NHS Digital will launch the National Data Opt Out on 25th May, to coincide with the EU GDPR.
They have produced a brief fact sheet about it, downloadable here.
You can download the contents of this web page as a pdf.
What is the National Data Opt Out (NDOO)?
The NDOO is a mechanism by which individuals in England can control, to a limited degree, certain aspects of their confidential medical information and, in particular, what NHS Digital can do with it once in their possession.
The NDOO only applies to confidential information, that is medical information that can identify you, for example by containing your name, DOB, address, NHS number etc.
And the NDOO only applies to uses of your confidential medical information for secondary purposes, that is unrelated to, and beyond, the direct medical care that GP surgeries and other healthcare organisations provide you with when you are unwell, or to keep you well. Secondary purposes include healthcare planning, audit, population analytics, “risk stratification”, research, "commissioning", commercial and even political uses.
The NDOO is not limited to electronic data and so includes paper records.
It simply replaces the Type 2 (9Nu4) opt-out that has been in force for some years, and which you were able to express, together with the
Type 1 (9Nu0) objection, via your GP surgery.
If I set, or keep, my NDOO status at “do not allow”, what will this mean?
- Confidential medical information obtained by NHS Digital from GP surgeries, hospital trusts, mental health providers and social care, will not be released or disseminated by them in a format that can identify you.
- In addition, and in time, the NDOO will prohibit certain data extractions from your GP record, where this involves confidential medical information, such as where your permission or consent has not been sought before your data was released (so-called section 251 approval).
- The NDOO will, eventually, prevent confidential medical information leaving the Cancer Registry, certain other disease registries, the Clinical Practice Research Datalink (CPRD); and
- By 2020, hospitals and other healthcare providers.
What will the NDOO/Type 1/Type 2 objections NOT do?
- They will in no way affect the sharing of information for the purposes of an individual’s care and treatment, e.g. where information is shared between a GP surgery and a hospital.
It will not stop your GP using the Electronic Referral Service (eRS), the Electronic Prescription Service (EPS), or GP2GP transfers of medical records.
- They will in no way affect the National Summary Care Record (SCR).
You can opt-out of the SCR via the surgery or our website.
- They will in no way affect any local shared care record project or scheme, such as the Hampshire Health Record.
You can opt-out of the Hampshire Health Record via the surgery or our website.
- They will in no way affect situations where the surgery, or other healthcare organisation, is legally required to share your information (such as a court order or when mandated under section 259 of the Health and Social Care Act – but see later).
- They will in no way affect you being invited, when appropriate, for any of the National Screening Programmes, such as cervical/breast/bowel/abdominal aortic aneurysm/diabetic eye screening.
You can opt-out of these separately, if you wish.
- They will in no way stop information being provided to the National Disease/Cancer Registries (run by Public Health England).
You can opt-out of this separately, if you wish.
- They will in no way affect situations where the surgery, or any other healthcare organisation, shares data in an anonymised or aggregate (numbers only) format, in other words where that data cannot identify an individual.
- The NDOO will not stop:
- Commercial sales of hospital data (HES) by NHS Digital
- Lifelong linked medical histories being disseminated by NHS Digital
- Onwards release of data by non-NHS bodies (once provided with your information by NHS Digital)
What about Research?
The NDOO/Type 1/Type 2 objections will in no way prevent you from taking part in accredited medical research, at your GP surgery/local hospital/other health organisation, where you have given your explicit consent to be involved (i.e. you have been asked first).
They will in no way prevent you from:
Will the NDOO stop my confidential GP information being uploaded to NHS Digital in the first place?
NHS Digital does not rely upon section 251 approval (anymore) for data gathering, preferring instead to make such data collections compulsory under section 259 of the Health and Social Care Act.
However, the existing secondary uses, Type 1 (9Nu0), opt-out that many people have in force on their GP record will prohibit data (confidential and, in some cases, de-identified) from being extracted and uploaded from your GP record to NHS Digital.
In addition, the Type 1 opt-out will also prohibit section 251 approved data extractions, for example for “risk stratification”, as well as the mandatory section 259 extractions.
So how do I maximally limit secondary uses of my medical records, beyond my direct medical care, should I wish to?
- Set your NDOO status to “do not allow”, see later for how to do this. Or ensure that you have a Type 2 objection in force – do this via the surgery or our website; and
- Make sure you have a secondary uses, Type 1 (9Nu0) objection in force on your GP record – do this via the surgery or our website
What about preventing NHS Digital releasing or disseminating anonymised and pseudonymised data about me?
You cannot – directly. And you have no control over why they are doing this, for what purpose(s), and to which organisation they are releasing your information to.
But you can limit how much information NHS Digital gathers about you from healthcare organisations, by maximally limiting the secondary uses of your medical records, as described above.
So how do I set, check, or update my National Data Opt Out status?
If you had previously requested a Type 2 objection to be in force, via the surgery, then this will have automatically have set your NDOO status to “do not allow”. You will receive a letter from NHS Digital, confirming this, in due course. Any children aged 13yrs or over will receive their own letter as well.
It is not possible to directly view, set or change your NDOO status at your GP surgery, although you set it indirectly by expressing a Type 2 objection to your GP surgery – but only until October 2018.
This will automatically set your NDOO status to “do not allow”.
Anyone aged 13yrs or over can set their NDOO status via an online service at www.nhs.uk/your-nhs-data-matters
Anyone aged 12yrs or younger, or if you are acting on behalf of another individual (i.e. as a proxy, perhaps with lasting power of attorney authority) cannot do this online but will have to ring 0300 330 9412 instead (or via other so-called “non-digital” methods).
Where can I find more information about sharing my medical information?
If you would like any further information about the NDOO, GDPR, primary or secondary uses of your GP record, opting out, the NHS Databases, access to your medical record, confidentiality, or about any other aspect of NHS data sharing or your medical records, then please do contact the surgery’s Caldicott Guardian / Information Governance lead / Data Protection Officer:
Dr Neil Bhatia