The National Data Opt Out

"Your NHS data matters"


This non-commercial website was written by Dr Neil Bhatia, a GP and Caldicott Guardian / Information Governance lead / Data Protection Officer in Hampshire.

Twitter: @docneilb

This is a personal website and in no way affiliated with any GP surgery or Clinical Commissioning Group.


This site tells you about The National Data Opt Out - how you can exert some control over how your medical records are used for purposes beyond your medical care (so called secondary uses).

THe National Data Opt Out awareness campaign is also known as "Your NHS data matters"


You may have already received a letter from NHS Digital headed:

"The NHS has protected your choice about how your information is used - please check you are happy with this"

That letter refers to the National Data Opt Out - and this site tells you more about it.


Once you know what can happen, or is already happening, to your personal information, then you can make an informed choice as to whether to allow such data sharing to happen or continue - in other words, whether to opt-out or not, or remain opted out.

So you can share data on your terms.

It tells you about the Type 1 ("9Nu0") opt-out (or objection) - an electronic flag added to your GP record, at your request, that blocks the use of your personal confidential information in various ways.

It tells you what it does, and what it does not do; where it works, and where it has no effect.

It tells you about the National Data Opt Out, which has replaced the GP Type 2 opt-out from October 2018.

It tells you how you can limit the ways that NHS Digital can disseminate and sell information that it holds about you, obtained from your GP/hospital/social care/mental health and other such records, to third parties within and outside of the NHS (including commercial organisations).

You can find out about all of the NHS Databases, and other NHS data sharing schemes, via www.nhsdatasharing.info


How do I find out what I have already opted out of, or am opted out of?

You can find out what you have already opted out - both primary and secondary uses of your information - of by simply asking your GP surgery.

Alternatively, you can just opt out of the schemes that you wish to - right now.

It doesn't matter if you opt out of any - or all - of them more than once.


Primary uses of your medical record are uses of data for the main purpose for which they were originally collected.

For your GP record, this means making that information available, to healthcare professionals that you are seeing, for your direct medical care.

That means accessing, or using information from, your GP record when you need to see a healthcare professional because you are ill or (especially at your GP surgery) to keep you well.

You can download a simple factsheet about data sharing between healthcare professionals here.


You can also find information on the NDOO:

NHS Digital launched the National Data Opt Out on 25th May 2018, to coincide with the EU GDPR.



What is the National Data Opt Out (NDOO)?


The NDOO is a mechanism by which individuals in England can control, to a limited degree, certain aspects of their confidential medical information and, in particular, what NHS Digital can do with it once in their possession.

It's about controlling your medical records.

The NDOO only applies to confidential information, that is medical information that can identify you, for example by containing your name, DOB, address, NHS number etc.

And the NDOO only applies to uses of your confidential medical information for secondary purposes, that is unrelated to, and beyond, the direct medical care that GP surgeries and other healthcare organisations provide you with when you are unwell, or to keep you well.


What are "secondary purposes", or "beyond my direct medical care"?


Secondary purposes are more - much more - than simple "Research and Planning"

Secondary purposes include:


Almost always, you are not asked for your permission before your information is used in this way.

Almost always, you have no control over who your information is given to, or for what reason.

Very often, you are completely unaware that the processing of your information in this way is even happening.


The NDOO simply replaces the Type 2 (9Nu4) opt-out that has been in force for some years, and which you were able to express, together with the Type 1 (9Nu0) objection, via your GP surgery.

It is, therefore, nothing new.


If I set, or keep, my NDOO status at "do not allow", what will this mean?


Setting your NDOO status to "do not allow" means:


Which organisations does NHS Digital give or sell my confidential personal information to?


Have a look here to get an idea.

The list is huge.


What will the NDOO/Type 1 objections NOT do?



But the NDOO will not stop:

A Type 1 opt-out (see later) will go some way to preventing these.

Once your data has been copied or released it cannot be recovered.


What about Research?


