Question to the Department of Health and Social Care:

To ask Her Majesty's Government how they intend to ensure that their commitment for all health and care organisations to be compliant with the national data opt-out policy by 2020 will be met following the closure of the National Data Opt Out programme.

Organisations are required to comply with the National Data Opt-out by 31 March 2020.

Local health and adult social care organisations as Data Controllers are required to assure themselves that they are complying with the opt out requirements. This requirement is set out in Information Standards Notice DCB3058. Organisations are also obligated to ensure the organisation’s privacy notice reflects that they apply the opt out.

Organisations must confirm their compliance with the opt out when submitting their annual Data Security and Protection (DSP) toolkit return. All organisations that have access to National Health Service patient data and systems must use this toolkit to provide assurance that they are practising good data security and that personal information is handled correctly. Information on which organisations have achieved ‘standards met’ on the DSP toolkit will be published in due course by NHS Digital.