01254 966111

National Data Opt-Out Policy

The national data opt-out gives everyone the ability to stop health and social care organisations from sharing their confidential information for research and planning purposes, with some exceptions such as where there is a legal mandate/direction or an overriding public interest for example to help manage the COVID-19 pandemic.

As a domiciliary care provider, it is very rare that we are ever asked to share confidential information for research and/or planning purposes.  Nevertheless, you can if you wish choose to opt-out of your data being used in this way – to do so, please call 01254 933563 and ask to speak with Atif Hussain, the Data Protection Officer, or email contact@alphahomecareservices.co.uk.

  1. Purpose
    1. The purpose of this policy is to explain the introduction of the Data Opt-Out Policy and to ensure that Alpha Homecare Services understands the steps it needs to take to comply with the Data Opt-Out Policy. This policy focusses on key information about the Data Opt-Out Policy, and Alpha Homecare Services acknowledges that it should ensure that it has a thorough understanding of the Data Opt-Out Policy by reviewing the information referred to in the Underpinning Knowledge / References and Further Reading sections of this policy.
    2. To support Alpha Homecare Services in meeting the following Key Lines of Enquiry/Quality Statements (New):
    3. To meet the legal requirements of the regulated activities that Alpha Homecare Services is registered to provide:
      1. The National Health Service Act 2006
      2. Data Protection Act 2018
      3. UK GDPR
  2. Scope
    1. The following roles may be affected by this policy:
      1. staff
    2. The following Service Users may be affected by this policy:
      1. Service Users
    3. The following stakeholders may be affected by this policy:
      1. Family
      2. Advocates
      3. Representatives
      4. Commissioners
      5. External health professionals
      6. Local Authority
      7. NHS
  3. Objectives
    1. To ensure that Alpha Homecare Services understands the requirements of the Data Opt-Out Policy.
    2. To ensure that Alpha Homecare Services understands the steps it needs to take to determine whether the Data Opt-Out Policy applies to Alpha Homecare Services and, if it does, the steps Alpha Homecare Services needs to take to comply with the Data Opt-Out Policy.
  4. Policy
    1. Alpha Homecare Services understands that it must comply with the Data Opt-Out Policy by 31 July 2022, showing to what extent information is processed within the scope of the Data Opt-Out Policy.
    2. Alpha Homecare Services understands that the obligations placed on Alpha Homecare Services as Data Controller under the UK GDPR and Data Protection Act 2018 remain in place and are not affected by the introduction of the Data Opt-Out Policy.
    3. Alpha Homecare Services understands that it may need to introduce new policies and procedures to ensure compliance with the Data Opt-Out Policy.
    4. Alpha Homecare Services understands that the Data Opt-Out Policy applies if an organisation confirms it has approval from the Confidentiality Advisory Group (also known as Section 251 approval) for the disclosure of confidential patient or Service User information held by Alpha Homecare Services. Where Alpha Homecare Services is the Data Controller, it may, if it wishes, disclose the information to the data applicant without breaching its duty of confidentiality. Alpha Homecare Services understands that it is in these cases only that the Data Opt-Out Policy applies.
    5. Alpha Homecare Services understands that it should read, understand and, if necessary, seek advice upon Section 251 and Section 259 of the National Health Service Act 2006 in order to fully understand the application of the Data Opt-Out Policy. Alpha Homecare Services acknowledges that this policy does not provide a detailed overview of the legislation and that Alpha Homecare Services must determine the extent to which the Data Opt-Out Policy applies to Alpha Homecare Services.
    6. Alpha Homecare Services understands that the Data Opt-Out Policy applies to “confidential patient information” which is defined in Section 251(1) of the National Health Service Act 2006 as information that meets the following requirements:
      1. The individual to which the information (for example, the Service User) relates is identifiable or likely to be identifiable; and
      2. The information is given in circumstances where the individual (for example, the Service User) is owed an obligation of confidence; and
      3. The information relates in some way to the physical or mental health or condition of an individual (for example, the Service User), a diagnosis of their condition and/or their care or treatment.
    7. Alpha Homecare Services understands that the Data Opt-Out Policy applies to local authority social care organisations.
    8. Alpha Homecare Services understands that the Data Opt-Out Policy only applies to Service Users and not to employees of Alpha Homecare Services.
    9. Alpha Homecare Services understands that the Data Opt-Out Policy only applies where the information is being disclosed beyond the purpose of individual care i.e. for research and planning. Where Alpha Homecare Services processes information on the basis of implied consent (for example, to provide care), express consent or where there is a legal requirement for disclosure, the Data Opt-Out Policy does not apply.
    10. Alpha Homecare Services understands that the Data Opt-Out Policy applies to health and adult social care provided in England. It does not apply to information generated or processed outside of England including Wales, Scotland, Northern Ireland, the Isle of Man or Channel Islands.
    11. Alpha Homecare Services understands that the Data Opt-Out Policy does not apply retrospectively to data disclosed before a Service User sets an opt out.
  5. Procedure
    1. Alpha Homecare Services will consider the following questions to determine whether the current and ongoing data disclosures of Alpha Homecare Services fall within the scope of the Data Opt-Out Policy:
      1. Is the use or disclosure for individual care or research and planning? If the former, the Data Opt-Out Policy does not apply.
      2. Is Alpha Homecare Services using or disclosing confidential patient information? Please see section 4.6 of the Policy section above for more information.
