National Data Opt-Out Policy

The national data opt-out gives everyone the ability to stop health and social care organisations from sharing their confidential information for research and planning purposes, with some exceptions such as where there is a legal mandate/direction or an overriding public interest for example to help manage the COVID-19 pandemic.

As a domiciliary care provider, it is very rare that we are ever asked to share confidential information for research and/or planning purposes.  Nevertheless, you can if you wish choose to opt-out of your data being used in this way – to do so, please call 01254 933563 and ask to speak with Atif Hussain, the Data Protection Officer, or email contact@exemplarycareservices.com.

  1. Purpose
    1. The purpose of this policy is to explain the introduction of the Data Opt-Out Policy and to ensure that Exemplary Care Services understands the steps it needs to take to comply with the Data Opt-Out Policy. This policy focusses on key information about the Data Opt-Out Policy, and Exemplary Care Services acknowledges that it should ensure that it has a thorough understanding of the Data Opt-Out Policy by reviewing the information referred to in the Underpinning Knowledge / References and Further Reading sections of this policy.
    2. To support Exemplary Care Services in meeting the following Key Lines of Enquiry/Quality Statements (New):
    3. To meet the legal requirements of the regulated activities that Exemplary Care Services is registered to provide:
      1. The National Health Service Act 2006
      2. Data Protection Act 2018
      3. UK GDPR
  2. Scope
    1. The following roles may be affected by this policy:
      1. staff
    2. The following Service Users may be affected by this policy:
      1. Service Users
    3. The following stakeholders may be affected by this policy:
      1. Family
      2. Advocates
      3. Representatives
      4. Commissioners
      5. External health professionals
      6. Local Authority
      7. NHS
  3. Objectives
    1. To ensure that Exemplary Care Services understands the requirements of the Data Opt-Out Policy.
    2. To ensure that Exemplary Care Services understands the steps it needs to take to determine whether the Data Opt-Out Policy applies to Exemplary Care Services and, if it does, the steps Exemplary Care Services needs to take to comply with the Data Opt-Out Policy.
  4. Policy
    1. Exemplary Care Services understands that it must comply with the Data Opt-Out Policy by 31 July 2022, showing to what extent information is processed within the scope of the Data Opt-Out Policy.
    2. Exemplary Care Services understands that the obligations placed on Exemplary Care Services as Data Controller under the UK GDPR and Data Protection Act 2018 remain in place and are not affected by the introduction of the Data Opt-Out Policy.
    3. Exemplary Care Services understands that it may need to introduce new policies and procedures to ensure compliance with the Data Opt-Out Policy.
    4. Exemplary Care Services understands that the Data Opt-Out Policy applies if an organisation confirms it has approval from the Confidentiality Advisory Group (also known as Section 251 approval) for the disclosure of confidential patient or Service User information held by Exemplary Care Services. Where Exemplary Care Services is the Data Controller, it may, if it wishes, disclose the information to the data applicant without breaching its duty of confidentiality. Exemplary Care Services understands that it is in these cases only that the Data Opt-Out Policy applies.
    5. Exemplary Care Services understands that it should read, understand and, if necessary, seek advice upon Section 251 and Section 259 of the National Health Service Act 2006 in order to fully understand the application of the Data Opt-Out Policy. Exemplary Care Services acknowledges that this policy does not provide a detailed overview of the legislation and that Exemplary Care Services must determine the extent to which the Data Opt-Out Policy applies to Exemplary Care Services.
    6. Exemplary Care Services understands that the Data Opt-Out Policy applies to “confidential patient information” which is defined in Section 251(1) of the National Health Service Act 2006 as information that meets the following requirements:
      1. The individual to which the information (for example, the Service User) relates is identifiable or likely to be identifiable; and
      2. The information is given in circumstances where the individual (for example, the Service User) is owed an obligation of confidence; and
      3. The information relates in some way to the physical or mental health or condition of an individual (for example, the Service User), a diagnosis of their condition and/or their care or treatment.
    7. Exemplary Care Services understands that the Data Opt-Out Policy applies to local authority social care organisations.
    8. Exemplary Care Services understands that the Data Opt-Out Policy only applies to Service Users and not to employees of Exemplary Care Services.
    9. Exemplary Care Services understands that the Data Opt-Out Policy only applies where the information is being disclosed beyond the purpose of individual care i.e. for research and planning. Where Exemplary Care Services processes information on the basis of implied consent (for example, to provide care), express consent or where there is a legal requirement for disclosure, the Data Opt-Out Policy does not apply.
    10. Exemplary Care Services understands that the Data Opt-Out Policy applies to health and adult social care provided in England. It does not apply to information generated or processed outside of England including Wales, Scotland, Northern Ireland, the Isle of Man or Channel Islands.
    11. Exemplary Care Services understands that the Data Opt-Out Policy does not apply retrospectively to data disclosed before a Service User sets an opt out.
  5. Procedure
    1. Exemplary Care Services will consider the following questions to determine whether the current and ongoing data disclosures of Exemplary Care Services fall within the scope of the Data Opt-Out Policy:
      1. Is the use or disclosure for individual care or research and planning? If the former, the Data Opt-Out Policy does not apply.
      2. Is Exemplary Care Services using or disclosing confidential patient information? Please see section 4.6 of the Policy section above for more information.
