IGPOLCORE93 National Data Opt-Out Policy & Procedure v1 by Provide Community

The

Version: V1

Ratified by: Finance and Investment Committee

Date ratified: 05/04/2023

Job Title of author: Information Governance Manager

Reviewed by Committee or Expert Group Technology Programme Board

Equality Impact Assessed by: Information Governance Manager

1. Introduction

The National Data Opt-Out (NDO) allows patients to opt out of their confidential information being used beyond their direct care. Any confidential information we process for secondary use, e.g. research purposes, clinical audit (national), population planning purposes will be within the scope of NDO unless an exception applies.

The national data opt-out applies to the disclosure of confidential patient information for purposes beyond individual care across the health and adult social care systems in England

2. Purpose

This document provides operational guidance to understand the application of national data opt-out policy – it sets out when the national data opt-out must be applied and how, along with the exemptions when it will not apply.

3. Definitions

Individual

care

Often referred to as ‘direct care’, the legal basis for sharing data for this purpose is implied consent, i.e. where the patient knows or would reasonably expect their data to be shared for their care and treatment.

Purposes beyond individual care

Refers to all uses of data outside an individual’s care and treatment. Sometimes referred to as ‘secondary uses’ or ‘indirect care’.

Compliance

Refers in this context to an organisation assessing its data flows to determine whether they fall within the scope of the National Data Opt-Out policy and applying the opt-out as necessary to any flows that are within scope.

Common Law Duty of Confidentiality (CLDC)

Refers to the responsibility to keep patient data confidential when patients have provided it in circumstances where they would reasonably expect this. Sometimes referred to as a ‘duty of confidence’. Consent is generally required to satisfy the CLDC unless there is a basis in statute or the public interest that allows the CLDC to be overridden.

Data Protection Legislation

Refers in this document to the UK General Data Protection Regulation and the Data Protection Act 2018.

National Data Opt-Out

The right for patients to withhold consent to their confidential information being used for research or planning purposes.

Message Exchange for Social Services and Health (MESH)

NHS Digital’s secure messaging service. It supports the two-way transfer of data between NHS Digital and health and care organisations.

Data Controller

The organisation or person who decides, alone or jointly with others, the purposes for which personal data is processed and the personal data necessary to fulfil those purposes. It is the responsibility of data controllers to apply the National Data Opt-Out to data under their control, either at the point at which it disclosed beyond their data controllership boundary or at the point at which its internal use changes to one to which the National Data Opt-Out applies.

Data Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Processors act on behalf of the relevant controller and under their authority. In doing so, they serve the controller's interests rather than their own

Confidential Patient Information (CPI)

Defined in section 251 (11) of the NHS Act 2006 as information that (a) allows the identity of the individual to be ascertained, either from the information alone or in conjunction with other information in the possession of, or likely to come into the possession of, the person processing that information (b) was provided in circumstances where the individual is owed an duty of confidence, and (c) conveys some information about the health of an individual and/or their care or treatment.

Personal data

Information relating to an identifiable natural person (‘data subject’). ‘Identifiable’ means the data subject can be identified either directly from the data or in combination with other information reasonably likely to be available.

Anonymised information

Information about a patient’s health or care that has been anonymised in accordance with the Information Commissioner’s Code of Anonymisation. Not classed as personal data.

Pseudonymised information

Information in which identifiers have been replaced by markers such that the data subjects are identifiable only if the key to those markers is available. The NHS number is an example. Classed as personal data.

4. Responsibilities

Responsibilities of the Organisation

The organisation needs to ensure that it is acting in compliance with the National Data Opt-Out programme. It must make sure that there are robust systems and processes in place such that those patients who have elected for the National Data Opt-Out have their choice effected

Responsibilities of all Staff

This document should be consulted by any staff responsible for data disclosures of patient data that may bring that data within the scope of the National Data Opt-Out.

The intended audience for this document comprises both individuals who are responsible for ensuring that the legal obligations of data protection and confidentiality are met and implemented and also those who are processing patient data within health and adult social care organisations.

