Petition Introduce an NHS data opt-out & require a consultation for system expansions

The National Data Integration Tenant (NDIT) and Federated Data Platform (FDP)

Health and care providers already submit personal data daily that enables the NHS to run and manage services. NHS England is simplifying and strengthening that national data collection to support better care.

The National Data Integration Tenant (NDIT) is NHS England’s secure platform for collecting and managing national health and care data. It replaces multiple legacy systems with one unified, secure process, reducing burden for NHS teams while ensuring the right data is available at the right time to support faster decisions and safer care. Data is pseudonymised using Privacy Enhancing Technologies and then routed to the National NHS Federated Data Platform where it is used for analysis, insights and decision-making.

The Federated Data Platform (FDP) enables NHS England and NHS organisations to meet statutory duties for data processing, information sharing, planning and service delivery. Its legal basis for processing is set out in the Overarching Data Protection Impact Assessment (DPIA), which underwent extensive external review (including by the Information Commissioner’s Office (ICO) and National Data Guardian (NDG) to ensure lawful, fair and transparent processing.

DPIAs define the legal basis for each data flow and are assessed by the NHS FDP Data Governance Group (DGG) to ensure lawful processing. NHS England’s wider statutory responsibilities for data under the Health and Care Act 2022 require transparency, safe-haven standards, robust governance and public accountability.

Transparency and Public Involvement in the NDIT and FDP

The FDP programme demonstrates substantial, ongoing patient and public involvement, including around NDIT. Governance includes bodies established to embed public voice and provide challenge:

• FDP Check and Challenge Group – strategic advice on transparency, ethics and public context.
• Health and Social Care Data Public Panel – ensuring clear, accessible public materials.
• NHS FDP DGG – national oversight of data processing and protection, ensuring lawful use.
• A public engagement portal enabling questions, feedback and participation opportunities, which can be accessed via the following link: https://fdp.england.nhs.uk.

The programme has a highly coordinated programme of engagement with a wide range of system stakeholders, including:

• Trusts and integrated care boards through briefings, implementation support and proactive communications.
• Members of Parliament, national bodies and Arm’s-Length Bodies, kept updated throughout delivery.
• Clinical, operational and digital leaders via conferences, webinars and communities of practice.
• Ethics and regulatory bodies (ICO, NDG), through consultations and repeated DPIA review cycles with the DGG.

This intensive and diverse engagement helps ensure the FDP evolves with continuous feedback, scrutiny and co‑design across the health and care system.

In the future, user organisations may agree that FDP can be used to meet other use cases. NHS England has agreed to consult with patient groups and other organisations, including the NDG and the ICO, before any other Use Cases are agreed.

Patient Choice regarding the NDIT and FDP

The National Data Opt-Out (NDOO) prevents confidential patient information being used for research and planning purposes. It does not apply to direct care (i.e. patient care, for example when you are being treated by a doctor). It also does not apply where data is anonymised, or where the information is required by law. The public are able to make their choice online, or through non-digital channels. Further information on the NDOO is available on the NHS website at the following link: https://www.nhs.uk/using-the-nhs/about-the-nhs/opt-out-of-sharing-your-health-records/. Public engagement recommendations delivered in 2025 will shape changes to the NDOO.

NHS England carefully assesses all data processing within NDIT and the FDP. The use of patient data within the NHS FDP will always respect the NDOO and opt-outs will be applied in line with the policy.

The NDOO does not apply to NDIT processing because NHS England is legally required, under a direction from the Secretary of State for Health and Social Care, to process this data to create national insights and dashboards. There is, therefore, no specific opt-out for the NDIT, or plans to introduce one, as the data processing occurs under a legal requirement.

The NDOO does not apply to the FDP because:

• No confidential patient information is processed by any product in the national platform of FDP to which the NDOO would apply.
• Confidential patient information that is being used in a local platform of the FDP is only being used for the purposes of direct care, and therefore the NDOO does not apply.

Department of Health and Social Care