The National Back Office Tracing Service Technical Annex Published 7 November 2017 Version 1.0 Copyright 2017 NHS Digital.
This Technical Annex supplements a separate Review Findings report covering the main detail of the Tracing Service Review, including context, considerations and recommendations. This Technical Annex describes the Tracing Service Review team s consideration of 16 individual tracing services (discussed in the Review Findings report), providing operational detail alongside relevant reference materials. These materials are published separately for brevity purposes (in respect of the main report). Contents Contents 2 Introduction 4 Background 4 NBO Tracing Services 5 1. NHS data management 5 1.1 Demographics Batch Service Bureau (DBSB), formerly the Migration, Analysis and Cleansing Service (MACS) 5 2. Health and care management 10 2.1 The Skipton Fund 10 2.2 National Blood Service and Welsh Blood Service 12 2.3 Jersey Cytology Screening 14 2.4 Anthony Nolan Bone Marrow Trust 16 2.5 Hereditary Medical Conditions 18 3. Letter forwarding 20 3.1 Letter forwarding service 21 4. Death registration enquiries 24 5. The 1939 Register service 28 6. Record tracing 31 6.1a UK Police service 35 6.1b National Crime Agency 39 6.1c Home Office (Immigration) 42 6.1d Criminal Case Review Commission 49 6.1e HM Coroner Office 51 6.1f NHS Counter Fraud 53 6.2 Full Tracing 55 Copyright 2017 NHS Digital Page 2 of 82
Appendix 1: Terms of reference 58 Appendix 2: Review approach 60 Appendix 3a: Supporting legal provisions 62 Appendix 3b: Supporting statutory instrument 64 Appendix 3c: ICO decision notice 65 Appendix 4: User and stakeholder survey summary of findings 66 Appendix 5: Schedule of recommendations see separate Review Findings report for detail 70 Appendix 6: Glossary of acronyms 78 Appendix 7: Glossary of terms used 79 Copyright 2017 NHS Digital Page 3 of 82
Introduction Each tracing service category and each specific tracing service function is outlined as at the time of initial Review. Where a change in provision of a tracing service occurred during the period of this Review it has been noted in the relevant section. Background The Review has identified and assessed the permissive legislation that enables NHS Digital to undertake a range of tracing services. These tracing services are provided by the National Back Office (NBO). Taken as separate functions, the analysis confirms the existence of one or more legal bases (gateways) that, subject to due-process, permit the processing and/or disclosure of personal data for the purposes described in connection with tracing requests. The Review noted that for some tracing service functions the business requirement has changed, and where this is the case NHS Digital has taken action accordingly. As noted in the main Review Findings, the Review s detailed analysis identified variation in operational controls. This variation results from incremental decisions taken by the tracing service over an extended period of time, and which the Review team believes reflected the prevailing policy, legal and information governance of the day. Discussions with the NBO team confirmed the legacy nature of the service, its procedures and the systems used. The NBO team expressed uncertainty as to its future provision and therefore welcomed the opportunity to discuss the service, and were keen for senior management support in furthering NHS Digital s tracing service capability. NBO staff expressed a view in favour of the Review and saw it as opportunity to inform, innovate and improve the service. The Review encouraged staff to identify opportunities for improving the way tracing services are delivered. In this respect, the Tracing Service Review team would like to thank the NBO team in helping to identify several areas that it believes can significantly improve the efficiency and effectiveness of the tracing service - thereby reducing the administrative burden on the frontline NHS. As referenced in the Review Findings, these include: authorising the release of a patient s address detail rather than limiting the disclosure to just the PCS service detail; removing the requirement for tracing service and letter forwarding correspondence to be handled by PCS service teams - enabling the NHS Digital tracing service team to manage the end to end flow of information; moving the tracing service on to PDS and adopting work-flow systems that speed up the tracing functions; and Copyright 2017 NHS Digital Page 4 of 82
improving overall record keeping by moving to digital record keeping rather than paper. NBO Tracing Services 1. NHS data management NHS Digital is directed by the Secretary of State for Health to maintain national health and care information functions and systems so that the care provided to individuals is effective, high quality and not compromised. NHS Digital has an obligation to maintain and improve the quality of health and social care data in order to fulfil its statutory function of promoting the effective, efficient and economic use of resources in the provision of health services and adult social care in England HSCA s.253(1)d. Not maintaining the quality of local health and care registration records would be counter to NHS Digital s responsibilities regarding the interests and wellbeing of patients and citizens of England, Wales and the Isle of Man. 1.1 Demographics Batch Service Bureau (DBSB), formerly the Migration, Analysis and Cleansing Service (MACS) The Demographics Batch Service Bureau (DBSB) replaced the MACS service when it closed in February 2016. DBSB provides the same bulk trace capability, albeit with an enhanced demographic dataset to non-n3 users via the existing Spine Demographics Batch Service (DBS). The following information represents the tracing service as now provided by the DBSB, but refers to MACS where appropriate to do so. MACS was a bulk tracing service used by NHS service providers and local authority adult and children s social services. (See note on HM Prison Service below that did not have access to the NHS secure N3 network). The service paralleled the Spine Demographics Batch Service (DBS), a bulk tracing tool for N3 users. MACS did not require N3 connectivity. One local authority respondent to the user survey stated: The service is essential in providing a simple way of maintaining accurate NHS numbers within our Social Care database. This supports integration work with healthcare partner organisations and implementing the Care Act in general. MACS processed patient record information submitted in a predetermined format via secure email. Copyright 2017 NHS Digital Page 5 of 82
The MACS process read each record in the incoming file, attempting to match (trace) it to an existing person s record in the former CHRIS database. The matching algorithms were complex and based on matching different combinations of submitted information. MACS reported back or confirmed existing NHS numbers based on information submitted; performed a number of additional analyses relating to data quality (such as identify duplicate records in the submitted batch file); and indicated where a unique person match was possible. The output of this function was a validated and corrected data file including, where appropriate, additional confirmation of fact and date of death. The validated information was returned and used to update local health and care records, thereby ensuring effective local service delivery and avoiding inappropriate communication, e.g. the issuing of hospital appointments to local residents who had recently passed away. i. Governance arrangements MACS governance and operational processing was managed from within the NBO Service Management Team. This remains the case for the new DBSB tracing service. The DBSB service is available to NHS organisations and local authorities to perform bulk tracing of NHS numbers for patient and client lists in health and social care settings, and to assure that the information in these lists is of high data quality and contains an NHS number. This service facilitates use of the NHS number as a primary identifier across care settings, and (at the time of review) does not require a data sharing agreement. All service users are required to ensure that, when uploading the returned data, the correct health and social care records are linked to the correct person, reducing the risk of incorrect treatment and promoting patient safety. DBSB tracing requests have to be made in the prescribed format with an appropriately completed service request form. In particular, the submitting organisation must state the objective of the submission, and the benefit it will bring to the health and social care system. All submissions must be made via an email service that is approved as having a secure relationship with NHSmail. All submitted requests are scrutinised to ensure data had been supplied in the correct format and that all service requirements had been satisfactorily met. Requests are rejected if any element of the file submission or service request forms, including justification for the submission, does not meet requirements. Submitting organisations have the opportunity to correct or update their tracing request including their justification and resubmit. Final approval for all tracing request submissions is taken by the NBO Service Manager or nominated deputy. Requests for new purposes were previously escalated to NHS Digital s Information Governance team for approval, but are now considered by the Independent Group Advising on the Release of Data (IGARD). Copyright 2017 NHS Digital Page 6 of 82
ii. Compliance analysis Additional to the overarching service governance arrangements, each tracing service request is approved subject to the applicant fulfilling the below service specific acceptance criteria: Tracing requests are undertaken subject to consideration of: Health and Social Care Act 2012 (Commencement No 4, Transitional, Savings and Transitory Provisions) Order 2013. This commencement order allows for such processing to be considered as if it were being undertaken as a result of a Direction under s.254 of that Act; HSCA s.261(5)(d) if NHS Digital is satisfied that the disclosure is made to a person where it is necessary or expedient for them to have the information for the purpose of exercising functions conferred on them by or under the HSCA or any other Act. In all cases, NHS Digital will also need to be satisfied that the disclosure is permitted under the Data Protection Act 1998. iii. Acceptance criteria / parameters All tracing requests must be received either from an NHSmail account or from a domain with a secure relationship with NHSmail. Tracing requests must be made either under the direction of the Child Protection Information Sharing Programme (CP-IS) where the client is introduced to the tracing service by the CP- IS programme, or by NHS organisations and Local Authorities to perform bulk tracing of NHS numbers for patient lists in health and social care settings. If an organisation has not previously used the tracing service, a verbal overview is given and the MACS NHS Number Process, or DBSB - NHS Number Batch Tracing in the case of the DBSB, documentation circulated. For all tracing requests, a service request form must be submitted with the dataset, which includes the justification for the request prior to processing the tracing service request must be approved by the NBO Service Manager (or deputy) or returned for further information. iv. DBSB - Data received from DBSB requester Completed DBSB tracing service request form; Populated record submission template for DBSB (* denotes mandatory); o date of birth*; o date of death; o old NHS number; o new NHS number; o surname*; o previous or alternative surname; o first forename*; Copyright 2017 NHS Digital Page 7 of 82
previous or alternative forename; o gender*; o address (Lines 1-5); o postcode*; o previous address (Lines 1-5); o previous postcode; o registered GP; registered GP practice; o previously registered GP; o previously registered GP. v. DBSB - Data disclosed to DBSB requester All supplied data is returned along with the following data where a unique match has been made: NHS number; date of birth; current posting; date of current posting (or death, if dead); current patient surname; first patient forename; previous or alternative surname; other forename(s); gender. vi. Analysis and commentary The MACS tracing service functionality was transitioned to the Demographics Batch Service Bureau (DBSB) as a consequence of decommissioning of the CHRIS system. The NBO received a tracing request from NHS Digital s cross-government team in December 2014 to provide NHS numbers to the HM Prison Service for inmates at English and Welsh institutions to support the provision of NHS services and continuity of patient care. This request was approved but no work took place prior to the MACS tracing service closure. This service requirement has subsequently been raised against the DBSB and a pilot exercise has been undertaken to assess the quality of the available data within the Health and Justice system, and the success rate in matching the data against the SPINE. In undertaking this pilot exercise, the Spine Demographics Batch Service (DBS) matched data, including the NHS number, was not released outside NHS Digital. The Health and Justice Information Sharing (HJIS) programme has not made a decision as to whether they wish to pursue the use of the DBSB tracing service, resulting in the following recommendation. Copyright 2017 NHS Digital Page 8 of 82
Recommendation 13 Expand the NHS data management tracing service capability to accommodate HM prisons and other health and care service providers. The Review noted that in parallel to the Review NHS Digital s Information Governance service is assessing the legal basis on which it is permissible to share NHS data with local authorities. This will impact the DBSB tracing service, as the overall tracing service governance model will need to be reviewed and potentially updated. vii. Further considerations The Review considered the provision of data management services to be a core function of NHS Digital and concludes that a batch tracing function is required to support health and care organisations, which have no current means of connecting to the NHS N3 network. With regard to NHS data management functions provided by the tracing service, it notes that this function is comparable in scope to NHS Digital s Spine Demographics Batch Service (DBS). Following the closure of the MACS tracing service, the Review noted that the DBSB and DBS have a common management hierarchy with both services operating much more closely. Finally, these developments should include enhancements to the system functionality to support the current business and future business requirements. This includes a secure mechanism for transmitting DBSB returns and clearly defined acceptance / rejection criteria and guidance that should be available to the public. Recommendation 14 This Review recommends exploring the opportunity to combine DBSB and DBS into a single service or, as a minimum, merging these functions under one operational and service management structure with common processes, procedures and controls. Management should define clearly the criteria for approval / rejection of DBSB tracing requests and this should be included within DBSB guidance notes issued on the NHS Digital website. Newly defined criteria should be used in the approval process of DBSB tracing requests going forward by the NBO Service Manager. Copyright 2017 NHS Digital Page 9 of 82