All staff - permanent, temporary, and contractors - are responsible for ensuring that they are aware of and comply with the requirements of this policy and procedure.

A data processing agreement (DPA) will be in place with the data processor that stipulates how decisions are made on applying national data opt-outs and who is responsible for the processing of those opt-outs along with stipulations on controls over who will have access to the data required to undertake the processing to create the data disclosures.

5. Data to which the National Data Opt-Out applies

The National Data Opt-Out applies only to confidential patient information that originates within the health and adult social care system in England, and only to data relating to care that is funded or arranged by a public body.

Any confidential information we process for secondary use, e.g. planning for the provision of local services, managing and running NHS and adult social care services, commissioning, national clinical audits and research which rely on S.251 support will be within the scope of NDO unless an exception (mandatory legal requirement or an overriding public interest) applies.

Already in the NHS, the use of confidential patient information without consent is strictly controlled. Any processing and sharing must always be in accordance with the principles of data protection legislation and the common law duty of confidentiality. Hence confidential patient information tends to be used only where essential and unavoidable. As such, many of these uses override the National Data Opt-Out.

The opt-out applies regardless of the format of the data and this includes structured and unstructured electronic data and paper records. When the opt-out is applied, the entire record (or records) associated with that individual must be fully removed from the data being disclosed. The NHS number is used as the identifier for the removal of the records.

National Data Opt-Outs continue to apply until an individual proactively changes their opt-out preference, including where the individual subsequently moves away from England. Opt-outs are also maintained and applied for an individual after they have died.

Please note, if a clinical system or service does not hold NHS numbers then the NDOO cannot be applied. If there is a requirement to share confidential data under a

Data to which the National Data Opt-Out applies table

S251 for planning or research, then a consent would need to be obtained and recorded from each service users individually.

6. Data to which the National Data Opt-Out does not apply

For the avoidance of doubt, the National Data Opt-Out does not apply:

• When the data subject has explicitly consented to the sharing of their data for a specific purpose

• To anonymised data (In line with the Information Commissioner’s Office (ICO) Code of Practice on Anonymisation)

• It does not apply to data that patients have explicitly consented to share

• To workforce or staff data

• To data disclosed by providers of health and care services located outside England

• To data disclosed by children’s social care services in England

• To data related to private patients at private providers

• To national patient experience surveys including the National Cancer Patient Experience Survey (CPES) and CQC NHS Patient Survey Programme

• To data flows into the Office of National Statistics solely for the production of official statistics.

• To National Screening Programmes of the population endorsed by the UK National Screening Committee, including the NHS Breast Bowel and Cervical Cancer Screening Programmes (15/CAG/0207) and the NHS Abdominal Aortic Aneurysm Screening Programme (ECC 3-04(o)/2011)

• To flows to Public Health England National Disease Registers, including the National Cancer Register (PIAG 03(a)/2001) and the National Congenital Anomaly and Rare Diseases Register (CAG 10-02(d)/2015

7. How to apply the NDO

We must always check whether any purpose for which we use or share patients’ personal information is one to which the National Data Opt-Out applies. Where it does, we will need to identify those patients that have opted-out and exclude their information from use.

Individuals who register for the National Data Opt-Out have a marker attached to their record on the NHS Spine. When the National Data Opt-Out is applied, the entire record or records associated with those individuals must be fully removed from the extract or dataset being used. It is not permitted simply to remove identifiers or otherwise deidentify part of the record.

SystmOne

For services that use or share data from SystmOne a solution is available so that upon request SystmOne clinical reports will automatically remove all the patients that optedout from the report results.

SystmOne will only be able to check the national data opt-out preferences for any patient records with a valid NHS Number. For any incorrect or to be determined NHS numbers (e.g. where the NHS number has been updated following a change at another non-SystmOne organisation and has not yet been changed in SystmOne), these patients should be excluded from the disclosure list, unless the effort of obtaining the NHS numbers from other sources is not disproportionate to the number of missing or inaccurate records, in which case opt-out will apply and the NHS numbers should be obtained and submitted to the NDO check service. Where it is not possible to ascertain whether a patient has opted out or not, their personal data must not be disclosed for secondary use without obtaining their permission as per data protection legislation.

