Introduction
Your patients have a right to know who their patient / personal data is being shared with and why. They also have a right to withdraw their personal data from being shared with organisations for purposes except their own direct care.
Patients who are happy with how their personal data is being used and shared do not need to do anything, although they can change their choice at any time.
Where patients want to ‘opt-out’ of their personal data being shared, it is important your practice understands the different types of opt outs so the patient is able to decide what is best for them.
Please note regardless of the ‘opt-out’ selected, a patient’s data will still be shared with organisations who are involved directly in their care. Selecting an opt out option will make sure a patient’s data is not shared with another organisation for anything other than direct patient care. For example, research and planning.
Type 1 opt-out (opting out of NHS Digital collecting patient’s personal data)
- If a patient does not want to share their personal data with any organisation not involved in their direct care they can inform you and you can apply the Type 1 Opt-out on their behalf. It can only be managed at GP practice. You can request a patient complete this form if you wish and then apply the opt-out.
- If applied this means the likes of NHS Digital will not be able to collect this personal data from the GP Practice (unless it is required for direct care). The personal data will not leave the practice.
- Type 1 opt-outs were introduced in 2013 for data sharing from GP practices, but may be discontinued in the future as the National Data Opt-out has been introduced to cover the broader health and care system. If this happens patients who have registered a Type 1 opt-out will be More about national data opt-outs is in the section.
Who we share patient data with and below. - If a patient registers a type 1 opt out after a data collection has started, this will mean no more of their data will be shared with NHS Digital. NHS Digital will however still hold the personal data which was shared with them before they registered the type 1 opt out.
Summary
Type 1 opt out, no personal data will leave / be shared by the practice unless it relates to a patient’s direct care.
Type 2 opt (no longer in existence)
The Type 2 opt-out has been replaced by the national data opt out.
Type 2 opt outs recorded on or before 11 October 2018 have been automatically converted to national data opt outs.
National data opt outs came into force on the 25th May 2018. Please see the next section.
National data opt out (opting out of NHS Digital sharing your data)
- If a patient is happy to share their personal data with NHS Digital (and from the 21st October 2021 any other organisation) but does not want their personal data being shared on further by NHS Digital (unless it relates to their direct care), they should register a National Data Opt-out.
- NHS Digital collects personal data from GP medical records about patients who have registered a National Data Opt-out. However, to be clear once the National Data Opt-out has been applied NHS Digital will not share any personal data about that patient – this includes GP data, or other data NHS Digital hold, such as hospital data – with other organisations, unless there is an exemption to this and a legal.
- From 1 October 2021, the National Data Opt-out will also apply to any personal data shared by you (your GP practice) with other organisations for purposes except direct This will not apply to this data being shared by GP practices with NHS Digital, as it is a legal requirement for GP practices to share this data with NHS Digital and the National Data Opt-out does not apply where there is a legal requirement to share data.
- A patient should be referred here National Data Opt-out if they do not want NHS Digital to share their personal data.
Summary
National data opt out, personal data will be shared with NHS Digital and other organisations (from the 21st October) but it will not be shared further / on, unless required for direct care.
Why are NHS Digital collecting personal data?
The NHS needs data about the patients it treats in order to plan and deliver its services and to ensure that care and treatment provided is safe and effective.
For example patient data can help the NHS to:
- Monitor the long-term safety and effectiveness of care
- Plan how to deliver better health and care services
- Prevent the spread of infectious diseases
- Identify new treatments and medicines through health research
GP practices already share patient data for these purposes.
This means that GPs can get on with looking after their patients, and NHS Digital can provide controlled access to patient data to the NHS and other organisations who need to use it, to improve health and care for everyone.
Contributing to research projects will benefit us all as better and safer treatments are introduced more quickly and effectively without compromising your privacy and confidentiality.
NHS Digital has engaged with the British Medical Association (BMA), Royal College of GPs (RCGP) and the National Data Guardian (NDG) to ensure relevant safeguards are in place for patients and GP practices.
What you need to do
Make sure the above ‘opt-outs’ are explained to your patient so they are aware of who may have access to their personal data. You can do this by updating your privacy notice or dedicating a web page on your website on the types of ‘opt-outs’ available and what they need to do if they want to register against either.