The national data opt-out gives individuals the ability to stop health and social care organisations from sharing their confidential information for research and planning purposes, subject to certain exceptions. Exceptions may include where there is a legal requirement, a formal direction, or an overriding public interest, for example to support the management of a public health emergency. 

As a domiciliary care provider, AHC Services Ltd t/a Capricorn Care Services (“Capricorn Care Services”) is rarely asked to share confidential information for research and/or planning purposes. Nevertheless, individuals may choose to opt out of their confidential information being used in this way. 

To discuss this, please contact: 

Atif Hussain
Data Protection Officer
Telephone: 01254 933563
Email: contact@capricorncareservices.com 

Purpose 

The purpose of this policy is to explain the national data opt-out and to ensure that Capricorn Care Services understands the steps it must take to comply where the national data opt-out applies. 

This policy focuses on key information about the national data opt-out. Capricorn Care Services will ensure that it maintains a thorough understanding of its responsibilities by reviewing relevant guidance, including the references and further reading set out in this policy. 

This policy supports Capricorn Care Services in meeting relevant Key Lines of Enquiry and Quality Statements. 

It also supports compliance with the legal requirements of the regulated activities that Capricorn Care Services is registered to provide, including: 

  • The National Health Service Act 2006 
  • Data Protection Act 2018 
  • UK GDPR 

Scope 

The following roles may be affected by this policy: 

  • Staff 
  • Registered Manager 
  • Management 

The following people may be affected by this policy: 

  • Service Users 

The following stakeholders may be affected by this policy: 

  • Family members 
  • Advocates 
  • Representatives 
  • Commissioners 
  • External health professionals 
  • Local Authorities 
  • NHS organisations 

Objectives 

The objectives of this policy are: 

  • To ensure that Capricorn Care Services understands the requirements of the national data opt-out. 
  • To ensure that Capricorn Care Services can determine whether the national data opt-out applies to any data disclosure. 
  • To ensure that, where the national data opt-out applies, Capricorn Care Services takes the correct steps to comply. 

Policy 

Capricorn Care Services understands that organisations required to comply with the national data opt-out were expected to do so by 31 July 2022 and must be able to demonstrate compliance where information is processed within scope. 

Capricorn Care Services understands that its obligations as Data Controller under the UK GDPR and Data Protection Act 2018 remain in place and are not affected by the national data opt-out. 

Capricorn Care Services understands that additional procedures may be required to ensure compliance with the national data opt-out where it applies. 

The national data opt-out applies where an organisation has approval from the Confidentiality Advisory Group, also known as Section 251 approval, for the disclosure of confidential patient or Service User information. Where Capricorn Care Services is the Data Controller, it may disclose information under such approval without breaching the duty of confidentiality. It is in these circumstances that the national data opt-out may apply. 

Capricorn Care Services will read, understand and, where necessary, seek advice on Section 251 and Section 259 of the National Health Service Act 2006 to understand fully whether the national data opt-out applies. 

Capricorn Care Services understands that this policy does not provide a complete legal overview and that the organisation must determine the extent to which the national data opt-out applies to its own activities. 

Confidential Patient Information 

The national data opt-out applies to “confidential patient information”, as defined under Section 251(1) of the National Health Service Act 2006. This includes information where: 

  • The individual is identifiable or likely to be identifiable. 
  • The information was given in circumstances where an obligation of confidence applies. 
  • The information relates to the physical or mental health, diagnosis, care or treatment of an individual. 

Capricorn Care Services understands that the national data opt-out may apply to adult social care organisations in England. 

Capricorn Care Services understands that the national data opt-out applies to Service Users and not to employees. 

The national data opt-out applies only where information is disclosed beyond the purpose of individual care, such as for research and planning. It does not apply where information is processed for individual care, with express consent, or where there is a legal requirement to disclose the information. 

The national data opt-out applies to health and adult social care provided in England. It does not apply to information generated or processed outside England, including Wales, Scotland, Northern Ireland, the Isle of Man or the Channel Islands. 

The national data opt-out does not apply retrospectively to data disclosed before a Service User has registered an opt-out. 

