Data security, consent and opt-outs Our response to the Department of Health’s consultation

The Department of Health launched a consultation in summer 2016 on changes proposed following the National Data Guardian’s review of data security, consent and opt-outs.

We argued that while the new data security standards are welcome, it is important not to underestimate the challenge of embedding these within routine practice across health and social care.

We set out our support for the new opt-out model but called for clarity on some of the language used. Importantly, we argued that quality improvement (QI) is part of the day-to-day running of the NHS, but that data requirements for QI were not reflected in the review. Our view is that clarification is needed about how data used for QI will be treated, so that patients do not inadvertently opt-out of data sharing for this purpose.

Furthermore, we argued that as NHS data sets become increasingly more diverse over time, the capacity of national organisations to receive, clean and link increasing amounts of data should be carefully assessed. Our view is that it is worth exploring alternatives to avoid the NHS shouldering the full weight of this burden, such as a federated network of trusted parties that could fulfil this role.