply to information used for individual care, for example, Summary Care Record, Local Detailed Care Record. These are generally covered by other opt-out arrangements
• All type 2 objections have been converted to national data opt-outs. Choose if data from your health records is shared for research and planning.
• In October 2018, type 2 opt-out codes were retired and should no longer be collected
• Existing type 1 opt-outs will be honoured until 2020 and the National Data Guardian will be consulted before confirming their removal

Supporting Information

• Readiness checklist for GP Practices
• RCGP train the trainer slides

Summary

• People will be able to set an opt-out online, through a supported telephone service (like the eReferral service) or by submitting a paper request
• Children under 13 and those who lack capacity may not be able to set an opt-out themselves. In such cases individuals who have a formal, legal relationship to act on behalf of the patient (i.e. somebody who has parental responsibility, a legal power of attorney or court appointed deputy) will be able to set a proxy opt-out on their behalf. This is to enable equality of opportunity for everyone to be able to opt out and will also reduce the burden on GP practices
• The national data opt-out choice is set by the individual and does not require any action by the person’s General Practice

Detail

Routes to set an opt-out - online

The preferred route for people to set a national data opt-out preference is through the nhs.uk website, which has information about the national data opt-out to help people make an informed choice. To set an opt-out online, the individual is required to verify their identity by providing their name, date of birth, NHS number or postcode. They will then be presented with their mobile phone number and/or email from the Patient Demographic Service (PDS) so that a secure one-time password can be sent to them. This ensures the patient is in control of the process.

If a person cannot confirm their identity they can use the telephone service to guide them through the service or set a choice on their behalf. The website is available 24 hours a day, seven days a week, from 25 May 2018.

Routes to set an opt-out - Supported telephone service

People can set their national data opt-out choice using a telephone service on 0300 303 5678. When calling this service patients will need to confirm their identity by providing their NHS number, name and date of birth. If the patient does not know their NHS number the contact centre may ask for their postcode to confirm a match. The patient will also need to have an email or mobile phone number recorded on PDS to receive a verification passcode.

Calls to this number should cost no more than calls to a normal personal or business geographic landline number (numbers starting with 01 or 02), whether calling from a landline, or mobile phone.

The telephone service is available 9am to 5pm, Monday to Friday, excluding English bank/ public holidays.

Routes to set an opt-out – Non-digital (Paper)

Patients can also obtain a form to fill in and post to register a national data opt-out preference. The form can be obtained via the nhs.uk website or the national telephone service. To use the non-digital route a patient can either use their NHS number, or two forms of identification one to confirm name and the other to confirm address. When a patient updates their choices through the non-digital paper route they will receive confirmation, and can choose to receive this by letter or email.

Cannot be set via GP

The national data opt-out choice CANNOT be set by the GP or other member of the practice staff and is not stored or implemented through the use of codes in the GP system. National data opt-outs are held by NHS Digital on a central repository on the Spine.   

In order to ensure that identifiable data for patients with a restricted access setting against their PDS record (also known as a Sensitive flag) is not released for secondary purposes, a national data opt-out has been set for all patients with such a restricted access setting. The process for setting this flag on PDS has been updated so that a national data opt-out can be set or un-set as part of this process.  See the ‘Restricting access to a patient’s demographic record’ section below.

Children and People with Lasting Power of Attorney

Patients can set their national data opt-out choice from the age of 13 through any of the available routes. This age is based on the minimum age in data protection legislation and is not based on any assessment of competence. Any national data opt-out set by a parent or guardian prior to age 13 will remain in place unless and until the patient reviews and changes it.

For children under the age of 13 a national data opt-out can be recorded by someone with parental responsibility. Once a young person passes the age of 13 the person with parental responsibility will no longer be able to set a national data opt-out.

Someone with legal authority to act on behalf of an individual e.g. Lasting Power of Attorney (LPA) or court appointed deputy can set a national data opt-out choice on behalf of that individual. For example a daughter with LPA could set a choice for her elderly parent with dementia. Anyone who wishes to set a national data opt-out on behalf of someone else will need to use the ‘by post’ forms or speak to the telephone service.  

To set an opt-out on behalf of someone else, they will need to supply their own name, address, postcode and a signed declaration of parental responsibility to act on behalf of the individual for whom they are setting a choice. They will also need either the name and NHS number for the person for whom they are setting the choice, or name and two identification documents (one for name and one for address).

Supporting Information

• Additional Information Factsheet 5 – Setting a national data opt-out
• Resources for young people and carers
• Restricting access to a patient’s demographic record

Summary

• It is important that there is equality of opportunity to register a national data opt-out and that everyone has access to suitable information on the national data opt-out and what it means and can make an informed choice
• A full Equality Impact Assessment has been undertaken and there is a range of accessible resources available.

