National Data Opt Out Programme
Your data matters to us at Heywood Family Practice
In a letter to all GPs, 19 July 2021, Parliamentary Under Secretary of State Jo Churchill set out a new process for commencing data collection, moving away from a previously fixed date of 1 September.
- Your GP holds your health record, and it is used by them and other parts of the NHS for your direct care.
- NHS Digital also uses some of this data for research, planning, and improving the NHS for everyone.
About the General Practice Data for Planning and Research programme
NHS Digital is making improvements to how data is collected from general practice, this new framework for data extraction is called the General Practice Data for Planning and Research data collection (GPDPR). The goal of this new system is to:
- reduce burden on GP practices in managing access to patient data and maintain compliance with relevant data protection legislation
- improve protections through the consistent and rigorous review of all applications for access to patient data
- make it easier for patients to understand how their health and care data is being used, including increasing use of Trusted Secure Environments that avoids data flowing outside the NHS
This new NHS Digital service will collect data from GP practices in England and will analyse, publish statistical data and provide safe, secure, lawful and appropriate access to GP data for health and social care purposes. This will include planning, commissioning, policy development, public health purposes (including COVID-19) and research.
NHS Digital is engaging with the British Medical Association (BMA), Royal College of General Practitioners (RCGP) and the National Data Guardian (NDG) to ensure relevant safeguards are in place for patients and GP practices.
Protecting patient data
All data will be pseudonymised and encrypted by your GP system suppliers on your behalf before it is transferred to NHS Digital. Access to GP data will only be via a Trusted Research Environment (TRE) and never copied or shipped outside the NHS secure environment, except where individuals have consented to their data being accessed, e.g. written consent for a research study.
As with the COVID-19 collection, access to the data will be through the NHS Digital Data Access Request Service (DARS) and will be subject to a robust approvals process, which includes oversight by the Independent Group Advising on Release of Data (IGARD) and a Professional Advisory Group, which is made up of representatives from the BMA and RCGP.
TYPE 1 OPT OUTS - Opting out of sharing your Data outside your GP Practice
These opt-outs are different and they are explained in more detail below. Your individual care will not be affected if you opt-out using either option.
We want to make the position around opt-out much simpler. While 1 September has been seen by some as a cut-off date for opt-out, after which data extraction would begin, I want to reassure you that this will not be the case and data extraction will not commence until we have met the tests.
We are introducing three changes to the opt-out system which mean that patients will be able to change their opt-out status at any time:
- Patients do not need to register a Type 1 opt-out by 1 September to ensure their GP data will not be uploaded
- NHS Digital will create the technical means to allow GP data that has previously been uploaded to the system via the GPDPR collection to be deleted when someone registers a Type 1 opt-out
- The plan to retire Type 1 opt-outs will be deferred for at least 12 months while we get the new arrangements up and running, and will not be implemented without consultation with the RCGP, the BMA and the National Data Guardian
Together, these changes mean that patients can have confidence that they will have the ability to opt-in or opt-out of the system, and that the dataset will always reflect their current preference. And we will ensure it is easy for them to exercise the choice to optout.
National Data Opt-Outs (opting out of NHS Digital sharing your data)
- NHS Digital will collect data from GP medical records about patients who have registered a National Data Opt-out. The National Data Opt-out applies to identifiable patient data about your health, which is called confidential patient information.
- NHS Digital won’t share any confidential patient information about you – this includes GP data, or other data we hold, such as hospital data – with other organisations, unless there is an exemption to this. For example:- If we have a legal Obligation to share the data or if it is in the public interest.
- To find out more information about this please how to register a National Data Opt-Out, please read the GP Data for Planning and Research Transparency Notice.
Data Security and Governance
The Government has committed that access to GP data will only be via a Trusted Research Environment (TRE) and never copied or shipped outside the NHS secure environment, except where individuals have consented to their data being accessed e.g. written consent for a research study. This is intended to give both GPs and patients a very high degree of confidence that their data will be safe and their privacy protected.
The TRE will be built in line with best practice developed in projects, such as OpenSAFELY and the Office for National Statistics’ Secure Research Service.
We are also committed to adopting a transparent approach, including publishing who has run what query and used which bit of data. We are developing a TRE which will meet our specific needs and act as 'best in class'.
We commit to only begin the data collection once the TRE is in place. Further, we will ensure that the BMA, RCGP and the National Data Guardian have oversight of the proposed arrangements and are satisfied with them before data upload begins.
I can also confirm that the previously published Data Provision Notice for this collection has been withdrawn.
Once the data is collected, it will only be used for the purposes of improving health and care. Patient data is not for sale and will never be for sale.
Transparency, communications and engagement
There has been a great deal of concern regarding the lack of awareness amongst the healthcare system and patients. We recognise that we need to strengthen engagement, including opportunities for non-digital engagement and communication.
Since the programme has been paused, we have been developing an engagement and communications campaign, with the goal of ensuring that the healthcare system and patients are aware and understand what is planned, and can make informed choices. The public rightly look to and trust general practice - through a centrally driven communication campaign, with clear messages, we will seek to ensure that the introduction of this collection does not impose an additional burden on practices.
We are developing a communications strategy delivered through four phases.
- Listening - where we listen to stakeholders and gather views on how best to communicate with the profession, patients and the public and give them the opportunity to inform the development of the programme in areas such as opt-outs, trusted research environments and other significant areas
- Consultation - a series of events where we can explain the programme, listen and capture feedback and co-design the information campaign
- Demonstration - show how feedback is being used to develop the programme and shape communications to the healthcare system and the public
- Delivery - of an information campaign to inform the healthcare system and the public about changes to how their GP data is used, that utilises the first three phases to ensure the campaign is accessible, has wide reach and is effective
Data saves lives. The vaccine rollout for COVID-19 could not have been achieved without patient data. The discovery that the steroid Dexamethasone could save the lives of one third of the most vulnerable patients with COVID-19 – those on ventilators - could not have been made without patient data from GP practices in England. That insight has gone on to save a million lives around the globe. That is why this programme is so important.
The programme and I will be providing further information as the programme progresses. In the meantime, if you have any questions, you can contact the programme at firstname.lastname@example.org.
The NHS Digital web pages also provide further information at https://digital.nhs.uk/data-and-information/data-collections-and-data-sets/data-collections/general-practice-data-for-planning-and-research#additional-information-for-gp-practices.
Q&A NHS Digitial & Data Collections
Why NHS Digital collects general practice data?
- NHS Digital is the national custodian for health and care data in England and has responsibility for standardising, collecting, analysing, publishing and sharing data and information from across the health and social care system, including general practice.
- NHS Digital collected patient data from general practices using a service called the General Practice Extraction Service (GPES), now known as GPDPR which has operated for over 10 years and now needs to be replaced.
- NHS Digital has engaged with doctors, patients, data and governance experts to design a new approach to collect data from general practice that:
- reduces burden on GP practices
- explains clearly how data is used
- supports processes that manage and enable lawful access to patient data to improve health and social care
Does NHS Digital sell my Data to third parties?
The NHS shares some data, in which nobody can identify you, with trusted third parties, in order to improve the NHS for you and everyone else.
This includes with:
- NHS planners
- university researchers
- scientists researching medicines
We only share data when there is a proven benefit to the NHS, and access is strictly controlled.
You data won't be shared with
- Your data is not shared for commercial purposes
- Your data is not shared with insurers
- Your data is not sold
Please see our Privacy Notice for further information on how else your data might be shared by the practice.
If you want any more information, please contact our Data Protection Officer email@example.com