Patients must be allowed to opt out of their personal data being used for purposes beyond their direct care, a long-awaited report addressing concerns raised by the Care.data debacle has recommended.

The report: Review of Data Security, Consent and Opt-Outs by the National Data guardian Fiona Caldicott and the Care Quality Commission, was commissioned by the Secretary of State for Health Jeremy Hunt last year.

The National Data Guardian proposes a new opt-out model for consultation to enable people to opt out from their personal confidential data being used for purposes beyond their direct care, including supporting research to improve treatment and care.

"Trust is essential and should underpin any opt-out model," wrote Caldicott and chief exec of the CQC David Behan in a letter to Hunt accompanying the report.

The extent to which sensitive patient information is used by commercial entities continues to be highly contentious.

Earlier this year, a leaked document revealed that the Royal Free NHS trust had controversially signed a deal with DeepMind to give the outfit access to 1.6 million patient records.

The report said: "People should also be able to continue to give their explicit consent for specific research projects, as they do now."

It noted people's concern about personal confidential information being used for insurance or marketing. "In general, people were content with their personal confidential data being used for their own care," it said.

According to a study by influential medical charity The Wellcome Trust, a significant number of people remain uncomfortable with commercial bodies accessing their anonymised healthcare records. However, it found a slight majority (53 per cent) of people would be happy for their data to be used by commercial organisations if it was for research.

More than one million patient opt-outs have been implemented for the controversial Care.data scheme, the Health & Social Care Information Centre. However, there is no current option for an opt out that precludes information being used specifically for commercial purposes.

The National Data Guardian also recommends there be a much more extensive dialogue with the public about how their information will be used, and the benefits of data sharing for their own care, for the health and social care system and for research.

Caldicott recommends there should be a full consultation on her proposals.

"The case for data sharing still needs to be made to the public, and all health, social care, research and public organisations should share responsibility for making that case," said the report.

Phil Booth, director of privacy campaign group MedConfidential, said the report was an important first step in bringing a greater degree of transparency and clarity to data sharing.

Whatever happens around the details of opt outs, Caldicott was very clear that patients should know how their data is used. "This should be a fact-based and evidence-based conversation."

Responding to the recommendations, a spokesman from privacy group Big Brother Watch said: “Dame Fiona Caldicott’s report is a leap forward in the conversation about how our personal information should be handled within the NHS.

“The recommendation that a long needed consent and opt out model for personal confidential health care data be established is hugely welcome.

"If adopted, it will give choice back to the patient, so they can actively control the flow of their health data, and have the right to protect it without the threat of a loss of healthcare provision or fear of discrimination.

“These proposals acknowledge that data sharing must be the choice of the individual and that a one-size-fits-all model is simply unworkable.” ®