Detail  

The NHS has worked with the voluntary sector to produce a resource and alternative format handouts to support organisations working with members of the public, particularly those who require additional support. This guide provides the information needed by the voluntary sector to be able to support their communities and members to inform them about the use of confidential patient information and the national data opt-out. It also provides signposting details to further information. The link for this resource is included in the supporting information section.

The following alternative formats of resources for patients are available (see supporting information for link): 

• Easy read
• Large print
• Audio
• Braille
• British Sign Language and other languages

There are also tailored versions of resources for:

• Young People
• Carers
• Black and minority ethnic (BME)

The national data opt-out is primarily a digital service but other routes to setting an opt-out are available to make it accessible to all. Alternative routes to setting an opt-out include contacting the telephone support service on 0300 303 5678 or using a paper form to set a choice.

The telephone service aims to be accessible to all by also offering a translation service, use of the Next Generation Text Service and an email enquiry service.

All of these will be available from the links in the Supporting Information section.

Supporting Information

• Accessible formats of patient facing materials
• Guidance for Voluntary Sector Staff
• Equality Impact Assessment
• Tailored resources for specific audiences

Summary

• In 2016 the National Data Guardian recommended a new simplified opt-out model  for the use of personal confidential information for purposes beyond individual care, which would replace the existing arrangements for type 1 and type 2 objections
• Following a public consultation, the recommendations were accepted by the Department of Health and Social Care and a single national data opt-out has been implemented
• Patients have been able set the national data opt-out from 25 May 2018 and NHS Digital have been upholding the national data opt-outs since this time. A phased implementation across other health and care settings including GP Practices is in progress. By 2020 all health and care organisations are required to apply national data opt-outs where confidential patient information is used for research and planning purposes. 
• The type 1 opt-out will remain at least until September 2020

Detail  

The National Data Guardian was commissioned to propose a new consent/opt out model for data sharing to enable people to make an informed decision about how their personal confidential data will be used.

The Review made a number of points and recommendations including:

• People are protected by the law
• Information is essential for high quality care
• Information is essential for other beneficial purposes such as research, planning and commissioning
• People have the right to opt out of their personal confidential information being used for these other purposes beyond their individual care: 1) Providing local services and running the NHS and social care; 2) Supporting research and improving treatment and care
• The national data opt-out will be respected by all organisations that use health and care information by September 2020
• Individuals will continue to be able to give their consent for defined uses such as a specific research project as they do now
• The national data opt-out will not apply to information anonymised in compliance with the ICO code of practice
• The national data opt-out will not apply to where there is a mandatory legal requirement for the data to flow or an overriding public interest
• There are a limited number of specific circumstances in which an individual’s decision to opt-out should not apply

Supporting Information

• Review of Data Security, Consent and Opt-Outs

Summary

In addition to using data for individual care, the data gathered through health and care can be used to support planning and managing the NHS, and research to improve care. It is important that individuals understand how their data can be used in this way, and how this may have long-term benefits across the population. It is also vital that individuals have trust in those using their data, and understand how their health and care data is used.

Detail  

Individual Care

We are all familiar with using the information on patients' records when treating them. This may be reading the notes, sending referral letters or sharing patient records electronically, or through the use of local clinical audit by those providing this care. All of these uses are considered under the heading of “individual care”.

Planning and Research

In addition to data being used for individual care there is an important opportunity to use the data that we hold about our patients for other purposes related to the planning and commissioning of healthcare services and research to improve our ability to care for our patients. 

Using confidential patient information enables joining up of data from different sources and in many cases is required to: 

• understand more about disease risks and causes
• improve diagnosis
• develop new treatments and prevent disease
• plan and commission NHS services
• improve patient safety
• evaluate government and NHS policy

Use of data under this heading must have a demonstrable benefit to the  delivery of health and care.

The Department of Health and Social Care’s clear policy position is that no confidential patient information should be used for marketing and insurance purposes unless a patient gives their explicit consent.

For a more detailed discussion of who uses the information and how see Understanding Patient Data “What you need to know” in the Supporting Information section.

Trust

The National Data Guardian introduced her report “Everyone who uses health and care services should be able to trust that their personal confidential data is protected”. For us to practice medicine safely we need our patients to give us information, and so we must have their trust.

The Understanding Patient Data initiative, led by the Wellcome Trust has undertaken a major piece of work to provide the resources to “support conversations with the public, patients and healthcare professionals about how health and care data is used”(see supporting information).

This work has identified four factors in keeping data safe:

• Removing identifying information where possible
• An independent review process - why the data is needed, who is accessing the data, how the data will be protected.
• Strict legal contract
• Robust data security standards (see Understanding Patient Data “How is data kept safe” in supporting information section)

It is the responsibility of every organisation handling confidential patient information to ensure that they meet the standards of confidentiality and security that are required to be trustworthy. By September 2020 every organisation in health and care will be required to uphold the national data opt-out.

