The mandatory implementation deadline for the National Data Opt-Out (NDOO) is approaching as planned at the end of this month, 31 July 2022. We do not intend to extend implementation of the deadline any further.
Application of the NDOO is aligned with the authorisation for using a patient’s data in accordance with the common law duty of confidentiality. It does not apply where:
- The individual has consented (including where the consent is implied for the purposes of direct care)
- There is an overriding public interest. More on this can be found in the NDOO operational policy guidance –
- There is a mandatory legal requirement to use the information (e.g. where data is required by NHS Digital under section 259 of the Health and Social Care Act 2012).
- Data is processed under regulation 3 of the Health Service (Control of Patient Information) Regulations 2002 for purposes of communicable diseases and other threats to public health
- Data has been anonymised in line with the Information Commissioner’s Office (ICO) Code of Practice) on Anonymisation or is aggregate or count type data.
In practice this means that, broadly, the NDOO applies to data processed under regulation 5 of the Health Service (Control of Patient Information) Regulations 2002 (also known as section 251 approval) unless there is a specific exemption in place.
The Health Research Authority publishes a register of programmes which are processing data under regulation 5, which can be found here.
NHS Digital will publish a list of all those programmes relying on section 251 approval for processing which are exempt from application of the NDOO shortly.
Information for organisations on applying the NDOO can be found on the NHS Digital website here.
Further information:
- Data Opt-outs – Type 1 and National Data Opt-out CLS
- Your Data Matters to the NHS – PDF
- Your Data Matters to the NHS – MP4
- National Data opt-out enquiries mailbox:
newoptoutenquiaries@nhs.net