2. Health and care management NHS Digital has legal obligations to maintain and improve the quality of health and care data in order to promote an efficient and effective health care system. NHS Digital believes that the disclosure of personal data for the purposes of continuity of care and / or to protect the wellbeing of an individual is a legitimate purpose. 2.1 The Skipton Fund The Skipton Fund is a UK-wide ex gratia payment scheme to make payments to people infected with hepatitis C through treatment with NHS blood or blood products prior to September 1991. The Skipton Fund was established on 25 March 2004 by the Department of Health (England), acting for and on behalf of the Secretary of State for Health, the Scottish Ministers, the National Assembly for Wales and the Department of Health, Social Services and Public Safety (Northern Ireland) (together "the UK health administrations"), to administer the scheme and make payments to relevant claimants on behalf of each of the UK health administrations. Scottish Ministers have adopted the Skipton Fund as a scheme under section 28 (Infection with hepatitis C as a result of NHS treatment etc.) of the Smoking, Health and Social Care (Scotland) Act 2005. The Skipton Fund is administered by a company limited by guarantee. There is no charge for the Skipton Fund to use the tracing service. The tracing service provides confirmation as to whether claimants details (provided by the Skipton Fund) are valid for the purposes of making payments to people infected with hepatitis C through NHS blood products. The tracing service matches against the data provided to the Skipton Fund by the claimant to confirm its validity. i. Governance arrangements Each tracing service request is approved subject to the applicant fulfilling the service specific acceptance criteria listed below. Where these criteria are not met in full, the tracing application will be rejected. Applications that are approved will be fulfilled within 20 days. ii. Compliance analysis Tracing requests are undertaken subject to consideration of: HSCA s.261(5)(c) if NHS Digital is satisfied that enabling payments to be made is necessary or expedient for the welfare of any individual in this case the patient HSCA s.261(4) if NHS Digital identifies by whom the information was collected originally and is satisfied that that person could have lawfully disclosed the information to the Fund for these purposes, including the legal basis for that disclosure Copyright 2017 NHS Digital Page 10 of 82
HSCA s.261(2)(c) would apply if NHS Digital first obtained the individual s consent to the disclosure to the Skipton Fund. In all cases, NHS Digital will also need to be satisfied that the disclosure of personal data is permitted under the Data Protection Act. iii. Acceptance criteria / parameters All tracing requests must be received via post from a named contact. The tracing request must be made on official headed paper, quote the relevant DPA section, be signed by the scheme administrator and be countersigned by a director. iv. Data received from requester A spreadsheet is received from the scheme administrator detailing: title; patient name(s); NHS number (in most cases); date of birth. v. Data disclosed to requester The following data is disclosed to the requester where applicable: contact details (name of service and switchboard telephone number) of the appropriate PCS service and advised to contact the Patient Data Manager; death registration data where appropriate (includes the death registration district and the year and quarter in which the death was registered); patient s name(s) if different to name(s) received from Skipton Fund; patient s date of birth if different to date of birth received from Skipton Fund; if the traced person is not currently registered e.g. the person has embarked from England / Wales / Isle of Man, contact details of the most recent PCS service are supplied. The response provided is double wrapped and sent by special delivery to the requester. viii. Analysis and commentary Whilst the Skipton Fund is operated as a company limited by guarantee, NHS Digital may, subject to due process, disclose personal information in order to protect the welfare of any individual. The Skipton Fund does not have access to a GSI email system, meaning that data is sent to the tracing service by the Skipton Fund via a printed copy of a spreadsheet. Copyright 2017 NHS Digital Page 11 of 82
ix. Findings and recommendations The provision of this tracing service supports NHS Digital s statutory objective of maintaining and improving the quality of health and care data in order to promote an efficient and effective health care system The manual process for the Skipton Fund to submit a tracing request has been highlighted as an area where an improvement could be made to increase the efficiency of the tracing service. Recommendation 15 NBO Management should explore the recent enhancements to NHSmail encryption to allow the Skipton Fund and other relevant organisations to send data to NHS Digital securely. In addition, the Review also recommends that action is taken to standardise and strengthen the operational and information governance controls around patient consent. This recommendation is within the context that the disclosure of administrative data for the purposes of continuity of care and / or to protect the wellbeing of an individual is a legitimate purpose and this tracing service should be maintained. 2.2 National Blood Service and Welsh Blood Service The tracing service facilitates the tracing of a person for a possible bone marrow match, where the National or Welsh Blood Service has lost contact with that individual. i. Governance arrangements Each tracing service request is approved subject to the applicant fulfilling the service specific acceptance criteria listed below. Where these criteria are not met in full, the tracing service application will be rejected. Applications that are approved will be fulfilled within 20 days. ii. Compliance analysis This tracing service provides demographic information and / or death registration information as applicable. Tracing requests are undertaken subject to consideration of: functions set out under Regulations, specifically paragraph 3 of SI 2005 No. 2529, The NHS Blood and Transplant (Gwaed a Thrawsblaniadau r GIG) (Establishment and Constitution) Order 2005; HSCA s.261(5)(d) if NHS Digital identifies which statutory function is being invoked (relevant Act and sections) and is satisfied that it is necessary or expedient for the Copyright 2017 NHS Digital Page 12 of 82
National Blood Service or Welsh Blood Service to have the information in order to be able to exercise that statutory function; HSCA s.261(5)(c) if NHS Digital is satisfied that it is necessary or expedient for NHS Digital to disclose the information to protect the welfare of any individual here the potential recipient of the bone marrow; HSCA s.261(4) if NHS Digital identifies from whom the information was collected originally and is satisfied that that person could have lawfully disclosed the information to the NBS / NHS trust for these purposes, including the legal basis for that disclosure. In all cases, NHS Digital will also need to be satisfied that the disclosure of personal data is permitted under the Data Protection Act. iii. Acceptance criteria / parameters All tracing requests are received by email from a named contact. iv. Data received from requester The following data is received from the National / Welsh Blood Service: patient name(s); date of birth; address(es); 10 digit or old format NHS number (sometimes); donor number. v. Data disclosed to requester The following data is disclosed to the requester where applicable: contact details (name of service and switchboard telephone number) of appropriate PCS service and advised to contact the Patient Data Manager; death registration data where appropriate (includes the death registration district and the year and quarter in which the death was registered); patient s name(s) if different to name(s) received from Blood Service; patient s date of birth if different to date of birth received from Blood Service; if traced person is not currently registered e.g. the person has embarked from England / Wales / Isle of Man, contact details of the most recent PCS service are supplied. The response is sent by secure email quoting a reference number only, as the response is sent to non-secure email address. vi. Analysis and commentary The National Blood and Welsh Blood Services are understood to be using local access to PDS to trace potential donors and hence the decline in their use of NHS Digital tracing service. Copyright 2017 NHS Digital Page 13 of 82
Although local tracing is outside the Review s remit, the local use of PDS in this way needs clarification as it could: a) negate the need for NHS Digital to undertake tracing services for these organisations, and b) exacerbate public misunderstanding of how personal data stored within an NHS Digital managed system (PDS) is used. vii. Findings and recommendations The independent use of PDS via local access is discussed in the Review findings. The Review has confirmed that the National Blood Service no longer requires access to the tracing service. The Welsh Blood Services has confirmed that it wishes to retain access the tracing service. 2.3 Jersey Cytology Screening The aim of this tracing service is to help trace a person with whom contact has been lost, for the purposes of cervical screening. Details are requested for patients who have been lost to cervical screening follow-up since leaving Jersey. Disclosure of a patient s NHAIS area / PCS service is provided to allow screening services in Jersey to make contact. i. Governance arrangements Each tracing service request is approved subject to the applicant fulfilling the service specific acceptance criteria listed below. Where these criteria are not met in full, the tracing service application will be rejected. Applications that are approved will be fulfilled within 20 days. ii. Compliance analysis This tracing service provides details of demographic information and / or death registration information as applicable. Tracing requests are undertaken subject to consideration of: HSCA s.261(5)(c) if NHS Digital is satisfied that it is necessary or expedient for NHS Digital to disclose the information to protect the welfare of any individual here the patient; HSCA s.261(4) if NHS Digital identifies by whom the information was collected originally and is satisfied that that person could have lawfully disclosed the information to the screening programme, including the legal basis for that disclosure. In order to rely on this gateway; In all cases, NHS Digital will also need to be satisfied that the disclosure of personal data is permitted under the Data Protection Act. Copyright 2017 NHS Digital Page 14 of 82
iii. Acceptance criteria / parameters All tracing requests must be received via post from a named contact. iv. Data received from requester The following data is received from Jersey Cytology Screening in a spreadsheet: name(s); date of birth; NHS number (if known). v. Data disclosed to requester The following data is disclosed to the requester where applicable: annotated copy of cytology spreadsheet; name of appropriate NHAIS area / PCS service; death registration data where appropriate (includes the death registration district and the year and quarter in which the death was registered); patient s name(s) if different to name(s) received from Jersey Cytology Screening; patient s date of birth if different to date of birth received from Jersey Cytology Screening; if the patient is not currently registered e.g. the patient has embarked from England / Wales / Isle of Man, contact details of the most recent PCS service are supplied. The response is double wrapped and sent to the requester by special delivery. vi. Analysis and commentary The tracing service management team has confirmed that the tracing service only receives tracing requests from Jersey and not for the Channel Islands as a whole. This consideration has highlighted that there is potential for increased public awareness of this tracing service (following publication of the Review) to encourage other Crown Dependencies to make applications to NHS Digital. It was also noted that the supply of personal data to Crown Dependencies may give rise to data protection issues, as Crown Dependencies are not part of the UK or the European Economic Area (EEA). The Review has confirmed with NHS Digital Information Governance that, whilst Crown Dependencies are outside the European Union (EU), they do comply with EU data protection principles and regulations and therefore the disclosure of personal data is permissible. vii. Findings and recommendations NHS Digital may, subject to due process, disclose administrative data in order to protect the welfare of any individual. Copyright 2017 NHS Digital Page 15 of 82
The provision of this tracing service also supports NHS Digital s statutory objective of maintaining and improving the quality of health and care data in order to promote an efficient and effective health care system. Jersey Cytology Screening does not have access to a GSI email system, meaning that data is sent to the tracing service via post. This manual process has been highlighted as an area where an improvement could be made to increase the efficiency of the tracing service. Alternative options for the secure exchange of data between NHS Digital and Jersey Cytology Screening include exploiting recent enhancements to NHSmail encryption and NHS Digital s Secure Electronic File Transfer (SEFT). The Review also recommends that action is taken to standardise and strengthen the operational and information governance controls applicable to this service. This is within the context that the disclosure of administrative data for the purposes of continuity of care, and/or to protect the wellbeing of an individual, is a legitimate purpose and this tracing service should be maintained. 2.4 Anthony Nolan Bone Marrow Trust The tracing service facilitates the tracing of a person for a possible bone marrow match, where the Anthony Nolan Bone Marrow Trust has lost contact with an individual. i. Governance arrangements Each service request is approved subject to the applicant fulfilling the service specific acceptance criteria listed below. Where these criteria are not met in full, the application will be rejected. Applications that are approved will be fulfilled within 20 days. ii. Compliance analysis This tracing service provides demographic information and / or death registration information as applicable. Tracing requests are undertaken subject to consideration of: HSCA s.261(5)(c) if NHS Digital is satisfied that it is necessary or expedient for NHS Digital to disclose the information to protect the welfare of any individual here the potential recipient of the bone marrow; HSCA s.261(4) if NHS Digital identifies from whom the information was collected originally and is satisfied that that person could have lawfully disclosed the information to the Anthony Nolan Bone Marrow Trust for these purposes, including the legal basis for that disclosure. In order to rely on this gateway, NHS Digital will need to consider the powers and functions of both the originator and recipient of the information, which might be difficult in practice. Copyright 2017 NHS Digital Page 16 of 82
In all cases, NHS Digital will also need to be satisfied that the disclosure of personal data is permitted under the Data Protection Act 1998. iii. Acceptance criteria / parameters All tracing service requests must be received by post or email from a named contact. iv. Data received from requester The following data is received from the Anthony Nolan Bone Marrow Trust: Name(s) of donor; Date of birth; Address(es); 10 digit NHS number. v. Data disclosed to requester The following data is disclosed to the requester where applicable: contact details (name of service and switchboard telephone number) of appropriate NHAIS area / PCS service and advised to contact the Patient Data Manager; death registration data where appropriate (includes the death registration district and the year and quarter in which the death was registered); patient s name(s) if different to name(s) received from Anthony Nolan Trust; patient s date of birth if different to date of birth received from Anthony Nolan Trust; if traced person is not currently registered e.g. the person has embarked from England / Wales / Isle of Man, contact details of the most recent PCS service are supplied. The response is sent by special delivery or secure email quoting a reference number only, as it is sent to a non-secure email address. vi. Analysis and commentary The Anthony Nolan Bone Marrow Trust is understood to be use local access to PDS to trace potential donors and hence the decline in their use of NHS Digital tracing service. Although local tracing is outside the Review s remit, local use of PDS in this way needs clarification as it could exacerbate public misunderstanding of how personal data, stored within an NHS Digital managed system (PDS), is used. vii. Findings and recommendations During the preparation of the Review, the Anthony Nolan Bone Marrow Trust confirmed that it no longer required access to the tracing service 1. 1 Email correspondence J.O Connor, Anthony Nolan Trust J. Cromack NHS Digital, July 2015. Copyright 2017 NHS Digital Page 17 of 82
