E: support@e-carehub.co.uk



D330. National Data Opt-Out

Policy Statement

{{org_field_name}} complies with the National Data Opt-Out Policy, which comes into force from 31 July 2022 for all regulated social care providers in England.

{{org_field_name}}ā€™s policy is to comply with these requirements, enabling people who use services to opt out from the use of their data for anything other than their individual care and treatment, for example research or planning purposes. This is in line with the recommendations from the 2018 National Data Guardian in Review of Data Security, Consent and Opt-Outs.

The term ā€œconfidential patient informationā€ is used as a legal term in the NHS where the opt-out is already in force. In this context ā€œconfidential patient informationā€ relates to information about individualsā€™ health or social care that may identify them.

The General Data Protection Regulation (GDPR) definition is that: ā€œPersonal dataā€ means any information relating to an identified or identifiable natural person (ā€œdata subjectā€); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

{{org_field_name}} has an obligation to be compliant by informing people receiving care about their right to choose to opt out of data sharing and provide information if required. It also meets other data protection requirements from national care standards and regulations on good governance of record keeping for purposes beyond direct care and records that are comprehensively fit for purpose and securely maintained.

The national care standard is as follows:

National Data Opt-Out Policy

Under the national data opt-out everyone who uses publicly-funded health and/or care services can prevent health and care organisations sharing ā€œconfidential patient informationā€ with other organisations if it is not about managing or delivering individual care.

For example, if data is used for research or planning purposes, or sent to university and hospital researchers, medical royal colleges, pharmaceutical companies researching new treatments.

If confidential patient information is used for research or planning purposes and this processing relies upon Regulation 5 of the COPI Regulations 2002, this organisation recognises the opt-out does apply.

Where care services are involved in research with universities, they will liaise with their academic partners and follow Health Research Authority guidance, Social Care Research.

Complying with Data Opt-Out Choices

{{org_field_name}}ā€™s policy is that all the information received about or from person who uses services is confidential and that only those who need to know the information will have access to it. {{org_field_name}} will always seek the written permission of its users prior to sharing personal information about them with anyone else, for purposes other than direct care. See Confidentiality of People Receiving Careā€™s Information (England) Policy.

To comply with national data opt-out, {{org_field_name}} has procedures in place to review use or disclosure of confidential patient information and is transparent with the information it handles as to how and when individualsā€™ preference for data opt-out has been applied.  

If the person is unable to give their consent, a decision will be taken in line with ā€œbest interestsā€ procedures set by the Mental Capacity Act 2005. In these circumstances, someone else can set an opt-out choice on behalf of a person who uses services, by proxy, if they have a formal legal relationship with the person, for example they have lasting power of attorney LPA) or are a court-appointed deputy.

Information is available on request from the registered manager for people who use services, next of kin or LPA. See Mental Capacity: Quick Facts.

How People Receiving Care Can Opt Out

As national data opt-outs are set or changed by individuals themselves, this must be done by the person receiving care or someone legally able to act on their behalf.

For people receiving care who do not wish their information shared for research and planning purposes, they can opt out online at https://your-data-matters.service.nhs.uk or by phone: 0300 303 5678 ā€” NHS Digital Contact Centre.

To opt out by post on behalf of a person receiving care a form can be downloaded and printed off: Manage Another Personā€™s Choice on Their Behalf, NHS Data Opt-Out. It can only be done by an individual who holds an LPA.

If people receiving care are happy for information to be shared, they do not need to do anything.

Policy Statement

{{org_field_name}} is satisfying obligations to make provision to inform people receiving care of compliance with the national data opt-out policy. Supporting Your Patients ā€” Information and Resources, NHS Digital.

{{org_field_name}} does not share peopleā€™s information with any pharmaceutical, medical or other researchers and we do not use sensitive information for purposes beyond an individualā€™s care and treatment.

{{org_field_name}} will keep a record and comply with data opt-out decisions, but people receiving care can change their mind at any time.

This will not affect individual care provision, nor how {{org_field_name}} shares information with other organisations specifically to arrange and manage individualsā€™ personal care.

It will also not apply if people receiving care have given explicit consent to share information or if such information is appropriately anonymised.

This organisation reviews all of our data processing on an annual basis to assess if the national data opt-out applies. This is recorded in our Record of Processing Activities. All new processing is assessed to see if the national data opt-out applies.

If any data processing falls within scope of the National Data Opt-Out, we use the Messaging Exchange for Social Care and Health (MESH) system to check if any of people receiving care have opted out of their data being used for this purpose.

{{org_field_name}} is aware that national data opt-out requirements have been waived by the Secretary of State for Health and Care for invoice validation purposes. Any payment flows not reliant on Regulation 5 support are not included.

Data submitted to the Capacity Tracker as outlined in DHSC: Admission and Care of Residents in a Care Home During COVID-19 is also not in scope of the national data opt-out.

{{org_field_name}} proves compliance by publishing their Privacy Notice and submitting their Data Security and Protection Toolkit Assessment. See New Data Security and Protection Toolkit.

Should use of confidential patient data change in the future, this policy will be amended and procedures will be brought in line with those used nationally. In the event of any such change, this will be publicised internally, within {{org_field_name}} and via our website.

{{org_field_name}} will:


Other Legal Requirements

{{org_field_name}} complies with all relevant regulations and legislation relating to people receiving care, including:

Responsible Person: {{org_field_registered_manager_first_name}} {{org_field_registered_manager_last_name}}

Reviewed on: {{last_update_date}}

Next review date: this policy is reviewed annually (every 12 months). When needed, this policy is also updated in response to changes in legislation, regulation, best practices, or organisational changes.

Copyright Ā©2024 {{org_field_name}}. All rights reserved

Leave a Reply

Your email address will not be published. Required fields are marked *