Information Commissioner will look at opt-out rights

  • 1 August 2005


Clarification on patients’ rights to opt out of having personal information recorded under the NHS Care Records Service (NCRS) will be sought by the Information Commissioner (IC) in the very near future, according to a letter from the commissioner’s office.

The letter, sent to Dr Paul Thornton, a Warwickshire GP with a special interest in privacy issues, came from a senior official in the IC’s office, Dave Evans. He wrote: “I can confirm this office is involved in ongoing high level discussions with those involved in the implementation of this system.

“While I cannot go into any detail about the subject of the discussion at this stage, I can assure you that any concerns we raise will be taken seriously.”

Dr Thornton wrote to the commissioner – the official responsible for regulating the Data Protection Act – after a debate in the Commons in which health minister, Caroline Flint, gave an assurance that patients would not be obliged to have their information stored on the ‘Spine’

He told the IC: “It is not clear from the Minister’s contribution whether the Department of Health has conceded that the patient’s ability to opt out of the national database exists as a right in law, or whether this is simply being provided as a voluntary concession. I would be grateful if you would confirm that there is a right to opt out of data processing on the proposed National NHS Database.

“Whether or not this opt out exists as of right, there remains no indication that patients will be informed of this option by an amendment to the National Care Records Guarantee, or the promotional material derived from it. I would be grateful if you would confirm that unless patients are fully informed of the arrangements for processing their data, and thus the ‘opt out’, the Fair Processing requirements of the Data Protection Act will not be met.”

Evans, responding for the IC, replied: “It is our understanding that any patient who decides to ‘opt out’ will be able to do so – once this decision has been relayed to the relevant health professional, that patient’s record will only be available to those responsible for producing it.

“Clearly this right to object has to be an inherent part of a National Care Records system as without a viable opt out, any consent inferred by those using the system is unlikely to be considered valid.”

He continues: “Where the processing of personal data is likely to cause damage or distress, a patient would have the right to require that the health professional acting as a data controller ceases or does not begin processing those data.

“The Information Commissioner intends to seek clarification on the opt-out and how it will function in the very near future.”

Dr Thornton told E-Health Insider: "I think it’s good news because it showed that the Information Commissioner’s office was looking critically at the proposals and that they still had substantial doubts about the proposals."

He fears, however, that the opt-out proposed by Connecting for Health, the agency responsible for the Care Record Guarantee and the design of the NCRS, means that if patients ‘opt out’ their information will be hidden from view rather than not being written to the database at all.

Dr Thornton said that for the fair processing requirements of the Data Protection Act patients must be informed of their right to opt out.

"The NHS Care Record Guarantee does not contain that advice to patients,” said Dr Thornton who believes the IC’s input will lead to the Care Record Guarantee being "radically reviewed".


Dr Thornton’s letter to the IC

Information Commissioner’s Office response 

Dr Thornton’s reply


Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Digital Health Coffee Time Briefing ☕

Digital Health Coffee Time Briefing ☕

Today's edition includes GOSH using AI to help identify Parkinson's Disease and a look at the challenges of evaluating digital health tech.
Somerset NHS FT contacts patients about data breach

Somerset NHS FT contacts patients about data breach

Patients at Musgrove Park Hospital are being contacted by Somerset NHS Foundation Trust after it was revealed a staff member inappropriately accessed data.
Digital Health Coffee Time Briefing ☕

Digital Health Coffee Time Briefing ☕

This morning briefing features news from MD Consents, Cardiomatics and confirmation of a data breach at genetic testing company 23andMe.