National data opt-out – Operational policies Published November 2017 (Review January 2018)

Operational policy / guidance themes Building trust – Data use and patient choice Setting When it applies What it applies to How it is applied How it fits with GDPR The following slides provide more detail of the agreed policy and the policy/supporting guidance which is being developed. The policy and guidance have been structured within the following themes: When it applies – these set out the criteria and supporting information to decide whether a national data opt-out does or does not apply What it applies to – these set out what sorts of data the national data opt-out will need to be applied to along with information to support that decision making How its applied – these set out further rules and responsibilities in relation to how the national data opt-out is applied Setting – these set out more guidance on what patients will want to know if they have decided that they wish to set a national data opt-out How it fits with General Data Protection Regulations and new Data Protection Legislation – this is provided as a separate information pack that sets out how the national data opt-out sits alongside new data protection legislation and gives more guidance where there may appear to be any overlap between the two 2

Index - When it applies Policy/Guidance Slide Data shared for purposes beyond individual care and treatment 8 Patient registration information is shared with ONS 10 New Legal basis is Regs 2 Further guidance in development 11 Legal basis is Regs 5 Data shared for individual care and treatment 9 Legal requirement Public interest test Consent Anonymised data Cancer Registries National Congenital Anomalies & Rare Diseases Population screening programmes

Index – What it applies to Policy/Guidance Slide Research purposes 12 Planning purposes Patient deceased Definition of health and care 13 New Data collected as part of health and care in England 14 Cross border flows Publicly funded patients 15 Publicly funded body co-ordinates care Independent providers Further guidance in development 17

Index – How it is applied Policy/Guidance Slide Data controller responsibilities 18 New Remove whole record NHS number is or was present Analysis on national data opt-outs Further guidance in development 19

Index – Setting Policy/Guidance Slide Type 1 opt-outs 20 Receiving care and treatment in England Other opt-outs in place Further guidance in development 21

National data opt-out additional information The determination of when and whether a national data opt-out will apply is based on applying the rules to each particular use of the data There will be instances where despite a national data opt-out being in place a patient cannot opt out of the use of their data for purposes beyond their individual care and there will be times when the opt-out must be applied and their data cannot be used The type of organisation receiving the data is not a consideration when deciding whether a national data opt-out applies, however the data use should always benefit patients and be for the purposes of the provision of health and care or the promotion of health. Patient data must never be shared for marketing or insurance purposes without consent The sharing of personally identifiable data for purposes beyond an individual’s care and treatment is still subject to data protection and common law duty of confidentiality considerations - these are not changed by the national data opt-out Where a patient does not have a national data opt-out this does not mean they can be determined to have consented to the use of their personally identifiable data The national data opt-out is intended to stop personally identifiable data from being shared by an organisation within the health and care system for specific purposes such as managing a service and is not intended to stop data being provided to specific types of organisations as long as there is an established legal basis for the data to be shared. It is important to recognise that if a patient does not have a national data opt-out recorded that does not provide a legal basis on which to share data. The Common Law Duty of Confidentiality must always be considered to establish a legal basis for the sharing of data for purposes beyond an individuals care and treatment 7