Consequently, NHS Digital ceased provision of this tracing service (effective from 30 December 2015). 2.5 Hereditary Medical Conditions The aim of the tracing service is to trace a person and facilitate the sharing of details regarding hereditary genetic conditions, where the enquirer wishes to pass on information of an existing medical condition that may be hereditary from their own GP to the GP of the traced individual. This tracing service is limited to adopted persons or their birth relatives only. i. Governance arrangements Each tracing service request is approved subject to the applicant fulfilling the service specific acceptance criteria listed below. Where these criteria are not met in full, the tracing service application will be rejected. Applications that are approved will be fulfilled within 20 days. ii. Compliance analysis This tracing service facilitates the sharing of medical information between the parties GPs with the requester s consent. Tracing requests are undertaken subject to consideration of: Adoption & Children Act; HSCA s.261(4) or s.261(5)(c) for disclosure to a GP on the basis of the individual s consent. The GP s processing must then be connected to their core purpose as a GP. In all cases, NHS Digital will also need to be satisfied that the disclosure of personal data is permitted under the Data Protection Act 1998. iii. Acceptance criteria / parameters The service is limited to adopted persons or birth relatives only, or via their representative: Registered charities; Social services; County councils; Registered adoption agencies; Registered adoption support agencies. Tracing requests are received by post or email quoting an Ofsted, charity or registration number, where applicable, to facilitate the confidential transfer of information relating to an existing medical condition that is hereditary between the GPs (or other healthcare professional) of adoptees and birth relatives. The relationship between the sought person and the adopted person or birth relative must be stated. Copyright 2017 NHS Digital Page 18 of 82
If searching for the birth father, he must be named on the adoptee s original birth certificate or paperwork pertaining to the adoption as either having paid maintenance for the child or been a party to the adoption process. If searching for an adoptee, the post-adoptive names must be provided. No personal identifiable details of the adoptee or birth relative should be included in the letter to be passed from one GP (or other healthcare professional) to another. iv. Data received from requester The following data is received from the requester: the relationship between the sought person and the adopted person or birth relative; signed letter from a GP (or other healthcare professional) that includes: o information relating to the medical condition which is hereditary; o the GP s (or other healthcare professional s) name and address including post code; o the GP s General Medical Council code (where applicable). separate letter specifying all known identifying details about the sought person including: o full post-adoptive names, date of birth or approximate age if known (and address(es) if known) for adoptees; o a copy of the adoptee's original birth certificate (if available); o full names, date of birth or approximate age if known (and address(es) if known) for birth relatives. v. Data disclosed to requester The following data is disclosed to the requester where applicable: if the sought person is deceased and the death was registered under the name provided by the applicant: death registration data where appropriate (includes the death registration district and the year and quarter in which the death was registered); if the sought person is deceased but the death was registered under a different name to that provided by the applicant: confirmation that the record is marked as deceased only; provided the adoptee / birth relative can be identified from the information available and is currently registered with a GP in England, Wales or the Isle of Man, medical information about existing hereditary conditions may be passed on in a letter sent to the GP via the appropriate PCS service; no information is provided to external agencies. vii. Analysis and commentary It has been noted by the Review that very few applications for this tracing service are received by NHS Digital. Copyright 2017 NHS Digital Page 19 of 82
viii. Findings and recommendations The provision of this tracing service supports NHS Digital's statutory objective of maintaining and improving the quality of health and care data in order to promote an efficient and effective health care system. The Review noted that the service relied on local PCS services for the distribution of relevant correspondence between the various parties. The Review recommends that this practice is stopped and the service moves to one where NHS Digital Tracing team manages the exchange of correspondence. This will lead to a better quality tracing service, delivered at lower risk and with the added advantage of reducing the burden on local NHS organisations. Outcome Whilst the number of tracing service applications received each year by NHS Digital is very low, the capability to provide the Hereditary Medical Conditions function is being retained so as to provide a safe, secure and auditable means of information transfer. In light of this Review, this tracing service now manages the exchange of all correspondence for this and similar services. 3. Letter forwarding This is a tracing service offered only to registered charities and no information about a living individual passes from NHS Digital to the requester during the provision of this service without the individual s express consent. The purpose of the tracing service is to trace a person and facilitate the forwarding of letters sent by charities on behalf of individuals in cases of lost contact, with the express aim of reestablishing familial contact. This facility is highly valued by both tracing service users and beneficiaries of this service. The Review believed that the service, as currently operated by NHS Digital, minimises the risk of a person who deliberately broke contact with their family from being located and contacted independent of NHS Digital. Coupled with the fact that these tracing services do not involve the disclosure or dissemination of personal data held by NHS Digital, the Review has concluded that letter forwarding has high societal value and the potential to improve the health and wellbeing of the beneficiaries of these tracing services. Copyright 2017 NHS Digital Page 20 of 82
3.1 Letter forwarding service The tracing service is used by organisations such as the Salvation Army and British Red Cross to restore contact between families separated through, for example, family separation or by armed conflict. NHS Digital confirms to the charity whether it is able to successfully make a trace or not. NHS Digital forwards a standard contact notification letter to the traced individual. Prior to the Review, this was undertaken by the relevant local PCS service and, subject to local protocol, the letter was passed on to the traced patient. No direct contact is established at this stage, and the recipient of the letter is free to ignore or decline further contact. Where a contact request is reciprocated, NHS Digital then forwards a personal letter drafted by the charity to the traced individual. This letter enables the traced individual should they decide to to establish direct contact with the charity. From this point forward, the charity then brokers on-going contact between the various parties. A spokesperson for Barnardo s said of NHS Digital Letter Forwarding Service: We work with people who cannot take family life for granted. This service gives them the opportunity to find and meet family members and build up relationships. Even if the response is not positive, it means that the person looking knows they have done what they can, and they can stop wondering what response they get, however painful that may be. Many people we see [at Barnardo s] have spent years fearing to look for their relatives. With your service we are able to check to see if their relative is alive and then, when they are ready, try to contact them. The importance of family cannot be underrated for people who spent their childhood in Barnardo s. This service gives some people the possibility of a family life. It is invaluable for us to help that happen. i. Governance arrangements Each tracing service request is approved subject to the applicant fulfilling the service specific acceptance criteria listed below. Where these criteria are not met in full, the tracing service application will be rejected. Applications that are approved will be fulfilled within 20 days. ii. Compliance analysis This tracing service facilitates the forwarding of letters to individuals where contact has been lost between the various parties. Copyright 2017 NHS Digital Page 21 of 82
This does not involve the disclosure of any personal data, but is still subject to consideration of: Human Rights Act 1998; HSCA s.261(5)(c) if NHS Digital is satisfied that it is necessary or expedient for NHS Digital to disclose the information to protect the welfare of any individual here the health and wellbeing of the adoptee or birth relative. In all cases, NHS Digital will also need to be satisfied that the disclosure of personal data is permitted under the Data Protection Act 1998. iii. Acceptance criteria / parameters Tracing requests are received by post or email quoting an Ofsted, charity or registration number to request the letter forwarding tracing service. iv. Data received from requester The following data is received from the requestor: name(s); date of birth; address(es); family member / connections; copies of certificates. v. Data disclosed to requester The following data is disclosed to the requester where applicable: no information on living patients is provided to any of the external agencies; an invitation to receive a letter is sent to the traced individual. Prior to the Review the letter was sent via the person s PCS service which then forwarded the invitation; if accepted by the individual, the letter from the charity is forwarded to them; death registration data where appropriate (includes the death registration district and the year and quarter in which the death was registered); where a record of an England, Wales or Isle of Man Civil Death Registration can be identified, advice about how to obtain a copy of the Civil Death Registration data will be provided. vi. Analysis and commentary The Review has identified that, prior to 2008 (when the tracing service transferred from the ONS), the 21.00 letter forwarding charge included a 5.00 payment to the PCS service that forwarded letters to the address held. It is believed that, since 2008, the 5.00 payment to PCS agencies has been waived on the grounds that letter forwarding is now handled entirely within the NHS, but the fee structure has not been revised. Copyright 2017 NHS Digital Page 22 of 82
Occasionally tracing requests are received from additional charities on a one-off basis. Any such tracing requests would follow NHS Digital s service management procedure and would need agreement from Information Governance on the appropriateness of forwarding letters on behalf of a new service user. However, the arrangements for assessing/accepting new service users are ad hoc. The Review noted that NHS Digital s practice and policy regarding the disclosure of data on deceased individuals varies between this tracing service, the 1939 Service, internal FOI policy and NHS Code of Practice. These differences have arisen as a consequence of incremental changes in policy agreed by predecessor organisations. vii. Findings and recommendations The Review has found no specific statutory obligation for the provision of this function. However, the Review considered that subject to due process, NHS Digital may disclose administrative data in order to protect the welfare of the individual. The Review further noted that the use of administrative data to enable individuals to reestablish contact with family members has been supported by the NHS England Caldicott Guardian 2 and the Review further understands that provision has been made within English and Welsh PCS agreements to enable local PCS organisations to support this purpose. This facility is highly valued by both tracing service users and beneficiaries of the service. The Review has concluded that letter forwarding has high societal value and the potential to improve the health and wellbeing of the beneficiaries of these services by bringing relief from the anxiety and stress associated with long-term familial separation. The Review advises that NHS Digital should consolidate and simplify the handling of correspondence by removing the need for correspondence to pass to and from PCS agencies (now achieved as per an outcome in the main Review Findings ). This reduces the number of intermediary parties and contact points involved with processing the trace, and secures a reduction in overall risk whilst improving the efficiency, utility and fitness of purpose of the service. The Review considers that the tracing service as operated by NHS Digital minimises the risk of a person who deliberately broke contact with their family from being located and contacted independently of NHS Digital. However, it recommends that the tracing service management team writes to each user organisation to secure written confirmation of their own data disclosure controls and to obtain a clear commitment from them about how they handle the information disclosed to them by NHS Digital. 3 2 Correspondence between the Salvation Army Family Tracing Service and Sir Bruce Keogh, 23 June 2014 3 NB: The main information that charity may receive relates to death registration information (where appropriate). Copyright 2017 NHS Digital Page 23 of 82
Recommendation 16 This Review recommends that the letter forwarding tracing services strengthens its operational control and governance procedures by writing to each service user organisation to obtain clarification on their own data handling procedures. Any additional controls required by NHS Digital will be reflected in the relevant data sharing agreement. In some circumstances the process involves providing death registration data, namely when the intended recipient of the letter (the sought individual) is recorded as deceased. The Review noted there is variation in the handling and disclosure of death registration data across the tracing functions with a recent change proposal for death registration data only to be released if the death was registered under the same details as those provided to the tracing service. The Review has also highlighted the absence of any agreement with the General Register Office (GRO) regarding NHS Digital s use of its death registration data for this purpose. Recommendation 17 This Review proposes that NHS Digital Information Governance team take action to secure a data sharing agreement with the General Register Office (GRO) that reflects the business needs of the tracing service and wider NHS Digital. This agreement will then form the basis of a common standard / protocol for the use and disclosure of death registration data by the tracing service. In conclusion, the Review believes the Letter Forwarding Service is justifiable and this service should be retained subject to the outlined recommendations. 4. Death registration enquiries This is a tracing service offered to organisations such as registered adoption agencies, adoption support agencies and adoption intermediary services as defined and governed by the Adoption and Children Act 2002. The death registration enquiry function is also integral to a number of the other tracing services and functions provided by the tracing service. A successful tracing request verifies a person s NHS registration and, where recorded, the existence of a person s death registration. Copyright 2017 NHS Digital Page 24 of 82
