Reviewed June 2025

1. Introduction

This document sets out the policy for Simmondley Medical Practice to ensure compliance with the National Data Opt-Out Policy, which allows patients to opt out of their confidential patient information being used for research and planning purposes.

2. Purpose

The purpose of this policy is to:
- Inform staff of their responsibilities in applying the National Data Opt-Out.
- Ensure all data disclosures for secondary purposes adhere to patient preferences.
- Ensure patients are made aware of their rights to opt out.

3. Scope

This policy applies to:
- All staff, including permanent, temporary, locum, and agency workers.
- All data processing activities where confidential patient information may be disclosed for purposes other than direct care (e.g., research or service planning).

4. Background

Under the Data Protection Act 2018 and Health and Social Care Act 2012, patients have the right to opt out of their confidential data being used for purposes beyond their individual care. This right is supported by the National Data Opt-Out Programme led by NHS England.

5. Patient Communication

Patients will be informed about the National Data Opt-Out via:
- Posters in the waiting room.
- Information leaflets.
- The practice website.
Staff should direct patients to www.nhs.uk/your-nhs-data-matters to manage their data sharing preferences.

6. Application of the Opt-Out

The practice does not currently share data for research or planning purposes directly.
When future disclosures for such purposes are considered, the practice will check and apply the National Data Opt-Out before sharing any data.
Direct care activities (e.g., referrals, prescriptions) are not affected by opt-out preferences.

7. Responsibilities

- Practice Manager: Responsible for ensuring this policy is implemented and that staff are aware of it.
- All Staff: Responsible for being aware of this policy and following its principles.
- Data Protection Officer (DPO): Advises the practice on Data Protection Impact Assessments (DPIAs) and the application of opt-out rules.

8. Staff Training

All staff will complete annual data security and protection training, which includes awareness of the National Data Opt-Out.

9. Data Disclosures

Any proposed disclosure of confidential patient information for non-direct care purposes must be reviewed by the Practice Manager or DPO.
The National Data Opt-Out must be considered in all DPIAs.

10. Exemptions

Certain uses are exempt from opt-out, including:
- When required by law (e.g., court orders).
- In the event of public health emergencies (e.g., pandemics).

11. Monitoring & Review

This policy will be reviewed annually or sooner if there are significant changes to guidance or regulations.
Any breaches or incidents involving the inappropriate use of data will be investigated and reported.