NHS launches data-sharing 'opt-out' tool for patients across England

Tool allowing patients to choose not to share data coincides with launch day of GDPR

Harvesting data from a laptop

The NHS today launched a national data opt-out tool so patients in England can decide not to share their confidential information for use in research and planning.

Coinciding with the introduction of the EU's General Data Protection Regulation (GDPR) today, the tool will collect patient preferences between now and 2020 - by which point health and social care organisations across England will be expected to apply these to the choices they make in sharing patient data.

This data opt-out facility is fully operational for patients across England from today, albeit in an initial beta, and marks the culmination of NHS Digital efforts to follow recommendations by the National Data Guardian (NDG) Dame Fiona Caldicott in a review published in 2016 that prompted the scrapping of the NHS's care.data scheme, which sought to share patients' health data across the NHS.

"Beyond an understanding that patient records are used to help deliver direct personal care, the public's knowledge about how health and social care data is collected, protected, and used within the health and social care system is limited," Caldicott concluded in her report.

Advertisement
Advertisement - Article continues below

"It is therefore clear that future communications cannot make any assumptions about existing knowledge of data processes and uses, and that there is a role for all health and social care professionals to support public understanding."

Under the terms of the new scheme, any patient with a unique NHS number who has received care from an NHS organisation can choose to opt-out of sharing their confidential information - defined as information that both identifies or could identify the individual, containing some information about their health or condition.

But the opt-out will not apply to a number of circumstances, including where information is used for a patient's individual care, such as screening programmes and summary care records, where information has been fully anonymised, or where data is used to support managing infections diseases or similar public health risks.

According to NHS Digital, opt-outs will be held on the NHS Spine against an individual's NHS number. Organisations will then need to identify any records for patients who have chosen to opt-out, and remove them entirely from the data being used before sharing the remaining dataset.

The national data opt-out, replacing the previous 'type 2' opt-out, will cover data-sharing by any organisation providing publicly-funded care in England, including private and voluntary organisations. Only children's social care services are not covered.

An NHS Digital spokesman told IT Pro that the EU's GDPR rules that come into effect today mean the health service must be clear on how patient data is used and processed.

Data sharing in the health system has been the subject of a number of high-profile controversies, including most recently an agreement between NHS Digital and the Home Office in which non-clinical patient data was shared for immigration enforcement. Following widespread outrage, and a highly critical parliamentary report, the agreement was revised in early May.

Meanwhile, an independent review panel found last year that there was a "lack of clarity" in a data-sharing agreement between the Royal Free Hospital in London and Google's DeepMind project, that saw 1.6 million people's data shared without their consent. This followed an Information Commissioner's Office (ICO) review that deemed the agreement to have breached data protection laws - particularly as patients were not informed as to how their data would be used.

The NHS's care.data scheme aimed to similarly share patients' data between national health bodies, but suffered criticism that it failed to convince the public that their data would be properly safeguarded.

Picture: Shutterstock

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/backup/33385/arcserve-udp-9240dr-review-beef-up-your-backups
backup

Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/network-internet/wifi-hotspots/354283/industrial-wi-fi-6-trial-reveals-blistering-speeds
wifi & hotspots

Industrial Wi-Fi 6 trial reveals blistering speeds

5 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019