National data opt-out
Published: 03 Mar 2020
The national data opt-out policy comes into force in England in March 2020, enabling patients to opt-out from the use of their data for anything other than their individual care and treatment.
All health and adult social care organisations in England are required to be compliant with the national data opt-out policy, when they are using confidential patient information for purposes beyond an individual’s care and treatment. This includes the submission of data to the National Clinical Audit and Patient Outcomes Programme (NCAPOP). HQIP must in turn ensure compliance for any work we undertake for which we are a data controller.
Care organisations must apply the National Data Opt-Out to NCAPOP data submissions:
- At the point that data leaves the controllership boundary of the care organisation, and
- Where the provision for that flow under the Common Law Duty of Confidentiality is S.251 of the NHS Act 2006.
National clinical audit and clinical outcome review programmes:
HQIP has been working with the providers of our 40 national clinical audits and clinical outcome review programmes to ensure that subsequent processing and transmission of the data HQIP receives from care providers remains compliant with the national requirements. This work has been informed by NHS Digital guidance.
NHS Trusts:
To aid NHS Trusts, we have updated The Directory for NCAPOP projects and the National Joint Registry, to include a column which details the Common Law legal basis for the flow of data from healthcare providers to each project. This will help healthcare providers identify where the National Data Opt-Out should be applied. If further information on legal basis or project scope is required this can be found within each NCAPOP project UPCARE (understanding practice in clinical audit and registries tool) document and hyperlinks to these are also now included within The Directory.
NHS Digital has produced national guidance and a compliance implementation guide for health and social care organisation to understand requirements and responsibilities to become fully compliant.