The National Data Opt Out
NHS Digital will launch the National Data Opt Out on 25th May, to coincide with the EU GDPR.
They have produced a brief fact sheet about it, please download the fact sheet to view..
What is the National Data Opt Out (NDOO)?
The NDOO is a mechanism by which individuals in England can control, to a limited degree, certain aspects of their confidential medical information and, in particular, what NHS Digital can do with it once in their possession.
The NDOO only applies to confidential information, that is medical information that can identify you, for example by containing your name, DOB, address, NHS number etc.
And the NDOO only applies to uses of your confidential medical information for secondary purposes, that is unrelated to, and beyond, the direct medical care that GP surgeries and other healthcare organisations provide you with when you are unwell, or to keep you well. Secondary purposes include healthcare planning, audit, population analytics, “risk stratification”, research, “commissioning”, commercial and even political uses.
The NDOO is not limited to electronic data and so includes paper records.
It directly replaces the Type 2 (9Nu4) opt-out that has been in force for some years, and which you were able to express via the surgery.
If I set, or keep, my NDOO status at “do not share”, what will this mean?
- Confidential medical information obtained by NHS Digital from GP surgeries, hospital trusts, mental health providers and social care, will not be released or disseminated by them in a format that can identify you.
- In addition, and in time, the NDOO will prohibit certain data extractions from your GP record, where this involves confidential medical information, such as where your permission or consent has not been sought before your data was released (so-called section 251 approval). Section 251 approval is often used to permit unconsented data extractions for varieties of research, healthcare planning, risk stratification and population analytics.
- The NDOO will, eventually, prevent confidential medical information leaving the Cancer Registry, certain other disease registries, the Clinical Practice Research Datalink (CPRD); and
- By 2020, hospitals and other healthcare providers.
What will the NDOO not do?
- The NDOO will in no way affect the sharing of information for the purposes of an individual’s care and treatment, e.g. where information is shared between a GP surgery and a hospital.
It will not stop your GP using the Electronic Referral Service (eRS), the Electronic Prescription Service (EPS), or GP2GP transfers of medical records.
- The NDOO will in no way affect the National Summary Care Record (SCR).
- The NDOO will in no way affect any local shared care record project or scheme, such as the Hampshire Health Record.
You can opt-out of the Hampshire Health Record via the surgery .
- The NDOO will in no way affect situations where the surgery, or other healthcare organisation, is legally required to share your information (such as a court order or when mandated under section 259 of the Health and Social Care Act – but see later).
- The NDOO will in no way affect you being invited, when appropriate, for any of the National Screening Programmes, such as cervical/breast/bowel/abdominal aortic aneurysm/diabetic eye screening.
You can opt-out of these separately, if you wish.
- The NDOO will in no way affect situations where the surgery, or any other healthcare organisation, shares data in an anonymised or aggregate (numbers only) format, in other words where that data cannot identify an individual.
- The NDOO will not stop:
- Commercial sales of hospital data (HES) by NHS Digital
- Lifelong linked medical histories being disseminated by NHS Digital
- Onwards release of data by non-NHS bodies (once provided with your information by NHS Digital)
What about Research?
The NDOO will in no way prevent you from taking part in accredited medical research, at your GP surgery/local hospital/other health organisation, where you have given your explicit consent to be involved (i.e. you have been asked first).
The NDOO will in no way prevent you from:
- Giving blood
- Joining the NHS Organ Donor Register
- Signing up to the Anthony Nolan register to donate your blood stem cells or bone marrow
- Donating your DNA for medical research
- Joining the 100K Genomes project
- Taking part in clinical drug trials
- Donating your body to medical science after your death
- Giving money (in a tax-efficient way) to any medical charity of your choosing
Will the NDOO stop my confidential GP information being uploaded to NHS Digital in the first place?
NHS Digital does not rely upon section 251 approval (anymore) for data gathering, preferring instead to make such data collections compulsory under section 259 of the Health and Social Care Act.
However, the existing secondary uses, Type 1 (9Nu0), opt-out that many people have in force on their GP record will prohibit data (confidential and, in some cases, de-identified) from being extracted and uploaded from your GP record to NHS Digital.
In addition, the Type 1 opt-out will also prohibit section 251 approved data extractions, for example for “risk stratification”, as well as the mandatory section 259 extractions.
So how do I maximally limit secondary uses of my medical records, beyond my direct medical care, should I wish to?
- Set your NDOO status to “do not share”, see later for how to do this. Or ensure that you have a Type 2 objection in force – do this via the surgery; and
- Make sure you have a secondary uses, Type 1 (9Nu0) objection in force on your GP record – do this via the surgery
Consider contacting your local hospital trust, mental health provider, or social care organisation (local council) that you use (or have used) and express “the right to object” to the dissemination of confidential information about you to NHS Digital, where it is not legally mandated.
For example, you have the right to object where your data might be processed in this way and the organisation concerned is relying on Article 6(1)(e) – Official Authority – as the legal basis under the GDPR.
What about preventing NHS Digital releasing or disseminating anonymised and pseudonymised data about me?
You cannot – directly. And you have no control over why they are doing this, for what purpose(s), and to which organisation they are releasing your information to.
But you can limit how much information NHS Digital gathers about you from healthcare organisations, by maximally limiting the secondary uses of your medical records, as described above.
So how do I set, check, or update my National Data Opt Out status?
If you had previously requested a Type 2 objection to be in force, via the surgery, then this will have automatically have set your NDOO status to “do not share”. You will receive a letter from NHS Digital, confirming this, in due course. Any children aged 13yrs or over will receive their own letter as well.
It is not possible to directly view, set or change your NDOO status at your GP surgery, although you set it indirectly by expressing a Type 2 objection to your GP surgery – but only until October 2018.
This will automatically set your NDOO status to “do not share”.
Anyone aged 13yrs or over can set their NDOO status via an online service at The NHS Website.
Anyone aged 12yrs or younger, or if you are acting on behalf of another individual (i.e. as a proxy, perhaps with lasting power of attorney authority) cannot do this online but will have to ring 0300 330 9412 instead (or via other so-called “non-digital” methods).
Where can I find more information about sharing my medical information?
More information about NHS data sharing, opting-out and objecting, and the NHS databases can be found at The NHS Website.