These facts enable an adopted person or birth relative of an adopted person to avoid searching for family members who are deceased or conversely begin a search with greater confidence in the person s status. In addition to confirmation of the death, the tracing service also provides details of the district in which the death was registered along with the registration year and quarter. 4.1 Death registration enquiries service This tracing service provides verification of registration of a person s death so that an adoptee or birth relative can avoid searching for family members who may be deceased. This tracing service is only accessible to charities or adoption agencies recognised by NHS Digital. Speaking of the service, a spokesperson for Father Hudson s Society said: The benefit is immeasurable, as only the NHS can confirm if a birth relative is still in the UK or if they have been registered as deceased. The benefit pertains to the person who has initiated the enquiry, but also in many instances, to the person who is ultimately found. i. Governance arrangements Each tracing service request is approved subject to the applicant fulfilling the service s specific acceptance criteria listed below. Where these criteria are not met in full, the tracing service application will be rejected. Applications that are approved will be fulfilled within 20 days. ii. Compliance analysis This tracing service provides verification of a person s death. Tracing service requests are undertaken subject to consideration of: the DPA only applies to the personal data of living individuals so is not relevant here. The common law duty of confidence is applicable to confidential information relating to dead people, but the actual registration of a death is unlikely to be viewed as confidential in nature as it is already in the public domain, accessible via the Public Record Office; HSCA s.261(5)(a) if NHS Digital is assured that the death has been registered and therefore has already been lawfully disclosed to the public; HSCA s.261(5)(c) if NHS Digital is satisfied that it is necessary or expedient for NHS Digital to disclose the information to protect the welfare of any individual here the health and wellbeing of the adoptee or birth relative; Copyright 2017 NHS Digital Page 25 of 82
HSCA s.261(7) if that there is another legal power imposed on, or provided to, the HSCIC under or by virtue of any other Act to provide the information. iii. Acceptance criteria / parameters The tracing service can be requested by: Social services; Local council; Registered charity; Registered adoption agency; Registered adoption support service. Tracing requests must be received by email or post quoting an Ofsted, charity or registration number where applicable, to establish if a birth relative or adoptee has been recorded as deceased in England, Wales or the Isle of Man. The sought person must be a birth relative of the enquirer. If searching for the birth father, he must be named on the adoptee s original birth certificate or paperwork pertaining to the adoption. If searching for an adoptee, the post-adoptive names must be provided. iv. Data received from requester The following data is received from the requester: full name; maiden name (if applicable); date of birth or approximate age if known; mother s maiden name; place of birth; last known address; relationship to enquirer; address in September 1939 (if applicable); NHS number (seldom known). v. Data disclosed to requester The following data is disclosed to the requester where applicable: 1. Where a record is traced, and the record is marked as deceased: registration district; death registration quarter and year; this information will be provided only if the name under which the death is registered is the name quoted by the applicant; Copyright 2017 NHS Digital Page 26 of 82
If the sought person is deceased but the death was registered under a different name to that provided by the applicant: the requester will only receive confirmation that the record is marked as deceased. 2. Where a record is traced and the record is not marked as deceased: confirmation of whether or not the individual is currently registered for NHS services. vi. Analysis and commentary This tracing service function is only available to registered organisations with which NHS Digital has an established relationship. The death data disclosed is part of the public death registration record which is the responsibility of the General Register Office (GRO). This tracing service does not involve the disclosure of any confidential information pertaining to living individuals, but consideration of confidentiality arises given the issue of secondary disclosures e.g. other parties named on death registration documents which this service aids the requestor in locating. The Review noted that NHS Digital s practice and policy regarding the disclosure of data on deceased individuals is different between this service, the 1939 Service, internal FOI policy and NHS Code of Practice: Confidentiality guidance. These differences have arisen as a consequence of incremental changes in policy agreed by predecessor organisations. vii. Findings and recommendations This tracing service verifies the existence (or not) of a person s NHS registration and or the registration of a person s death. As such it enables an adopted person or birth relative of an adopted person to avoid searching for family members who are deceased, or, conversely, begin a search with greater confidence of the person s living status. This tracing service is only accessible to charities or adoption agencies recognised by NHS Digital. The Review has found no statutory obligation for the provision of this service, but notes the disclosure of information relating to deceased individuals is not covered by the Data Protection Act 1998 as it is not personal data. As previously noted, the Review acknowledges there is variation in practice across NHS Digital tracing functions relating to the disclosure of death registration data and its analysis has highlighted the absence of any agreement with the GRO regarding the permissible uses of these data by NHS Digital. As with the letter forwarding service, the Review proposes that based on the information in this report NHS Digital Information Governance team take action to secure, where Copyright 2017 NHS Digital Page 27 of 82
practicable, a data sharing agreement with the GRO that reflects these business needs and against which a common NHS Digital standard/protocol can be implemented. The Review acknowledges the concerns of some stakeholders regarding the potential for the requestor having been informed of a death registration record, to obtain information about other individuals from the death certificate, such as the name of the person registering the death. Whilst this information is on public record, it is information that would have been otherwise unknown to the requestor. Recommendation 18 This Review notes the potential for secondary disclosures arising from information disclosed by the death registration enquiries service. Whilst this secondary information is a matter of public record, this Review proposes that the tracing service secures a data sharing agreement with each user organisation that sets out specific provisions to avoid secondary disclosures - and so protect any third party from any possibility of direct contact. This Review has concluded that the death registration enquiries service has high societal value with the potential to improve the health and wellbeing of the beneficiaries of the service by bringing relief from the anxiety and stress associated with long-term familial separation and that these disclosures are consistent with the provisions of the DPA, NHS Act 2006 and HSCA. In conclusion, the Review believes the Death Registration Enquiries Service is justifiable and this tracing service should be retained subject to the outlined recommendations. 5. The 1939 Register service The British Government took a record of the civilian population of England and Wales shortly after the outbreak of World War Two. The information was used to issue identity cards, support the call up of military personnel and to organise rationing. The 1939 Register was subsequently used in the establishment of the National Health Service. Responsibility for the 1939 Register transferred to The National Archive in 2015 and NHS Digital ceased offering this tracing service effective as of 30 th October 2015. The following information is included for completeness. Copyright 2017 NHS Digital Page 28 of 82
5.1 The 1939 Register This tracing service was available to members of the public, genealogists and others subject to payment of a service fee. The tracing service team accessed the 1939 National Registration Transcript Books for England and Wales to manually trace the person of interest. Only results for individuals identified as deceased were disclosed by NHS Digital. i. Governance arrangements Each tracing service request was approved subject to the applicant fulfilling the service specific acceptance criteria listed below. Where these criteria were not met in full, the tracing service application was rejected. Applications that were approved were fulfilled within 20 days. ii. Compliance analysis This service utilised data from the 1939 register providing results only for individuals recorded as deceased. Tracing requests were undertaken subject to consideration of: Freedom of Information Act 2000; the release of data from the 1939 Register was undertaken by NHS Digital in accordance with the Information Commissioner Decision notice FS50248664 dated 9 November 2009. This notice requires NHS Digital to provide to members of the public details of deceased patients who were residing in England and Wales on the 29th September 1939. Until 31 January 2010, tracing requests into the organisation for information from the 1939 Register were available by submitting a request under the Freedom of Information Act 2000, as there was no other means available to request this information. However, on 1 February 2010, the 1939 Register service was established. The 1939 Register service (a cost recovery service) was established to meet the increased demand for information from the registers, which placed considerable pressure on staff resources and which, as an NHS organisation, NHS Digital did not have the resource to meet. iii. Acceptance criteria / parameters This tracing service was open to members of the public. Data was only provided where the individual was recorded as deceased, or where clear evidence of death was provided by the applicant. iv. Data received from requester The following data was received from the requestor: Copyright 2017 NHS Digital Page 29 of 82
completed three-part application form; 42.00 fee. v. Data disclosed to requester The following information from the register was supplied: National Registration number; surname; first forename; other forename(s) / initial(s); date of birth; sex; address; marital status; occupation; the date of the death notification (if recorded before the commencement of the NHS on 5 July 1948). This was only being provided if specifically requested. vii. Analysis and commentary The information held by NHS Digital was the original information as recorded in 1939. A number of entries within the 1939 Register were incomplete or illegible due to natural deterioration and disrepair. The 1939 Register only included individuals who were recorded at an address on the 29 September 1939. Therefore, many members of the armed forces were not listed as they had already been called up for military service. However, membership of Naval, Military or Air Force Reserves or Auxiliary Forces or of Civil Defence Services would be provided if collected. The books were arranged in National Registration Number order and based on the actual whereabouts of individuals on the night concerned. Thus, if an individual was not at his / her usual place of residence, (e.g. in hospital or at a hotel) he / she would not appear at that address in the books. viii. Findings and recommendations The Review noted that the release of data from the 1939 Register was undertaken in accordance with the Information Commissioner Decision notice FS50248664 dated 9 November 2009 (see Appendix 3c). The Review believes the appropriate procedures were in place governing the release of records from the 1939 Register. The Review noted that The National Archives (TNA) contracted with a private company to digitise the original 1939 records and on completion of this work this information was made directly accessible to the public, effective as of November 2015. At this point NHS Digital ceased provision of its own service. Copyright 2017 NHS Digital Page 30 of 82
6. Record tracing Record tracing involves automated and manual cross-checking of data provided by the requester against personal data accessed through the PDS system. The Review noted that, following the publication of the 2014 Partridge Review (as described in the Review Findings), further action has been taken to improve record keeping and support greater transparency of this service with details of tracing activity published quarterly by NHS Digital 4. This tracing service is under taken in two forms: 1. Affirmative tracing enabling organisations with a legitimate purpose to know whether a person of interest is: known to the NHS; whether they are alive or not; and where traced. The service discloses minimal administrative data. No patient sensitive data is released. Users of this service include: HM Coroner Office, National Crime Agency, the Police and Home Office (Immigration) teams. 2. Full tracing is subject to the presentation of a Court Order and provides the same data as above plus any other data specified in the Court Order. The Review has found no evidence or examples of a Court Order having been received by NHS Digital or its predecessor the NHS Information Centre requesting clinical or medical data. The Review has considered this aspect of tracing in depth. It has considered the grounds for authorising the disclosure of personal data without consent, reflected on stakeholder feedback (both those in favour and those opposed to tracing for such purposes), and considered contemporary NHS guidance and relevant legal and statutory provisions. In doing so, the Review has satisfied itself that, subject to due-process, there is a legal basis for the continued provision of record tracing functions. The Review noted that some categories of tracing requests relate to purposes that override common law restrictions that could otherwise prohibit or restrict the disclosure. In other cases the tracing request is subject to consideration of the common law duty of confidence and whether the disclosure can be justified as in the public interest. This requires the tracing service to consider the legal basis for the disclosure; to consider the appropriateness of the data requested; and to weigh the potential for harm to individuals arising from disclosure against the potential for harm arising from non-disclosure. This process is referred to as a balancing exercise or public interest test. The Review noted that public interest considerations are of a necessity nether binary nor exhaustive, and in this regard, it notes the judgement of Lord Goff 5 who stated: 4 http://content.digital.nhs.uk/dataregister 5 Attorney-General V Guardian Newspapers Ltd (No 2) ( Spycatcher ): Hl 13 Oct 1988 Copyright 2017 NHS Digital Page 31 of 82
although the basis of the law s protection of confidence is that there is a public interest that confidence should be preserved and protected by the law, nevertheless, that public interest may be outweighed by some other countervailing public interest which favours disclosure. Lord Goff s opinion establishes the general principle of a balancing exercise and the Review confirmed that the tracing service applies a public interest test, where required, prior to authorising disclosures of personal data. The Review accepts stakeholder feedback that more can be done to make this process transparent and open. In this context, the Review noted that some stakeholders expressed concerns regarding the lack of availability of information on how tracing services are undertaken, and noted apparent differences in process between handling of disclosure requests received from the Police, NCA and Home Office (Immigration) teams. As noted, the Review has considered the matter of comparability extensively and concludes that in regard to record tracing requests that are subject to public interest considerations under the common law, it would be flawed to adopt a common process given the inherent lack of comparability between different offences, and between different purposes and different contexts. The Review believes that adopting a common process would be contrary to fulfilling its obligations in undertaking a fair and equitable consideration of the public interest in each case. The Review therefore considered the current model of applying different, but appropriate criteria to each function and on a case-by-case basis as being correct. However, the Review accepted the need for consistency where requests relate to the same purpose, require the same information and have similar characteristics and context, such as to enable the tracing and recovery of a vulnerable child. In such cases tracing requests should in general be judged using the same criteria regardless of the agency or entity making the tracing request. The Review has highlighted two further factors that, if relevant, may impact on consideration of matters of comparability. These are: a) The level of intrusion The Review has assessed the personal data that is disclosed by the tracing service. It looked at the level of data sensitivity and by inference the degree of intrusion or harm to individuals that might arise from its disclosure. The Review concluded that disclosures of personal data from PDS consist of administrative data only, which generally constitutes a low level of intrusion with a low potential harm to individuals. b) Seriousness of the offence Copyright 2017 NHS Digital Page 32 of 82