Patients’ national data opt-out preferences are automatically checked by SystmOne against the NHS Digital repository of National Data Opt-outs every 7 days. There is also an overnight query to check for national data opt-out preferences for all patients who have been newly added to SystmOne or patients whose NHS Numbers have changed. Newly added patients to SystmOne, and patients whose NHS numbers change will be assumed to have opted out of sharing their data until their national data opt-out status has been determined using the national data opt-out status query check for these patients.

New Clinical Reporting on SystmOne

When creating a Clinical Report there is a new option to select if the report is to be used for a data dissemination. Once this is selected, users can also enter information and record additional fields against a data disclosure (see Figure 1 – new clinical reporting option screenshot), these are:

• Recipient of data (free text)

• Purpose of data release (free text)

• Apply National Data Opt-out preferences (check box) - All patients that have set a national data opt-out, which is available within SystmOne, will be removed from the data dissemination.

The dissemination will then be compliant with the national data opt-out and is available to be released.

Every time a report is marked as a data dissemination (i.e. the ‘For data dissemination’ option is ticked), an audit is maintained to include every time these reports are ran and it is recorded and displayed on the ‘Data Dissemination Report Audit screen’.

Figure 1

The Clinical Reporting screen can be accessed under the Reporting menu bar option, in order to access Clinical Reporting, users must have the Run Reports access right.

Existing Clinical Reports

You should determine whether any existing reports that are used to disseminate data, need to take into account national data opt-outs and if so, the saved report criteria will need to be edited so that national data opt-outs are applied. This can be done by amending the existing reports from the Clinical Reporting screen, marking a report as a data dissemination and selecting the option Apply National Data Opt-out preferences as shown in the above screen shot, Figure 1

Note: Organisations should also consider any batch reports and review if the clinical reports within a batch report requires updating to now include the application of national data opt-outs.

Strategic Reporting

Provide data warehouse and PARIS reports have a filter to apply NDO.

Other clinical systems

Removal of opted out patients is achieved via the National Data Opt-Out’s dedicated MESH (Message Exchange For Social Care and Health) account for sending lists of NHS numbers to NHS Digital’s Check for National Data Opt-Outs Service and receiving the ‘cleaned’ data back, i.e. with the NHS numbers of those who have optedout removed.

The services which intend to share patient data which are within the scope of the National Data Opt Out to take the following steps:

1. Send an email request to BI (provide.bi-team@nhs.net) with the following information:

a. Data set/reports that need to be shared.

b. Location/system/database of the data

2. Receive a ‘cleaned’ copy of data set that can be shared as required

Services must then use the cleaned set of NHS numbers to remove the records of opted-out patients from the dataset before sharing or otherwise processing it for a purpose to which the National Data Opt-Out applies.

EQUALITY

IMPACT ASSESSMENT

TEMPLATE: Stage 1: ‘Screening’

Name of project/policy/strategy (hereafter referred to as “initiative”):

National Data Opt Out Policy and Procedure

Provide a brief summary (bullet points) of the aims of the initiative and main activities:

Project/Policy Manager: Petra

Lastivkova

Date: 2/2/2023

This stage establishes whether a proposed initiative will have an impact from an equality perspective on any particular group of people or community – i.e. on the grounds of race (incl. religion/faith), gender (incl. sexual orientation), age, disability, or whether it is “equality neutral” (i.e. have no effect either positive or negative). In the case of gender, consider whether men and women are affected differently.

Q1. Who will benefit from this initiative? Is there likely to be a positive impact on specific groups/communities (whether or not they are the intended beneficiaries), and if so, how? Or is it clear at this stage that it will be equality “neutral”? i.e. will have no particular effect on any group.

Neutral

Q2. Is there likely to be an adverse impact on one or more minority/under-represented or community groups as a result of this initiative? If so, who may be affected and why? Or is it clear at this stage that it will be equality “neutral”?

