Simmondley Medical Practice
National Data Opt-Out Policy
Reviewed June 2025
1. Introduction
This document sets out the policy for Simmondley Medical Practice to ensure compliance with the National Data Opt-Out Policy, which allows patients to opt out of their confidential patient information being used for research and planning purposes.
2. Purpose
The purpose of this policy is to:
- Inform staff of their responsibilities in applying the National Data Opt-Out.
- Ensure all data disclosures for secondary purposes adhere to patient preferences.
- Ensure patients are made aware of their rights to opt out.
3. Scope
This policy applies to:
- All staff, including permanent, temporary, locum, and agency workers.
- All data processing activities where confidential patient information may be disclosed for purposes other than direct care (e.g., research or service planning).
4. Background
Under the Data Protection Act 2018 and Health and Social Care Act 2012, patients have the right to opt out of their confidential data being used for purposes beyond their individual care. This right is supported by the National Data Opt-Out Programme led by NHS England.
5. Patient Communication
Patients will be informed about the National Data Opt-Out via:
- Posters in the waiting room.
- Information leaflets.
- The practice website.
Staff should direct patients to www.nhs.uk/your-nhs-data-matters to manage their data sharing preferences.
6. Application of the Opt-Out
The practice does not currently share data for research or planning purposes directly.
When future disclosures for such purposes are considered, the practice will check and apply the National Data Opt-Out before sharing any data.
Direct care activities (e.g., referrals, prescriptions) are not affected by opt-out preferences.
7. Responsibilities
- Practice Manager: Responsible for ensuring this policy is implemented and that staff are aware of it.
- All Staff: Responsible for being aware of this policy and following its principles.
- Data Protection Officer (DPO): Advises the practice on Data Protection Impact Assessments (DPIAs) and the application of opt-out rules.
8. Staff Training
All staff will complete annual data security and protection training, which includes awareness of the National Data Opt-Out.
9. Data Disclosures
Any proposed disclosure of confidential patient information for non-direct care purposes must be reviewed by the Practice Manager or DPO.
The National Data Opt-Out must be considered in all DPIAs.
10. Exemptions
Certain uses are exempt from opt-out, including:
- When required by law (e.g., court orders).
- In the event of public health emergencies (e.g., pandemics).
11. Monitoring & Review
This policy will be reviewed annually or sooner if there are significant changes to guidance or regulations.
Any breaches or incidents involving the inappropriate use of data will be investigated and reported.