ICO rules out regulatory action over NHS Digital data opt out concerns

Data regulator has concluded organisation has taken sufficient steps to address and inform patients of previous failings to uphold data protection commitments

Posted 13 February 2017 by Gary Flood

The Information Commissioner’s Office (ICO)  has decided not to take regulatory action against NHS Digital after being satisfied with its work to ensure the rights of patients wishing to opt out from sharing their personal data were met following a previous failure.

A spokesperson for the UK data regulator said it acknowledged that NHS Digital had made progress to ensure patients that had chosen to not share data for purposes other than direct care, identified as a ‘type 2’ objection, were being honoured.

NHS Digital signed an undertaking in April last year to take actions to remedy a failure to honour an estimated 700,000 type 2 opt outs, which was linked to “legal and technological reasons”.

As the national provider of information, data and IT systems for the NHS, the organisation – previously known as the Health and Social Care Information Centre (HSCIC) – was also required to make affected patients aware of a failure to prevent their information being shared since early in 2014 despite the opt out.

The ICO performed a follow up in December on the undertaking, requiring some additional work from NHS Digital around its previous failure to correctly implement opt outs that had been received.

This is from our content partner Government Computing; please go here for the full version.