Sometimes, to understand and analyse the care and treatment patients are receiving and to undertake research, it is necessary to join data together. To join the data from different health and care organisations a single unique identifier is needed for each patient. This is the individual’s NHS number. Occasionally the NHS number may not be available or has been entered inaccurately so other facts about the patient, such as date of birth, may also be used. The more of a patient’s details that can be successfully matched the greater the certainty that the different sets of data relate to the same patient.

Where confidential patient information is required to allow data from different organisations to be linked it will only be collected where there is a clear legal basis. All such confidential patient information is subject to the GDPR/Data Protection Act 2018 and the Common Law Duty of Confidentiality (CLDC).

NHS Digital and the Confidentiality Advisory Group publish registers of all approved data releases (see supporting information).

Where a person does not want their confidential patient information used for planning and research they can choose to opt-out of this use, although there are a number of situations where this opt-out will not apply (see section “Applying the national data opt-out”).

Benefits of use of data beyond individual care

The NHS and those providing adult social care services hold a large amount of patient data, which can and does deliver significant benefits in both planning and commissioning of services and research. In her report on data security, consent and opt-outs, the National Data Guardian emphasised the importance of data. Sharing data across health and care services and the organisations responsible for managing them benefits both patients and those providing the services and the organisations responsible for managing the service. These benefits include: gaining an understanding of the care and treatment patients are receiving and how they are passing through services, measuring the impact of services, monitoring the impact of guidelines and standards. Examples include: the National audit of management of Hepatitis B in pregnancy and the National Perinatal Mortality Review.

The National Diabetes Audit helps GP Practices identify priorities for improvement for patients with diabetes. The last audit found that patients under 65 were less likely to reach their treatment targets compared to older people. This has led to recommendations that new approaches should be developed for patients under 65. With the evidence provided by the National Clinical Audit we are able to improve care for all patients with diabetes.

Benefits of data sharing for research include the development of tools to support diagnosis and risk prediction, identifying appropriate treatments and guidelines and the identification of benefits and problems with treatments. Examples include the Clinical Practice Research Datalink (CPRD) study which identified improvements needed in the referral guidelines for suspected renal cancers to include patients aged over 40 with blood in the urine, and the development of the QRisk set of risk scores for cardiovascular disease which are now used universally to prevent cardiovascular events.

Supporting Information

• Additional Information Factsheet 1A – Data use and patient choice
• Additional Information Factsheet 1B – Types of data used and legal protection in place
• Review of Data Security, Consent and Opt-Outs
  
• NHS Digital Register of Approved Data Releases
• Confidentiality Advisory Group Registers
• Understanding Patient Data – What You Need to Know
• Understanding Patient Data – How is Data Kept Safe
• Understanding Patient Data – Data Saves Lives
• Moving from trust to trustworthiness: Experiences of public engagement in the Scottish Health Informatics Programme

Summary

The national data opt-out enables patients to set or update their choice regarding how their confidential patient information is used for purposes of planning and research, except for certain circumstances.

The opt-out choice is set directly by the patient, either online or via a supported national telephone service without the involvement of the General Practice.

All type 2 objections have been converted to national data opt-outs and any patient wanting to opt-out should be directed to the national data opt-out.

Detail  

One question to make your choice

When setting a national data opt-out the patient will be asked the following question:

Your confidential patient information can be used for improving health, care and services, including:
*  planning to improve health and care services
*  research to find a cure for serious illnesses

I allow my data to be used for research and planning:

• Yes
• No

Applies across all of Health and Care

Once the person has set a preference it will apply across all health and care settings by 2020. Patients can change their mind at any time and change their setting.

When will it apply? 

Patients have been able to set their choice from 25 May 2018. NHS Digital will respect all choices set from this date, however, other health and care organisations may not have implemented the national data opt-out until 2020. Patients need to be aware that their national data opt-out choice may not be fully respected until this date.

GP practices should note that they will still have to uphold existing type 1 objections at least until September 2020.
 
Once an individual registers a national data opt-out, their confidential patient information may not be used for the purposes of planning and research. Until a patient registers a national data opt-out their confidential patient information may be used for purposes of planning and research providing there is a legal basis to do so unless they have a type 1 objection in place in which case their GP data will not be used.

A national data opt-out will not apply retrospectively, meaning it does not need to be applied to data that has already been processed. At the point a particular dataset has been used or released, all patients who have opted out at that time will be removed. Data does not need to be recalled once released or otherwise processed. A patient may choose to change their opt-out decision at any time and their current choice will be respected at any given time, replacing any previous choices made. If a patient has previously opted-out, but then subsequently withdraws their opt-out, their confidential patient information (including any historic data) will become available for use beyond their individual care once again. This is true even where the data relates to a period where the patient had previously opted-out.

