All health and care organisations must comply with the national data opt-out policy by March 2020. This requirement is supported by Information Standard: DCB3058: Compliance with National Data Opt-outs.
To comply with national data opt-out policy, you need to put procedures in place to review uses or disclosures of confidential patient information against the operational policy guidance.
See our guidance overview of the national data opt-out policy to help you understand how it works and whether data uses or disclosures are in scope.
If current uses or disclosures should have national data opt-outs applied, you need to:
- implement the technical solution to enable you to check lists of NHS numbers against those with national data opt-outs registered
- have a process in place, when you get the results back, to ensure that you only use or disclose information for the returned list of NHS numbers, as any with national data opt-outs registered will have been removed
If you have no uses or disclosures which need to have national data opt-outs applied, you must still put procedures in place to assess future uses or disclosures against the national data opt-out operational policy guidance, and can choose to either:
- implement the technical solution in readiness, or
- be ready to implement it if needed for future data uses or disclosures