The launch of a new NHS opt-out will inevitably invite comparisons with the last time an opt-out was offered, through care.data. In January 2014, ‘Better information means better care’ leaflets were distributed to houses across England, informing people that data would be collected from GP practices. After six weeks of increasingly negative headlines, the programme was put on hold, and finally cancelled two years later. It failed mainly because of a poor communications strategy, an unclear opt-out mechanism and weak governance processes. But have the lessons been learnt this time?
Having been a member of the advisory groups for both care.data and the national data opt-out, I can comment on the two programmes from the position of ‘critical friend’. Perhaps most tellingly when comparing the two, the advisory group for care.data was set up two months after the programme launched, whereas with the new national opt-out, it was in place one year before.
Setting the policy
The most important difference is the basis for offering an opt-out. With care.data, it felt as though the offer of choice was an afterthought. This time, it is the starting point. The National Data Guardian undertook a comprehensive review of models of consent for the health system, and concluded that a single national data opt-out would be the best approach. The Government consulted on her proposals, and accepted the recommendations last July. The concept of an opt-out has been thoroughly reviewed.
Further policy work has been undertaken to address the details, for example which organisations it applies to, what happens to cross-border data flows, the age at which children can make their own choice, and how parents and proxies can set an opt-out. The operational guidance covers many issues that were hardly mentioned in 2014.
When offering an opt-out, it’s really important to be clear what is and isn’t included. With care.data, the offer was not well defined. There were two options, one to stop identifiable information being shared beyond the GP, and the other to stop information collected from hospitals and community services from being shared beyond NHS Digital. Neither were well explained and could have had unintended consequences, for example people not being invited for screening.
This time, the National Data Guardian recommended that there should be a single opt-out applied across the whole system, based on the purpose for which data will be used. Further consultation and a huge amount of testing has led to the development of one question that is clear and simple and, most importantly, easily understood.
Registering an opt-out
A second key difference is the mechanism by which people can register their choice. In 2014, there was no clear way to opt out – people were just told to ‘let your GP practice know’. This time, the development of a mechanism for opting out has been central. People can register their choice through a dedicated website, but other non-digital routes will also be provided, including a helpline. The mechanism is provided at a national level, which should remove the burden on individual GP practices and give patients more control. This has introduced an additional need for verification; the solution, to use the NHS number as the identifier, will be kept under review.
Communicating the national data opt-out
Perhaps the most impressive aspect this time has been the commitment to effective stakeholder engagement. The national data opt-out team has talked to more than 100 different voluntary organisations, patient groups, medical charities and seldom-heard audiences, and their input has helped shape the communication materials, to ensure people are given the information they need.
Equally important are conversations with the NHS workforce. Doctors and nurses are the most trusted profession, and have a key role in explaining data choices to patients. Last time there was high level engagement with the BMA and the Royal College of GPs (RCGP), but support evaporated as the detail began to unravel. This time, the engagement with RCGP has been much more sustained. RCGP have appointed a dedicated ‘patient choices’ champion, held open meetings across the country and produced a toolkit for GP practices. There has also been a partnership with the Royal College of Nursing and the Royal College of Midwives, to help ready the workforce.
The most criticised aspect of care.data was the leaflet, delivered as part of a ‘junk mailing’ with pizza takeaway menus. That mistake will not be repeated. A range of approaches will be used this time, including posters and handouts across GP practices, information on the web and social media. The material has been designed to explain clearly why it’s important to use data, how it is kept safe, and the choices people have. The opt-out will also be included as part of the Information Commissioner’s ‘your data matters’ campaign. Additional information has been tailored for different audiences, including a guide for voluntary organisations, those who run helplines, carers and young people; and the information will be available in 11 languages and braille. Those who opted out last time will receive a specific letter, to inform them of the changes to the system and that their previous choice will be respected.
Developing a trustworthy system
Although much of the blame for the failure of care.data was pinned on the poor communications strategy, a key reason the programme was paused was because concerns emerged about who had access to data. In response, Sir Nick Partridge conducted a review of all data releases by the NHS Information Centre (predecessor to NHS Digital) between 2005 and 2013, and concluded there had been significant lapses. NHS Digital has accepted his recommendations, and now has much stricter controls over data use. A new Independent Group Advising on the Release of Data (IGARD) provides advice on requests for data, all previous data agreements were reviewed, and the audit function has been strengthened.
The Care Act also includes measures to safeguard health data, and the Confidentiality Advisory Group at the Health Research Authority has been given a strengthened role. Combining the launch of the opt-out with the introduction of new data protection legislation reinforces the importance of providing reassurances to patients about how data is used.
If offering an opt-out is the easy part, implementing it across the whole health care and care system will be a huge challenge – there are an estimated 57,000 national bodies and providers. The national data opt-out programme team are being realistic about what is achievable. NHS Digital will apply the opt-out immediately, but there is a longer timetable for implementation across the rest of the system by 2020. This needs to be clearly explained to manage expectations, and there needs to be further discussion with the social care sector.
The national data opt-out is significantly different from care.data. While there may be mistakes along the way with a programme of this scale, the decision to implement the opt-out gradually, to have a transition period to support GP practices, and to continue to seek feedback on the usability of the site as it develops, suggests a genuine commitment to get this right.
Most importantly, the launch of the opt-out is not the end of the process. As the National Data Guardian stressed, there must be sustained dialogue with the public. This is just the beginning of an ongoing conversation about how and why data is used. The new national data opt-out offers an element of choice, and is hopefully a stepping stone towards building public confidence in the way that the NHS uses data.
Find out more about the national data opt-out.