The introduction of the National Data Opt Out (NDOO) was announced in 2018 and allows for patients to opt out of their confidential patient information being used for research and planning purposes in specific situations.
From 31 July 2022 it has been mandatory for organisations that process patient data to apply the NDOO, when they are undertaking the specific activities within the scope of the NDOO. This document provides an overview of when the NDOO is applied.
The NDOO is however managed by NHS England and the HRA advises that organisations review the NDOO Operational Policy Guidance for full information on applying the NDOO.
When does the National Data Opt Out apply?
Application of the NDOO is aligned with the authorisation used for sharing a patient’s data in accordance with the common law duty of confidentiality (CLDC). It applies to research and non-research activities only where authorisation for accessing of confidential patient information is provided by Regulation 5 Support under the Health Service (Control of Patient Information) Regulations 2002. This is more commonly known as Section 251 Support.
In practice this means that the NDOO should only be applied for applications that have been supported by the HRA (for purposes of research) or the Secretary of State for Health and Social Care (or all other purposes) following submission to, and advice from, the Confidentiality Advisory Group (CAG). Full information is provided on NHS England's website. Only research studies that have been reviewed by CAG need to take any action relating to the NDOO. No other research studies should apply the NDOO.
When does the National Data Opt Out not apply?
The NDOO does not apply to data where Section 251 support is not the authorisation for accessing data in accordance with the CLDC.
This means it does not apply in situations where the participant has given consent. This includes some instances where explicit consent is not requested of the participant, for example patients do not have capacity to consent or research taking place in emergency situations. These activities have a different legal basis that are considered by the Research Ethics Committee, and do not need to apply to CAG.
It also does not apply to the following, provided the individual undertaking the processing of identifiable information has a legal basis to access the information as part of their employed role.
- activities undertaken by Trusts to identify patients to invite into research studies, prior to patient consent
- sharing of anonymised information to third parties.
Full information is provided on NHS England's website.
In limited situations an activity that has been given Section 251 support following CAG advice may be exempted from applying the NDOO. You can find a list of activities exempted from the National Data Opt Out on the NHS England's website. Minutes of the CAG national data opt out considerations can be found here.