When it applies The national data opt-out will apply when: personally identifiable data is used for purposes beyond an individual’s care and treatment the legal bases to use the data is based on approvals made under: regulation 2 (medical purposes related to the diagnosis or treatment of neoplasia i.e. cancer); or regulation 5 (general medical purposes including medical research) of the Control of Patient Information Regulations 2002 under the NHS Act 2006 s251 The Confidentiality Advisory Group which provides independent expert advice on applications for data use under s251 can in some cases agree that opt-outs do not apply but have indicated that this would only be in exceptional circumstances NATIONAL HEALTH SERVICE, ENGLAND AND WALES - The Health Service (Control of Patient Information) Regulations 2002 Reg 2 - Medical purposes related to the diagnosis or treatment of neoplasia (1) Subject to paragraphs (2) to (3) and regulation 7, confidential patient information relating to patients referred for the diagnosis or treatment of neoplasia may be processed for medical purposes approved by the Secretary of State. (2) For the purposes of this regulation, “processing” includes (in addition to the use, disclosure or obtaining of information) any operations, or set of operations, which are undertaken in order to establish or maintain databases for the purposes set out in paragraph (1 ) (3) The processing of confidential patient information for the purposes specified in paragraph (1) may be undertaken by bodies or persons who (either individually or as members of a class) are (a)approved by the Secretary of State, and (b)authorized by the person who lawfully holds the information. Reg 5 - General Subject to regulation 7, confidential patient information may be processed for medical purposes in the circumstances set out in the Schedule to these Regulations provided that the processing has been approved— (a) in the case of medical research, by both the Secretary of State and a research ethics committee, and (b) in any other case, by the Secretary of State. Reg 7 - Restrictions and exclusions Where a person is in possession of confidential patient information under these Regulations, he shall not process that information more than is necessary to achieve the purposes for which he is permitted to process that information under these Regulations 8

When it does not apply The national data opt-out will not apply when: personally identifiable data is used for the patients individual care and treatment the patient has given explicit consent for the use of their data for the purpose being considered this includes where the consent may have been given prior to the patient registering a national data opt-out data is being provided under a mandatory legal requirement that means a data controller must provide the data (such as where there is a court order or the Care Quality Commission have used their statutory powers to require information for inspection purposes) there is an overriding public interest (such as to support the investigation of serious crime and/or to prevent abuse or serious harm to others and this includes approvals made under regulation 3 of the Control of Patient Information Regulations 2002 i.e. communicable diseases and other public health risks) data is provided in an anonymised form such that it meets the Anonymisation: managing data protection risk code of practice – issued by the Information Commissioner’s Office NATIONAL HEALTH SERVICE, ENGLAND AND WALES The Health Service (Control of Patient Information) Regulations 2002 Reg 3 Communicable disease and other risks to public health (1) Subject to paragraphs (2) and (3) and regulation 7, confidential patient information may be processed with a view to— (a) diagnosing communicable diseases and other risks to public health; (b) recognising trends in such diseases and risks; (c) controlling and preventing the spread of such diseases and risks; (d) monitoring and managing— (i) outbreaks of communicable disease; (ii) incidents of exposure to communicable disease; (iii) the delivery, efficacy and safety of immunisation programmes; (iv) adverse reactions to vaccines and medicines; (v) risks of infection acquired from food or the environment (including water supplies); (vi) the giving of information to persons about the diagnosis of communicable disease and risks of acquiring such disease. (2) For the purposes of this regulation, “processing” includes any operations, or set of operations set out in regulation 2(2) which are undertaken for the purposes set out in paragraph (1). (3) The processing of confidential patient information for the purposes specified in paragraph (1) may be undertaken by— (a) the Public Health Laboratory Service; (b) persons employed or engaged for the purposes of the health service; (c) other persons employed or engaged by a Government Department or other public authority in communicable disease surveillance. (4) Where the Secretary of State considers that it is necessary to process patient information for a purpose specified in paragraph (1), he may give notice to any body or person specified in paragraph (3) to require that body or person to process that information for that purpose and any such notice may require that the information is processed forthwith or within such period as is specified in the notice. (5) Where confidential information is processed under this regulation, the bodies and persons specified in paragraph (3) shall make available to the Secretary of State such information as he may require to assist him in the investigation and audit of that processing and in his annual consideration of the provisions of these Regulations which is required by section 60(4) of the Act. 9