Further detail on the situations when the national data opt-out will and will not apply are in the “Applying the national data opt-out” section

Supporting Information

• National Data Opt-out – Operational Policy Guidance
• nhs.uk website

Summary

The new national data opt-out will involve changes for the practice:

• New posters and handouts with information on obtaining supplies are being supplied by the NHS and should be displayed. Old ones, for example, previous privacy notices or material relating to care data should be removed
• The type 2 objection will no longer apply, so all references need to be removed from patient literature. The practices' privacy notices will also need to be updated to ensure they are applicable with the changed opt out arrangements
• Anyone with a type 2 in place will have had it automatically converted to a national data opt-out which will be respected by NHS Digital, so wishes will still be respected
• The type 1 objection remains in place at least until September 2020 and all literature should reflect this
• All practice staff need to be aware that there is a change in patients’ opt out options. They need to know where to direct patients for further information and to be aware of the need to ensure all documentation being supplied to patients is accurate and up to date
• As the digital channel uses email or telephone details for verification purposes, practices should maintain their efforts to keep this information current on their system and up to date with PDS

Further guidance will be communicated to all GP practices on upholding the national data opt-out as it is developed.

Detail

Ensure all staff are aware of the national data opt-out and understand their role

All practice staff will need to be aware that there is a change in patients’ opt out options. They need to know where to direct patients for further information and to be aware of the need to ensure all documentation being supplied to patients is accurate and up to date. As the type 1 objections remain in place and the national data opt-out which replaces the type 2 objection will be upheld immediately by NHS Digital patients can be reassured that there will be no change to the sharing status of their GP records at present.

Some members of the team will need more detailed understanding, for example, clinicians who may be asked for information by their patients. Those members of the team with specific information governance roles will need to have a more detailed understanding of the changes so that they can ensure that the practice is compliant and can support and advise colleagues of their responsibilities.

Review all existing documentation and website content related to data choices

Practices will have a variety of pieces of documentation to support their fair processing obligations. These may include: notices given to new patients when they register, registration forms with options to select a variety of data choices, including requests for type 1 and type 2 objections.

All documentation should be reviewed and updated to include information about the national data opt-out and the type 1 opt-out and remove any references to the type 2 opt-out. Old copies will need to be removed from circulation.

Update your privacy notice

In addition to other updates in line with the Data Protection Legislation the practice privacy notice will need to be updated to reflect:

• The new national data opt-out (see template statement in support resources)
• The requirements of GDPR including all relevant rights

Supporting Information

• Readiness Checklist for GP Practices

• Privacy Notice – Template Statement

• Additional Information Factsheet 6 – How the national data opt-out fits with data protection legislation

• Compliance with the national data opt-out

Summary

• The national data opt-out has replaced type 2 opt-outs and from October 2018, GP practices should no longer use the type 2 opt-out code to record a patients opt-out choice
• From 25 May 2018 all type 2 opt-outs were automatically converted to the new national data opt-out
• Patients who had registered a type 2 opt-out  have been directly notified by letter from NHS Digital
• Existing type 1 opt-outs will be honoured until 2020 and the National Data Guardian will be consulted before confirming their removal.

Detail

Type 1 objections

The type 1 objection ‘Dissent from secondary use of general practitioner patient identifiable data’ prevents any identifiable information leaving the GP record for purposes other than individual care.

These opt-outs are coded in the GP patient record and will continue to be upheld until at least September 2020. Before a decision is taken to remove these opt-outs, there will be a consultation with the National Data Guardian. GP practices can continue to record and apply a patient's type 1 opt-out choice.

Type 2 objections

The Type 2 objection ‘Dissent from disclosure of personal confidential data by Health and Social Care Information Centre’ has been replaced by the new national data opt-out.

Type 2 opt-outs were managed by the patient’s GP practice making a coded entry in the patient record at the GP practice and collected by NHS Digital so that they would know not to share confidential patient information for research and planning.  GP practices must no longer use the type 2 opt-out code to record a patients opt-out choice as it is no longer collected and processed.  This means that the patient’s request will no longer be applied.

Where a patient had a type 2 opt-out registered on or before 11 October 2018, this was automatically converted to a national data opt-out and if they were aged 13 or over they were sent a personal letter explaining the change and a handout with more information about the national data opt-out.  Patients can be reassured that their choices will continue to be respected. If they want to change their choice, they can use the national data opt-out service to do this.

Supporting Information

• National data opt-out Operational Policy Guidance

• Additional Information Factsheet 5 – Setting a national data opt-out

• Readiness Checklist for GP Practices

• Template letter from NHS Digital to patients who had a type 2 objection

Summary

• The national data opt-out will apply to any confidential patient information generated or processed by a health or adult social care organisation within England
• It will also apply to confidential patient information held by other organisations relating to care provided or co-ordinated by a public body
• The national data opt-out is defined on purpose and applies to any disclosure of data for purposes beyond individual care (see section 2.3 of the operational policy guidance)

For further guidance on upholding see "Upholding the national data opt-out".