      3. Does Exemplary Care Services have express consent from the relevant individual (such as the Service User) for the use or disclosure? If so, the Data Opt-Out Policy does not apply.
      4. Is the disclosure for the purpose of monitoring and control of communicable disease or other risks to public health? If so, the Data Opt-Out Policy does not apply.
      5. Is the information being disclosed because of a legal requirement? If so, the Data Opt-Out Policy does not apply.
      6. Is the use or disclosure in the overriding public interest? If so, the Data Opt-Out Policy does not apply.
      7. Is Section 251 approval relevant? If the data or use has Section 251 support obtained under regulation 2 (diagnosis and treatment of cancer) or regulation 5 (general medical and research purposes), the Data Opt-Out Policy will apply (unless the Confidentiality Advisory Group (CAG) has determined that the Data Opt-Out Policy has been waived but this is only the case in limited and exceptional circumstances).
      8. Has the use or disclosure been granted a specific exemption? Exemptions may apply for disclosures of data for the UK Health Security Agency National Disease Register. (see https://digital.nhs.uk/services/national-data-opt-out/operational-policy-guidance-document/policy- considerations-for-specific-organisations-or-purposes#7-5-flows-to-public-health-england-national-diseas e-registers), Assuring Transformation (see https://digital.nhs.uk/services/national-data-opt-out/operational- policy-guidance-document/policy-considerations-for-specific-organisations-or-purposes#7-8-assuring-trans formation) and national patient experience surveys (see https://digital.nhs.uk/services/national-data-opt-ou t/operational-policy-guidance-document/policy-considerations-for-specific-organisations-or-purposes#7-9- national-patient-experience-surveys)
      9. Is the disclosure to NHS Digital? The Data Opt-Out Policy does not apply where NHS Digital requests data under section 259 of the Health and Social Care Act 2012.
      10. Is the use or disclosure to support payment and invoice validation? The Data Opt-Out Policy does not apply to disclosure of confidential information for invoice validation for contracted and non-contracted activities to Controlled Environments for Finance.
    2. If Exemplary Care Services determines that the Data Opt-Out Policy is applicable to Exemplary Care Services, Exemplary Care Services will apply national data opt-outs by removing the records of anyone who has an opt-out registered before Exemplary Care Services uses or discloses the information. Exemplary Care Services understands that NHS Digital has developed a technical service which enables Exemplary Care Services to check whether the Service Users have requested a national data opt-out. The service can be used by Exemplary Care Services submitting a list of NHS numbers, in which case the service will return a “cleaned list” of those that do not have a data opt-out, or Exemplary Care Services can submit NHS numbers for all Service Users with whom they have a legitimate relationship and temporarily store the list of Service Users who do not have an opt-out at the current time.
    3. If Exemplary Care Services is required to apply the Data Opt-Out Policy, all records associated with the individual must be deleted or removed in their entirety. Exemplary Care Services may retain data it uses for individual care purposes, but all data used for research and planning must be deleted.
  6. Definitions
    1. Information Commissioner’s Office
      1. The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals
    2. UK GDPR
      1. The UK GDPR is the retained EU law version of GDPR that forms part of English law
      2. Data Protection Act 2018
        1. The Data Protection Act 2018 is a United Kingdom Act of Parliament that updates data protection laws in the UK. It sits alongside the General Data Protection Regulation and replaces the Data Protection Act 1998
    3. Data Opt-Out Policy
      1. The policy was proposed by the National Data Guardian, accepted by the government and directed by the Department of Health and Social Care.
      2. The national data opt-out policy with which certain organisations must comply by the 31st July 2022
    4. GDPR
      1. General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It was adopted on 14 April 2016 and after a two-year transition period became enforceable on 25 May 2018. References to GDPR include references to the UK GDPR
  7. Key Facts – Professionals
    1. Professionals providing this service should be aware of the following: Exemplary Care Services must understand and apply the Data Opt-Out Policy by the 31st July 2022.
  8. Key Facts – People affected by this service
    1. People affected by this service should be aware of the following: Requests made by individuals (including Service Users) to opt-out of use/disclosure of their information in line with their rights in the Data Opt-Out Policy will have requests complied with by the 31st July 2022.
  9. Further reading
    1. As well as the information in the ‘underpinning knowledge’ section of the review sheet we recommend that you add to your understanding in this policy area by considering the following materials:
    2. NHS Digital provides useful information relating to the Data Opt-Out Policy on its website, including at the following pages:
      1. https://digital.nhs.uk/services/national-data-opt-out/compliance-with-the-national-data-opt-out/ https://digital.nhs.uk/services/national-data-opt-out/guidance-for-health-and-care-staff https://digital.nhs.uk/services/national-data-opt-out/understanding-the-national-data-opt-out  NHS Digital also provides detailed information on patient confidentiality requirements: https://www.gov.uk/government/publications/confidentiality-nhs-code-of-practice
    3. Digital Social Care – National Data Opt-Out – Actions for all CQC-registered adult social care services by 31 July 2022:
      1. https://www.digitalsocialcare.co.uk/data-security-protecting-my-information/national-data-opt-out/? mc_cid=2b44fa16e9&mc_eid=8f36638d47
    4. To be ‘ outstanding ’ in this policy area you could provide evidence that:
      1. Exemplary Care Services has conducted a data protection impact assessment on the data processing activity being taken to apply national data opt-outs
      2. Exemplary Care Services has implemented processes to ensure that all opt-outs requested under the Data Opt-Out Policy are complied with
      3. The wide understanding of the policy is enabled by proactive use of the QCS App.