National data opt-out: Difference between revisions

From Discovery Data Service
Jump to navigation Jump to search
(Created page with "The NHS National data opt-out states that for all health and care organisations ''If current uses or disclosures should have national data opt-outs applied, you need to:'' #...")
 
No edit summary
Line 5: Line 5:
# ''implement the technical solution to enable you to check lists of NHS numbers against those with national data opt-outs registered''
# ''implement the technical solution to enable you to check lists of NHS numbers against those with national data opt-outs registered''
# ''have a process in place, when you get the results back, to ensure that you only use or disclose information for the returned list of NHS numbers, as any with national data opt-outs registered will have been removed.''
# ''have a process in place, when you get the results back, to ensure that you only use or disclose information for the returned list of NHS numbers, as any with national data opt-outs registered will have been removed.''
See [https://digital.nhs.uk/services/national-data-opt-out NHS Digital website] for more information on the National data opt-out.


=== Discovery Technical Solution ===
=== Discovery Technical Solution ===

Revision as of 14:53, 27 July 2022

The NHS National data opt-out states that for all health and care organisations

If current uses or disclosures should have national data opt-outs applied, you need to:

  1. implement the technical solution to enable you to check lists of NHS numbers against those with national data opt-outs registered
  2. have a process in place, when you get the results back, to ensure that you only use or disclose information for the returned list of NHS numbers, as any with national data opt-outs registered will have been removed.

See NHS Digital website for more information on the National data opt-out.

Discovery Technical Solution

In order to be compliant with the national data opt-out, the Discovery Data Service has implemented the following manual technical solution:

  1. A query is run fortnightly against the Discovery Master Patient Index (MPI) to retrieve a list of all patient NHS numbers residing within the service.
  2. This list is processed through an internal validation service to remove any invalid NHS numbers. A list of invalid NHS numbers is securely stored for auditing purposes.
  3. Using the validated list of NHS numbers, a data file is created and securely placed into a MESH mailbox OUT folder, together with the Discovery organisation (8KC81) account control file requesting the National Data Opt-Out checking service (WorkflowId=SPINE_NTT_UPHOLDING)
  4. The MESH mailbox SENT folder is monitored for any message transfer errors.
  5. The MESH mailbox IN folder is monitored for a new control and data file. The data file will contain a list of NHS numbers that have not opted out (i.e. opted out patients are filtered out).
    1. Note: In the event of any error (e.g. a non-valid NHS number was sent in the file) then the data file will contain an error message instead of any NHS numbers.  This is why a pre-validated list of NHS numbers is sent to the checking service.
  6. Using the securely downloaded data file from the MESH mailbox, a database table called patient_national_opt_in is re-created each time using the NHS numbers contained within the data file. The previous table is securely store for auditing purposes.
  7. Where the Discovery Data Service produces a data extract for the purpose of non-direct patient care which contains Patient Identifiable Data (PID) the NHS numbers contained are filtered against the patient_national_opt_in table.  This ensures only those patients present in the patient_national_opt_in table are included in the final data extract, therefore excluding opted out patients.

Where the extract or Compass database is pseudonymised, as per the NHS guidance the national data opt-out is not required.

De-identification of the record

In the Discovery extracts and the Discovery Compass v2 database, the following pseudonymisation is carried out for each patient demographic record:

  1. NHS number is blanked
  2. Title, Firstname and Surname are blanked
  3. Date of Birth is set as 01/MM/yyyy.  NOTE: This can be extended further with a DOB mask to only include the year, i.e. 01/01/yyyy
  4. Telecom/fax/email values are blanked
  5. All address lines are blanked and only the postcode prefix is set, I.e. LS1
  6. All UPRN address coordinates are blanked
  7. Flag text is blanked

See Pseudonymisation for more information.