Skip to main content

Compliance with the national data opt-out

All health and care organisations in England must comply with the national data opt-out policy by March 2020. Use our compliance implementation guide to find out what you need to do within your organisation, and see which national organisations are already compliant.

Compliance with the national data opt-out policy

All health and care organisations must comply with the national data opt-out policy by March 2020. This requirement is supported by Information Standard: DCB3058: Compliance with National Data Opt-outs.

To comply with national data opt-out policy, you need to put procedures in place to review uses or disclosures of confidential patient information against the operational policy guidance.

See our guidance overview of the national data opt-out policy to  help you understand how it works and whether data uses or disclosures are in scope.

If current uses or disclosures should have national data opt-outs applied, you need to:

  • implement the technical solution  to enable you to check lists of NHS numbers against those with national data opt-outs registered
  • have a process in place, when you get the results back, to ensure that you only use or disclose information for the returned list of NHS numbers, as any with national data opt-outs registered will have been removed

If you have no uses or disclosures which need to have national data opt-outs applied, you must still put procedures in place to assess future uses or disclosures against the national data opt-out operational policy guidance, and can choose to either:

  • implement the technical solution in readiness, or
  • be ready to implement it if needed for future data uses or disclosures

Once compliant, confidential patient information must not be used or disclosed before it has been assessed and national data opt-outs applied if necessary.

The Check for National Data Opt-outs service - technical solution

National data opt-outs are held on the NHS Spine against an individual’s NHS number. If your use or disclosure of data needs to have national data opt-outs applied, you must remove records for patients with an opt-out registered from the data being used.

The Check for National Data Opt-outs service uses the messaging exchange for social care and health (MESH) to enable you to submit lists of NHS numbers and receive lists back with the NHS numbers removed for those patients that have opted out.

To help GP practices to become compliant with the national data opt-out, the four principal GP system suppliers have been commissioned to develop and embed the service into their clinical systems. Further information will be made available as the GP system suppliers confirm their delivery plans. See further information for GP practices.

Compliance resources

Compliance implementation guide: provides a step-by-step guide to help organisations understand and plan the actions required to become compliant with national data opt-out policy.

Check for National Data Opt-outs service: guidance on how to install and configure MESH to enable lists of NHS numbers to be processed through the Check for National Data Opt-outs service, including a full test data pack.

Check for National Data Opt-outs licence agreement: notes the rights and conditions upon which your organisation may use the Check for National Data Opt-outs service provided by NHS Digital.

DPIA guidance: guidance for completing a data protection impact assessment on the data processing activity being taken to apply national data opt-outs. (Word file - request in a different format.)

Data Uses and Releases Compendium (updated 8 October 2019): provides real examples of data disclosures and the assessment as to whether national data opt-outs apply or not. (Pdf file - request in a different format.)

 

Compliant national organisations

The following organisations are compliant with the national data opt-out policy:

  • NHS Digital (compliance statement)– since May 2018
  • Data Services for Commissioners Regional Offices (DSCROs) – since May 2018
  • Public Health England – since September 2018
Last edited: 8 October 2019 3:05 pm