NHS launches data-sharing 'opt-out' tool for patients across England

Tool allowing patients to choose not to share data coincides with launch day of GDPR

Harvesting data from a laptop

The NHS today launched a national data opt-out tool so patients in England can decide not to share their confidential information for use in research and planning.

Coinciding with the introduction of the EU's General Data Protection Regulation (GDPR) today, the tool will collect patient preferences between now and 2020 - by which point health and social care organisations across England will be expected to apply these to the choices they make in sharing patient data.

Advertisement - Article continues below

This data opt-out facility is fully operational for patients across England from today, albeit in an initial beta, and marks the culmination of NHS Digital efforts to follow recommendations by the National Data Guardian (NDG) Dame Fiona Caldicott in a review published in 2016 that prompted the scrapping of the NHS's care.data scheme, which sought to share patients' health data across the NHS.

"Beyond an understanding that patient records are used to help deliver direct personal care, the public's knowledge about how health and social care data is collected, protected, and used within the health and social care system is limited," Caldicott concluded in her report.

"It is therefore clear that future communications cannot make any assumptions about existing knowledge of data processes and uses, and that there is a role for all health and social care professionals to support public understanding."

Under the terms of the new scheme, any patient with a unique NHS number who has received care from an NHS organisation can choose to opt-out of sharing their confidential information - defined as information that both identifies or could identify the individual, containing some information about their health or condition.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

But the opt-out will not apply to a number of circumstances, including where information is used for a patient's individual care, such as screening programmes and summary care records, where information has been fully anonymised, or where data is used to support managing infections diseases or similar public health risks.

According to NHS Digital, opt-outs will be held on the NHS Spine against an individual's NHS number. Organisations will then need to identify any records for patients who have chosen to opt-out, and remove them entirely from the data being used before sharing the remaining dataset.

The national data opt-out, replacing the previous 'type 2' opt-out, will cover data-sharing by any organisation providing publicly-funded care in England, including private and voluntary organisations. Only children's social care services are not covered.

An NHS Digital spokesman told IT Pro that the EU's GDPR rules that come into effect today mean the health service must be clear on how patient data is used and processed.

Advertisement - Article continues below

Data sharing in the health system has been the subject of a number of high-profile controversies, including most recently an agreement between NHS Digital and the Home Office in which non-clinical patient data was shared for immigration enforcement. Following widespread outrage, and a highly critical parliamentary report, the agreement was revised in early May.

Meanwhile, an independent review panel found last year that there was a "lack of clarity" in a data-sharing agreement between the Royal Free Hospital in London and Google's DeepMind project, that saw 1.6 million people's data shared without their consent. This followed an Information Commissioner's Office (ICO) review that deemed the agreement to have breached data protection laws - particularly as patients were not informed as to how their data would be used.

The NHS's care.data scheme aimed to similarly share patients' data between national health bodies, but suffered criticism that it failed to convince the public that their data would be properly safeguarded.

Picture: Shutterstock

Advertisement
Advertisement

Recommended

Visit/policy-legislation/data-protection/355184/supreme-court-finds-morrisons-was-not-liable-for-2014
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020
Visit/security/privacy/355048/government-may-trace-covid-19-patients-using-mobile-phone-data
privacy

UK government may trace COVID-19 patients using mobile phone data

20 Mar 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354842/irish-data-regulator-racks-up
General Data Protection Regulation (GDPR)

Irish data regulator racks up GDPR cases against Big Tech

24 Feb 2020
Visit/data-insights/data-management/354423/eu-us-data-transfer-tools-used-by-facebook-ruled-legal
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019

Most Popular

Visit/security/cyber-security/355200/spacex-bans-the-use-of-zoom
cyber security

Elon Musk's SpaceX bans Zoom over security fears

2 Apr 2020
Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020