NHS launches data-sharing 'opt-out' tool for patients across England

Tool allowing patients to choose not to share data coincides with launch day of GDPR

Harvesting data from a laptop

The NHS today launched a national data opt-out tool so patients in England can decide not to share their confidential information for use in research and planning.

Coinciding with the introduction of the EU's General Data Protection Regulation (GDPR) today, the tool will collect patient preferences between now and 2020 - by which point health and social care organisations across England will be expected to apply these to the choices they make in sharing patient data.

Advertisement - Article continues below

This data opt-out facility is fully operational for patients across England from today, albeit in an initial beta, and marks the culmination of NHS Digital efforts to follow recommendations by the National Data Guardian (NDG) Dame Fiona Caldicott in a review published in 2016 that prompted the scrapping of the NHS's care.data scheme, which sought to share patients' health data across the NHS.

"Beyond an understanding that patient records are used to help deliver direct personal care, the public's knowledge about how health and social care data is collected, protected, and used within the health and social care system is limited," Caldicott concluded in her report.

"It is therefore clear that future communications cannot make any assumptions about existing knowledge of data processes and uses, and that there is a role for all health and social care professionals to support public understanding."

Under the terms of the new scheme, any patient with a unique NHS number who has received care from an NHS organisation can choose to opt-out of sharing their confidential information - defined as information that both identifies or could identify the individual, containing some information about their health or condition.

Advertisement - Article continues below
Advertisement - Article continues below

But the opt-out will not apply to a number of circumstances, including where information is used for a patient's individual care, such as screening programmes and summary care records, where information has been fully anonymised, or where data is used to support managing infections diseases or similar public health risks.

According to NHS Digital, opt-outs will be held on the NHS Spine against an individual's NHS number. Organisations will then need to identify any records for patients who have chosen to opt-out, and remove them entirely from the data being used before sharing the remaining dataset.

The national data opt-out, replacing the previous 'type 2' opt-out, will cover data-sharing by any organisation providing publicly-funded care in England, including private and voluntary organisations. Only children's social care services are not covered.

An NHS Digital spokesman told IT Pro that the EU's GDPR rules that come into effect today mean the health service must be clear on how patient data is used and processed.

Advertisement - Article continues below

Data sharing in the health system has been the subject of a number of high-profile controversies, including most recently an agreement between NHS Digital and the Home Office in which non-clinical patient data was shared for immigration enforcement. Following widespread outrage, and a highly critical parliamentary report, the agreement was revised in early May.

Meanwhile, an independent review panel found last year that there was a "lack of clarity" in a data-sharing agreement between the Royal Free Hospital in London and Google's DeepMind project, that saw 1.6 million people's data shared without their consent. This followed an Information Commissioner's Office (ICO) review that deemed the agreement to have breached data protection laws - particularly as patients were not informed as to how their data would be used.

The NHS's care.data scheme aimed to similarly share patients' data between national health bodies, but suffered criticism that it failed to convince the public that their data would be properly safeguarded.

Picture: Shutterstock

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The economics of infrastructure scalability

Find the most cost-effective and least risky way to scale

Download now

IT operations overload hinders digital transformation

Clearing the path towards a modernised system of agreement

Download now


General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020

Most Popular


How to find RAM speed, size and type

24 Jun 2020

Microsoft releases urgent patch for high-risk Windows 10 flaws

1 Jul 2020

The top 12 password-cracking techniques used by hackers

12 Jun 2020