When it does not apply The national data opt-out will not apply when: data is to be provided for the National Cancer Registration Service Data is to be provided for the National Congenital Anomalies & Rare Diseases Register data is provided for the oversight and provision of population screening programmes patient registration information is shared with the Office for National Statistics for the production of official statistics these both have their own separate opt-out mechanism NATIONAL HEALTH SERVICE, ENGLAND AND WALES The Health Service (Control of Patient Information) Regulations 2002 Reg 3 Communicable disease and other risks to public health (1) Subject to paragraphs (2) and (3) and regulation 7, confidential patient information may be processed with a view to— (a) diagnosing communicable diseases and other risks to public health; (b) recognising trends in such diseases and risks; (c) controlling and preventing the spread of such diseases and risks; (d) monitoring and managing— (i) outbreaks of communicable disease; (ii) incidents of exposure to communicable disease; (iii) the delivery, efficacy and safety of immunisation programmes; (iv) adverse reactions to vaccines and medicines; (v) risks of infection acquired from food or the environment (including water supplies); (vi) the giving of information to persons about the diagnosis of communicable disease and risks of acquiring such disease. (2) For the purposes of this regulation, “processing” includes any operations, or set of operations set out in regulation 2(2) which are undertaken for the purposes set out in paragraph (1). (3) The processing of confidential patient information for the purposes specified in paragraph (1) may be undertaken by— (a) the Public Health Laboratory Service; (b) persons employed or engaged for the purposes of the health service; (c) other persons employed or engaged by a Government Department or other public authority in communicable disease surveillance. (4) Where the Secretary of State considers that it is necessary to process patient information for a purpose specified in paragraph (1), he may give notice to any body or person specified in paragraph (3) to require that body or person to process that information for that purpose and any such notice may require that the information is processed forthwith or within such period as is specified in the notice. (5) Where confidential information is processed under this regulation, the bodies and persons specified in paragraph (3) shall make available to the Secretary of State such information as he may require to assist him in the investigation and audit of that processing and in his annual consideration of the provisions of these Regulations which is required by section 60(4) of the Act. 10

‘When’ - Further guidance More detailed information will be provided on: the scope and definition of individual care the list of mandatory legal requirements how the national data opt-out will apply to data used to support payment processing such as invoice validation the application of the national data opt-out to surveys the application of the national data opt-out to risk stratification any other specific exemptions 11

What the national data opt-out applies to The national data opt-out will apply to: data being used for research purposes such as to identify the effectiveness of a new drug data being used to provide information to support the safe and effective delivery of health and care services data for a patient who has died, where they had previously set a national data opt-out 12

Definition of health and social care Information about patients generated or processed in the health and care organisations as defined on this slide will be considered as “in scope” for national data opt-outs when used for purposes beyond individual care in line with the wider policy. This includes any subsequent releases by organisations acting as data controllers who use that data such as NHS Digital or Public Health England (PHE). As defined in DH Annual Accounts Policy set by DH CQC Regulated Defined in NHS Act 2006 s251 or regulated by a health or care related professional body e.g. General Pharmaceutical Council Health service bodies or relevant social care bodies as defined within s251 of the NHS Act 2006 13

Data collected in England & cross border flows National data opt-outs will continue to apply if a patient has opted out and then left England without changing their opt-out preference. National data opt-outs will not apply to information from providers of health or care in other home nations, i.e. where the patient receives treatment in another home country. National data opt-outs will apply to information originating in England which is released outside of England. Including to home countries, e.g. Wales, Scotland, Northern Ireland, or the Isle of Man or Channel Islands unless another exemption applies such as consent National data opt-outs will continue to apply until such time as the patient changes their mind and actively changes their opt-out preference setting. This will include patients who have recorded a national data opt-out and then subsequently moved outside of England without changing their opt-out. National data opt-outs will apply to any personally identifiable data originating within providers of health services or adult social care in England which is released outside of England in line with the agreed national opt-out policy. This will include any data released to home countries, e.g. Wales, Scotland, Northern Ireland, or the Isle of Man or Channel Islands unless another exemption applies e.g. consent is in place. 14

Public funding & independent providers National data opt-out The national data opt-out will apply to any publicly funded or publicly co-ordinated care or treatment All NHS organisations (including private patients treated within such organisations) Adult social care which is funded or coordinated by a public body (typically a local authority) NHS funded care within independent providers (e.g. Nuffield, BMI Healthcare) Any release of data by NHS Digital which relates to private patients including that which is collected by a request under s259 of the Health and Social Care Act 2012 Will apply Privately (non NHS) funded patients within independent providers unless the care is coordinated by a public body Care which is not funded or coordinated by a publicly funded - i.e. privately arranged/privately funded care Will not apply   15

