Privacy Impact Assessment; Functions of the Health and Social Care Information Centre

Similar documents
PAPER FOR NHS LUTON COMMUNITY SERVICES BOARD MEETING HELD ON 21 ST APRIL 2010

SEQOHS Accreditation Assessor Job Description

LSU HEALTH SHREVEPORT NOTICE OF PRIVACY PRACTICES FOR PROTECTED HEALTH INFORMATION

JOB DESCRIPTION. Director of Corporate Affairs and Governance. Corporate Affairs and Governance (1.0 WTE)

Freedom to Speak Up Report

Frequently asked questions about health identifiers August 2015

Government Equalities Office Returners Fund

STRATEGIC PLAN. Protecting the public, promoting good medical practice

Archive and Destruction of Patient Records

Working Location: Science Council office in Farringdon, London. With some London and UKtravel

Who is authorized to give consent (substitute decision makers) Health Care Consent Act

Learning Together From Safeguarding Adult Reviews

Each Home Instead Senior Care franchise office is independently owned and operated Home Instead, Inc.

Access to Mental Health Care Assessment and Treatment - General. Document author Assured by Review cycle. Quality and Safety Committee

POLICY ON NURSE PRESCRIBING OF MEDICAL IONISING RADIATION 1

JOB DESCRIPTION. Eastbourne

Job Description. TulipCare Job Description. Page 1. Senior Residential Support Worker

General clerical duties for the preparation and coordination of patient admission and discharge:

SCHEDULE 2 THE SERVICES

Smart Energy GB in Communities Fund Small grants. Grant Guidelines May 2016

Institutional Policy Manual

About this guide 5 Section 1: Meeting VET sector requirements 7

Standards for the Dental Team

Original Date: January 27, 2010 Reviewed/Last Modified Date: September 15, 2015

NOTE: The first appearance of terms in bold in the body of this document (except titles) are defined terms please refer to the Definitions section.

Kansas Paralegal Association's Code of Ethics and Professional Responsibility

Engaging in End of Life Conversations with Patients and Families: A Four Part Series

Regional Sports and Recreation Grants Programme Application Guidelines

Quincy University Grants Development & Management Guide

Alberta's Bill 30 Overhauls Workers Rights under Occupational Health and Safety and Workers Compensation Legislation

Environment, Health and Safety Policy Appendix B: Environment, Health and Safety Responsibilities

Use of Fixed Term Contracts within. This document is intended to support managers and staff understand the use of fixed term contracts

Please find below a progress report for the 2012/13 Action Plan followed by a new Action Plan for 2013/14, building on the success of this first plan.

Who is responsible for establishing standards of practice for the profession

NOTE: The first appearance of terms in bold in the body of this document (except titles) are defined terms please refer to the Definitions section.

PRIVACY IMPACT ASSESSMENT (PIA) For the

The project may wish to consider a number of options to support and improve the quality of advice in Bournemouth, Dorset and Poole.

Service Specification: Looked After Children Designated Doctor and Nurse for Looked After Children January 2016

Position Statement on Managed Care

Denver Public Schools. Financial Services. Financial Services Manual. Grants

YOUTH What is Heads Up Football? What are the benefits of a youth football organization adopting Heads Up Football?

JOB DESCRIPTION. (Whilst on duty, the post holder will report to the Shift Manager)

Senior Allied Health Practitioner

Job & Person Specification

Terminating the Provider- Patient Relationship. Provided by Coverys Risk Management

Level 5 Diploma in Leadership for Children s Care, Learning and Development (Management) Wales and Northern Ireland (04698)

Medical Assistance in Dying: Update Stakeholder Presentation

Occupational Health & Safety Mandatory Quality Area 3

Vision: Purpose: To enhance the health and wellbeing of individuals and communities

OLTL Transition Plan CMS HCBS Regulations. Introduction

Royal Pharmaceutical Society of Great Britain (RPSGB)

Core Care Standards and Care Programme Approach Policy and Procedure

Cambridgeshire Escalation Policy - Resolution of Professional Disagreements in Safeguarding Work

Government of Ontario IT Standard (GO-ITS) GO-ITS Number 56.5 OPS Grants Management Reference Model

Academic Health Center Mayo Mail Code Delaware Street SE, Minneapolis, MN nexusipe.

