Skip to main content

Part of National data opt-out operational policy guidance document

2: What are national data opt-outs?

National data opt-out operational policy guidance: Explaining the context, purpose, legal framework and who and what is covered by the national data opt-out.

Current Chapter

Current chapter – 2: What are national data opt-outs?


Summary

National data opt-out operational policy guidance: Explaining the context, purpose, legal framework and who and what is covered by the national data opt-out.


2.1: Context

Background to the national data opt-out policy.

The national data opt-out implements the opt-out model proposed by the National Data Guardian, as accepted by the Government and directed by the Department of Health and Social Care.


There should be a new consent/opt-out model to allow people to opt-out of their personal confidential data being used for purposes beyond their direct care.


The NDG’s review carefully considered the scope of the model including its limitation to purposes beyond individual care only and for it to be an opt-out rather than consent model:

3.2.2: The Review was persuaded that the best balance between meeting these expectations and providing a choice to those who have concerns is achieved by providing an opt-out model. The review concluded that people should be made aware of the use of their data and the benefits; an opt-out model allows data to be used whilst allowing those who have concerns to opt out.

 


The review also acknowledged that:

Whilst patients have a right under the NHS Constitution to request that their personal confidential data is not used beyond their direct care, there is currently no easy way for them to do that.


The national data opt-out provides a single central mechanism which gives effect to this right.

The Government undertook a public consultation before publishing its response to the NDG review which accepted all the recommendations made by the National Data Guardian.



2.3: Complying with the Common Law

Once the lawful basis for the processing has been established then the application of the national data opt-out can be determined based on the authorisation for complying with the CLDC. 

The table below summarises the commonly used bases and sets out when the opt-out applies.  Options include the use of the legal gateways set out in the Control of Patient Information Regulations 2002 (made under Section 251 of the NHS Act 2006) which allow confidential patient information to be used without patient consent:

Legal basis in common law Opt-out applies Comments
Common Law Consent (Implied) No – out of scope for the national data opt-out

For common law purposes the sharing of information for direct or individual care purposes is on the basis of implied consent. This is out of scope for the national data opt-out - which only applies to purposes beyond individual care.

N.B. This is included in this table for completeness and to emphasise that implied consent can only be used when the surrounding circumstances mean that a patient knows, or would reasonably expect, that their data will be shared. In other words there should be ‘no surprises’ for the individual about who has had access to information about them where implied consent is relied upon.
 

An individual will still be able to ask their doctor or other healthcare professional not to share a particular piece of information with others involved in providing their care and should be asked for their explicit consent before access to their whole record is given.

Common Law Consent (Explicit) No In this case an individual has given their consent for a specific use of their data, for example consenting to participate in a research study.  This would fall within the general exemption from the national data opt-out (see 2.5 below). This rule applies even if the consent was given before the patient had set a national data opt-out.
Mandatory legal requirement No Where there is a legal requirement for the data disclosure that specifically sets aside the common law duty of confidentiality then the national data opt-out will not apply.

Section 251 Regulation 2 – for diagnosis and treatment of cancer

Regulation 5 – for the medical purposes set out in the schedule to the regulations
Yes – in general but there are some specific exemptions

Data disclosure has Section 251 support obtained under regulation 2 or 5.  This applies unless the Confidentiality Advisory Group (CAG) have advised:

  1. that the national data opt-out is overridden in the public interest (NB: This would be in exceptional circumstances only) or
  2. a different opt-out can apply and the section 251 decision-maker (Secretary of State for Health and Social Care or Health Research Authority) has agreed to this. For example data disclosures to Public Health England (PHE) for the National Cancer Register or the National Congenital Anomaly and Rare Diseases Register.
NB: Where reference is made to Section 251 (S.251) support in the rest of this document it specifically applies to regulation 2 or 5 unless explicitly stated otherwise.
Please see Policy considerations for specific organisations or purposes for specific cases where this may not apply.
Section 251 Regulation 3 – for communicable diseases and other risks to public health No Data disclosure under Regulation 3 of the Control of Patient Information Regulations 2002 is exempt from the national data opt-out.


Hence when determining if national data opt-outs will apply this requires the following to be clearly established:

  • purpose - it is for a purpose beyond individual care and
  • the basis for the disclosure in common law

The national data opt-out applies where S.251 support is relied upon, unless there is a specific exemption in place.

Further guidance on lawful processing under GDPR has been published by the Information Commissioner's Office and should be read in conjunction with this operational policy guidance.  Further information on patient confidentiality is available in Confidentiality: NHS Code of Practice published by DHSC and the Code of practice on confidential information published by NHS Digital.

The national data opt-out does not apply where a patient has given their explicit consent to a specific use of their data.

The use of consent for specific purposes is supported by the following excerpt from the NDG review:

“People should continue to be able to give their explicit consent separately if they wish, e.g. to be involved in research, as they do now. They should be able to do so regardless of whether they have opted out of their data being used for purposes beyond direct care. This should apply to patients’ decisions made both before and after the implementation of the new opt-out model”.

As the NDG specified there is no dependency on the timing of when a person gave their consent for a specific disclosure of their data. A person may give consent for a specific purpose either before or after setting a national data opt-out and this consent will constitute an exemption from the national data opt-out for that specific purpose.


2.4: Type of data

The data covered by the national data opt-out.

As noted above, the national data opt-out applies where section 251 support, which enables the use of confidential patient information without consent, is relied upon, and guidance is provided for health and care professionals in assessing what is CPI.