Independent providers - illustrative scenarios NHS Org NHS Funded National data opt-out applies NHS patient cared for by NHS provider Y Yes – applies to NHS organisations and NHS funded patient Private patient cared for in NHS provider organisation N Yes – applies to all NHS organisations irrespective of whether NHS funded or private NHS patient cared for by Independent provider Yes – applies to all NHS funded patients Private patient treated by Independent provider No – does not to apply to Independent provider patients (see caveat below around coordination by a public body) Private patient treated by Independent provider where the care is coordinated by a public body Yes – does apply to privately funded independent provider patients where the care is coordinated by a public body, typically a Local Authority Private patients records that are included in data requests under s259 of the HSCA 2012 Yes – to any release of data collected under s259 powers which is in scope of the national data opt-out policy 16

‘What’ - Further guidance More detailed information will be provided on: whether there will be single opt-out question that covers both research and planning purposes or whether a patient can choose to opt out of one or other or both what is classed as personally identifiable data the point at which data being used for purposes beyond individual care and treatment needs to be considered for the national data opt-out 17

Applying the national data opt-out All health and care organisations that act as a sole data controller, a joint data controller or a data controller in common for patients data will have a responsibility for ensuring a patient’s national data opt-out is applied as per the policy Where a national data opt-out is being applied the whole record for that patient must be removed before the data is used – it is not sufficient to remove identifiers The NHS number is the sole identifier that will be used to uphold the national data opt-out. The opt-out must be applied where an NHS number is/or was available as part of the data set that is being used Information on opt-out rates and some analysis of the characteristics of those patients that have chosen to opt out will be made available to help researchers and others to understand how the data may have been affected by the application of national data opt-outs 18

‘Applying’ - Further guidance More detailed information will be provided on: The maximum period of time that is permissible for a national data opt-out to be applied after it has been set by a patient How a national data opt-out should apply where a patient record contains details of another patient such as a record holding both a mother and child's details How the national data opt-out will apply where the data being used is not held in an electronic format such as in paper records and microfiche

Setting – Additional information Type 1 – Opt-outs The national data opt-out will operate alongside the opt-out which is available in GP practices to prevent personally identifiable data from leaving the GP practice for uses beyond individual care Existing Type 1 opt-outs will be respected until 2020, when the Department of Health will consult with the National Data Guardian before confirming their removal Type 2 – Opt-outs Where patients have recorded an opt-out through their GP practice to prevent NHS Digital from using any confidential data it may have collected about them they will be informed about how this will be handled alongside the national data opt-out While the national data opt-out is only available for England, anyone who receives care or treatment within England and has been given an NHS number will be able to register a national data opt-out, though not all channels will be open to them Where any other form of opt-out is already held for a patient for example to support a local data sharing initiative, the national data opt-out must still be considered and applied for any uses beyond individual care in accordance with the national data opt-out policies

‘Setting’ - Further guidance More detailed information will be provided on: The minimum age at which a patient will be able to set a national data opt-out The rules and procedures for a parent, guardian or those with legal responsibilities for children to be able to set a national data opt-out on their behalf Formal proxies who are able to register a national data opt-out on someone else’s behalf such as people with powers of attorney and those representing patients who lack capacity Whether there may be review points when a patient is prompted to consider their current national data opt-out choice, recognising that a patient can change their national data opt-out setting at any time

More information National Data Opt-out Programme web pages and to join our mailing list https://digital.nhs.uk/national-data-opt-out Understanding Patient Data - Wellcome Trust https://understandingpatientdata.org.uk National data opt-out enquiries mailbox newoptoutenquiries@nhs.net – (we are interested in hearing any feedback on the developing policy) Information Governance Alliance (IGA) information on GDPR: https://digital.nhs.uk/information-governance-alliance/General-Data-Protection-Regulation-guidance