1. CIMA S SEEDCORN RESEARCH APPLICATION PROCESS: FEASIBILITY STUDIES

OVERTON PARK SURGERY JOB DESCRIPTION

Practice Improvement Network (PIN) Project Application

Medical Conditions Policy

Category: HUMAN RESOURCES Subject/Title: Preventing Violence in the Workplace. Reference Number: HR_008

FAMILY/MATERNAL & CHILD HEALTH ROTATION OBJECTIVES FORM

Resident Assistant Application

AGENCY NAME - Crisis Stabilization Services

DOCUMENT TITLE: Clarification of Bureau of Primary Health Care Credentialing and Privileging Policy outlined in Policy Information Notice

COMMUNITY PHARMACY WARFARIN SERVICE Community Pharmacy Anti-coagulation Management (CPAM) Service

Position Description

SIVB Learning Session 1. Patient and Family Perspectives and their connection to Increasing the Vaginal Birth Rate

JOB DESCRIPTION. Band: Band 3. Operations Directorate / Emergency Operations Locality. Ambulance Stations throughout Yorkshire

CHAPTER 6 NETWORK REQUIREMENTS

UCLan Careers: Our Statement of Service to UCLan Students and Graduates

NOTE: The first appearance of terms in bold in the body of this document (except titles) are defined terms please refer to the Definitions section.

Annual South Carolina School Health LPN of the Year Award ( )

SAMPLE- Visit FirehouseSubsFoundation.org to apply online. Firehouse Subs Public Safety Foundation Grant Application

POSITION: Palliative Care Registered Nurse Division 1. Coordinator Nursing Services. LOCATED: 472 Nicholson Street, Fitzroy North 3068

Joint Commission Resources Content Proposed for PerforMax 3 Created On-Line Learning Lessons

LEVEL OF CARE GUIDELINES: TARGETED CASE MANAGEMENT AND INTENSIVE CASE MANAGEMENT FLORIDA MEDICAID MMA

2013 Person Specification Application to enter Core Training at CT1: Anaesthesia

Choose Pharmacy Application Frequently Asked Questions (FAQs)

Closing Date for Applications - no applications accepted after midnight (UK Time) on closing date First review of applications begins

CENTRAL MANCHESTER UNIVERSITY HOSPITALS NHS FOUNDATION TRUST

JOB DESCRIPTION. Training Programme Director. Health Education Wessex. Head of School. Secondment. Consultant Contract

1. CIMA S SEEDCORN RESEARCH APPLICATION PROCESS: FEASIBILITY STUDIES

Example Generic Work Schedule 1 (General Practice ST3)

Resident Assistant Application

CALAM Training Ltd - NTIS #30002

R&D Tax Incentive Taxpayer alerts issued

Guidelines for Analysis of Credentials to be Included on COOL

State of Florida Department of Children and Families

2013 Person Specification

REGIONAL ARTS FUND Quick Response Grant

Date of birth: Database ID:

Obtaining Controlled Drugs In Primary Care - Supply Routes In Exceptional Circumstances

CALL FOR ABSTRACTS. Overview of Summit Themes. Skills-Based Workshops

Outbreak Investigation Team Roles and Responsibilities

Bursary Guidelines for Employed

NOTICE OF PRIVACY PRACTICES

Key Points for Approving Officers Regarding Electronic Filing

SICK LEAVE - PANEL MEMBERS

Policy on Supporting pupils with Medical Conditions

Salary Range: Other 27,000-37,000 (depending upon qualification) South East 28,350-38,350 London 29,700 39,700

Transcription:

Dcument filename: HSCIC Privacy Impact Assessment 2013 Directrate / Prgramme Dcument Reference Infrmatin Gvernance Prject Prject Manager Clare Sandersn Status Final Owner Clare Sandersn Versin 2.0 Authr Andy Dickinsn Versin issue date 03/09/2013 Privacy Impact Assessment; Functins f the Health and Scial Care Infrmatin Centre Cpyright 2013 Health and Scial Care Infrmatin Centre