Detail

England

The national data opt-out will apply to confidential patient information generated and processed in England, this will include any data collected in England which is flowing out of England, including where it is flowing to another home nation. For a definition of confidential patient information see the section “Applying the national data opt-out”.

The national data opt-out will not apply to information flowing from outside England, including from the other home nations directly to a research or planning body. However, when information from another home nation comes into a health or adult social care organisation in England, for example, a GP surgery, where the national data opt-out applies, then the information will become subject to the national data opt-out.

For example, if a patient registered with a GP in England is treated in hospital in Wales the information held by the hospital in Wales will be treated in compliance with Welsh policy, and the opt-out will not apply. Any information held by the GP in England which has been received from the hospital will be subject to the opt-out by September 2020.

Health and Social Care Organisations

The national data opt-out applies to confidential patient information generated and processed by health and care organisations in England. This is defined using Section 250 of the Health and Social Care Act 2012, i.e.:

• The Secretary of state
• NHS England
• Any public body which exercises functions in connection with health services or adult social care in England
• Any other organisation providing publicly funded health services or adult social care commissioned by, or on behalf of, a public body

The national data opt-out operational policy guidance provides further information on the sorts of organisations that are included and excluded from this definition. Broadly it includes health service providers, private providers who deliver services which are publicly funded, commissioners of health and care services and Arms-Length Bodies. The national data opt-out does not apply to data originating in providers of children’s services (including children’s social care, education services and schools) which are regulated by Ofsted or otherwise within the policy responsibility of Department of Education (N.B. child health services which are publicly funded or provided by public bodies would remain in scope). 

Privately Funded Care in the Private Sector

The national data opt-out does not apply to health and care data for privately-funded care or treatment by a private provider organisation, unless it is coordinated by a public body, such as a local authority.

Supporting Information

• Additional Information Factsheet 3 - “What data and organisations the national data opt-out applies to”

• National data opt-out Operational Policy Guidance

Summary

The national data opt-out applies to confidential patient information being used for purposes other than individual care except for certain exemptions which are set out below. Applying the national data opt-out depends on the lawful basis for the use of the data not the organisation requesting or using it. A data controller must be clear what the purpose and legal basis is for any disclosure.    

In summary, the opt-out will apply unless:

• the patient has consented to a specific data use
• the data is required by law
• where there is an overriding public interest for the disclosure
• the data is anonymised in line with the ICO code of practice on anonymisation
• a specific exemption has been granted.

These are explored in more detail below with further information in the national data opt-out operational policy guidance (see resources section for more information).     

Detail

When the national data opt-out applies

Purpose

The national data opt-out applies to the use of confidential patient information for purposes other than individual care, for example, where data is used for planning and research purposes. 

Type of data

The national data opt-out applies to “confidential patient information” (CPI) as defined in the national data opt-out operational policy guidance document. In summary, this is information that meets the following three requirements: 

• identifiable or likely identifiable e.g. from other data likely to be in the possession of the data recipient (see example below);
• given in circumstances where the individual is owed an obligation of confidence; and
• conveys some information about the physical or mental health or condition of an individual, a diagnosis of their condition; and/or their care or treatment

It should be noted that "care" specifically includes local authority social care (i.e. care provided for, or arranged by, a local authority). In practice the CPI definition covers anything that could be described as “special category of personal data” under the DPA 2018 and indeed goes beyond this as it also covers information about the deceased.

Confidential patient information cannot be defined by a specific data item (e.g. name or postcode) alone, as it needs to be considered more broadly to take account the nature of the information and the circumstances of the disclosure, including the reasonable expectations of a patient. The national data opt-out operational policy guidance provides information and examples to support health professionals to assess what is CPI. This guidance has been agreed for the purposes of applying the national data opt-out only. 

The national data opt-out will not apply when the data being disclosed is anonymised in line with the ICO Code of Practice on Anonymisation (see supporting information).

The national data opt-out applies regardless of the data format i.e. it applies to electronic data and to paper records.

Section 251 of the NHS Act

Under the Common Law Duty of Confidentiality (CLDC) there must be a legal basis for sharing CPI. Most often this will be consent, but there are times when obtaining consent is not practicable, and so there are processes to allow lawful sharing of CPI without consent. This is using s251 support i.e. under regulation 2 or 5 of the Health Service (Control of Patient Information) Regulations 2002. In general, if the legal basis for disclosure from a GP practice is s251, then the national data opt-out will apply.