The NDOO/Type 1 objections will in no way prevent you from taking part in accredited medical research, at your GP surgery/local hospital/other health organisation, where you have given your explicit consent to be involved (i.e. you have been asked first for permission).

They will in no way prevent you from:



The National Data Opt Out doesn't stop you contributing to any research where you are asked first.

It only stops the use of your confidential medical information where you are not asked before your data is taken and used.


"For the research community the national data opt-out has no impact where a patient has consented to participate in a research study and has agreed for their data to be used in that study. Nor will it affect studies that use anonymised data."

Health Research Authority, National Data Opt Out briefing



Will the NDOO stop my confidential GP information being uploaded to NHS Digital in the first place?


NO.

NHS Digital does not rely upon section 251 approval (any more) for data gathering, preferring instead to make such data collections compulsory under section 259 of the Health and Social Care Act.

However, the existing secondary uses, Type 1 (9Nu0), opt-out that many people have in force on their GP record will prohibit data (confidential and, in some cases, de-identified) from being extracted and uploaded from your GP record to NHS Digital in the first place.

In addition, the Type 1 opt-out will also prohibit section 251 approved data extractions, for example for "risk stratification", as well as the mandatory section 259 extractions.


Detailed information about the Type 1 opt-outs can be found in this factsheet.



So how do I maximally limit secondary uses of my medical records, beyond my direct medical care?


Set your NDOO status to "do not allow", see later for how to do this

AND

Make sure you have a secondary uses, Type 1 (9Nu0) objection in force on your GP record - do this via your GP surgery

AND

Consider contacting your local hospital trust, mental health provider, or social care organisation (local council) that you use (or have used) and express "the right to object" to the dissemination of confidential information about you for secondary purposes (including to NHS Digital), where it is not legally mandated.
You have the right to object where your data might be processed in this way and the organisation concerned is relying on Article 6(1)(e) - Official Authority - as the legal basis under GDPR.


What about preventing NHS Digital releasing, disseminating, or selling anonymised and pseudonymised data about me?


You cannot - directly. And you have no control over why they are doing this, for what purpose(s), and to which organisation they are giving or selling your information to.

But you can limit how much information NHS Digital gathers about you from healthcare organisations, by maximally limiting the secondary uses of your medical records, as described above.

They less NHS Digital has about you, the less NHS Digital can sell about you.


So how do I set, check, or update my National Data Opt Out status?


If you had previously requested a Type 2 objection to be in force, via your GP surgery, then this will have automatically set your NDOO status to "do not allow". You should received a letter from NHS Digital, confirming this. Any children aged 13yrs or over will have received their own letter as well.

It is no longer possible to directly view, set or change your NDOO status at your GP surgery.

Anyone aged 13yrs or over can set their NDOO status via the official NDOO website.

Anyone aged 12yrs or younger, or acting on behalf of another individual (i.e. as a proxy, perhaps with lasting power of attorney authority), cannot do this online but will have to ring 0300 303 5678, or by printing off a form and posting it.


So how do I register a Type 1 objection at my GP surgery?


Fill in this form, and give it in to, post it to, fax it to, or email it to your GP surgery.

A similar form can be found via medConfidential.

You can also express a Type 1 objection verbally - in person or by telephone, to your GP surgery.



You can opt back in, or change your National Data Opt Out status, at any time in the future.



Feel free to send me constructive comments about this site.

Neil.Bhatia@nhs.net

PGP public key: 9651 BDC9 46B5 7768 3B3F AF79 8FE1 DACC FEFA 344F


Last updated: 30.10.18


Privacy Policy

This website is hosted by 1&1 UK.

This website does not accept or host any advertising.

This is a non-commercial website and receives no external source of funding from any organisation.

This website does not use cookies.

This website does not collect or process personal data.

This website does not use Google Analytics.

All links from this website are provided for information and convenience only.

This is a personal website and in no way affiliated with any GP surgery or Clinical Commissioning Group.