Guidance

National population screening programmes: the information we use and why, and your options

Updated 29 November 2022

© Crown copyright 2022

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/patient-confidentiality-in-nhs-population-screening-programmes/nhs-population-screening-confidential-patient-data

Providers of screening services and NHS England (NHSE) use information (personal data) held in your medical records to invite you or your child for screening.

NHS England also uses your information to ensure that screening services are safe, effective and maintain the high quality standards set for them. Wherever possible we use the information in anonymous form.

The processing of your personal data is governed by the UK General Data Protection Regulation (UK GDPR). Under data protection law you have rights about how your data is used (see the section ‘Screening programmes and your rights’).

NHS England and screening providers are controllers responsible for the processing of personal data for the purposes of delivering screening services. NHS England is controller for the purposes of safety and quality assurance.

NHS England may share your or your child’s personal information with national disease registers (see the section ‘National registers’). These help us understand more about how well the screening programmes are working. You can opt out of the registers if you do not want your information to be shared.

We may also share your or your child’s personal information with researchers outside of NHS England who want to improve the screening programmes (see the section ‘Using your data for research and your options’).This would only happen with strict approvals and safeguards. You can opt out in advance so that your data is not included in research.

1. Keeping information confidential

We take our responsibility to protect your or your child’s confidentiality very seriously.

The information we use to ensure that safe and effective screening programmes are provided across England is held on secure computer systems.

This information can only be used by our trained staff, who work under close supervision.

We will never:

  • sell or rent your information to third parties
  • share your information with third parties for marketing purposes

2. NHSE and population screening

NHS England provides national leadership for the NHS. We are an executive non-departmental public body, sponsored by the Department of Health and Social Care (DHSC). Our responsibilities include:

  • planning and commissioning the screening programmes
  • coordinating changes in response to population need and new research
  • monitoring and assuring the quality of the service you receive

This is so England has safe, high quality screening programmes that reflect the best available evidence and the UK National Screening Committee recommendations.

Screening is the process of identifying individuals who appear healthy but may be at increased risk of a disease or condition.

Our job is to make sure:

  • the right patients are called at the right time for screening, and that everyone who is eligible to be screened is able to access screening services
  • screening is safe and effective by checking that local services are being provided correctly and investigating any problems
  • screening programmes are achieving their aim of identifying the diseases and conditions they screen for at an early stage

3. Development of new screening IT systems and use of data

NHS England continuously aims to improve the delivery of its population screening programme services. To support this, NHS England will review current and potentially develop new IT technology and systems to support safe delivery of the services. This means we may use information we hold about you (or your child(ren) under the age of 18), that is stored in current systems, to check that we build IT systems correctly before they go live.  Most of the data will not identify individuals, but where we need to use personal information, it will be treated confidentially and used only for testing purposes to make sure the system works as we think it should.

Access to your information in these scenarios is strictly limited to a small number of individuals within the NHS whose role is to help with the testing of the IT system. Copies of your personal information used for this purpose only, will be promptly erased upon completion, and handled in strict compliance with NHS information governance rules and the UK General Data Protection Regulation (GDPR) guidelines.

4. Information used by NHS England to invite people to be screened

If you or your child are eligible for a screening programme, personal information about you or your child is used to send a screening invitation.

This information includes your or your child’s:

  • name
  • date of birth
  • sex
  • NHS number
  • contact details including address and phone number

This information mainly comes from the records the NHS holds for everyone who is registered with a GP. For newborn babies, we get information from NHS IT systems when an NHS number is created after the baby is born. If you have given NHS services your mobile number, either at your GP or at hospital, your local NHS screening programmes may use it to invite you to screening when appropriate. Services may also send reminders to your mobile. You can request the service stop sending these at any time.

Depending on the disease or condition concerned, personal information about your or your child’s medical history will also be used. This information comes from the medical records held by GPs and your local hospital services within the NHS. It is used by your local screening service to ensure you or your child are invited for the right screening at the right time.

Your GP will share any relevant information about you with the screening service. This is to make sure you get the best possible care. For example, if you have a disability which will mean getting screened takes a little longer than usual, the GP may pass this information on to ensure you get a longer appointment.

4.1 Your options

It is your choice whether or not to have screening. If you decide that screening is not for you and you do not want any more invitations, you can opt out. This means you will not get invited for that type of screening in the future.

Opting out is something to think through carefully. It could mean that if you develop the condition being screened for in the future, early signs might be missed. You may want to discuss any questions or concerns with your GP or someone from the local screening programme before making a decision. If you do choose to opt out, remember that you can always opt back in.

If you decide to accept an invitation to be screened, you cannot separately opt out of information about you or your child being used by us to ensure the screening service provided is safe and effective. This is because the work we do to ensure that local screening services are safe and effective benefits everyone who is screened.

However, you can opt out of you or your child’s personal information being shared by us with researchers. You can find out more about this in the section ‘Using your data for research and your options’.

5. Information used by NHS England to ensure screening is safe and effective

Your or your child’s personal information is used by NHS England to ensure that you or your child are invited for the right screening at the right time.

We also use this information to ensure that safe and effective screening programmes are provided across England.

We are responsible for:

  • checking that local services are inviting the right people at the right time and that no-one is missing out on screening
  • making sure that local screening services are safe and effective and are achieving the high quality standard set for them; we monitor service delivery and help investigate if things go wrong
  • checking that screening programmes are effective in identifying diseases and conditions at an early stage across England
  • running the screening helpdesk to answer queries about the NHS screening programmes

To do this, we use information including your or your child’s name, date of birth, sex, NHS number, and contact details such as address and phone number. We also use information about your or your child’s medical history and any treatment that has been received. This information is provided to us by local NHS screening services.