To obtain s251 approval applications are scrutinised by an independent review body, the Confidentiality Advisory Group (CAG). This group provides oversight and advises the decision maker i.e. Health Research Authority (HRA) for research related applications, and the Secretary of State for non-research applications, as to whether an application should be approved. One of the standard conditions of s251 approvals is for patient opt-outs to be allowed. Under exceptional circumstances CAG may advise that the opt-outs should not be upheld, but for the majority of cases where data is obtained under CAG approval then the national data opt-out will be applied.  

Examples:

CAG-approved projects for research purposes: GP Reminders for Bowel Scope Screening non-Participants; Mortality outcome in the London COPD Cohort.

CAG-approved projects for non-research purposes: National COPD Audit; An evaluation of 12-month all-cause mortality in patients with hip fracture.

An example of a s251 approval where CAG have advised that opt-outs should not be applied are for invoice validation flows to Commissioning Support Units Controlled Environment for Finance on behalf of Clinical Commissioning Groups.

When the national data opt-out does not apply

Individual care

The national data opt-out does not apply to the use of data for individual care. This means that setting an opt-out will not have an adverse effect on an individual’s care. In particular it will have no impact on the Summary Care Record which has a separate opt-out or local shared care record services. Other examples of individual care, where the national data opt-out would not apply include: 

• local clinical audit, i.e. an audit carried out within an organisation with the participation of a health and social care professional with a legitimate relationship to the patient. NB for audit across organisations, the use of CPI is permissible where there is approval under Regulation 5 of the Health Service (Control of Patient Information) Regulations 2002
• disclosures of confidential patient information to enable participation in, and oversight of, National Screening Programmes 
• risk stratification for case finding when carried out by a provider involved in an individual’s care or by a data processor acting under contract with such a provider. NB where s251 is relied upon for the disclosure the national data opt-out will apply.

Mandatory Legal Requirements

The national data opt-out does not apply where there is a mandatory legal requirement to release information. These include court orders (i.e. a judge requiring information), notification of infectious diseases, CQC requirements (e.g. access to records during a practice inspection) and when NHS Digital uses its legal powers under s259 of the Health and Social Care Act 2012 (e.g. collection of data for the National Diabetes Audit). For further examples of mandatory legal requirements please see the operational policy guidance referenced in the supporting information.  

Public Interest

There are exceptional circumstances where it can be deemed that the public interest overrides the CLDC and in such cases the national data opt-out does not apply. This would include the disclosure of confidential patient information required for the monitoring and control of communicable disease and other risks to public health and for public health emergencies. 

This includes any data disclosed where Regulation 3 of The Health Service (Control of Patient Information) Regulations 2002 provides the lawful basis for the common law duty of confidentiality to be lifted.  

The public interest test may also be applied locally and any such case should always be considered on its individual merits, and it would be advisable to seek expert advice (e.g. from the BMA, indemnity organisation or the General Medical Council). For example, reporting concerns about a patient’s fitness to drive to the DVLA.  

A person may consent directly to any disclosure of data, for example, a specific research programme. Where a patient has specifically consented then the national data opt-out will not apply to that specific data use, and that use only. 

In some scenarios researchers may need to access CPI to identify patients with a particular condition or characteristic in order to invite them to participate research, e.g. a clinical trial – so-called seeking “consent for consent”. Depending upon the mechanism used, the national data opt-out may or may not apply. This is summarised in the below.

Specific Exemptions

The national data opt-out operational policy guidance sets out a number of specific exemptions including:

• National Cancer Registration Service and the National Congenital Anomalies and Rare Diseases Registration Service – these will continue to operate their own opt-out system. 
• Where data is disclosed to validate payments when there is no contract. For example, if a patient lives in Bromley but is treated in hospital in Devon, an invoice will be sent from Devon to the Clinical Commissioning Group (CCG) in Bromley that holds the budget for the patient.
• Where data is used to send out national patient experience surveys.

Upholding the opt-out in GP practices

By September 2020, GP practices will be expected to uphold the national data opt-out. NHS Digital is working closely with the principal GP clinical system suppliers to implement this functionality. Further detailed guidance for this will be made available as it is developed.

Examples of applying the opt-out to flows from the practice

Supporting Information

• Additional Information Factsheet 2 – When the national data opt-out it applies

• General Medical Council Guidance - Public interest disclosures for health and social care purposes

• National Cancer Registration Service

• National Congenital Anomalies and Rare Diseases Registration Service

• Information Commissioner’s Office (ICO) anonymisation code of practice

• Compliance with the national data opt-out

Summary

In May 2018, the strict rules about how this data can and cannot be used were strengthened. The NHS is committed to keeping patient information safe and always being clear about how it is used. A public communications campaign called ‘Your data matters’ was launched on 25 May 2018 by the Information Commissioner’s Office (ICO) in partnership with the NHS. This was a reassurance campaign on the benefits of data sharing and provided links to the data use and service landing pages on nhs.uk.

