NHS launches data-sharing 'opt-out' tool for patients across England

Tool allowing patients to choose not to share data coincides with launch day of GDPR

Harvesting data from a laptop

The NHS today launched a national data opt-out tool so patients in England can decide not to share their confidential information for use in research and planning.

Coinciding with the introduction of the EU's General Data Protection Regulation (GDPR) today, the tool will collect patient preferences between now and 2020 - by which point health and social care organisations across England will be expected to apply these to the choices they make in sharing patient data.

This data opt-out facility is fully operational for patients across England from today, albeit in an initial beta, and marks the culmination of NHS Digital efforts to follow recommendations by the National Data Guardian (NDG) Dame Fiona Caldicott in a review published in 2016 that prompted the scrapping of the NHS's care.data scheme, which sought to share patients' health data across the NHS.

"Beyond an understanding that patient records are used to help deliver direct personal care, the public's knowledge about how health and social care data is collected, protected, and used within the health and social care system is limited," Caldicott concluded in her report.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"It is therefore clear that future communications cannot make any assumptions about existing knowledge of data processes and uses, and that there is a role for all health and social care professionals to support public understanding."

Under the terms of the new scheme, any patient with a unique NHS number who has received care from an NHS organisation can choose to opt-out of sharing their confidential information - defined as information that both identifies or could identify the individual, containing some information about their health or condition.

But the opt-out will not apply to a number of circumstances, including where information is used for a patient's individual care, such as screening programmes and summary care records, where information has been fully anonymised, or where data is used to support managing infections diseases or similar public health risks.

According to NHS Digital, opt-outs will be held on the NHS Spine against an individual's NHS number. Organisations will then need to identify any records for patients who have chosen to opt-out, and remove them entirely from the data being used before sharing the remaining dataset.

The national data opt-out, replacing the previous 'type 2' opt-out, will cover data-sharing by any organisation providing publicly-funded care in England, including private and voluntary organisations. Only children's social care services are not covered.

An NHS Digital spokesman told IT Pro that the EU's GDPR rules that come into effect today mean the health service must be clear on how patient data is used and processed.

Advertisement - Article continues below

Data sharing in the health system has been the subject of a number of high-profile controversies, including most recently an agreement between NHS Digital and the Home Office in which non-clinical patient data was shared for immigration enforcement. Following widespread outrage, and a highly critical parliamentary report, the agreement was revised in early May.

Meanwhile, an independent review panel found last year that there was a "lack of clarity" in a data-sharing agreement between the Royal Free Hospital in London and Google's DeepMind project, that saw 1.6 million people's data shared without their consent. This followed an Information Commissioner's Office (ICO) review that deemed the agreement to have breached data protection laws - particularly as patients were not informed as to how their data would be used.

The NHS's care.data scheme aimed to similarly share patients' data between national health bodies, but suffered criticism that it failed to convince the public that their data would be properly safeguarded.

Picture: Shutterstock

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/data-insights/data-management/354423/eu-us-data-transfer-tools-used-by-facebook-ruled-legal
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019
Visit/backup/33385/arcserve-udp-9240dr-review-beef-up-your-backups
backup

Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020