The Data Protection Act/GDPR gives you certain rights when it comes to your GP medical record.
The Right to be Informed
Harvey Group Practice provides full and detailed fair processing information about how your personal and sensitive data is processed by the surgery. Details can be found in this "Medical Record" section, with external links to more detailed information.
The Right to Rectification
You have to right to ask for factual inaccuracies in your GP record to be corrected.
The Right of Access
You have to right to access your own GP medical record. You can:
- Make a Subject Access Request, or
- Ask for online access to your full electronic GP record - see online services section of our website.
The Right to Object
You have right to control how information from your GP record is shared outside of Harvey Group Practice and used by the surgery.
You have the right to opt-out - to "object" - to any or all of the data sharing schemes (and the right to opt back in, whenever you like, if you choose to).
How do I opt-out of the Summary Care Record?
Fill in OPT OUT
How do I opt-out of all secondary uses of my GP record?
Fill in the opt out form above
For Harvey Group, the Type 1 (9Nu0) secondary uses objection will prohibit your information from being uploaded to NHS Digital for:
- The National Diabetes Audit submissions
- Individual GP level Data submissions
- FGM submissions
- NHS Health Checks submissions
- De-identified sick note (med3) data submissions
The Type 2 (9Nu4) secondary uses objection will prohibit personal confidential information being shared/disseminated/sold by NHS Digital for purposes other than for your own direct care. From 25th May, the Type 2 objection is replaced by the National Data Opt Out.
NHS Digital will launch the National Data Opt Out on 25th May, to coincide with the EU GDPR.
What is the National Data Opt Out (NDOO)?
The NDOO is a mechanism by which individuals in England can control, to a limited degree, certain aspects of their confidential medical information and, in particular, what NHS Digital can do with it once in their possession.
The NDOO only applies to confidential information, that is medical information that can identify you, for example by containing your name, DOB, address, NHS number etc.
And the NDOO only applies to uses of your confidential medical information for secondary purposes, that is unrelated to, and beyond, the direct medical care that GP surgeries and other healthcare organisations provide you with when you are unwell, or to keep you well. Secondary purposes include healthcare planning, audit, population analytics, “risk stratification”, research, "commissioning", commercial and even political uses.
The NDOO is not limited to electronic data and so includes paper records.
It directly replaces the Type 2 (9Nu4) opt-out that has been in force for some years, and which you were able to express via the surgery.
If I set, or keep, my NDOO status at “do not share”, what will this mean?
- Confidential medical information obtained by NHS Digital from GP surgeries, hospital trusts, mental health providers and social care, will not be released or disseminated by them in a format that can identify you.
- In addition, and in time, the NDOO will prohibit certain data extractions from your GP record, where this involves confidential medical information, such as where your permission or consent has not been sought before your data was released (so-called section 251 approval). Section 251 approval is often used to permit unconsented data extractions for varieties of research, healthcare planning, risk stratification and population analytics.
- The NDOO will, eventually, prevent confidential medical information leaving the Cancer Registry, certain other disease registries, the Clinical Practice Research Datalink (CPRD); and
- By 2020, hospitals and other healthcare providers.
What will the NDOO not do?
- The NDOO will in no way affect the sharing of information for the purposes of an individual’s care and treatment, e.g. where information is shared between a GP surgery and a hospital.
It will not stop your GP using the Electronic Referral Service (eRS), the Electronic Prescription Service (EPS), or GP2GP transfers of medical records.
- The NDOO will in no way affect the National Summary Care Record (SCR).
- The NDOO will in no way affect situations where the surgery, or other healthcare organisation, is legally required to share your information (such as a court order or when mandated under section 259 of the Health and Social Care Act – but see later).
- The NDOO will in no way affect you being invited, when appropriate, for any of the National Screening Programmes, such as cervical/breast/bowel/abdominal aortic aneurysm/diabetic eye screening.
- The NDOO will in no way affect situations where the surgery, or any other healthcare organisation, shares data in an anonymised or aggregate (numbers only) format, in other words where that data cannot identify an individual.
- The NDOO will not stop:
- Commercial sales of hospital data (HES) by NHS Digital
- Lifelong linked medical histories being disseminated by NHS Digital
- Onwards release of data by non-NHS bodies (once provided with your information by NHS Digital)
What about Research?
The NDOO will in no way prevent you from taking part in accredited medical research, at your GP surgery/local hospital/other health organisation, where you have given your explicit consent to be involved (i.e. you have been asked first).
The NDOO will in no way prevent you from:
- Giving blood
- Joining the NHS Organ Donor Register
- Signing up to the Anthony Nolan register to donate your blood stem cells or bone marrow
- Donating your DNA for medical research
- Joining the 100K Genomes project
- Taking part in clinical drug trials
- Donating your body to medical science after your death
- Giving money (in a tax-efficient way) to any medical charity of your choosing
Will the NDOO stop my confidential GP information being uploaded to NHS Digital in the first place?
NHS Digital does not rely upon section 251 approval (anymore) for data gathering, preferring instead to make such data collections compulsory under section 259 of the Health and Social Care Act.
However, the existing secondary uses, Type 1 (9Nu0), opt-out that many people have in force on their GP record will prohibit data (confidential and, in some cases, de-identified) from being extracted and uploaded from your GP record to NHS Digital.
In addition, the Type 1 opt-out will also prohibit section 251 approved data extractions, for example for “risk stratification”, as well as the mandatory section 259 extractions.
So how do I maximally limit secondary uses of my medical records, beyond my direct medical care, should I wish to?
- Set your NDOO status to “do not share”, Or ensure that you have a Type 2 objection in force
- Make sure you have a secondary uses, Type 1 (9Nu0) objection in force on your GP record
What about preventing NHS Digital releasing or disseminating anonymised and pseudonymised data about me?
You cannot – directly. And you have no control over why they are doing this, for what purpose(s), and to which organisation they are releasing your information to.
But you can limit how much information NHS Digital gathers about you from healthcare organisations, by maximally limiting the secondary uses of your medical records, as described above.
So how do I set, check, or update my National Data Opt Out status?
If you had previously requested a Type 2 objection to be in force, via the surgery, then this will have automatically have set your NDOO status to “do not share”. You will receive a letter from NHS Digital, confirming this, in due course. Any children aged 13yrs or over will receive their own letter as well.
It is not possible to directly view, set or change your NDOO status at your GP surgery, although you set it indirectly by expressing a Type 2 objection to your GP surgery – but only until October 2018.
This will automatically set your NDOO status to “do not share”.
Anyone aged 13yrs or over can set their NDOO status via an online service at www.nhs.uk/your-nhs-data-matters
Anyone aged 12yrs or younger, or if you are acting on behalf of another individual (i.e. as a proxy, perhaps with lasting power of attorney authority) cannot do this online but will have to ring 0300 330 9412 instead (or via other so-called “non-digital” methods).