Sharing Your Records

Sharing your records: your personal information

Information about you is used in a number of ways by the NHS and social care services to support your personal care and to improve health and social care services for everyone.

You can choose not to have anything that could identify you shared beyond your GP practice. You can also choose for the NHS not to share information it collects from all health providers any further.

If you have previously told your GP practice that you don't want the NHS to share your personal confidential information for purposes other than your own care and treatment, your opt-out will have been implemented by the HSCIC or NHS Digital and will remain in place unless you change it.

Simply contact your GP either to register an opt-out or end an opt-out you have already registered and they will update your medical record. Your GP practice will also be able to confirm whether or not you have registered an opt-out in the past.

National data opt-out

The national data opt-out is a service that allows patients to opt out of their confidential patient information being used for research and planning. You can find out more and follow the links to opt out via the NHS Website:

digital.nhs.uk/services/national-data-opt-out

The national data opt-out allows a patient to choose that they do not want their confidential patient informationto be used for purposes beyond their individual care and treatment. Use of patient data for purposes beyond individual care is always subject to data protection legislation and the common law duty of confidentiality (CLDC) considerations, which are not changed by the national data opt-out. Further information can be found in Factsheet 1B – “Types of data used and legal protection in place”.

The national data opt-out policy and rules must be considered every time data is disclosed by health and care organisations for purposes beyond the individual’s care and treatment. The policy must be assessed against the lawful basis underpinning the use of the data, rather than the type of organisation the data is being provided to. The national data opt-out policy must also be considered when using confidential patient information within the same organisation where there is a change in purpose for the use of that information. When a national data opt-out has been set, there are circumstances when it must be applied, and the patient’s data cannot be used, and circumstances when the national data opt-out will not apply. The information below provides more information on those different circumstances. The national data opt-out will apply when:

• Confidential patient information is used for purposes beyond an individual’s care and treatment, AND
• The legal basis to use the data is approval under regulation 2 or 5 of the Control of Patient Information Regulations 2002, section 251 of the NHS Act 2006

Definition of individual care

Individual care was defined by the National Data Guardian (NDG) in her 2016 ‘Review of Data Security, Consent and Opt-Outs’ as:

“A clinical, social or public health activity concerned with the prevention, investigation and treatment of illness and the alleviation of suffering of individuals. It includes supporting individuals’ ability to function and improve their participation in life and society. It includes the assurance of safe and high-quality care and treatment through local audit, the management of untoward or adverse incidents, person satisfaction including measurement of outcomes undertaken by one or more registered and regulated health or social care professionals and their team with whom the individual has a legitimate relationship for their care” (www.gov.uk/government/publications/review-of-data-security-consent-and-opt-outs)

Section 251 approval

The Confidentiality Advisory Group (CAG) considers applications for the use of confidential patient information without patient consent under the following regulations of the Control of Patient Information Regulations 2002, section 251 of the NHS Act 2006:

• regulation 2 (processing for medical purposes related to the diagnosis or treatment of cancer); or
• regulation 5 (processing for general medical and research purposes) Both regulations are also subject to regulation 7, which sets out that the data must not be processed further than for the permitted purpose.

The national data opt-out will apply to approvals made by CAG under the NHS Act 2006 s251, which is in line with the standard conditions for the approval of applications under section 251 to allow opt-outs. In very limited and exceptional circumstances CAG can determine that no opt-out will apply to an approved use of data, where such a decision is made the national data opt-out will not apply.

For further information about section 251 approvals and CAG, see also Factsheet 1B – “Types of data used and legal protection in place”

The national data opt-out will not apply to uses beyond individual care and treatment in the following circumstances:

• When the data being used is anonymised such that it is considered to meet the requirements of the Information Commissioner’s Office (ICO) anonymisation code of practice. See: www.ico.org.uk/for-organisations/guide-to-data-protection/anonymisation.