CPI is defined in sections 251 (10) and (11) of the National Health Service Act 2006. Broadly it is information that meets all of the following 3 requirements: 

  1. identifiable or likely identifiable (for example from other data likely to be in the possession of the data recipient); and
  2. given in circumstances where the individual is owed an obligation of confidence; and
  3. conveys some information about the physical or mental health or condition of an individual, a diagnosis of their condition; and/or their care or treatment.

It should be noted that Section 251 (also known as S.251) has been updated to ensure that the definitions used expressly include local authority social care (i.e. care provided for, or arranged by, a local authority).  The term confidential patient information (CPI) also covers data which falls within the “special categories of personal data” under article 9 GDPR and indeed goes beyond this as it also covers information about the deceased as the GDPR only applies to living individuals. Further information on assessing what is CPI for the purposes of applying the national data opt-out is provided in Appendix 6: Confidential Patient Information (CPI) definition.

The national data opt-out does not apply to information that is anonymised in line with the Information Commissioner’s Office (ICO) Code of Practice (CoP) on Anonymisation or is aggregate or count type data.  It should be noted that the ICO Code of Practice covers a range of anonymised data including aggregate data for publication to the world at large through to de-identified data for limited access.  De-identified data for limited access requires a suite of additional organisational and technical control measures to ensure that the risk of re-identification is remote, for example access controls, purpose limitation, staff confidentiality agreements, contractual controls etc.

For clarity the national data opt-out does not apply to workforce or staff data.  NB: Staff data may be removed as a result of the opt-out being applied but only where it is relevant to a patient’s care (for example, a consultant’s name may be linked to an episode of care).  Staff data, and any other personal data which is not confidential patient information, would still be subject to data protection legislation and the rights provided under this, including article 21 (right to object) in GDPR, but sits outside of the scope of the national data opt-out. Information provided by occupational health services would be considered to be relevant to an individual’s care and potentially in scope of the national data opt-out.


2.5: Purpose and point of application

The national data opt-out is defined based on purpose and applies to any disclosure of data for purposes beyond individual care.  More specifically:

  • the national data opt-out would always need to be considered to be applied (in line with this policy) at the organisational or data controller boundary
  • the national data opt-out may also need to be considered to be applied internally at the point of change of purpose – specifically where S.251 support is relied upon as the legal basis for allowing the disclosure of confidential patient information

Purposes beyond individual care are defined as anything that does not meet the definition of individual care (see Appendix 2: Definitions).  It would include purposes such as planning for the provision of local services, managing and running NHS and adult social care services, commissioning, invoice validation, national clinical audits and research.  For completeness the definition of indirect care is also included in the appendix which will assist organisations in making the decision about whether a particular use falls outside of the definition of individual care.

The NDG review made it clear that there are some elements of individual care which rely on the processing of data nationally, for example the electronic transfer of prescriptions, screening, immunisation programmes and the Summary Care Record. “The Review heard no evidence to suggest that there should be a change to effective local or national arrangements for sharing information.” These purposes are considered to be for individual care and are not subject to the national data opt-out.


2.6: Geographical coverage

The national data opt-out relates to information about an individual’s health and adult social care provided in England.

It does not apply to information about an individual’s health or care which is generated or processed outside of England including in home countries of the UK, that is Wales, Scotland, Northern Ireland, or the Isle of Man or Channel Islands.

Opt-outs offered in other home countries and crown dependencies for example in Scotland (the Spire Opt-out), do not apply in England – but they may be applied prior to receipt of any data in England.  (Opt-outs implemented within other countries, such as the Spire Opt-out in Scotland, are for a specific purpose and applicable only within the laws and regulations of that country and therefore must not be inferred as being the equivalent of a national data opt-out within England.)

National data opt-outs continue to apply until the individual proactively changes their opt-out preference, including where the individual subsequently moves away from England. For example an individual moving from England to Wales who has a national data opt-out but does not remove it when they move – their opt-out remains in place and is applied in line with this policy.

The policy for applying national data opt-outs to data flows outside of England are outlined in Cross border data flows.


2.7: Interaction with other opt-outs

Prior to the launch of the national data opt-out individuals could set two types of general opt-outs, via their GP practice:

  • a type 1 opt-out prevents information that identifies individuals being shared outside of their GP practice, for secondary uses.  
  • a type 2 opt-out prevented confidential patient information from being shared outside of NHS Digital for purposes beyond individual care.

Type 1 opt-outs continue to be honoured until September 2020 at the earliest when the Department of Health and Social Care (DHSC) will consult with the NDG before confirming their removal.

Type 2 opt-outs have been replaced by the national data opt-out and are no longer valid.  All type 2 opt-outs recorded in GP practices up to and including 11 October 2018 have been migrated to become national data opt-outs.  NHS Digital has written to inform people who previously registered a type 2 opt-out of this change.  More information on the conversion of type 2 opt-outs can be found on the NHS Digital website.

Other national and local opt-outs for specific purposes (for example summary care record opt-out) remain in place and should continue to be applied, when appropriate, alongside the national data opt-out.

There are specific arrangements for the opt-outs that apply to data flows to Public Health England (PHE) for the two national disease registries and screening programmes that they operate.  These are set out in Flows to Public Health England National Disease Registers and Population screening programmes. Other specific arrangements are in place for Assuring Transformation and for National patient experience surveys.


2.8: Compliance with national data opt-out policy

NHS Digital and a number of other organisations are applying the national data opt-out to any in scope data releases and are compliant with this policy.  All relevant organisations are required to be compliant with the national data opt-out by March 2020.


2.9: Deceased patients

A national data opt-out continues to be maintained and applied for an individual after they have died. Health and adult social care organisations are expected to continue to apply opt-outs for deceased patients and their opt-out will continue to be held on the Spine repository.

Last edited: 25 February 2020 12:15 pm