This policy outlines how Prudent Supported Living Limited complies with the National Data Opt-Out framework, ensuring that the rights of the individuals we support are upheld when using or disclosing confidential patient information for research and planning purposes.

It has been reviewed, and no substantial changes have been made to the operational approach. Reference links and underpinning knowledge have been checked and updated.

1. Purpose

• To ensure compliance with the National Data Opt-Out Policy.

• To establish clear responsibilities and procedures for staff.

• To protect the rights of individuals we support by respecting their data opt-out preferences.

2. Scope

Roles Affected: All staff
People Affected: Individuals we support
Stakeholders Affected: Families, Advocates, Representatives, Commissioners, External Health Professionals, Local Authorities, NHS

3. Relevant Legislation

• Data Protection Act 2018

• UK General Data Protection Regulation (UK GDPR)

• National Health Service Act 2006

• Control of Patient Information Regulations 2002

4. Policy Requirements

• Prudent Supported Living Limited must honour any national data opt-out preferences where applicable.

• Compliance with UK GDPR and Data Protection Act 2018 remains essential and unaffected by the opt-out policy.

• Staff must recognise when new policies and procedures are required to maintain compliance.

• National Data Opt-Out applies only if:

  • There is approval from the Confidentiality Advisory Group (CAG).

  • Disclosure involves confidential patient information for research or planning purposes beyond individual care.

• Staff must consult with legal advisors if unsure about compliance related to Section 251 and Section 259 of the NHS Act 2006.

Confidential patient information means:

• The individual is identifiable.

• The information was provided under an expectation of confidentiality.

• It relates to health, diagnosis, treatment, or condition.

Policy Application:

• Applies only to individuals we support (not staff).

• Applies only within England.

• Applies only to disclosures beyond direct care (not routine care activities).

5. Procedures for Applying Opt-Outs

Questions to consider before disclosure:

• Is the disclosure for individual care? (If yes, opt-out does not apply.)

• Is confidential patient information involved?

• Is there express consent?

• Is it for public health monitoring?

• Is there a legal requirement to disclose?

• Is there overriding public interest?

• Is Section 251 approval relevant?

• Are specific exemptions like NDRS, Assuring Transformation (AT), or Patient Surveys applicable?

• Is the disclosure to NHS Digital under Section 259?

• Is the disclosure for invoice validation?

If none of the exclusions apply and Section 251 approval exists, the National Data Opt-Out must be applied.

Applying the Opt-Out:

• Use NHS Digital’s technical service to cleanse data lists against national opt-outs.

• Remove records of individuals who have opted out before using/disclosing data.

• For research and planning activities, all related records must be fully deleted if an opt-out exists.

6. Responsibilities

• All staff must be aware of and act in accordance with the policy.

• Data Protection Officer (DPO): Ensures compliance checks and training are in place.

• Senior Management: Oversees regular audits.

7. Training and Awareness

• All staff must complete mandatory training on the National Data Opt-Out annually.

• Awareness sessions must be held during team meetings.

• Policy updates must be cascaded using the QCS App and internal communication channels.

8. Equality Impact Assessment

This policy complies with equality requirements by ensuring that it:

• Eliminates discrimination.

• Advances equality of opportunity.

• Fosters good relations among protected groups.

9. Underpinning Knowledge and References

• NHS Digital – National Data Opt-Out: NHS National Data Opt-Out

• ICO – UK GDPR Guidance: ICO GDPR Guidance

• NHS Digital – Assuring Transformation: Assuring Transformation

• NHS Digital – National Disease Registration Service (NDRS): National Disease Registration Service

10. Evidence of Outstanding Practice

To achieve an “Outstanding” rating:

• Demonstrate wide staff understanding by proactive use of the QCS App.

• Complete Data Protection Impact Assessments (DPIAs) when applying opt-outs.

• Implement and audit mechanisms to ensure all opt-outs are fully complied with.