The Review acknowledged that NHS guidance has created an expectation amongst some stakeholders that disclosures of personal data will only be made in consideration of the public interest when they relate to a serious crime. 6 However, the Review noted that consideration of the seriousness of a criminal offence is not a requirement under the Data Protection Act 1998, nor under s262(5) of the Health and Social Care Act 2012. Further, the Review noted that there is no commonly agreed definition of what constitutes a serious crime, and nor is there a consensus as to whether consideration of the seriousness of an offence is applicable to disclosures of purely administrative data. Additionally, the Review noted that the NHS Code of Practice acknowledges that public good may be served and harm to individuals avoided by such disclosures, where the data disclosure is considered proportionate for the purpose it is disclosed for. As a consequence, NHS Digital and its predecessors have determined where and how this criterion should be applied, and, where it has been applied, what constitutes a serious crime. In conclusion, the Review acknowledged there are legal, ethical and moral implications of using personal data to trace individuals for the purpose of law enforcement and crime reduction. In light of these points and developing health and care policy, the Review recommends to the Department of Health that relevant NHS policy and guidance be reviewed and updated so that better alignment and consistency of approach could be achieved. (See recommendations 1 & 2 the Review Findings ) The following section summarises the compliance analysis for each Record Tracing function and identifies the assessment and approval criteria that apply - noting the key legal gateways under which data maybe disclosed by NHS Digital for the stated purpose along with the Review s findings for each function. It should be noted that notwithstanding the overarching mandate on which tracing services are operated, there are a range of legal gateways open to officers of HM Government in the furtherance of their statutory duties to request information which the Review has not sought to capture. 6.1 Affirmative Tracing Service metrics Table 2: The following table shows a breakdown of law enforcement tracing requests received for the periods 2013/2014, 2014/2015 and 2015/2016. 01.04.13-31.03.14 6 NHS Code of Practice: Confidentiality 2003 (para30) and Information Governance Alliance public interest guidance note. Copyright 2017 NHS Digital Page 33 of 82
HO(I) Police NCA Criminal Case Review Committee NHS Counter Fraud HM Coroner TOTAL Received 3,583 517 1,391 2 0 0 5,493 Rejected 165 359 0 0 N/A N/A 524 Approved 3,418 158 1,391 2 N/A N/A 4,969 Traced 1,944 107 384 2 N/A N/A 2,437 No trace 1,474 51 1,007 0 N/A N/A 2,532 Same information returned Updated information returned N/A N/A N/A 2 N/A N/A 2 N/A N/A N/A 0 N/A N/A 0 Source: Health and Social Care Information Centre 01.04.14-31.03.15 HO(I) Police NCA CCRC NHS Counter Fraud HM Coroner TOTAL Received 3,501 319 1,242 0 0 0 5,062 Rejected 414 225 1 N/A N/A N/A 640 Approved 3,087 94 1,241 N/A N/A N/A 4,422 Traced 1,987 66 219 N/A N/A N/A 2,272 No trace 1,100 28 1,022 N/A N/A N/A 2,150 Same information returned Updated information returned 1,743 59 193 N/A N/A N/A 1,995 244 7 26 N/A N/A N/A 277 Source: NHS Digital 01.04.15-31.03.16 Copyright 2017 NHS Digital Page 34 of 82
HO(I) Police NCA CCRC NHS Counter Fraud HM Coroner TOTAL Received 6,774 384 1,198 3 2 3 8,364 Rejected 607 278 1 0 0 0 886 Approved 6,167 106 1,197 3 2 3 7,478 Traced 4,336 77 189 3 2 0 4,607 No trace 1,831 29 1,008 0 0 3 2,871 Same information returned Updated information returned 4,141 74 178 3 2 n/a 4,398 195 3 11 0 0 n/a 209 Source: NHS Digital Notes: 1. Statistics regarding same / updated information returned were only kept from end of August / beginning of September 2014 for Home Office (Immigration), Police, NCA (and court orders, although not part of this exercise). As there are only 2 CCRC requests in the last two years, NHS Digital has checked the file to determine whether they were traced or not traced and whether there was the same or updated information supplied. 2. Nature of crimes only record from 01/07/2014 for HO(I) and NCA. 3. Precise nature of crimes are available for the full two year period. 6.1a UK Police service The Police may make tracing requests to trace an individual for the purposes of or in connection with crime prevention; the detection or investigation of crime; apprehension or prosecution of offenders; or for the purposes of criminal proceedings. i. Governance arrangements Each tracing service request is considered subject to the applicant fulfilling the service specific acceptance criteria listed below. Where these criteria are not met in full, the tracing service application will be rejected. Applications that are approved will be fulfilled within 20 days. ii. Compliance analysis Subject to due-process, NHS Digital may provide administrative data to the Police subject to consideration of one or more of the following legal gateways: Copyright 2017 NHS Digital Page 35 of 82
various specific and common law powers the Police have to request and require information; HSCA s.261(5)(d) if NHS Digital identifies which statutory function is being invoked by the Police and is satisfied that it is necessary or expedient for the Police to have the information in order to be able to exercise that statutory function and the disclosure can be justified in the public interest; HSCA s.261(5)(e) if NHS Digital is satisfied that the Police are requesting the information in connection with the investigation of a criminal offence (whether or not in the UK) and the disclosure can be justified in the public interest; HSCA s.261(5)(f) if NHS Digital is satisfied that the disclosure of the information is made for the purpose of criminal proceedings (whether or not in the UK); HSCA s.261(7) if NHS Digital establishes there is another legal power provided to, or requirement imposed on, NHS Digital under or by virtue of any other Act to provide the information and where applicable, the disclosure can be justified in the public interest; Alternatively, a Court Order would allow NHS Digital to disclose information under HSCA s.261(5)(b). In all cases, NHS Digital will also need to be satisfied that the disclosure of personal data is permitted under the Data Protection Act 1998. iii. Acceptance criteria / parameters All tracing requests must be received via post or email. Requests must be made via an English or Welsh Police force. Applications from forces in other jurisdictions are referred to the Higher Information Governance Officer. The purpose for each tracing request must be stated on the tracing service application. This must also correspond with one of the exemptions under DPA s.29(3) prevention or detection of crime, or the apprehension or prosecution of offenders. All tracing requests must be countersigned by an attested officer of the rank of Inspector or above (or equivalent). This must be a wet signature, or the email must be sent from the Inspector s (or above or equivalent) own email account. The tracing request must relate to the tracing of a suspected criminal only (i.e. not a witness, victim, missing person etc). With regard to an investigation of a criminal offence, the tracing request is either approved or refused based on whether the crime is included in the list of serious crimes as determined by NHS Digital Information Governance department / Caldicott Guardian. At the time of this Review the list of serious crimes was: o Treason o Murder / manslaughter o Armed robbery o Rape o Child abuse o Kidnap / abduction / people hijacking o Terrorism Copyright 2017 NHS Digital Page 36 of 82
o Causing an explosion likely to endanger life or property o Possession of firearms with intent to injure o Causing death by reckless driving o Hostage taking. If the tracing request specifically states that the alleged crime occurred more than a year ago, the request is escalated to the Higher Information Governance officer for guidance on whether to attempt to carry out the tracing request. Currently tracing requests for crimes specifically stated as older than five years are automatically rejected see findings and recommendations section below. iv. Data received from requester The following data is received from the Police: the tracing request is made on a DPA s.29 form template (differs per Police force); the specific offence under investigation; the relevant legislation under which the tracing request is being made; details on the sought person, usually including full name(s), last known address(es), and date of birth. v. Data disclosed to requester The following data is disclosed to the requester where applicable: contact details (name of service and switchboard telephone number) of appropriate PCS service and advised to contact the Patient Data Manager; death registration data where appropriate (includes the death registration district and the year and quarter in which the death was registered); patient s name(s) if different to the name(s) received from the police authority; patient s date of birth if different to the date of birth received from the police authority if traced person is not currently registered, e.g. the person has embarked from England / Wales / Isle of Man, the contact details of the most recent PCS service are supplied. vi. Analysis and commentary Tracing requests are received directly from individual Police forces. There is no central function supporting Police tracing requests and hence use of the tracing service varies significantly between forces. Provision of this tracing service is constructed around NHS Digital s functions as set out in statute and where appropriate, consideration of the common law duty of confidence. Subject to due-process only limited administrative data is disclosed to the Police. In regard to public interest disclosures, the Review noted that the 2003 NHS Code of Practice created an expectation amongst some stakeholders that disclosures of personal data will only be considered against an assessment of the seriousness of a criminal offence. Copyright 2017 NHS Digital Page 37 of 82
However, the 2003 Code of Practice does not provide a definition of what constitutes a serious crime. It merely states that; murder, manslaughter, rape, treason, kidnapping, child abuse and cases where individuals have suffered serious harm, may warrant disclosure. The Supplementary Guidance (2010), states that these crimes are certainly deemed to be serious, and other crimes carrying a five-year minimum prison sentence are likely to be included in the definition of serious. This Review noted that relevant legislation (HSCA s261(5) and the DPA) does not limit consideration of criminal offences in this way. In the absence of other factors, and given police enquiries may occur at an early stage in an investigatory process, this Review accepted that the definition of serious crime used by the tracing service ensures disclosures made subject to s261(5)(e) HSCA, are likely to be easier to justify in the public interest and in terms of being proportionate and appropriate. However, the Review also noted that the Police may also make requests for the purposes of criminal proceedings where disclosure by NHS Digital is not subject to the common law duty of confidence and therefore detailed consideration of the public interest, and thus the seriousness of a crime, does not arise. Finally the Review noted that the appropriateness of severity as a general criterion when considering requests requiring the disclosure of only administrative data has been challenged by some stakeholders on the grounds that: there is no statutory requirement for an offence to be a serious crime in order for the tracing service to consider the tracing request or when testing whether the tracing request is in the public interest; there is no nationally agreed definition of what constitutes a serious crime ; the definition of serious crime used by the tracing service excludes offences which the public might otherwise consider to be serious e.g. attempted murder; given that the information to be disclosed is administrative data, and is less intrusive than patient sensitive data, the current definition of serious crime used by NHS Digital may actually be counter to the appropriate consideration of public interests. vii. Findings and recommendations To date, the definition of NHS Digital s list of serious crime list has not been made public, nor has it been shared with police service users, and hence no debate as to its relevance has been undertaken. Equally, the lack of transparency means the tracing service continues to receive a high volume of tracing requests from the Police that it subsequently rejects because the offence cited does not fall into the definition of serious crime used by NHS Digital. Making the NHS Digital definition of serious crime public via the Review will in the short term enable the Police to make appropriate tracing service applications - thereby reducing the number of tracing service applications being rejected and reducing wasted effort by the Police and NHS Digital. Copyright 2017 NHS Digital Page 38 of 82
In the medium term it will also enable debate, which (as below) will hopefully result in an outcome that reduces confusion and frustration amongst tracing service users and stakeholders. As outlined in the Findings Review, the Review has recommended (see recommendations 1 and 2) that NHS Digital engages with the Department of Health to undertake a review of the 2003 NHS Code of Practice and wider NHS policy in this regard - placing particular emphasis on reviewing the guidance relating to the disclosure of administrative data (as opposed to patient sensitive data) and whether the seriousness of an offence should remain a consideration and if so in what context. The Review also noted that tracing service operational procedures prevented the tracing service from disclosing the current/last known address of the person of interest. The Review considered that having validated the legitimacy of a request, to not disclose the address (a key piece of information) was counter to NHS Digital s aim of delivering an effective and efficient tracing service, noting that a subsequent referral to a regional PCS organisation added significantly to the administrative burden of front-line health and care staff. The Review therefore recommends that the tracing service changes its operational procedures so as to disclose the last known address of the person of interest along with appropriate meta data, such as the date the address was added or last changed. Finally, the Review noted the lack of clarity regarding the acceptance of tracing requests from Police forces other than those in England and Wales. Where an application is received from a Police service in Scotland, Northern Ireland or any other legal jurisdiction, the operational arrangement is to escalate this request to the Higher Information Governance Officer in accordance with the service s stated escalation procedure. The Review anticipates that the outcome of recommendation 2 in the Review Findings will resolve this uncertainty. 6.1b National Crime Agency The National Crime Agency (NCA) may make a tracing request to trace an individual who is the subject of a European Arrest Warrant (EAW) for the purposes of criminal proceedings or for the purposes of or in connection with crime prevention the investigation or detection of crime, or the apprehension or prosecution of offenders. i. Governance arrangements Each tracing service request is approved subject to the tracing applicant fulfilling the service specific acceptance criteria listed below. Copyright 2017 NHS Digital Page 39 of 82