Privacy Impact Assessment; Functins f the Health and Scial Care Infrmatin Centre v2.0 03/09/2013 Dcument Management Revisin Histry Versin Date Summary f Changes 1.0 12 April 2011 Original reprt 1.1 28 June 2013 1 st draft revisin fr internal review 1.2 4 July 2013 Further draft fr internal review 1.3 23 July 2013 Draft fr wider internal review 1.4 1 Aug 2013 Draft including HSCIC Exec Team updates. Final draft subject t ratificatin. 1.5 6 Aug 2013 Further draft incrprating Cmms Team changes 1.6 9 Aug 2013 Final draft incrprating reviewers changes (Cmms, GPES, Care.Data) 1.7 20 Aug 2013 Versin fr cnsideratin f Exec Bard 2.0 3 Sept 2013 Final Reviewers This dcument must be reviewed by the fllwing peple: Reviewer name Title / Respnsibility Date Versin Paul Newtn IG Subject Matter Expert, HSCIC 23 July 2013 1.3 HSCIC Executive Team 26 July 2013 1.3 Clare Sandersn Katherine Guerin Directr f Infrmatin Assurance, HSCIC Cmmunicatins Team, HSCIC 23 July 2013 1.5 8 August 2013 1.5 Kristina Wilcck HSCIC Press Office 8 August 2013 1.5 Apprved by This dcument must be apprved by the fllwing peple: Name Signature Title Date Versin Clare Sandersn Directr f Infrmatin Assurance, HSCIC 3 Sept 2013 2.0 Glssary f Terms Term / Abbreviatin See Appendix B; Glssary f terms What it stands fr Page 2 f 29 Cpyright 2013 Health and Scial Care Infrmatin Centre

Privacy Impact Assessment; Functins f the Health and Scial Care Infrmatin Centre v2.0 03/09/2013 Dcument Cntrl: The cntrlled cpy f this dcument is maintained in the HSCIC crprate netwrk. Any cpies f this dcument held utside f that area, in whatever frmat (e.g. paper, email attachment), are cnsidered t have passed ut f cntrl and shuld be checked fr currency and validity. Page 3 f 29 Cpyright 2013 Health and Scial Care Infrmatin Centre

Privacy Impact Assessment; Functins f the Health and Scial Care Infrmatin Centre v2.0 03/09/2013 Cntents 1 Executive Summary 5 1.1 Hw the Health and Scial Care Infrmatin Centre prtects persnal infrmatin 5 1.2 Maintenance f the privacy impact assessment 7 2 Intrductin 8 2.1 The purpse f a privacy impact assessment 8 2.2 The Health and Scial Care Infrmatin Centre 8 2.3 Prcessing Persnal Infrmatin 9 2.4 Balancing public interest and privacy 11 3 The Ptential Impact n Privacy 14 3.1 Intrductin 14 3.2 Prcessing patient identifiable data securely 14 3.3 Cllecting and string data abut patients 15 3.4 Cnclusins 20 4 What will the Health and Scial Care Infrmatin Centre d t Prtect Privacy? 21 4.1 Intrductin 21 4.2 Infrmatin Gvernance Cntrls 21 4.3 Additinal Health and Scial Care Infrmatin Centre pledges t prtect infrmatin 22 5 Cnclusins 23 Appendix A - Managing Privacy Risk 24 A (i) - Types f privacy risk 24 A(ii) - Risk Mitigatin Matrix 25 Appendix B - Glssary f terms 26 Page 4 f 29 Cpyright 2013 Health and Scial Care Infrmatin Centre

1 Executive Summary This privacy impact assessment relates t the verarching respnsibilities f the Health and Scial Care Infrmatin Centre (HSCIC). An Executive Nn-Departmental Public Bdy (ENDPB), the Health and Scial Care Infrmatin Centre was established in April 2013 as an independent rganisatin with imprtant statutry duties, as set ut in the Health and Scial Care Act (2012). A privacy impact assessment is a methdlgy t identify, assess, mitigate r avid privacy risks. It describes the functins f the rganisatin t enable the reader t assess fr themselves what may be cnsidered a ptential impact n their privacy, but it als ges n t explain what the rganisatin will d t prtect individuals privacy, and t identify slutins. The Health and Scial Care Infrmatin Centre cllects analyses and publishes natinal data and statistical infrmatin, which are used t infrm decisin-making and patient chice. It als manages natinal IT systems and services t supprt the health and care system. These infrmatin services and prducts are used extensively by a range f rganisatins t supprt the cmmissining and delivery f health and care services. The patient, and therefre prtecting patient cnfidentiality, is at the heart f everything we d. While the Health and Scial Care Infrmatin Centre is a new rganisatin, there is cntinuity in many f its functins inherited frm predecessr rganisatins, including safe and secure prcessing f data. In relatin t privacy, the main change relates t pwers the Health and Scial Care Infrmatin Centre has under the Health and Scial Care Act t cllect and prcess patient identifiable data. 1.1 Hw the Health and Scial Care Infrmatin Centre prtects persnal infrmatin The Act prvides pwers fr the Health and Scial Care Infrmatin Centre t be the fcal pint fr cllecting, string and disseminating natinal data frm health and scial care bdies. T d this it; cllects centrally apprved data and has the pwer t require a health r scial care bdy t prvide infrmatin can cnsider requests frm ther arm s length bdies fr data t be cllected publishes nn-identifiable data, in standard and aggregated frmats, fr wider use by a wide variety f custmers and t infrm patient chice. helps with develping understanding f data and imprving its rbustness and quality. The Health and Scial Care Infrmatin Centre als has a duty t seek t reduce the administrative burden f data cllectins in the NHS. Like all rganisatins that prcess and stre patient identifiable data, the Health and Scial Care Infrmatin Centre must prtect the cnfidentiality f that data and guard against risks and threats frm inside and utside the rganisatin. The public must have cnfidence in the way infrmatin is cllected, analysed and published. It is imprtant that they are fully aware f these arrangements and hw t exercise autnmy as individuals in the use f their infrmatin. T safeguard the infrmatin it uses the Health and Scial Care Infrmatin Centre has the fllwing range f cntrls t mitigate the risks; Page 5 f 29