Procedure 

Capricorn Care Services will consider the following questions to determine whether a current or proposed disclosure falls within the scope of the national data opt-out: 

  1. Is the use or disclosure for individual care, or for research and planning? 

If the use or disclosure is for individual care, the national data opt-out does not apply. 

  1. Is Capricorn Care Services using or disclosing confidential patient information? 

The definition of confidential patient information is set out above. 

  1. Does Capricorn Care Services have express consent from the relevant individual? 

If express consent has been obtained, the national data opt-out does not apply. 

  1. Is the disclosure for monitoring and control of communicable disease or other public health risks? 

If so, the national data opt-out does not apply. 

  1. Is the information being disclosed because of a legal requirement? 

If so, the national data opt-out does not apply. 

  1. Is the use or disclosure in the overriding public interest? 

If so, the national data opt-out does not apply. 

  1. Is Section 251 approval relevant? 

If the data use has Section 251 support under relevant regulations, the national data opt-out will usually apply unless the Confidentiality Advisory Group has confirmed that the opt-out has been waived in exceptional circumstances. 

  1. Has the use or disclosure been granted a specific exemption? 

Certain exemptions may apply, including some disclosures connected to public health reporting, national disease registers, Assuring Transformation and national patient experience surveys. 

  1. Is the disclosure to NHS England or another statutory body under a legal direction? 

Where data is requested under a legal power or direction, the national data opt-out may not apply. 

  1. Is the disclosure to support payment or invoice validation? 

The national data opt-out does not usually apply to disclosure of confidential information for invoice validation where the disclosure is made to an approved Controlled Environment for Finance. 

Applying National Data Opt-Outs 

If Capricorn Care Services determines that the national data opt-out applies, it will apply national data opt-outs by removing the records of anyone who has registered an opt-out before the information is used or disclosed. 

Capricorn Care Services understands that NHS services provide mechanisms for checking whether individuals have registered a national data opt-out, where the organisation has a legitimate reason and appropriate access to do so. 

Where Capricorn Care Services is required to apply the national data opt-out, all information associated with an individual who has opted out must be removed from the dataset used for research or planning purposes. 

Capricorn Care Services may continue to retain and use information required for individual care, safeguarding, regulatory, contractual or legal purposes where lawful. 

Definitions 

Information Commissioner’s Office 

The UK’s independent authority responsible for upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals. 

UK GDPR 

The UK GDPR is the retained UK version of the General Data Protection Regulation and forms part of UK data protection law. 

Data Protection Act 2018 

The Data Protection Act 2018 is UK legislation that sits alongside the UK GDPR and updates data protection law in the UK. 

National Data Opt-Out 

The national data opt-out allows individuals to opt out of their confidential patient information being used for research and planning, subject to certain exceptions. 

GDPR 

References to GDPR in this policy include references to the UK GDPR where applicable. 

Key Facts – Professionals 

Professionals providing services for Capricorn Care Services should understand when the national data opt-out applies and how to respond to requests from Service Users. 

Key Facts – People Affected by the Service 

People affected by this service should be aware that they may request to opt out of the use or disclosure of confidential information for research and planning purposes, subject to legal and public interest exceptions. 

Further Reading 

Capricorn Care Services will refer to relevant national guidance, including: 

  • NHS guidance on the national data opt-out. 
  • Guidance for health and care staff. 
  • Guidance on compliance with the national data opt-out. 
  • Information about confidentiality and patient information. 
  • Digital Social Care guidance for CQC-registered adult social care services. 

Evidence of Good Practice 

To demonstrate good practice, Capricorn Care Services may provide evidence that: 

  • It has assessed whether the national data opt-out applies to its data processing activities. 
  • It has completed a Data Protection Impact Assessment where appropriate. 
  • It has implemented processes to comply with national data opt-out requests. 
  • Staff understand how to escalate queries relating to national data opt-out. 

Review 

This policy will be reviewed regularly, or sooner if there are changes in legislation, national guidance, organisational practice, or regulatory requirements. 

Copyright © 2026 AHC Services Ltd t/a Capricorn Care Services. All rights reserved.