Where these criteria are not met in full, the tracing application will be rejected. Applications that are approved will be fulfilled within 20 days. ii. Compliance analysis Subject to due-process, NHS Digital may provide administrative data to the National Crime Agency (NCA) subject to consideration of one or more of the following legal gateways: various specific and common law powers to request and require information; HSCA s.261(5)(d) if NHS Digital identifies which statutory function is being invoked by the NCA regarding extradition and is satisfied that it is necessary or expedient for the NCA to have the information in order to be able to exercise that statutory function and the disclosure can be justified in the public interest; HSCA s.261(5)(e) if NHS Digital is satisfied that the NCA are requesting the information in connection with the investigation of a criminal offence (whether or not in the UK) and the disclosure can be justified in the public interest; HSCA s.261(5)(f) if NHS Digital is satisfied that the disclosure of the information is made for the purpose of criminal proceedings (whether or not in the UK); HSCA s.261(7) if NHS Digital establishes there is another legal power provided to, or requirement imposed on, NHS Digital under or by virtue of any other Act to provide the information. For example, under the Crime and Courts Act 2013, the NCA s key functions (s.1) are crime reduction (including the investigation of serious offences and instituting criminal proceedings) and criminal intelligence. s.7(1) provides that any person may disclose information if it is connected to an NCA function and NHS Digital is satisfied that the disclosure can be justified in the public interest; alternatively, a court order would allow NHS Digital to disclose information under HSCA s.261(5)(b). In all cases, NHS Digital will also need to be satisfied that the disclosure of personal data is permitted under the Data Protection Act. iii. Acceptance criteria / parameters All tracing requests from the NCA must be received via a named contact email and the request must be from a secure nca.x.gsi.gov.uk email account. The purpose for each tracing request must be stated on submission. This must also correspond with one of the exemptions under DPA s.29(3) prevention or detection of crime, apprehension or prosecution of offenders. All tracing requests from the NCA must be countersigned by the rank of G3 or above (or equivalent). The sought person must be suspected of committing a criminal offence and be the subject of a European Arrest Warrant. iv. Data received from requester The following data is received from the requester in a spreadsheet format from a gateway NCA office: Copyright 2017 NHS Digital Page 40 of 82
forename(s); surname; date of birth; sex; case reference number; criminality; case officer; case officer grade; place of birth (if known); requesting country; the legislation under which the request is being made. v. Data disclosed to requester The following data is disclosed to the requester where applicable: annotated copy of NCA spreadsheet; name of appropriate NHAIS area / PCS service; death registration data where appropriate (includes the death registration district and the year and quarter in which the death was registered); patient s name(s) if different to name(s) received from NCA; patient s date of birth if different to date of birth received from NCA; if the patient is not currently registered e.g. the patient has embarked from England / Wales / Isle of Man, the name of the most recent PCS service is supplied. vi. Analysis and commentary Provision of this tracing service is constructed around NHS Digital s functions as set out in statute and where appropriate, consideration of the common law duty of confidence. The current business rules were initially established with the predecessor body to the NCA, the Serious Organised Crime Agency (SOCA). SOCA was a non-departmental public body which existed from 1 April 2006 until 7 October 2013. Subject to due-process only limited administrative data is disclosed to the NCA. The NCA has established a central co-ordinating team which assesses and manages all submissions to the tracing service which are received from various regional NCA teams. This model works extremely well and ensures that a high degree of due-diligence is applied by the NCA before any application is submitted to the tracing service. Tracing requests are submitted to the tracing service in relation to persons who are the subject of an EAW and where all other attempts to locate the individual by the NCA have failed. Copyright 2017 NHS Digital Page 41 of 82
The EAW is a mechanism by which individuals wanted in relation to significant crimes are extradited between EU member states to face prosecution or to serve a prison sentence for an existing conviction. A national judicial authority, such as a court, can issue an EAW to get a suspect extradited. For an EAW to be valid, the suspect must be accused of an offence incurring a maximum penalty of at least a year in prison, or must have been already sentenced to at least four months in prison. The NCA s role is to assess the proportionality and legal validity of EAW requests into and out of the UK, against criteria in the Extradition Act 2003. The NCA place validated EAWs on national systems and, in high risk cases, carries out work to locate offenders and alert the relevant authority, usually the local police force. The Review noted that in its discussions with NCA representatives they have highlighted a strong likelihood that the volume of applications made by the NCA will increase as it begins to take on wider responsibilities as part of its new EU reciprocal SIRENE policing remit. vii. Findings and recommendations The central coordinating team model adopted by the NCA is one which works well for both the NCA and NHS Digital and ensures that EAWs are legally valid and thus able to be executed under UK law. The Review noted that EAWs are issued by a national judicial authority in regard to a specified individual and in the furtherance of criminal proceedings. For this reason NCA tracing service applications are likely to be assessed with reference to HSCA s.261(5)(f),where disclosures by NHS Digital are not subject to the common law duty of confidence and therefore detailed consideration of the public interests will not arise. Where this is the case the tracing service relies on the existence of a duly validated EAW. The Review considered that in addition to determining the validity of the EAW, the tracing service should additionally consider the nature of the criminal offence cited on the EAW. In circumstances where the nature of the offence is questioned, the Review proposes that the tracing service team refers the request to the appropriate Information Governance Officer for further consideration. As detailed in the Review Findings, the Review considered that where the tracing service has validated the legitimacy of a request and approves a disclosure, it should now disclose the last known address of the person of interest. 6.1c Home Office (Immigration) Home Office (Immigration) may make a tracing request to trace individuals of interest to the Home Office (Immigration) teams. The Review noted that Home Office (Immigration) tracing applications generally fell into one of two categories: Copyright 2017 NHS Digital Page 42 of 82
a. Immigration offences To trace individuals who are primarily non-uk residents sought in regard to an immigration offence under section 24 and or 24A of the Immigration Act 1971, i.e. they have failed to comply with conditions of entry or have deliberately broken contact with the Home Office or are an individual who is sought in regard to other criminal offences e.g. offences against the person. In some circumstances the sought individual may be a child and or a vulnerable individual, in which case the welfare of the individual becomes the paramount concern. b. NHS debt recovery The Immigration Rules (HC385) were amended on 31 October 2011 so as to insert a sanction to be imposed on people not resident in the UK who were seeking to enter or remain in the UK, but who had unpaid NHS debts of at least 1,000 (subsequently revised to 500). The Charging Regulations 2015 place a legal obligation on NHS trusts, NHS foundation trusts and Local Authorities in the exercise of public health functions in England to establish whether a person is an overseas visitor to whom these charges apply or whether they are exempt from charges. When charges apply, a relevant NHS body must recover charges from the person liable to pay for the NHS services provided to the overseas visitor. The sanction for non-payment was that any future application for leave to remain would normally be refused. In such circumstanced an immigration offence would arise if the person continued to reside in the UK without leave to remain. The Review noted that the Immigration Rules are relevant pieces of legislation that link these two specific purposes. The Immigration Rules comprise the relevant UK immigration law - permitting the Home Office (Immigration), if appropriate, to use NHS data to refuse future immigration applications that individual might make. i. Overall Governance arrangements Each tracing service request is considered subject to the applicant fulfilling the service specific acceptance criteria listed below or as subsequently amended. Where these criteria are not met in full, the tracing service application will be rejected. Applications that are approved will be fulfilled within 20 days. ii. Compliance analysis Subject to due-process, NHS Digital may provide administrative data to Home Office (Immigration) subject to consideration of one or more of the following legal gateways*: a) Compliance analysis Immigration: Copyright 2017 NHS Digital Page 43 of 82
HSCA s.261(5)(c) if NHS Digital is satisfied that it is necessary or expedient for the purposes of protecting the welfare of any individual and the disclosure can be justified in the public interest; HSCA s.261(5)(d) if NHS Digital is satisfied that it is necessary or expedient for Home Office (Immigration) to have the information in order to be able to exercise that statutory function and the disclosure can be justified in the public interest; HSCA s.261(5)(e) if NHS Digital is satisfied that Home Office (Immigration) is requesting the information in connection with the investigation of a criminal offence and the disclosure can be justified in the public interest; (For example, Immigration Act 1971 s.24 and s.24a - includes the offence of illegal entry; or when an individual remains in the UK beyond any limited leave to remain; or breaches reporting restrictions); HSCA s.261(5)(f) if the disclosure is made for the purpose of criminal proceedings (whether or not in the United Kingdom); Alternatively, a Court Order would allow NHS Digital to disclose information under HSCA s.261(5)(b); HSCA s.261(7) if NHS Digital establishes that there is another legal power provided to, or requirement on, NHS Digital under or by virtue of any other legislation, e.g. section 20 of the Immigration and Asylum Act 1999. b) Compliance analysis NHS Debt recovery: NHS Act 2006 (s.1 and s.175) and as subsequently amended by HSCA; Immigration Rules (HC877) as amended 6 April 2016; Charging Regulations 2015; in May 2014, a test case in the High Court confirmed that it was lawful for NHS bodies to pass information to Home Office (Immigration) for the purpose of pursuing non-uk residents who have used the NHS without entitlement and have unpaid debts. In October 2015 the Court of Appeal upheld this judgement (R (on the Application of W & Ors.) v Secretary of State for the Home Department [2014] EWHC 1532 (Admin) and W, X, Y and Z v Secretary of State for Health, Secretary of State for the Home Department and British Medical Association [2015] EWCA Civ 1034) HSCA s.261(4) if NHS Digital identifies from whom the information was collected originally and is satisfied that that person could have lawfully disclosed information for the stated purpose of NHS debt recovery, including the legal basis for that disclosure and the disclosure can be justified in the public interest. In all cases, NHS Digital will also need to be satisfied that the disclosure of personal data is permitted under the Data Protection Act. (*The Review noted that section 20 of the Immigration and Asylum Act 1999 was amended in 2016 (s55 of the Immigration Act 2016), to allow for public authorities to share information with the Home Secretary for immigration purposes.) Copyright 2017 NHS Digital Page 44 of 82
iii. Acceptance criteria / parameters Tracing requests must be received by secure email or post. The purpose for each tracing request must be stated on the application, e.g. prevention or detection of crime, or the apprehension or prosecution of offenders. All tracing requests must be countersigned by the rank of Higher Executive Officer (HEO) or above (or equivalent). If the email is sent from a deputy, the counter signatory must be copied into the email. NHS Digital will approve or refuse the request based on whether the crime relates to: illegal entrants; absconders; over stayers; asylum seekers (see commentary below); NHS debt recovery. iv. Data received from requester (immigration & NHS debt recovery) The following data is received from Home Office (Immigration): single or multiple tracing requests may be received; each request is detailed on a Home Office (Immigration) template (there are multiple templates); each tracing request will normally contain name(s), date of birth and address; and details of the relevant legislations under which the tracing request is being made. v. Data disclosed to requester (immigration & NHS debt recovery) The following data is disclosed to the requester where applicable: contact details (name of service and switchboard telephone number) of appropriate NHAIS area / PCS service and advised to contact the Patient Data Manager; death registration data where appropriate (includes the death registration district and the year and quarter in which the death was registered); patient s name(s) if different to name(s) received from Home Office (Immigration) patient s date of birth if different to date of birth received from Home Office (Immigration); all responses are sent from a secure email address to a secure email address; if traced person is not currently registered e.g. the person has embarked from England / Wales / Isle of Man, contact details of the most recent PCS service are supplied. vi. Analysis and commentary Provision of this tracing service is constructed around NHS Digital s functions as set out in statute and where appropriate, consideration of the common law duty of confidence. Subject to due-process only limited administrative data is disclosed to Home Office Copyright 2017 NHS Digital Page 45 of 82
(Immigration). vii. Analysis and commentary - immigration Offences: At the time the Review began, the business rules for processing tracing requests from the Home Office required consideration against one of the following five categories: illegal entrants; absconders; overstayer; asylum seekers; NHS debt recovery. The asylum seeker category was used only for tracing requests linked to missing or absconded failed asylum seekers that the Home Office (Immigration) sought to re-establish contact with. It was rarely used - out of 4,491 applications analysed, there were just 29 cases where this category was cited. The Review concluded, however, that this category was incorrectly labelled given the purpose for which it was used and, recognising that immigration offenders can be sought under other categories, the Review found this category to be unnecessary and requested its removal. The Review was clear that this category, although mislabelled, has never been misused. No data on asylum seekers who aren t sought in regard to an offence has been submitted, approved or processed. The Review further noted the concerns of Public Health England s Health Migrant and Visitor Health team (PHE MVH), BMA Ethics representatives, the National Aids Trust, Doctors of the World and other stakeholder groups. These organisations have highlighted that disclosures to Home Office (Immigration) may, through fear of being apprehended, deter vulnerable people from seeking medical intervention, consequentially increasing the risk of the spread of communicable diseases such as tuberculosis and HIV. The Review acknowledged concerns of using personal data for these purposes, but it also accepts there is public interest in maintaining effective immigration control. The Review further recognised the importance that Parliament places on the role of immigration enforcement, and the seriousness of immigration control as recognised by the courts and internationally. These issues are all factors that NHS Digital considers when considering the public interests in these cases. viii. Analysis and commentary - NHS debt recovery: Tracing requests may be received from various Home Office (Immigration) teams citing NHS debt recovery as the justification for the tracing request. In regard to NHS debt recovery the Review noted: Copyright 2017 NHS Digital Page 46 of 82