For example, if we think there is a problem with a local screening service, we need to look at medical records to work out whether a disease or condition that screening should have identified has been diagnosed. We need to use personal information to be sure we are looking at the right person’s screening records. We also need to use personal information to then look at these people’s medical histories - but only for medical information that is relevant to the screening programme. We do not see or use any other confidential medical information in your medical records.

If you or a health professional contacts the screening helpdesk, we will record details of the call including information to identify the caller. We keep this information so we can have a record of what advice we gave and to ensure we have the correct information if we are called again.

For most of the work we do, we only use de-personalised or anonymous grouped information. This is information about you or your child which does not include information such as names or dates of birth and so does not directly identify you or your child. We are constantly working to develop ways to minimise our use of information that identifies you directly.

For example, to ensure that local screening services are working well, we only use de-personalised or anonymous grouped information to look at things like how quickly groups of patients are being provided with their screening results. If there are problems, we then work with the local screening service to put them right. This may involve using information that identifies you.

We never publish any information that could be used to identify you or your child.

6. How long personal information is kept

The number of times you or your child will be invited for screening depends on the screening programme.

For example, all women aged 25 to 64 who are registered with a GP are invited for cervical screening. If you are eligible for cervical screening, your personal information will be kept by NHS organisations to ensure you are invited at the right time. It will also be kept by NHS England to ensure that local cervical screening services are safe and effective and that the cervical screening programme is working across England.

How long we need to keep your or your child’s personal information depends on the screening programme. We will keep this information for as long as you are eligible to be invited for screening, plus a further 30 years. This is in case we need to contact you if we find out something has gone wrong with the screening service provided to you or your child.

If you decide to opt out of a screening programme, your or your child’s personal information will still be held by NHS organisations but will no longer be used to send screening invitations. The information will not be deleted in case you want to opt back into the programme at a later date.

7. Information shared by NHS England

7.1 Using your data for research and your options

We may also share your or your child’s personal information with researchers outside of NHS England.

This only happens if the researcher has approval from an ethics committee and special permission to use this information from the Health Research Authority’s Confidentiality Advisory Group. This group provides independent advice to the Secretary of State for Health and Social Care on whether the use of this information is in the interests of patients and the public. This is known as ‘Section 251’ approval.

We never share personal information with researchers without these approvals.

Sharing information helps improve the screening programmes through better planning and research, but you can opt out of your personal information being shared for these purposes if you choose.

You can find out more or register your choice to opt out of your data being used for research purposes.

We will ensure that if you do register your choice to opt out then no personal information about you or your child will be shared with researchers outside of NHS England.

7.2 National registers

To help us understand more about how well the screening programmes are working, we may share your and your child’s personal information with the national cancer register and the national congenital anomaly and rare diseases register.

These national registers are managed by NHS Digital and are used to understand how many people have cancer or a congenital anomaly or other rare disease.

Healthcare teams use this information to continually evaluate and improve services and treatment options for patients. The national registers also fuel research into cancer and rare diseases, helping scientists to investigate possible causes and improve treatments.

Sharing information from the screening programmes with the national registers if you or your child has cancer or a congenital anomaly or other rare disease helps with this. You can opt out of the registers, or find out more, by visiting the national cancer register and the national congenital anomaly and rare diseases register.

We will never publish information that could identify you or your child.

8. Population screening programmes and the law

The law on protecting personal information, known as UK GDPR, allows the NHS to use this information to invite you or your child for screening.

The section of the UK GDPR that applies here is:

  • article 6(1)(e) ‘processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller’

As information about health is a special category of information, a further section of the UK GDPR also applies:

  • article 9(2)(h) ‘processing is necessary for the purposes of preventive or occupational medicine … medical diagnosis, [or] the provision of health or social care or treatment’

The law also allows NHS England to use personal information to ensure that safe and effective screening programmes are provided across England.

The sections of the UK GDPR that apply here are:

  • article 6(1)(e) ‘processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller’
  • article 9(2)(h) ‘processing is necessary for the purposes of preventive or occupational medicine … medical diagnosis, [or] the provision of health or social care or treatment’
  • article 9(2)(i) ‘processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of healthcare’

We also have Section 251 permission from the Secretary of State for Health and Social Care to use personal information for the population screening programmes. Our use of this information is looked at each year by the Confidentiality Advisory Group, which provides independent advice to the Secretary of State on whether our use of this information should continue.

9. Screening programmes and your rights

Under data protection law, you have rights in relation to the personal data about you or your child that NHS England uses for the purposes of the screening programmes. You have the right to request a copy of personal data about you and your child, and a number of other rights.

To find out more about how NHS England processes personal data you can visit the NHS England Privacy Notice. This explains your rights and how to make a request.

In relation to personal data processed for the purposes of a screening programme, you will need to tell us which programme you believe we hold your or your child’s information for.

It is your choice whether or not to have screening. If you decide that screening is not for you and you do not want any more invitations, you can opt out – see the section ‘Your options’ above.

If you would like to see your screening test results, please contact your GP or local screening service.

If you are a parent and would like to see your child’s results, please contact your midwife or health visitor.

10. Find out more or raise a concern

If you would like to find out more about the information used to ensure screening is safe and effective, you can contact our screening helpdesk.

Email: phe.screeninghelpdesk@nhs.net

Telephone: 020 3682 0890

The helpdesk is not for media enquiries, and does not have access to screening results. For queries about results, please contact your GP or local screening service.

If you have any concerns about how your personal information is used and protected by NHS England, you can contact our Data Protection Officer at england.dpo@nhs.net

You have the right to complain to the Information Commissioner’s Office if you have any concerns about how the screening programmes are using your or your child’s personal information.

Back to top