Which data disclosures do national data opt-outs apply to?
National data opt-outs apply to a disclosure when an organisation, for example a research body, confirms they have approval from the Confidentiality Advisory Group (CAG) for the disclosure of confidential patient information held by another organisation responsible for the data (the data controller) such as an NHS Trust.
The CAG approval is also known as a section 251 approval and refers to section 251 of the National Health Service Act 2006 and its current Regulations, the Health Service (Control of Patient Information) Regulations 2002. The NHS Act 2006 and the Regulations enable the common law duty of confidentiality to be temporarily lifted so that confidential patient information can be disclosed without the data controller being in breach of the common law duty of confidentiality.
In practice, this means that the organisation responsible for the information (the data controller) can, if they wish, disclose the information to the data applicant, for example a research body, without being in breach of the common law duty of confidentiality. To be clear - it is only in these cases where opt-outs apply.
In certain cases it has been agreed that the National Data Opt-Out should not be applied to programmes which have section 251 approval. More information on these can be found at paragraphs 7 and 8 below and a list of the programmes for which the NDOO should not be applied to is available. This list is subject to change so please ensure you check the most up to date version. The organisation requesting the data can also inform you that the National Data Opt-Out does not apply.
Read more information about CAG and the section 251 approvals process on the Health Research Authority (HRA) website.