Patient data and confidential patient information

The opt-out only applies to confidential patient information - data that includes both:

• information that identifies or could be used to identify the patient
• details about their health or treatment

Data is collected every time a patient has contact with a health and care organisation. It falls into three broad categories:

• demographic – name, address, contact details and NHS number
• administrative – details of appointments, or whether they are waiting for a place in a health and care setting such as a care home or hospital ward
• medical – information such as symptoms, diagnosis, weight, medicines, treatments and allergies

Confidential patient information is information that both identifies the patient, and includes some information about their medical condition or treatment.

Any of the types of data could be confidential patient information under certain circumstances.

If data contains information about medical treatments or conditions along with demographic data that could identify the patient, this is confidential patient information.

Demographic information such as name and address would not normally be confidential patient information. It might be confidential patient information if the address gives an indication of the patient’s medical condition, for example it is a care home for patients with dementia.

If data contains demographic information and administrative information this might also be confidential patient information. If the administrative information relates to a particular care setting, for example mental health services or cancer wards, this, when combined with demographic information, would be considered confidential information as it reveals something about the patient’s condition as well as their identity.

The term 'confidential patient information' is a legal term defined in section 251 (11) of the National Health Service Act 2006. It is information about any patient, alive or dead, that meets the following 3 requirements. It meets the definition if the information:

• is identifiable or likely to be identifiable, for example from other data likely to be held by the person or organisation receiving the data - if a patient could be identified from it
• was given in circumstances where the individual is owed an obligation of confidence
• conveys some information about the physical or mental health or condition of an individual, a diagnosis of their condition, or information on their care or treatment.

Patients are entitled to expect an obligation of confidence from the health and care services they receive.

Section 251's definition of patient has been expanded to include people who might more often be called service users or customers - those receiving adult social care from, or which is arranged by, a local authority.

When data is used for purposes beyond individual care and treatment it is normally anonymised, which means that information that identifies an individual patient has been removed or pseudonymised. A pseudonym is a unique identifier which does not reveal the patient’s ‘real world’ identity.

The intent of anonymisation is to turn data into a form which does not directly identify individuals and where re-identification is not likely to take place.

If the anonymisation is carried out so that it meets the requirements of the Information Commissioner’s Office (ICO)’s anonymisation code of practice then the information will no longer be considered to be confidential patient information, and so the national data opt-out policy would not apply. 

The ICO's code covers a range of types of anonymised data from aggregate data through to de-identified individual-level data and sets out how this can meet the legal tests required under the Data Protection Act (DPA) when considering the risk of identification of an individual. 

You should make sure you're compliant with the latest guidance on anonymisation before you decide whether national data opt-outs need to be applied or not.

It's important to understand that data cannot be anonymised simply by removing the NHS number or other demographic details, as there is still a risk of the data being re-identified when compared with other data sets.

Further information about anonymisation can found on the understanding patient data website.

Read more about the type of data covered by the national data opt-out in the operational policy guidance document.

Find a full definition of confidential patient information in Appendix 6 of the operational policy guidance document.