The intent of anonymisation is to turn data into a form which does not directly identify individuals and where re-identification through its combination with other data is not likely to take place. The ICO’s anonymisation code of practice explains the issues surrounding the anonymisation of personal data, and the disclosure of data once it has been anonymised. The code provides good practice advice that will be relevant to all organisations that need to convert personal data into a form in which individuals are no longer identifiable. It is clear from the code that anonymisation does not need to be risk free but that data controllers need to mitigate the risk of re-identification until it is remote. It covers a range of types of anonymised data from aggregate data through to de-identified individual-level data and sets out how this can meet the legal tests required under the DPA when considering the risk of identification of an individual

This anonymisation code of practice will be reviewed by the ICO after the General Data Protection Regulations have come into force on 25 May 2018.

• When data is provided under a mandatory legal requirement.Such as when there is a court order, when the Care Quality Commission (CQC) use their statutory powers to request information in support of their inspection role, NHS Digital’s powers to collect information when directed (Health and Social Care Act 2012) or sharing for safeguarding cases (The Children Act 1989). For further examples of mandatory legal requirements when a national data opt-out would not apply, see the Operational Policy Guidance document published at: digital.nhs.uk/national-data-opt-out.
• When there is an overriding public interest.There are a small number of exceptional circumstances when clinicians, Caldicott Guardians and managers can decide to share information based on public interest. Such decisions about disclosures of information are made on a case-by-case basis and carefully consider the specific circumstances involved. Data controllers are expected to have existing arrangements in place to apply the public interest test where necessary, and the national data opt-out will not apply.

This also includes approvals made under regulation 3 of section 251, The Control of Patient Information Regulations 2002, which relate to the notification and use of identifiable data for monitoring and managing communicable diseases and risks to public health.

• When the patient has given explicit consent (to meet CLDC requirements) to the use of their data for the specific purpose e.g. they have consented to participate in a medical research study. This rule applies even if the consent may have been given before the patient had set a national data opt-out. It is important to recognise consent required to satisfy the CLDC is different to consent being used as the legal basis for processing data under the Data Protection Act. Further information about consent can be found in Factsheet 1B – “Types of data used and legal protection in place”.
• When data is provided to the services below, which operate a separate opt-out mechanism:The National Cancer Registration Service If a patient does not want their information to be provided to the National Cancer Registration Service and if they have not already done so, they will need to opt out of this data use separately. For more information about this service see www.gov.uk/guidance/national-cancer-registration-and-analysis-service-ncras

The National Congenital Anomalies and Rare Diseases Registration Service.If a patient does not want their information to be provided to the National Congenital Anomalies andRare Diseases Registration Service and if they have not already done so, they will need to opt out of this data use separately. For more details about this service and how to opt out see: www.gov.uk/guidance/the-national-congenital-anomaly-and-rare-disease-registration-service-ncardrs

• When the data is not confidential patient information See Factsheet 3 – “What data and organisations it applies to” for further explanation of confidential patient information. National data opt-out policy considerations for specific purposesThe NDG review made it clear that there are some elements of individual care which rely on the wider processing of data, for example screening and immunisation programmes, and risk stratification for case-finding. These purposes should be treated as for individual care and are therefore not subject to the national data opt-out.

National data opt-outs will not be applied when, for example:

• Data is provided for the oversight and provision of population health screening programmes. This refers to screening programmes that an independent expert group, the UK National Screening Committee (UK NSC), have advised that the NHS should offer.See Annex A for NHS screening programmes offered in 2018 in England.
• Data is provided for the purposes of risk stratification for case-finding, when carried out by a provider involved in an individual’s care. Further detail about considerations for risk stratification can be found in the National Data Opt-out Operational Policy Guidance document published at: digital.nhs.uk/national-data-opt-out.

Information to support payments and invoice validation

Wherever possible, anonymised data should be used for payment and invoice validation purposes. However, the NDG review set out the importance of accurately allocating NHS resources, and recommended that national data opt-outs will not apply when:

• Data is provided for non-contracted invoice validation. This refers to confidential patient information relating to health and care services provided by an organisation when there is no agreed contract in place with the patient’s responsible commissioner for those health and care services.

Further detail about considerations for payments and invoice validation can be found in the National Data Opt-out Operational Policy Guidance document published at: digital.nhs.uk/national-data-opt-out.