      3. Does Alpha Homecare Services have express consent from the relevant individual (such as the Service User) for the use or disclosure? If so, the Data Opt-Out Policy does not apply.
      4. Is the disclosure for the purpose of monitoring and control of communicable disease or other risks to public health? If so, the Data Opt-Out Policy does not apply.
      5. Is the information being disclosed because of a legal requirement? If so, the Data Opt-Out Policy does not apply.
      6. Is the use or disclosure in the overriding public interest? If so, the Data Opt-Out Policy does not apply.
      7. Is Section 251 approval relevant? If the data or use has Section 251 support obtained under regulation 2 (diagnosis and treatment of cancer) or regulation 5 (general medical and research purposes), the Data Opt-Out Policy will apply (unless the Confidentiality Advisory Group (CAG) has determined that the Data Opt-Out Policy has been waived but this is only the case in limited and exceptional circumstances).
      8. Has the use or disclosure been granted a specific exemption? Exemptions may apply for disclosures of data for the UK Health Security Agency National Disease Register. (see https://digital.nhs.uk/services/national-data-opt-out/operational-policy-guidance-document/policy- considerations-for-specific-organisations-or-purposes#7-5-flows-to-public-health-england-national-diseas e-registers), Assuring Transformation (see https://digital.nhs.uk/services/national-data-opt-out/operational- policy-guidance-document/policy-considerations-for-specific-organisations-or-purposes#7-8-assuring-trans formation) and national patient experience surveys (see https://digital.nhs.uk/services/national-data-opt-ou t/operational-policy-guidance-document/policy-considerations-for-specific-organisations-or-purposes#7-9- national-patient-experience-surveys)
      9. Is the disclosure to NHS Digital? The Data Opt-Out Policy does not apply where NHS Digital requests data under section 259 of the Health and Social Care Act 2012.
      10. Is the use or disclosure to support payment and invoice validation? The Data Opt-Out Policy does not apply to disclosure of confidential information for invoice validation for contracted and non-contracted activities to Controlled Environments for Finance.
    2. If Alpha Homecare Services determines that the Data Opt-Out Policy is applicable to Alpha Homecare Services, Alpha Homecare Services will apply national data opt-outs by removing the records of anyone who has an opt-out registered before Alpha Homecare Services uses or discloses the information. Alpha Homecare Services understands that NHS Digital has developed a technical service which enables Alpha Homecare Services to check whether the Service Users have requested a national data opt-out. The service can be used by Alpha Homecare Services submitting a list of NHS numbers, in which case the service will return a “cleaned list” of those that do not have a data opt-out, or Alpha Homecare Services can submit NHS numbers for all Service Users with whom they have a legitimate relationship and temporarily store the list of Service Users who do not have an opt-out at the current time.
    3. If Alpha Homecare Services is required to apply the Data Opt-Out Policy, all records associated with the individual must be deleted or removed in their entirety. Alpha Homecare Services may retain data it uses for individual care purposes, but all data used for research and planning must be deleted.
  6. Definitions
    1. Information Commissioner’s Office
      1. The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals
    2. UK GDPR
      1. The UK GDPR is the retained EU law version of GDPR that forms part of English law
      2. Data Protection Act 2018
        1. The Data Protection Act 2018 is a United Kingdom Act of Parliament that updates data protection laws in the UK. It sits alongside the General Data Protection Regulation and replaces the Data Protection Act 1998
    3. Data Opt-Out Policy
      1. The policy was proposed by the National Data Guardian, accepted by the government and directed by the Department of Health and Social Care.
      2. The national data opt-out policy with which certain organisations must comply by the 31st July 2022
    4. GDPR
      1. General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It was adopted on 14 April 2016 and after a two-year transition period became enforceable on 25 May 2018. References to GDPR include references to the UK GDPR
  7. Key Facts – Professionals
    1. Professionals providing this service should be aware of the following: Alpha Homecare Services must understand and apply the Data Opt-Out Policy by the 31st July 2022.
  8. Key Facts – People affected by this service
    1. People affected by this service should be aware of the following: Requests made by individuals (including Service Users) to opt-out of use/disclosure of their information in line with their rights in the Data Opt-Out Policy will have requests complied with by the 31st July 2022.
  9. Further reading
    1. As well as the information in the ‘underpinning knowledge’ section of the review sheet we recommend that you add to your understanding in this policy area by considering the following materials:
    2. NHS Digital provides useful information relating to the Data Opt-Out Policy on its website, including at the following pages:
      1. https://digital.nhs.uk/services/national-data-opt-out/compliance-with-the-national-data-opt-out/ https://digital.nhs.uk/services/national-data-opt-out/guidance-for-health-and-care-staff https://digital.nhs.uk/services/national-data-opt-out/understanding-the-national-data-opt-out  NHS Digital also provides detailed information on patient confidentiality requirements: https://www.gov.uk/government/publications/confidentiality-nhs-code-of-practice
    3. Digital Social Care – National Data Opt-Out – Actions for all CQC-registered adult social care services by 31 July 2022:
      1. https://www.digitalsocialcare.co.uk/data-security-protecting-my-information/national-data-opt-out/? mc_cid=2b44fa16e9&mc_eid=8f36638d47
    4. To be ‘ outstanding ’ in this policy area you could provide evidence that:
      1. Alpha Homecare Services has conducted a data protection impact assessment on the data processing activity being taken to apply national data opt-outs
      2. Alpha Homecare Services has implemented processes to ensure that all opt-outs requested under the Data Opt-Out Policy are complied with
      3. The wide understanding of the policy is enabled by proactive use of the QCS App.