Obtain and prcess nly the minimum necessary patient identifiable data frm ther rganisatins: Stre and prcess identifiable data securely, meeting r exceeding the standards required f NHS rganisatins, including prcesses and technlgy t: de-identify data received as early as pssible, and where recrds have t be linked, separate patient identifying data frm clinical data, and assign a meaningless identifier 1 stre data in its capacity as the safe haven, under the Health and Scial Care Act (2012) prtect against attacks frm unauthrised individuals (e.g. hackers) prtect against inapprpriate behaviur by staff; prvide nly legitimate persnnel with access t the Health and Scial Care Infrmatin Centre systems, and n mre access than they legitimately require; Keep t the abslute minimum the number f staff able t access and view patient identifiable data, and wherever practicable assign staff rights f access t either patient identifiers r clinical data but nt bth; Destry data held in identifiable frm as sn as it is n lnger required, r in accrdance with the retentin plicy; Disclse nly annymised data, ther than: with explicit patient cnsent; where required by law, r where allwed by law, with necessary supprt and apprvals, and thrugh either: the supprt f an Independent Advisry Grup; r where urgent, with the agreement f bth the Senir Infrmatin Risk Owner and Caldictt Guardian fr the Health and Scial Care Infrmatin Centre; When disclsing annymised data, restrict the data disclsed accrding t the cntext in which the data will be used: when publishing statistics and ther aggregated infrmatin, apply disclsure cntrl standards 2 t ensure data are annymised; when disclsing patient-level data t a trusted rganisatin: cnfirm the data are annymised by carrying ut a risk assessment maintain a written agreement with the recipient rganisatin that stipulates the permitted access t, and uses f, the data; Mnitr wh accesses patient identifiable data. 1 This prcess, knwn as pseudnymisatin, is a standard privacy-enhancing technique. 2 The Health and Scial Care Infrmatin Centre s current plicy is available at: http://www.ic.nhs.uk/webfiles/publicatins/nhs_ic_statistical_gvernance_plicy_v2.pdf Page 6 f 29

Further Infrmatin Gvernance measures will als be put in place including: a review f the fitness fr purpse f cyber security plicies, prcesses and cntrls. uphlding standards required t be the safe haven fr string data, as set ut in Health and Scial Care Act 2012 The Health and Scial Care Infrmatin Centre will als be held t accunt against a number f pledges designed t prtect infrmatin abut patients; Publish a Cde f Practice t gvern the use f cnfidential data supplied t the Health and Scial Care Infrmatin Centre; Act n patient bjectins t the Health and Scial Care Infrmatin Centre using their data (unless there is a statutry duty r an verriding public interest (e.g. public health emergency) t d therwise); Cmmissin, at least annually, external infrmatin assurance audit against infrmatin gvernance standards. Be transparent abut its activities and cmmunicate penly, fairly and lawfully thrugh its public website and ther channels where apprpriate; Publish prcedures fr dealing with requests fr infrmatin and perate effective plicies and prcedures t encurage gd infrmatin gvernance by staff, with prprtinate sanctins (e.g. dismissal) fr inapprpriate r negligent behaviur. 1.2 Maintenance f the privacy impact assessment The Health and Scial Care Infrmatin Centre aims t fulfil its statutry rles and functins efficiently and effectively, maintaining high quality delivery f natinal services and prducts, and supprting the design and delivery f new infrmatin prgrammes. Prtectin f privacy is fundamental t all that we d. Given the cnstantly changing envirnment, this privacy impact assessment will be reviewed regularly. Page 7 f 29

