You should make sure everyone within your organisation who has access to patient data, and/or is responsible for processing or handling it, is made aware of the updated procedures.
Identify who is responsible for staff communications and work with them to develop a communications plan and create suitable materials.
Communicate through whatever channels are available, such as intranets or newsletters.
Make sure documented procedures are accessible, including for new members of staff, by including them in staff training and induction materials.
You should update your privacy notice materials, and include a declaration to state when your organisation is compliant with national data opt-out policy, to comply with the Information Standard.
See recommended content to include in your organisation’s website and privacy notice.
Identify who produces and/or is responsible for creating patient materials and managing patient communication channels, and work with them to decide how to inform patients appropriately. Consider your organisation’s website if you have one, and work with patient groups such as Patient Participation Groups (PPGs) in GP practices and the Patient Advice and Liaison Services (PALS) in NHS trusts.
Check existing stocks of the ‘Your NHS Data Matters’ printed materials, order more if needed, and make sure they are available in public spaces.
Consider creating and publishing a register of approved requests for data disclosures, if you do not already do so. With the processes in place for considering requests for data disclosures and whether national data opt-outs apply, this provides greater transparency for your patients.
Communications with other organisations
Organisations you work with may be affected by your organisation becoming compliant with the national data opt-out policy. You should tell organisations that use your data, or that you disclose data to, that you are preparing to apply opt-outs, and let them know whether opt-outs will be applied to their data disclosures.
The policy allows you to tell organisations that receive your data how many records have been removed from the set of data after applying national data opt-outs, so you can choose to supply this information with future data disclosures.
If organisations ask about the likely effects of national data opt-outs on the data they will be using or receiving, you can point them to national statistical data published by NHS Digital which provides more information on the numbers of opt-outs. The statistics are also broken down into further categories such as age, gender and geographical area.
Decide date to declare compliance
With all the above either in place or scheduled, you just need to finalise the actual date from which you will declare that your organisation now complies with the national data opt-out policy.
Make sure your agreed staff communications go out before the declared compliance date so that they know when the new procedures come into effect.
Arrange to provide any agreed patient communication materials either on the date from which you are stating compliance or soon after.
If you are providing communications to organisations that use your data or receive disclosures of data from you that will be affected by national data opt-outs, then make sure those communications are ready to be provided before the next data disclosure takes place.
When you have everything in place to support your proposed compliance date make sure you get approval within your organisation through whichever route you agreed at the outset. Make sure all stakeholders are content with the proposed date, and that all actions have been considered and are either in place or ready to be activated.