the October 2015 Court of Appeal Judgement W, X, Y and Z v Secretary of State for Health, Secretary of State for the Home Department and British Medical Association [2015] EWCA Civ 1034, in regard to the 2014 High Court decision R (On the Application Of W & Ors,) v Secretary of State for the Home Department [2014] EWHC 1532 (Admin): and the 2015 Statutory Instrument No. 238 National Health Service, England The National Health Service (Charges to Overseas Visitors) Regulations 2015 which provides an explicit legal obligation on NHS bodies to collect and share information for NHS Debt Recovery purposes. Also, Section 12.8 of the DH Guidance on implementing the overseas visitor hospital charging regulations 2015, which states that: NHS bodies (or debt collection agencies working on their behalf) can share nonclinical data with the Home Office, via the Department of Health, on chargeable non-european Economic Area patients holding a debt of 1,000 or more [subsequently reduced to 500] (once that debt has been outstanding for three months [subsequently reduced to 2 months]) with a view to better collect debts owed. The Home Office can then use that data to deny any future immigration application to enter or remain in the UK that the person with the debt might make. Patients do not have to provide their consent to this data being shared but NHS bodies should ensure that patients are aware of the potential immigration consequences of not paying a debt for which they are liable The Review notes that the Department of Health established the Visitor and Migrant NHS Cost Recovery team to facilitate the exchange of personal data for this purpose. In light of this, the Review queried the need for this service. It analysed the data available, which indicated that over 50% of these trace requests prove unsuccessful (i.e. no trace found), and of those that were traced, 80% of these return the same information as was originally provided by the Home Office. ix. Findings and recommendations - immigration offences In regard to the use of the term asylum seeker as a criterion for assessing Home Office (Immigration) tracing requests, the Review was clear that the term was incorrectly labelled given the purpose for which it was used and, recognising that immigration offenders were sought under other categories, found this category to be unnecessary. The tracing service changed its business rules to remove this criterion with immediate effect (in July 2015). The Review noted the concerns of organisations representing public health and the interests of vulnerable individuals, particularly the interests of non-uk residents. These organisations Copyright 2017 NHS Digital Page 47 of 82
were concerned that by authorising the disclosure of personal data to Home Office (Immigration) teams, individuals will be fearful of contacting the NHS. In light of these concerns, the Review considered whether NHS Digital should cease processing requests from Home Office (Immigration) teams, or whether it should limit the service. On balance, a conclusion was reached that limiting the service from NHS Digital may add an additional burden on frontline health and care organisations. In terms of the potential harm to individuals arising from people being deterred from seeking health care for fear of being traced, the Review concluded that there is currently insufficient evidence of such harm to justify suspending this service when weighed against the public interest in re-establishing contact with individuals and where necessary, enforcing immigration controls. The Review recommends, however, that research should be commissioned to assess the impact of this risk. (See recommendation #5 of Review Findings ). In addition to this recommendation, the Review advised the tracing service to ensure that when considering public interests in relation to specific requests, it factors consideration of the potential for public health harm into its assessment. The Review has engaged extensively with the Department of Health and Home Office officials to review the basis on which all Home Office (Immigration) tracing requests are raised, submitted to the tracing service, and subsequently assessed/processed by the tracing service. As a consequence of this engagement and the Review s recommendations, the tracing service has agreed a new protocol with the Home Office and Department of Health setting out much more clearly the business operating rules and legal framework under which services to Home Office (Immigration) will be provided. Finally the Review noted that practice at the time of the Review prevented NHS Digital tracing personnel from disclosing the current/last known address of the person of interest. The Review considered that having validated the legitimacy of accepting and processing such requests, to not disclose this key piece of information is counter to NHS Digital s aim of delivering an effective and efficient service and significantly adds to the administrative burden of front-line health and care organisations. x. Findings and recommendations - NHS debt recovery: The Review concluded that there is specific statutory and judicial precedent for the provision of personal data to the Home Office (Immigration) in connection with NHS debt recovery. The Review noted that revisions to the UK Immigration Rules mean that non-uk residents owing a debt to the NHS may have this debt cited by the Home Office as justification for refusing leave to stay. On expiry of pre-existing visa or other residency authority their continued residency results in a breach of UK immigration regulations and so the individual would commit an offence. Copyright 2017 NHS Digital Page 48 of 82
In this context, the existence of an outstanding NHS debt is a factor in the refusal of the Home Office to grant a further leave to remain. This refusal, coupled to the person s continued residence, triggers the immigration offence and therefore justification for a subsequent tracing application. The Review s analysis demonstrated that the tracing service provided by NHS Digital adds little or no additional value to the information already held by or available to the NHS trust and or Home Office (Immigration) teams. In light of this, and with the agreement of DH Visitor and Migrant NHS Cost Recovery programme, the Review agreed that NHS Digital would cease to accept NHS debt recovery tracing queries and instead re-direct HO to the NHS body to which the debt was owed. The Review further proposes that the tracing service updates its business process model so as to enable the tracing service team to be able to differentiate applications pertaining to immigration offences, from those pertaining to fraud against the NHS which will be referred to NHS Protect 7 (see section 6.1f below). 6.1d Criminal Case Review Commission The Criminal Case Review Commission (CCRC) may make tracing requests to locate individuals. i. Governance arrangements Each tracing service request is approved subject to the applicant fulfilling the tracing service s specific acceptance criteria listed below. Where these criteria are not met in full, the tracing application will be rejected. Applications that are approved will be fulfilled within 20 days. ii. Compliance analysis Subject to due-process, NHS Digital may provide personal data to CCRC subject to consideration of one or more of the following legal gateways: HSCA s.261(5)(b) if NHS Digital has received a relevant court order; HSCA s.261(5)(d) if NHS Digital identifies which statutory function is being invoked by the CCRC (s.17 Criminal Appeal Act 1995) and is satisfied that it is expedient to have the information in order to be able to exercise that statutory function and the disclosure can be justified in the public interest; HSCA s.261(5)(e) if NHS Digital is satisfied that the CCRC is requesting the information in connection with the investigation of a criminal offence and is satisfied that the CCRC has the power to carry out such an investigation within its role and the disclosure can be justified in the public interest; 7 See also NHS Counter Fraud Authority (NHSCFA) Copyright 2017 NHS Digital Page 49 of 82
HSCA s.261(5)(f) if NHS Digital is satisfied that the disclosure of the information is made for the purpose of criminal proceedings (whether or not in the UK) HSCA s.261(7) if NHS Digital establishes that there is another legal power provided to, or requirement on, NHS Digital under or by virtue of any other Act e.g. under the Criminal Appeal Act 1995 s.17(2), the CCRC has the power to require public bodies which it believes to hold relevant information to either produce the document or documents or provide access to them and the disclosure can be justified in the public interest. In all cases, NHS Digital will also need to be satisfied that the disclosure of personal data is permitted under the Data Protection Act 1998. iii. Acceptance criteria / parameters All tracing requests must be made via email. All tracing requests must quote the Criminal Appeal Act (1995) (section 17) and normally state the name and date of birth of the sought person. iv. Data received from requester The following data is received from the CCRC: case reference name; name; date of birth; address. v. Data disclosed to requester The following data is disclosed to the requester where applicable: contact details (name of service and switchboard telephone number) of appropriate NHAIS area / PCS service and advised to contact the Patient Data Manager; death registration data where appropriate (includes the death registration district and the year and quarter in which the death was registered); patient s name(s) if different to name(s) received from CCRC; patient s date of birth if different to date of birth received from CCRC; if traced person is not currently registered e.g. the person has embarked from England / Wales / Isle of Man, the contact details of the most recent PCS service are supplied. vi. Analysis and commentary The tracing service is used infrequently with only 6 applications processed in the period covered by the Review. Copyright 2017 NHS Digital Page 50 of 82
vii. Findings and recommendations The Review concluded that notwithstanding that applications are only received very occasionally from the CCRC, the NBO should continue offering this service where details are requested for: the perpetrator (only); a serious crime. As detailed in the main Review Findings, the Review noted that current practice prevents NHS Digital s tracing team from disclosing the current/last known address of the person of interest. The Review considered that having validated the legitimacy of accepting and processing such requests, to not disclose the address (a key piece of information) is counter to NHS Digital s aim of delivering an effective and efficient service and significantly adds to the administrative burden of front-line health and care organisations. As outlined, the Review recommends that the tracing service moves to disclose the last known address of the person of interest along with appropriate meta data such as the date the address was added or last changed. 6.1e HM Coroner Office The HM Coroner s Office may make a tracing request to locate known next-of-kin or the GP details of a deceased person to help ascertain the cause of their death. i. Governance arrangements Each tracing service request is approved subject to the tracing applicant fulfilling the service specific acceptance criteria listed below. Where these criteria are not met in full, the tracing application will be rejected. Applications that are approved will be fulfilled within 20 days. ii. Compliance analysis Subject to due-process, NHS Digital may provide personal data to HM Coroner subject to consideration of one or more of the following legal gateways: Judicial powers; s.1(7) of the Coroners and Justice Act 2009 allows coroners to make whatever enquiries they deem necessary in order to investigate a death; HSCA s.261(5)(d) if NHS Digital identifies which statutory function is being invoked by the coroner (relevant Act and sections) and is satisfied that it is necessary or expedient for the coroner to have the information in order to be able to exercise that statutory function and the disclosure can be justified in the public interest. Copyright 2017 NHS Digital Page 51 of 82
In all cases, NHS Digital will also need to be satisfied that the disclosure of personal data is permitted under the Data Protection Act 1998. iii. Acceptance criteria / parameters All tracing requests to search for a deceased person or known next of kin must be received by post or email. Tracing requests by post must be received on letter headed paper bearing the area coroner s wet signature. A password protected document must be provided for tracing requests submitted by email, because secure email is not available to coroners. iv. Data received from requester The following data is received from the HM Coroner s Office: name; date of birth; date of death (where applicable); address. v. Data disclosed to requester The following data is disclosed to the requester where applicable: contact details (name of service and switchboard telephone number) of appropriate NHAIS area/ PCS service and advised to contact the Patient Data Manager; patient s name(s) if different to name(s) received from HM Coroner; patient s date of birth if different to date of birth received from HM Coroner; if traced person is not currently registered e.g. the person has embarked from England / Wales / Isle of Man, contact details of the most recent PCS service are supplied. vi. Analysis and commentary Only 3 applications had been received from HM Coroner s Office in the period covered by the Review. Coroners do not have access to a GSI email system, meaning that data from HM Coroner s Office is sent to the tracing service via post. This manual process has been highlighted as an area where an improvement could be made to increase the efficiency of the tracing service. vii. Findings and recommendations The Review recommends that action is taken to exploit the recent enhancements to NHSmail encryption to allow Coroners to send data to the tracing service securely. Copyright 2017 NHS Digital Page 52 of 82
As detailed elsewhere, the Review noted that current practice prevents NHS Digital s tracing team from disclosing the current / last known address of the person of interest. The Review considered that having validated the legitimacy of accepting and processing such requests, to not disclose this key piece of information is counter to NHS Digital s aim of delivering an effective and efficient service and significantly adds to the administrative burden of front-line health and care organisations. The Review therefore recommends that the tracing service moves to disclose the last known address of the person of interest along with appropriate meta data such as the date the address was added or last changed. 6.1f NHS Counter Fraud The Secretary of State for Health has responsibility to ensure healthcare provision is protected from fraud and unlawful activities. The NHS Counter Fraud Service as exercised by NHS Protect and / or local NHS counter fraud staff, is responsible for the prevention, detection and investigation of fraud and corruption as well as the management of security and measurement of fraud within the NHS. i. Governance arrangements In addition to the overarching service governance arrangements (described in Section 2), each tracing service request is approved subject to the applicant fulfilling the tracing service s specific acceptance criteria listed below. Where these criteria are not met in full, the tracing application will be rejected. Applications that are approved will be fulfilled within 20 days. ii. Compliance analysis Subject to due-process, NHS Digital may provide personal data to NHS Protect subject to consideration of one or more of the following legal gateways: NHS Protect has a responsibility to ensure healthcare provision is protected from fraud and other unlawful activities. The Counter Fraud and Security Management Service (Establishment and Constitution) Order 2002 (Statutory Instrument 2002/3039), issued by the Secretary of State for Health pursuant to powers granted by the National Health Service Act 1977 part 126; part 10 of the NHS Act 2006 makes provision for the protection of the NHS from fraud and other unlawful activities. The NHS Act 2006 confers powers upon NHS Protect, as the statutory body responsible for tackling crime across the NHS, to require the production of information or data from an NHS contractor (defined as any person or organisation providing services of any description under arrangements made with an NHS body) in connection with the exercise of the Secretary of State for Health s counter fraud functions; Copyright 2017 NHS Digital Page 53 of 82
