The ICO has conducted a follow-up assessment of the actions taken by NHS Digital (formerly known as HSCIC) in relation to the undertaking it signed on 19 April 2016.

The follow-up provides the ICO with a level of assurance that the agreed undertaking requirements have been appropriately implemented to mitigate the identified risks and support compliance with the Data Protection Act 1998.

An ICO spokesperson said:

“We acknowledge the progress NHS Digital has made to ensure patients’ wishes to opt out of data sharing are implemented as set out in the undertaking it signed in April 2016.

“A formal assessment by ICO good practice auditors in December identified a small amount of work to do, but the team was satisfied that the requirements of the undertaking were being met. NHS Digital has agreed to the ICO’s final recommendations and, as a result, the ICO is satisfied that regulatory action will not be necessary at this stage.”