The national data opt-out is a policy opt-out which sits alongside the General Data Protection Regulation (GDPR), the Data Protection Act (DPA) and the Common Law Duty of Confidentiality  (CLDC). It is provided over and above the legal rights and does not replace any of the provisions of these but rather compliments them. This is a complex area and is likely of interest mainly to Information Governance leads and Caldicott Guardians.

Detail

GDPR and the DPA

The General Data Protection Regulation (GDPR) and the Data Protection Act (DPA) require that processing data is fair, lawful and transparent.

GDPR specifies that this means the processing must meet one of the conditions specified in:

• Article 6 (personal data). For GP practices this will be 6(1)(e) ‘...necessary for the performance of a task carried out in the public interest or in the exercise of official authority...’ and
• Article 9 (health being a special category of data). For GP practices this will generally be 9(2)(h) ‘...medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems...’

NOTE: the requirements for GDPR-compliant consent mean that this is generally not an appropriate basis to use in Health and Care settings. For a detailed discussion of the issues regarding consent see GDPR guidance published by the Information Governance Alliance.

Common Law Duty of Confidentiality (CLDC)

In addition to the disclosure of confidential patient information for purposes other than individual care practices must respect confidentiality under the CLDC. For this there must be either:

• consent from the patient, but note this is a different standard of consent from GDPR-compliant and includes the concepts of explicit and implied consent or
• a specific legal basis for the CLDC to be set aside, for example, Section 251 (NHS Act 2006) support, or a mandatory legal requirement, for example, data provision notice from NHS Digital under section 259 of the Health and Social Care Act
• disclosure in the public interest -  see GMC Principles of Confidentiality in supporting information

Regardless of whether a patient does or does not have a national data opt-out in place the practice must still comply with the above provisions.

Duty of Transparency and Privacy Notices

With GDPR and in the DPA 2018 the requirements for privacy notices are strengthened. This is about being clear with patients and the public about what data is collected and how it is processed.

The NHS has provided suggested text to include in privacy notices to support the national data opt-out (see supporting information).

Practices need to review their Privacy Policy in line with GDPR. Patients can see the NHS Digital information on how they handle the data they hold at keeping patient data safe. 

Supporting Information

• Information Commissioners Office “Your Data Matters”

• Additional Information Factsheet 1B – Types of data used and legal protection in place

• Additional Information Factsheet 2 – When the national data opt-out applies

• Additional information Factsheet 6 – How the national data opt-out fits with data protection legislation

• National data opt-out Operational Policy Guidance

• Information Governance Alliance GDPR Guidance

• Information Governance Alliance GDPR Guidance on consent

• Information Commissioner’s Office guidance on GDPR

• General Medical Council Disclosures in the public interest

• Privacy Notice – Template Statement

• Information Commissioner’s Office guidance on ‘Right to Object’

Summary

Between now and the deadline of September 2020, GP Practices will need to become compliant with "upholding" the national data opt-out. To fulfil this obligation the practice will need to ensure that there is an understanding of:

• the legal obligations of the practice
• the involvement of the practice in research and planning
• how the practice as a data controller relates to the people and organisations who process data on their behalf
• how the national data opt-out is applied in different situations and how the obligations of the data controller apply in each scenario
• what the obligations of the practice are as a data controller to communicate with the people whose data they hold.

Detail

Legal obligations of the practice

By nature of their independent contractor status GP practices are the data controllers for the information they hold. This means that they must satisfy the requirements of the Data Protection Act (DPA 2018) and the General Data Protection Regulation (GDPR). In addition, they must also abide by the Common Law Duty of Confidentiality (CLDC) and GPs and nurses must abide by their professional requirements laid down by the GMC and NMC respectively.

Supporting information

• BMA Guidance on GP as data controller 
• Information Governance Alliance Guidance on GDPR for NHS organisations 
• Hertfordshire and Bedfordshire LMC Guidance on GDPR for General Practice 
• NHS Code of Confidentiality 
• GMC Guidance for registered doctors on confidentiality 
• NMC code of standards duties of nurses in maintaining confidentiality 
• Compliance with the national data opt-out (NHS Digital)

Research and planning in general practice

In addition to service delivery the patient data held by practices could be used in supporting research and for commissioning and health and social care service planning and provision. This involves providing information in a variety of forms to different organisations.

Examples covering a range of research networks include QResearch, Clinical Practice Research Datalink (CPRD), the NIHR Clinical Research Network (CRN) and the RCGP Research and Surveillance Centre (RSC). Planning activity may include the provision of data to primary care organisations to support local commissioning, planning of service pathways and analysis of current patient pathways.

