Opt-out or opt-in?

In our earliest communications in March and April of 2013, when even the most basic details about care.data were unclear, medConfidential urged the Secretary of State, Jeremy Hunt, “to mandate informed consent (i.e. opt in) for any sharing of identifiable data not for a person’s direct medical care” [1] but, if he would not, to ensure there was at the very least a properly-managed opt-out process.

The Secretary of State effectively took opt-in off the table when he announced the ‘no-quibble’ patient opt-out at the launch of the Caldicott2 report. And no-one is in any doubt as to how badly NHS England has mismanaged the public communication of care.data and the opt-out process – both last summer and during the early months of 2014.

We have made it clear that, were opt-in to be put on the table at any point, medConfidential would reconsider its position – but that while the scope and definition of the system is so uncertain, both now and for the future, we would need to be reassured that processes were in place to ensure that any consent so given could be considered properly informed, and that consent would be ‘refreshed’ on a regular basis.

medConfidential has worked consistently since the Secretary of State’s decision to ensure that the opt-out works as any normal person would understand, i.e. that if a patient opts out, their data does not flow. This was not the way that HSCIC was directed by NHS England to establish the system, despite Jeremy Hunt’s clear assurance to the public.

Though our proposed amendments to the Care Bill were rejected, in debate Earl Howe confirmed that new Directions will be issued to HSCIC – i.e. the opt out will finally be properly fixed. But despite saying it was “sympathetic to the desire to see the oversight panel placed on a statutory footing” and undertaking to “explore with Dame Fiona Caldicott and all interested parties how best to achieve [a robust and coherent system of oversight, scrutiny and advice], which may include using existing legal powers to establish an independent committee able to advise on data-sharing matters”, the government is still ducking what we believe are critical measures if public trust is to be regained.

We await the detail of these new Directions and the result of these ‘explorations’, but meanwhile medConfidential’s basic position remains unchanged; patients must be given the means to definitively exclude themselves and their dependents from secondary use and sale of their medical information, and this should be a statutory right – not just at the gift of the Secretary of State.

Opt-in is now being proposed in motions to be debated at the BMA’s Local Medical Committees (LMCs) conference this month and the BMA Annual Representative Meeting in June. To help inform debate, medConfidential has written a note laying out medConfidential’s consideration of some of the principles around consent processes. We will of course comment in detail on any specific opt-in proposals that are made.


[1] Extract from letter to Secretary of State, 5th April 2013:

“We strongly urge you to mandate informed consent (i.e. opt in) for any sharing of identifiable data not for a person’s direct medical care. Asking permission to share someone’s private information is the foundation of medical confidentiality…

…If you will not or cannot mandate an opt in approach, the clear precedent and only remaining way to ensure that consent and patient choice is respected is to provide a simple and straightforward opt out – not an “objection” process – and to inform people properly.”