NHS Digital has developed a technical service which enables health and adult social care organisations to check if their patients have a national data opt-out in order to enable them to comply with this policy.
This service can be used in two ways:
- organisations can submit a list of NHS numbers that they need to disclose and the service looks these up against the central repository of national data opt-outs. It returns a “cleaned list” of those that do not have a national data opt-out i.e. it removes the NHS numbers for those with a national data opt-out. This is most suitable for one-off and infrequent disclosures of data.
- organisations can submit the NHS numbers for all patients with whom they have a legitimate relationship and then store temporarily the list of patients who do not have an opt-out at the current time and whose data they may be able to disclose. (Organisations would still need to have the appropriate legal basis for any such disclosures. This must not be interpreted as, or confused with, a patient’s explicit consent to the sharing of their data.) There are a number of policy rules around the storage and use of this “temporary cache” of data which are set out below. This is most suitable for large scale and frequent disclosures of data.
More information on accessing the service, guidance and the timetable for the implementation of the national data opt-out through to March 2020 is provided on the National Data Opt-out webpages. There is also a forthcoming Information Standard on Compliance with the National Data Opt-out which will set out the requirements to achieve compliance and signposts to further technical and implementation guidance.
The policy rules for applying national data opt-outs are set out below.