Whenever practices participate in such data use for research or planning they must be aware of the legal basis for the use of this information. The practice must also understand how and when the national data opt-out will, and will not, apply. Every request to use such data needs to be considered against the criteria for the application of the national data opt-out. (See sections: “What the national data opt-out applies to” and “Applying the national data opt-out”).

Supporting information

• QResearch 
• Clinical Practice Research Datalink (CPRD) 
• The NIHR Clinical Research Network (CRN) 
• RCGP Research and Surveillance Centre 

Data processors and the data controller

Much of the processing of the data for practices is undertaken by third parties, for example, no practice would be able to set up, develop and run their own electronic health record system. Practices therefore must have relationships with other organisations who do this work on their behalf, these organisations are the data processors. The practice (data controller) is responsible for ensuring that the data processor performs this processing activity appropriately and legally.

These data processors may be the provider of the principal clinical system (EMIS, TPP, Vision or Microtest), or one of a number of other service providers providing either direct care services (e.g. appointments systems or document management), or support for research or commissioning (e.g. Apollo Medical Software Solutions).

The practice must understand how the requirement for a data processing contract is met for each provider processing their data. For the principal system suppliers this will be the Deed of Undertaking signed by the suppliers in 2014. For other providers the practice will need to ensure that this is included in the practice contract. If the data processor contract is with another organisation then the practice must have a data processing contract or Deed of Undertaking in their own right.

Supporting information

• Information Commissioner’s Office guidance on data processing contracts 
• Deed of Undertaking for principal clinical system suppliers 

The implementation of the national data opt-out

The national data opt-out applies in certain situations where data is being used beyond individual care e.g. to support research and healthcare planning. Specifically, it applies where the data being used is confidential patient information where the legal basis for overriding the Common Law Duty of Confidentiality (CLDC) is a s251 recommendation by the Health Research Authority Confidentiality Advisory Group (HRA CAG) to either the HRA (in the case of research) or the Secretary of State (for non-research uses e.g. risk stratification). For more detail see the section “Applying the national data opt-out”. The practice as data controller is responsible for ensuring that any opt out choices set by their patients are upheld by the practice itself and the relevant data processors prior to release to another data controller.

The practice must be aware of all situations in which information is leaving the practice to be used for purposes other than individual care and be satisfied that this use meets the necessary criteria. There should therefore be a process in the practice for assessing all requests for data to ensure that there is an appropriate legal basis under both GDPR and where appropriate the CLDC.

Part of this assessment will include whether the national data opt-out should apply. If the national data opt-out should apply the practice must be satisfied that the data processor has a process in place to ensure this happens. There are three principal scenarios to consider:

• Where data is collected through an established mechanism with the principal clinical system (PCS): in this scenario the mechanisms developed between the supplier and NHS Digital will ensure that the national data opt-out register is interrogated to ensure the national data opt-out will apply appropriately.  
• Where data is collected by a third-party data processor (e.g. Apollo): in this situation the practice will need to ensure that their data processing contract covers the application of the national data opt-out and satisfy themselves that the data processor has mechanisms in place to apply the national data opt-out.
• Where data is being submitted by the practice directly, or collected by a visiting person on behalf of a planning or research organisation: when this happens, the practice will be responsible for identifying and removing the records of any patient with an opt out in place before sending, or giving the visiting person access to, the records 

Supporting information

• Webinar - Understanding the National Data Opt-out 
• Webinar - Caldicott Guardians and Upholding the National Data Opt-out 
• NHS detailed operational policy guidance document for the national data opt-out

Communicating with patients

Part of the legal requirement on practices as data controllers is that they communicate clearly with their patients on how they use their patients’ data. Practices must therefore have clear information regarding the national data opt-out as part of their “Information privacy notice”.

To assist with meeting this obligation with regard to the national data opt-out, NHS Digital has provided a template text which practices may choose to use in their information privacy notice (see link below).

Practices should note that this template only relates to the national data opt-out and they must still ensure that the rest of their privacy information is complete in line with wider legal obligations under GDPR.

It is also important for practices to review existing materials and remove any which are no longer applicable (e.g. any which refer to the type 2 objection).

Supporting information

• Information Commissioner’s Office right to be informed 
• NHS Digital patient Information resources including sample text to include in your practice privacy document 

Patient Data Choices webinar 1: Understanding the National Data Opt-out

This webinar provides an overview of the national data opt-out and includes discussions on the key points and resources available to support GP teams.

Patient Data Choices webinar 2: Understanding the National Data Opt-out

This webinar includes a discussion of different scenarios where the national data opt-out will and will not apply.

Patient Data Choices webinar 3: Caldicott Guardians and Upholding the National Data Opt-out

This webinar includes a discussion of different scenarios where the national data opt-out will and will not apply.

Patient Data Choices webinar 4: Upholding the National Data Opt-out: Research and Commissioning

This webinar explores how the national data opt-out can be upheld in the context of research and commissioning and what support is available to them.