the NHS Business Services Authority has delegated functions under Regulations (SI 2008 No. 1148) which in turn derive from powers contained within the NHS Act 2006 (Part 10) to do with the production of documents in connection with the exercise of the Secretary of State's counter fraud functions or security management functions in relation to the health service; HSCA s.261(5)(d) if NHS Digital identifies which statutory function is being invoked (relevant Act and sections) and is satisfied that it is necessary or expedient for NHS Counter Fraud services to have the information in order to be able to exercise that statutory function and the disclosure can be justified in the public interest; HSCA s.261(5)(e) if NHS Digital is satisfied that Counter Fraud officers are requesting the information in connection with the investigation of a criminal offence and NHS Digital is satisfied that Counter Fraud officers / the organisation for which they are acting has the power to carry out such investigations and the disclosure can be justified in the public interest; HSCA s.261(5)(f) if NHS Digital is satisfied that disclosure of the information is made for the purpose of criminal proceedings. NHS Digital should consider if disclosure is made for those purposes or if the proceedings only follow from the outcome of the investigations; HSCA s.261(4) if NHS Digital identifies from whom the information was collected originally and is satisfied that that person could have lawfully disclosed the information to the NHS Counter Fraud Service for these purposes. In all cases, NHS Digital will also need to be satisfied that the disclosure of personal data is permitted under the Data Protection Act. iii. Acceptance criteria / parameters All tracing requests must be received via post or email. All requests must quote the Data Protection Act 1998. iv. Data received from requester The following data is received from the requester: patient name(s); date of birth; NHS number; address. v. Data disclosed to requester The following data is disclosed to the requester where applicable: contact details (name of service and switchboard telephone number) of appropriate NHAIS area / PCS service and advised to contact the Patient Data Manager; death registration data where appropriate (includes the death registration district and the year and quarter in which the death was registered); patient s name(s) if different to name(s) received from Counter Fraud officer; Copyright 2017 NHS Digital Page 54 of 82
patient s date of birth if different to date of birth received from Counter Fraud officer; if traced person is not currently registered e.g. the person has embarked from England / Wales / Isle of Man, the contact details of the most recent PCS service are supplied. vi. Analysis and commentary There were only 2 tracing requests received for this tracing service in the period covered by the Review. The Review noted that NHS Protect has direct local access to the PDS therefore only requires the use of the tracing service in a small number of complex cases requiring access to paper records and / or the specialist expertise of NHS Digital tracing team. vii. Findings and recommendations The Review has identified a decline in the use of NHS Digital tracing services by NHS Counter Fraud teams as a consequence of the deployment of national applications and access to PDS. There is the potential that, if the NHS Counter Fraud service no longer requires tracing services because it now uses PDS directly, that this particular function can be retired. Should it continue to be required then the Review recommends that the tracing service moves to disclose the last known address of the person of interest along with appropriate meta data such as the date the address was added or last changed. 6.2 Full Tracing 6.2a Orders of the Court NHS Digital may undertake tracing services to trace a person or supply information as directed by a Court Order. i. Governance arrangements Each tracing service request is approved subject to the applicant fulfilling the tracing service s specific acceptance criteria listed below. Where these criteria are not met in full, the tracing application will be rejected. Applications that are approved will be fulfilled within 5 days. ii. Compliance analysis This tracing service provides information as requested by the Courts. Tracing requests are undertaken subject to consideration of: Judicial precedent; and Copyright 2017 NHS Digital Page 55 of 82
HSCA12 s.261(5)(b) if NHS Digital is in possession of the relevant court order. In all cases, NHS Digital will also need to be satisfied that the disclosure of personal data is permitted under the Data Protection Act 1998. iii. Acceptance criteria / parameters All tracing requests must be received via post. All Court Orders must be original court orders (or verified as original) bearing the Court s seal and directed to the Health and Social Care Information Centre (the statutory title for NHS Digital). iv. Data received from requester The following data is received from the court: original Court Order (or certified copy of the original). Court Orders may be received from the Clerk of the Court via a solicitor, police officer or a County Council. v. Data disclosed to requester The following data is disclosed to the requestor where applicable: data as requested in the court order; death registration data where appropriate (includes the death registration district and the year and quarter in which the death was registered); patient s name(s) if different to name(s) received from the Court; patient s date of birth if different to date of birth received from the Court; address; if traced person is not currently registered e.g. the person has embarked from England / Wales / Isle of Man, contact details of the most recent PCS service are supplied; The response is double wrapped and sent by special delivery to the Court. vi. Analysis and commentary NHS Digital is required to comply with a Court Order. vii. Findings and recommendations The tracing service requires receipt of an original copy of the Court Order (or certified copy) before approving the tracing request. This can cause frustration and delays, so the following change is recommended: Copyright 2017 NHS Digital Page 56 of 82
Recommendation 19 This Review recommends reviewing the court order process, and exploring whether it would be possible for the tracing service to receive court orders via email or fax. Copyright 2017 NHS Digital Page 57 of 82
Appendix 1: Terms of reference NHS Digital (also known as the Health and Social Care Information Centre) Tracing Service Review Context The NBO became part of the NHS Information Centre (predecessor to the Health and Social Care Information Centre) from 1 April 2008, transferring in from the Office for National Statistics (ONS). It was primarily focused around the maintenance of Patient Demographic Data, including (but not limited to) name, address, date of birth and NHS number, which was used by clinical systems across the country. The primary systems in use were the Central Health Register Inquiry System (CHRIS) database and more latterly, following the National Programme for IT, the Personal Demographics Service (PDS) system, which was a component part of the Spine. The PDS system enabled a patient to be readily identified by health and social care staff quickly and accurately, and does not hold any clinical or sensitive data items such as ethnicity or religion. This service included resolving data quality incidents and providing matching and cleansing services for all users of the patient demographic data within the NHS and wider health economy. In addition to managing demographic records, the NBO responds to specific trace requests that originate from outside of the NHS/health family, including requests covered by Section 29(3)) of the Data Protection Act 1998 and Court Orders. The services are provided to different customers for different purposes, and they operate different processes. They have evolved over many years. At the September meeting, the HSCIC Board commissioned Jan Ormondroyd, Non-executive Director for the HSCIC, to chair a review of the tracing services to ensure that they are appropriate, effective, efficient and coherent. Responsibility for chairing the review was subsequently transferred to Maria Goddard, Non-executive Director for the HSCIC. Scope and objectives The scope of the review will be limited to tracing services provided by the NBO. Services provided that support direct patient care (i.e. identification of patients for health and social care staff) are out of scope of this review. The review will cover the following tracing activities carried out in response to requests for information from: Home Office (Immigration) Police Requests for information National Crime Agency Court Orders directing the HSCIC to release information Migration, Analysis and Cleansing Service Criminal Case Review Commission NHS Counter fraud Her Majesty s Coroner Skipton Fund Copyright 2017 NHS Digital Page 58 of 82
Jersey Cytology National Blood Service Welsh Blood Service Anthony Nolan Bone Marrow Trust Letter forwarding service - Registered Charities Death Registration Enquiries Hereditary Medical Conditions 1939 Register Service The objectives of this review are to: Identify and review the existing processes, controls and governance for each of the tracing activities. Assess compliance with prevailing control and governance arrangements. Identify and review the legal basis on which data is released for each of the tracing activities. Engage with and review user needs and requirements. Engage with the wider community of stakeholders to understand concerns and issues. Produce a report for the HSCIC Board which describes the current service and provides recommendations of any changes to these services. Outputs of the review The review will deliver a report to the Board, which describes: The present service, Identifies any changes required to the service, and Describes the blueprint for the improved service. Copyright 2017 NHS Digital Page 59 of 82
Appendix 2: Review approach The Review was undertaken following a five-phase approach. Planning This phase confirmed the aims and objectives of the Review, established this Review's governance arrangements and provided a detailed plan for delivery of this Review. (Please see Terms of Reference above). Insight and stakeholder engagement It was important to develop a broad understanding of the functional areas of the tracing service alongside operational and service management arrangements. This Review sought to engage with as wide a range of stakeholders and users as was possible to garner insight into different perspectives: Users: charities law enforcement bodies local authorities central government Stakeholders: National Data Guardian Independent Information Governance Oversight Panel public health representatives civil liberties groups immigration support groups charitable health and care representatives Department of Health Research activity included: undertaking various site visits to the tracing service in Southport a questionnaire to users and stakeholders. (See Appendix 4 below) face-to-face meetings with users and stakeholders policy advice from the Department of Health and procuring professional services, a workshop with members of NHS Digital tracing service team to obtain their perspective and to assess the tracing service, its strengths, weaknesses, threats and opportunities Copyright 2017 NHS Digital Page 60 of 82
Assessing and testing findings In this phase, the Review team focused on analysing all of the research and initial findings; provided commentary; tested assumptions; and investigated the emerging themes with stakeholders, service and operational managers and the Review Steering Group. Consolidating, analysing and validating In this phase, the Review team focused on consolidating the findings and validating our initial recommendations with the steering group. The results of this phase are set out in Section 3 of the Review Findings. Reporting The final phase of this Review was to draw together the key findings and recommendations with the detail for each tracing service category and each function. This was done in tandem with securing approval from the steering group and NHS Digital s Board. Copyright 2017 NHS Digital Page 61 of 82
Appendix 3a: Supporting legal provisions The Review has identified the following pieces of legislation as being commonly relevant to the provision of the tracing activities undertaken by NHS Digital. This is not an exclusive list of relevant legislation: Adoption & Children Act 2002 Anti-terrorism, Crime & Security Act 2001 Coroners and Justice Act 2009 Crime and Courts Act 2013 Criminal Appeal Act 1995 Criminal Evidence (Witness Anonymity) Act 2008 Criminal Justice & Immigration Act 2008 Data Protection Act 1998 Freedom of Information Act 2000 Health & Social Care Act 2012 Human Rights Act 1998 Immigration Act 1971 Immigration and Asylum Act 1999 Immigration Act 2016 Immigration, Asylum & Nationality Act 2006 National Health Service Act 2006 NHS Blood and Transplant (Gwaed a Thrawsblaniadau r GIG) (Establishment and Constitution) Order 2005 Police & Criminal Evidence Act 1984 Prevention of Terrorism Act 2005 Security Services Act 1989 Serious Crime Act 2007 Serious Organised Crimes & Police Act 2005 Smoking, Health and Social Care (Scotland) Act 2005 Terrorism Act 2006 Theft Act 1968. SI 2015 No. 238 NATIONAL HEALTH SERVICE, ENGLAND. The National Health Service (Charges to Overseas Visitors) Regulations 2015. 2014 Court of Appeal decision R (On the Application of W & Ors,) v Secretary of State for the Home Department [2014] EWHC 1532 (Admin). 2015 Court of Appeal judgement [W, X, Y and Z v Secretary of State for Health, Secretary of State for the Home Department and British Medical Association [2015] EWCA Civ 1034] Section 4 of the Review Findings document identifies the specific legal gateways in existence that permit NHS Digital to supply information and have been considered in relation Copyright 2017 NHS Digital Page 62 of 82
to each disclosure. In the time period over which these services have operated there have been several organisational changes. Of particular relevance to this Review is Health and Social Care Act 2012 Commencement Order No 4, Transitional, Savings and Transitory Provisions; 2013: Section 9 shown in part below. In some other circumstances there may be a legal mandate compelling NHS Digital to supply information. If there is an obligation on NHS Digital to disclose the information, then HSCA s.261(7) recognises this obligation in such cases. Copyright 2017 NHS Digital Page 63 of 82
Appendix 3b: Supporting statutory instrument Source: http://www.legislation.gov.uk/uksi/2013/160/pdfs/uksi_20130160_en.pdf Copyright 2017 NHS Digital Page 64 of 82
Appendix 3c: ICO decision notice Reference: FS50248664 Freedom of Information Act 2000 (Section 50) Decision Notice Date: 9 November 2009 Public Authority: Address: Boar Lane Leeds LS1 6AE NHS Information Centre 1 Trevelyan Square Summary The complainant requested information from an entry on the national register that was established under the National Registration Act 1939. Specifically he asked for information relating to a particular address, and the records of the people listed there. The public authority confirmed that it held information relevant to the request, but withheld it under sections 22, 40 and 41. During the course of the Commissioner s investigation the public authority informed him that it was no longer relying upon sections 22 and 41, and was only relying upon sections 40(2) and 40(3)(a)(i). It also informed him that some of the withheld information related to deceased people. After investigating the case the Commissioner decided that the information relating to deceased people should be disclosed to the complainant. However, he also decided that the information relating to living individuals should be withheld under sections 40(2) and 40(3)(a)(i). The Commissioner also found that the NHSIC failed to meet the requirements of sections 1(1)(b), 10(1) and 17(1)(b). Source: https://ico.org.uk/media/action-weve-taken/decisionnotices/2009/499044/fs_50248664.pdf Copyright 2017 NHS Digital Page 65 of 82