A National Data Opt-out launched on 25 May, but the form linked below is the only method currently available that enables you to make a consent decision for yourself and your dependent children at the same time.

It has been announced that, from October 2018, you should be able to easily view how data about you has been used, so you can verify the effects of your consent choices. We await delivery of this promise.

People who have already opted out of the use of their data for purposes beyond their direct care will be written to personally during the summer of 2018, but there is currently no commitment to directly inform those who have not opted out. In other words, unless they happen to see a poster or hear a radio ad, a very large number of NHS patients will likely be kept in the dark.

Until you can see how data about you is actually used, in detail, the Government expects you to base your decision solely upon the various statements and assertions that are made about it. We provide links to evidence below of ways in which some of these statements and ‘guidance’ are breached in practice.

In the absence of evidence that reassures you, medConfidential’s advice is (as it always has been) to follow the precautionary principle – opting out now is safer, as you can change your mind at any time. Once your data has been copied or released, however, it cannot be recovered.

As new information or actions you can take become available, we inform our mailing list:

---

Re-use of your records beyond your direct medical care:
Choices available to you

None of these choices will affect your medical care, or the data that is available for your care.

GP data: As your ‘front door’ to the NHS, your GP holds the lifetime history of your GP care – your prescriptions, your ailments, your tests and referrals, and the context for them all. You have the choice whether information from your GP record is copied outside of your GP practice for purposes other than your direct medical care. (This choice was created in 2010, and is only between you and your GP.) Your GP treats you; other parts of the NHS treat a condition.

Other data: The National Data Opt-out covers your data leaving all other care providers, and NHS Digital, for purposes beyond your direct care. This choice will, in time, cover all hospitals, etc. and can be set either via NHS Digital or (for now) your GP. The National Data Opt-out also covers all data leaving bodies such as Public Health England, which runs the database of every patient who has ever had cancer, and other databases.

You can express your wishes about the use of only your non-GP data online, or both your GP and non-GP data by filling in and giving this form to your GP:

Use this form [PDF]

If you wish to express a consent choice for your dependent children, the form linked above is currently the only way to do it, in a single step. NHS Digital’s new online service does not work for your children.

---

Re-use of your records beyond your direct medical care:
Choices not available to you

Exercising the opt-out choices above will protect you from some risks – certainly more risks than if you do not expressing those choices. Both opt-outs do precisely what the Department of Health claims they do, but they do not protect you as they could.

These choices do not, for example:

• Prevent the sale of your hospital history to companies
• Prevent the use of prescribing data by pharmaceutical marketers to influence your doctors
• Prevent public bodies doing work with the data they have for commercial companies (such as tobacco companies)
• Prevent mistakes by those who have copies of your medical information from the above (Partridge Review recommendations)
• Prevent the non-clinical body NHS England insisting that you opt out all over again if it creates a new project

Compliance with the 2018 Data Protection Act (which implements the General Data Protection Regulation in UK law) has not yet been assessed.

And, in many ways, the safeguards promised in 2014 are still entirely missing:

• The commercial re-use loophole remains open
• No ‘single-strike’ penalties are in place
• No significant contractual sanctions have been applied, despite serious breaches
• No Regulations have been laid to guide the Confidentiality Advisory Group
• NHS Digital is still releasing huge volumes of linked, individual-level patient histories rather than using safe settings
• The sole independent advisory group on collecting GP data – GPES IAG, the group that first raised concerns about care.data – was abolished without a full replacement

The best way to have confidence in how your wishes will be respected, and in how your data will be used next month, is to see how your data was used last month. This, for reasons we list above, remains impossible.