Update December 2016: Due to uncertainty imposed by the Government, there is an alternate longer process for now. The promise that this will not affect your direct care will also continue to be true.
Update August 2016: These arrangements may change in future, but the below is true for now. This page, and our mailing list, will update when changes become known, which should be in advance of them happening.
UPDATE April 2016: GPs have honoured your request since you handed in your form, possibly several years ago.
How did we get here?
As of late April 2016, the various cockups have been corrected, and the opt outs do what they should do. We continue to work to ensure all opt outs are honoured throughout the NHS.
You can see the organisations which have received data in HSCIC’s quarterly Data Release Register.
Unfortunately at this point no-one,
including HSCIC itself, will tell you if your data has been released – which is one example of why we’ve been pushing for personalised Data Usage Reports. With those in place, you would know where data about you has gone, and why. This protects everyone, those who opted out know that their wishes have been honoured, but also those who do wish their data to be used know how it has been used, and the knowledge that was generated as a result.
If you want to be kept up to date with what’s going on, and with facts you can act on:
If you do have any concerns about data sharing projects, and if you haven’t done so already, our advice continues to be to opt out now.
Opt out form
All you need do is write a letter to your GP or download a simple form (link below) instructing your doctor to opt you out, which you can fill in and post or drop into your surgery reception for their attention.
If you have any problems getting your surgery to understand what you are opting out of, or if they hand you an opt out form for something else, email email@example.com and we’ll look into it.
Dr Neil Bhatia, a Hampshire GP, has written the text of a leaflet with a tear-off form that you can use for yourself, your minor children (i.e. children below the age of consent – older children must opt out for themselves) and anyone for whom you hold lasting power of attorney:
Please do take a few moments to e-mail this PDF to your family, friends and colleagues, or send them the link to this page – www.medconfidential.org/how-to-opt-out – or share it on social media. You might even print off copies of the form (which conveniently prints double-sided and folds to fit in a DL envelope) to give to others who may not have heard about what’s going to happen to their medical records, and won’t know what they can do.
Dr Bhatia also provides more information on the care.data scheme on his website: www.care-data.info
Opt out letter
If you do not want confidential, identifiable information from your medical records to be uploaded and passed on for purposes other than your medical care you can opt out by telling your doctor. You don’t have to book an appointment to do this, you can simply send a letter.
As an alternative to the form above, we provide a letter in Microsoft Word (.doc) format, editable Rich Text (.rtf) format and as an Adobe Acrobat (.pdf) PDF for you to fill in and send to your doctor. We have updated this letter so that you can use it to opt out your children or adults for whom you are legally responsible as well.
Simply click on one of the links below to download and print off a copy, fill in your details and the details of your minor children (i.e. children below the age of consent – older children must opt out for themselves) and/or anyone for whom you hold lasting power of attorney, sign it and send it to your GP:
Opting out will not affect the care you receive and you can change your mind at any point and opt back in if you like. Opting out will not prevent your GP from being paid for care provided – information needed for those payments should only leave the practice in summary (i.e. anonymous) form.
If you have any specific concerns, we recommend you speak with your GP.
As you will see from the letter, there are TWO codes that your doctor will need to add to your record – one to prevent your information being uploaded from the GP practice, and one to stop the Health and Social Care Information Centre from passing on any identifiable data it gathers from any other care context, e.g. hospital records or clinics.
What’s this all about?
Under changes to legislation, your GP can now be required to upload personal and identifiable information from the medical record of every patient in England to central servers at the Health and Social Care Information Centre (HSCIC). Once this information leaves your GP practice, your doctor will no longer be in control of what data is passed on or to whom.
This information will include diagnoses, investigations, treatments and referrals as well as other things you may have shared with your doctor including your weight, alcohol consumption, smoking and family history. Each piece of information will be identifiable as it will be uploaded with your NHS number, date of birth, post code, gender and ethnicity.
NHS England – the body now in charge of commissioning primary care services across England – will manage and use the information extracted by HSCIC for a range of purposes, none of which are to do with your direct medical care. Though official leaflets talk a great deal about research, the ‘secondary uses’ for which your data may be used include patient-level tracking and monitoring, audit, business planning and contract management.
In September 2013, NHS England applied to pass on your information in a form it admits “could be considered identifiable if published” to a whole range of organisations that include – but are not limited to – research bodies, universities, think tanks, “information intermediaries”, charities and private companies.
Though you may be told that any data passed on will be ‘anonymised’, no guarantees can be given as to future re-identification – indeed information is to be treated so that it can be linked to other data at patient level – and NHS England has already been given legal exemptions to pass identifiable data across a range of regional processing centres, local area teams and commissioning bodies that came into force on April 1st 2013. HSCIC already provides access to patient data, some in identifiable form, to a range of ‘customers’ outside the NHS, including private companies.
What happened last year?
In January 2014, NHS England sent out a leaflet entitled Better information means better care (2MB PDF) via junk mail. It was not addressed directly to you as a patient and it deliberately didn’t include an opt-out form. The leaflet said you should “speak to your GP practice” if you wanted to opt out. This was misleading and could have wasted your time and potentially wasted valuable GP appointment time as well.
You can read more about how we had to get the opt outs fixed, but on 25 February 2014 the Secretary of State for Health confirmed to us in writing the operation of the opt out codes. HSCIC has published a page explaining exactly how they will work:
N.B. As well as opting out, you may want to write to your MP about this. The Health Select Committee is conducting an inquiry into care.data and the handling of NHS patients’ data, and medConfidential gave oral evidence to its first and fourth hearings.