Neutral

Q3. Is the impact of the initiative – whether positive or negative - significant enough to warrant a more detailed assessment (Stage 2 – see guidance)? If not, will there be monitoring and review to assess the impact over a period time? Briefly (bullet points) give reasons for your answer and any steps you are taking to address particular issues, including any consultation with staff or external groups/agencies.

Neutral

Guidelines: Things to consider

Equality impact assessments at Provide take account of relevant equality legislation and include age, (i.e. young and old,); race and ethnicity, gender, disability, religion and faith, and sexual orientation.

The initiative may have a positive, negative or neutral impact, i.e. have no particular effect on the group/community.

Where a negative (i.e. adverse) impact is identified, it may be appropriate to make a more detailed EIA (see Stage 2), or, as important, take early action to redress this – e.g. by abandoning or modifying the initiative. NB: If the initiative contravenes equality legislation, it must be abandoned or modified.

Where an initiative has a positive impact on groups/community relations, the EIA should make this explicit, to enable the outcomes to be monitored over its lifespan.

Where there is a positive impact on particular groups does this mean there could be an adverse impact on others, and if so can this be justified? - e.g. are there other existing or planned initiatives which redress this?

It may not be possible to provide detailed answers to some of these questions at the start of the initiative. The EIA may identify a lack of relevant data, and that data-gathering is a specific action required to inform the initiative as it develops, and also to form part of a continuing evaluation and review process.

It is envisaged that it will be relatively rare for full impact assessments to be carried out at Provide. Usually, where there are particular problems identified in the screening stage, it is envisaged that the approach will be amended at this stage, and/or setting up a monitoring/evaluation system to review a policy’s impact over time.

EQUALITY IMPACT ASSESSMENT TEMPLATE: Stage 2:

(To be used where the ‘screening phase has identified a substantial problem/concern)

This stage examines the initiative in more detail in order to obtain further information where required about its potential adverse or positive impact from an equality perspective. It will help inform whether any action needs to be taken and may form part of a continuing assessment framework as the initiative develops.

Q1. What data/information is there on the target beneficiary groups/communities? Are any of these groups under- or over-represented? Do they have access to the same resources? What are your sources of data and are there any gaps?

Q2. Is there a potential for this initiative to have a positive impact, such as tackling discrimination, promoting equality of opportunity and good community relations? If yes, how? Which are the main groups it will have an impact on?

Q3. Will the initiative have an adverse impact on any particular group or community/community relations? If yes, in what way? Will the impact be different for different groups – e.g. men and women?

Q4. Has there been consultation/is consultation planned with stakeholders/ beneficiaries/ staff who will be affected by the initiative? Summarise (bullet points) any important issues arising from the consultation.

Q5. Given your answers to the previous questions, how will your plans be revised to reduce/eliminate negative impact or enhance positive impact? Are there specific factors which need to be taken into account?

Q6. How will the initiative continue to be monitored and evaluated, including its impact on particular groups/ improving community relations? Where appropriate, identify any additional data that will be required.

Guidelines: Things to consider

An initiative may have a positive impact on some sectors of the community but leave others excluded or feeling they are excluded. Consideration should be given to how this can be tackled or minimised. It is important to ensure that relevant groups/communities are identified who should be consulted. This may require taking positive action to engage with those groups who are traditionally less likely to respond to consultations, and could form a specific part of the initiative. The consultation process should form a meaningful part of the initiative as it develops, and help inform any future action.

If the EIA shows an adverse impact, is this because it contravenes any equality legislation? If so, the initiative must be modified or abandoned. There may be another way to meet the objective(s) of the initiative.

Further information:

Useful Websites www.equalityhumanrights.com Website for new Equality agency www.employers-forum.co.uk – Employers forum on disability www.disabilitynow.org.uk – online disability related newspaper www.womenandequalityunit.gov.uk – Gender issues in more depth www.opportunitynow.org.uk - Employer member organisation (gender) www.efa.org.uk – Employers forum on age www.agepositive.gov.uk – Age issues in more depth