The deadline for compliance with the new national data opt-out has been extended by six months in response to the COVID-19 crisis. The policy by NHS Digital and NHS X, which was meant to take full action on 31st March 2020, has been extended so as not to put further pressure on health and care services currently dealing with the unexpected impact of the coronavirus.
WHY IT MATTERS
The national data opt-out is an information governance policy that supports health and care staff to manage health data more effectively, enabling them to share it where appropriate to enhance research and planning. The service gives patients the opportunity to opt-out of having their confidential patient information being used in this way.
The deadline has been extended in part for healthcare professionals to properly complete the Data Security and Protection Toolkit (DSPT), an education tool to protect organisations against cyber-attacks and with which to confirm their compliance.
Most organisations across the country have already met the compliance standards and will continue to operate in accordance with the service. The opt-out does not include instances where public interest outweighs personal confidentiality in the disclosure of patient data. This is expected to extend to data sharing in the effort against COVID-19.
THE LARGER PICTURE
With the pressures of the COVID-19 outbreak, the necessity for safe, simple avenues for information exchange between healthcare professionals and public bodies is clearer than ever, especially as technology is spearheading the fight against the virus. As of 30th March, there have been nearly 20,000 total cases of COVID-19 in the UK and 1,228 deaths, with over half those cases confirmed in the past four days. Data security is a top priority in this time, as news of cyber-attacks on hospitals come to light.
ON THE RECORD
In the letter announcing the decision, Jackie Gray, executive director of information governance for NHS Digital, and Kathy Hall, director of technology and data strategy at NHSX, stated that the postponement was only a short-term solution:
“Please be assured that we intend this extension to be a temporary measure to allow the health and care system to focus on responding to the Covid-19 outbreak; implementation of the national data opt-out remains an important element in the longer term work to build public trust for the use of health and care data.”
A recent statement released by the ICO, the UK’s authority on information rights, underlined how data protection laws do not prevent Government or the NHS from “using the latest technology to facilitate safe and speedy consultations and diagnoses. Public bodies may require additional collection and sharing of personal data to protect against serious threats to public health.”
