The government has confirmed that patients will be able to opt-out for sharing their data beyond direct care.
The promise was made in the government’s response to Dame Fiona Caldicott’s, the national data guardian review into data protection, and says that the national opt-out will be implemented from March 2018.
Published 12 July by Department of Health, the report says there will be an opt-out option for patients who do not want to share their data beyond direct care, which will be applied across the health and social care system.
This comes as last week the Information Commissioner’s Office found a data transfer between the Royal Free NHS Foundation Trust and Google’s DeepMind did not comply with the Data Protection Act.
Helen Stokes-Lampard, chair of the Royal College of GPs, said: “What is essential is that the NHS is beyond reproach when it comes to the use of patient data for any purpose, that patients have trust in the way their data is being used, and that they are confident it will be kept secure.”
The report describes the opt-out as a “significant step forward”, and says “it will provide a single and simple mechanism for individuals to opt-out of their data being shared beyond their direct care”.
Dame Fiona’s report recommended ten data security standards, and the government has accepted the recommendations from the NDG’s report.
By March 2020, patients will be able to use an online service to see how their data collected by NHS Digital has been used for purposes other than their direct care.
Phil Booth, co-ordinator at privacy campaign group medConfidential, said in a statement, that he welcomes the clear commitment that patients will know how their medical records have been used, both for direct care and beyond.
“This commitment means that patients will have an evidence base to reassure them that their wishes have been honoured”, Booth said.
“Some of the details remain to be worked out, but there is a clear commitment from the Secretary of State.”
The report says that the NDG review found that patients believed their data was already being shared for direct care, and that in general patients were content with anonymised data being shared for purposes beyond direct care.
The report says NHS England and NHS Digital will be commissioned to develop a framework, agreed with Dame Fiona, Department of Health and the ICO, to support the system in sharing data for direct care and safeguarding children and adults by July 2017.
The government response says that by December 2018, patients will be able to see who has accessed their summary care record.
The report says the government will adopt the recommendations from the Care Quality Commission in its review, Safe Data, Safe Care. The CQC will now also have to inspect for data protection standards, and this will be supported by the redesigned information governance toolkit.
Existing opt-outs, so called Type 1 opt-outs, will be protected until 2020 and then there will be further consultations on any changes.
Keith McNeil, chief clinical information officer at NHS England, said: “If we can endow health and care data with relevance and purpose through intelligent analysis and interrogation, we can then feedback relevant information to clinicians on the front line to better inform the care of their patients.”
However, he said that to realise these benefits, patients and the wider community need to have confidence that their confidential data will only be used appropriately. “Only for the purpose of improving their healthcare, the care of their family and friends, and the care of future generations.”
The report also stated that NHS Digital will develop and implement a mechanism to de-identify data on collection from GP practices by September 2019.
There will also be UK data protection legislation implemented in May 2018 which will provide a framework to protect personal data and impose severe penalties for data breaches and “reckless or deliberate misuse of information”.