National data opt-out

From Discovery Data Service
Revision as of 11:10, 29 July 2022 by JoshuA (talk | contribs)
Jump to navigation Jump to search

Following the roll-out of the Discovery Data Service, patients in London are more likely to have their information available at the point of care.

The primary objective of the Discovery Data Service is for the facilitation of information sharing between health and social care providers across London to improve health outcomes of patients.

The information collected about you when you use health and social care services across London can also be used by other organisations such as local authorities, health and social care providers, and researchers for purposes beyond your individual care – these are known as ‘secondary purposes’. Providing data providing information for secondary purposes can help:

  • Improve the quality and standards of care provided
  • research into the development of new treatments
  • prevent illness and diseases
  • monitor safety
  • planning services

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only ever be used in this way with your consent. All these uses help to provide better health and social care for you and will ultimately seek to be of benefit to society at large. Data will only ever be made available for one of the only do this when there is a clear legal basis to use this information. Wherever possible, anonymised data is used so that you cannot be identified.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. Otherwise, you have the right to opt out through the NHS National Data Opt-Out. If you do choose to opt out your confidential patient information will still be used to support your individual care.

To find out more or to register your choice to opt-out, please visit the following NHS 'Your Data Matters' website. On this page, you will:

  • see what is meant by confidential patient information
  • find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
  • find out more about the benefits of sharing data
  • understand more about who uses the data
  • find out how your data is protected
  • be able to access the system to view, set or change your opt-out setting
  • find the contact telephone number if you want to know any more or to set/change your opt-out by phone
  • see the situations where the opt-out will not apply

You can also find out more about how patient information is used on the NHS Health Research Authority website (which covers health and care research), and on the Understanding Patient Data website (which covers how and why patient information is used, the safeguards and how decisions are made).

Applying the National data opt-out

The NHS National data opt-out states that for all health and care organisations

If current uses or disclosures should have national data opt-outs applied, you need to:

  1. implement the technical solution to enable you to check lists of NHS numbers against those with national data opt-outs registered
  2. have a process in place, when you get the results back, to ensure that you only use or disclose information for the returned list of NHS numbers, as any with national data opt-outs registered will have been removed.

See NHS Digital website for more information on the National data opt-out.

Discovery Technical Solution

In order to be compliant with the national data opt-out, the Discovery Data Service has implemented the following manual technical solution:

  1. A query is run fortnightly against the Discovery Master Patient Index (MPI) to retrieve a list of all patient NHS numbers residing within the service.
  2. This list is processed through an internal validation service to remove any invalid NHS numbers. A list of invalid NHS numbers is securely stored for auditing purposes.
  3. Using the validated list of NHS numbers, a data file is created and securely placed into a MESH mailbox OUT folder, together with the Discovery organisation (8KC81) account control file requesting the National Data Opt-Out checking service (WorkflowId=SPINE_NTT_UPHOLDING)
  4. The MESH mailbox SENT folder is monitored for any message transfer errors.
  5. The MESH mailbox IN folder is monitored for a new control and data file. The data file will contain a list of NHS numbers that have not opted out (i.e. opted out patients are filtered out).
    1. Note: In the event of any error (e.g. a non-valid NHS number was sent in the file) then the data file will contain an error message instead of any NHS numbers.  This is why a pre-validated list of NHS numbers is sent to the checking service.
  6. Using the securely downloaded data file from the MESH mailbox, a database table called patient_national_opt_in is re-created each time using the NHS numbers contained within the data file. The previous table is securely store for auditing purposes.
  7. Where the Discovery Data Service produces a data extract for the purpose of non-direct patient care which contains Patient Identifiable Data (PID) the NHS numbers contained are filtered against the patient_national_opt_in table.  This ensures only those patients present in the patient_national_opt_in table are included in the final data extract, therefore excluding opted out patients.

De-identification of the record

In the Discovery extracts and the Discovery Compass v2 database, the following pseudonymisation is carried out for each patient demographic record:

  1. NHS number is blanked
  2. Title, Firstname and Surname are blanked
  3. Date of Birth is set as 01/MM/yyyy. 
    1. Note: This can be extended further with a DOB mask to only include the year, i.e. 01/01/yyyy
  4. Telecom/fax/email values are blanked
  5. All address lines are blanked and only the postcode prefix is set, I.e. LS1
  6. All UPRN address coordinates are blanked
  7. Flag text is blanked

See Pseudonymisation for more information.