Business > Efficiency

HSCIC to commence patient data opt outs from January

Neil Merrett Published 30 November 2015

Organisation criticised by the ICO for continuing to share data of 700,000 patients despite their objections; delayed scheme not affected


The Health and Social Care Information Centre (HSCIC) will begin implementing 'opt outs' to prevent the sharing of patient data collected by the organisation for purposes other than direct care by January, after failing to so far implement objections received.

Ensuring public trust in the sharing of patient data has been highlighted by health secretary Jeremy Hunt as a vital component of aims to drive technological and digital innovation in healthcare, with security and privacy questions remaining an ongoing challenge.

At present, informed patients are given the opportunity to prevent any data from their GP being shared for purposes other than direct care - known as a type-1 objection - or to opt out of having data held by the HSCIC being shared with regulated third parties, called a type-2 objection.

However, the organisation has come under fire from the Information Commissioner's Office (ICO) for failing to comply with the first principle of the Data Protection Act by continuing to share patient data with select authorised organisations even after hundreds of thousands of type-2 objections were received.

"We are of the view that patients who did opt out would have a reasonable expectation that their personal data would not be included in HSCIC data releases. However, the opt-outs remain on GP practice systems and details of which patients have opted out have never been sent to HSCIC," said a letter sent from the data regulator to HSCIC that was published by the organisation within a recent board paper (see page 71).

"This means that the opt-outs have not been actioned and those patients' personal data continues to be released by the HSCIC. We understand that the number of patients affected has been estimated to be around 700,000."

In response, HSCIC said it had now developed a system designed to uphold opt outs registered by patients as part of engagement with the department of health, NHS England, the ICO and national data guardian Dame Fiona Caldicott.

"We will begin collecting information about the opt-outs from GPs next month so that we can implement them from January 2016," said the organisation.

"This has been a very complex process, throughout which our focus has been to ensure patient choices are honoured, that direct care is not affected and that we protect the confidentiality and security of all patient data. This remains our absolute priority."

The organisation claimed that data was shared with organisations only after they have passed "a strict application process" on how they will use information to health care and ensure security. Information on the organisations currently accessing these data sets is provided by HSCIC through an updated register provided through its website.

These opt-out processes are not presently related to the delayed data programme, which aims to use anonymised patient data extracted from their GP and hospital medical records to improve overall treatment nationally.
HSCIC said that type-2 objections would from January apply to all data flows including

Wit set to launch last year, the flagship patient data programme has faced ongoing delays due to criticisms and concerns from pressure groups and GPs over how health authorities intend to explain the implications to patients of how their details would be collected and shared between different organisations. is not expected to commence until at least next year, with a review currently underway with national data guardian Dame Fiona Caldicott that aims to outline how consent models and opt-outs relating to the programme are worded to try and ensure public support. The review is expected to conclude in January.

The programme, scheduled to launch as part of a trial in four 'pathfinder' clinical commissioning group areas will not begin to extract data without the separate approval of Dame Caldicott that a number of concerns she has raised over the programme are addressed.

"It is important to stress that no data has been extracted under the programme and information will not be collected until public communications have been conducted in the pathfinder areas, and Dame Fiona Caldicott, the national data guardian, has advised the secretary of state that she is satisfied with the programme's proposals and safeguards," said HSCIC in a statement.

Related articles:

Health secretary eyes apps and data security among innovation aims

CCG pilot work continues trial practices unveiled as objection concerns remain

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.