NHS Digital and NHSX have extended the deadline for the national data opt-out by six months to allow NHS organisations to focus on the Covid-19 outbreak.

In a letter sent to staff, Jackie Grey, executive director of information governance at NHS Digital and Kathy Hall, NHSX’s director of technology and data strategy, said the deadline by which health and social care organisations must comply with the opt-out policy would be moved from March to September.

The letter explained that the decision had been made to enable staff to cope with the “significant pressures” expected over the coming months caused by Covid-19.

The letter, seen by Digital Health News, reads: “The health and social care system is going to face significant pressures in the coming months due to the Covid-19 outbreak. Staff will need to work in different ways than usual and we want to ensure that they can focus on responding to these events.

“We have therefore made the decision to extend the compliance deadline for the national data opt-out for six months up to 30 September 2020, at which point we will review the position.

“Those organisations that are already compliant with the national data opt-out should continue as appropriate and organisations that are working towards compliance may continue to do so if they have sufficient resources and are confident that preparation will not impact their response to Covid-19.”

The national data opt-out allows patients to choose how their health data is used outside of their direct care for research and planning purposes by the NHS.

All health and care organisations in the UK are required to be compliant with the national data policy by 2020.

Instances where the disclosure of patient information can be demonstrated as serving public interest – such as when the public interest in disclosing the data outweighs interest in maintaining confidentiality – are exempt from the policy.

“Our expectation is that the national data opt-out will not apply to data sharing for the purposes of responding to Covid-19,” the letter continues.

“Good information governance enables health and care staff to manage and share information to benefit the people they are caring for and the wider public and to enable individuals to understand how their data is used.

“Please be assured that we intend this extension to be a temporary measure to allow the health and care system to focus on responding to the Covid-19 outbreak; implementation of the national data opt-out remains an important element in the longer term work to build public trust for the use of health.”

Data security protection toolkit

The final date for submission of the data security and protection toolkit (DSPT) has also been delayed until 30 September 2020.

The DSPT was introduced in May 2018, consisting of an online self-assessment to ensure all NHS care providers comply with data safety standards and remain resilient against cyber-attacks.

It an update posted last week, NHSX acknowledged that it would “be difficult for many organisations to fully complete the toolkit without impacting on their Covid-19 response [and] has therefore taken the decision to push back the final deadline for DSPT submissions to 30 September 2020″.

It added: “Whilst the DSPT submission deadline is being relaxed to account for Covid-19, the cyber security risk remains high. All organisations must continue to maintain their patching regimes.”

NHS Digital and NHSX have been grappling to respond to the demands coronavirus has placed on the health service, which has led to an influx of calls to NHS 111, hospitals and GP surgeries.

As a result, NHS Digital has been granted additional powers to enable it to track and respond to the virus using available data, meanwhile NHSX has confirmed that is working on an app designed alert people to new cases in their area and report their own symptoms.