Digital Social Care is urging health and social care providers to comply with the national data opt-out service by the end of July.
This is a service that allows everyone to opt-out of their confidential information being used for other reasons outside of their care and treatment, for example research or planning.
Digital Social Care, has provided some useful information on this subject and is urging providers to comply, read and act on this guidance now.
The deadline is not expected to be extended, so providers are being asked to act now if they have not already done so.
National data opt-out guidance – who does it apply to?
CQC-registered adult social care providers in England. This includes organisations operating in England even if the headquarters is outside of England.
If you are not a CQC-registered organisation, then you do not need to comply. However, you may wish to do so to support the people you care for.
Digital Social Care also stress that it only applies when ‘a service user is receiving social care that is provided, arranged or funded (in part or whole) by Local Authorities or the NHS in England. If your organisation does not support people receiving such care, you can choose to extend the national data opt-out to cover all your service users.’
What action must you take by 31 July 2022?
The body states that by 31 July 2022, you must:
- Check if you process confidential, identifiable patient information for purposes other than delivery of care.
- Update your policies, procedures and privacy notices to reflect the national data opt-out. QCS customers already have access to updated policies. You must do this even if you do not process identifiable data for research or planning purposes.
- If you do use identifiable, confidential patient information for planning or research purposes, you must check if any of your clients have opted out of sharing their data in this way. If they have, you must stop using their data. You can download and check this on the Messaging Exchange for Social Care and Health (MESH).
What if you do not comply?
Digital Social Care state that this could be considered as a data breach.
It adds the Information Commissioner’s Office is the regulator for personal data and data protection legislation in England. Failure to comply with the national data opt-out could be a breach of obligations to process data fairly and transparently.
Please note that the national data opt-out will be a requirement of completing standards met in the Data Security and Protection Toolkit for 2022/23 onwards.
What data is covered?
The national data opt-out applies to confidential patient information where processing relies upon Regulation 5 of the Health Service (Control of Patient Information Regulations 2002. So, where confidential patient information:
- Identifies or could be used to identify a person
- Is obtained or generated in circumstances leading to an obligation of confidence, and
- Says something about their health, care, or treatment
It does not apply if the information has been anonymised in line with the Information Commissioner’s Office’s Anonymisation Code of Practice.
Further Information and Support