2 Intrductin 2.1 The purpse f a privacy impact assessment Privacy impact assessments were launched in the UK by the Infrmatin Cmmissiner in December 2007, and mandated by the Cabinet Office fr Infrmatin and Cmmunicatins Technlgy (ICT) prjects fllwing the Data Handling Review f June 2008 3. A privacy impact assessment (PIA) shuld be seen as a dynamic prcess, taking int accunt current legislatin, plicies and rganisatinal structures, and t that end the Health and Scial Care Infrmatin Centre PIA will be reviewed regularly. In particular, this versin acknwledges future plicy may be shaped by the imminent Gvernment respnse t Dame Fina Caldictt s reprt; Infrmatin; T Share Or Nt T Share? The Infrmatin Gvernance Review. The scpe f this privacy impact assessment is intended t cver verarching Health and Scial Care Infrmatin Centre functins. These include data flws such as the Data Services fr Cmmissiners, the Care.Data prgramme and General Practice Extractin Service (GPES) prgramme, which are referred t by way f example later in this sectin. In instances where specific privacy issues are intrduced thrugh the cllectin f persnal data, a separate PIA will be carried ut. The Health and Scial Care Act intrduced legislative pwers that enable the Health and Scial Care Infrmatin Centre t cllect, and where necessary stre, patient identifiable data extracted frm patient recrds, which can ccur withut the cnsent f the individual in exceptinal circumstances, but with the means t make an bjectin. Patients and thse legally empwered t act n their behalf 4 shuld be infrmed abut hw identifiable data is used and hw they can bject if they s wish. The Health and Scial Care Infrmatin Centre aims t ensure that patients are infrmed abut its functins and hw these relate t the prtectin f persnal data. This privacy impact assessment will:- Describe the functins f the Health and Scial Care Infrmatin Centre; Assess the ptential implicatins fr privacy, and; Explain what the Health and Scial Care Infrmatin Centre is ding t prtect privacy. We welcme feedback n this privacy impact assessment upn publicatin. 2.2 The Health and Scial Care Infrmatin Centre The Health and Scial Care Infrmatin Centre plays a fundamental rle in driving better care, better services and better utcmes fr patients, by; prviding key services that supprt cmmissining and reimbursement, including Casemix, the Quality Outcmes Framewrk (QOF) the GPES, and the Data Service fr Cmmissiners. establishing and perating systems fr the cllectin r analysis f certain infrmatin, n receiving directin frm the Secretary f State r NHS England. T 3 http://www.cabinetffice.gv.uk/media/cabinetffice/csia/assets/dhr/crss_gv080625.pdf 4 This includes thse with parental respnsibility fr children lacking cmpetence, and peple with lasting pwer f attrney acting fr patients lacking mental capacity. Page 8 f 29

fulfil ur bligatins we may require rganisatins t supply infrmatin, including in specific circumstances identifiable infrmatin. making data available in accessible frmats that encurage use, such as machine readable frmats and statistical reprts, and by the develpment f resurces such as an Indicatr Prtal, which brings data and methdlgical details frm several surces int ne, central place. helping peple understand the rbustness f the infrmatin they are using, thrugh data quality and indicatr assurance functins supprting cmmissining and use f infrmatin standards by helping cmmissiners deliver n their bligatins fr the publishing f standards, and supprting care services t apply cnsistent and rbust practices lcally, t imprve utcmes thrugh mre cmprehensive and mre cnsistent use f infrmatin. In additin, the Health and Scial Care Infrmatin Centre will :- deliver natinal IT systems and services t supprt the health and care system. maintain the critical natinal infrastructure that supprts care delivery - including the Spine, NHSMail, the N3 netwrk, Electrnic Prescribing, Chices, Chse and Bk, Summary Care Recrd and Lcal Service Prvider delivered systems prvide prfessinal sftware develpment, supprt and hsting resurces fr the Health and Scial Care Infrmatin Centre and the wider NHS apprve and accredit lcal and natinal IT systems against technical and clinical safety standards and deliver a suite f in huse systems and services ensure the prper management f ur infrmatin assets, including the prtectin f individual privacy respnd t the wider gvernment agenda t increase the transparency and availability f public data. 2.3 Prcessing Persnal Infrmatin In April 2011 the Gvernment cnsulted widely n issues including:- Imprving quality in the NHS Ensuring patient invlvement and public accuntability Educatin and training t supprt mdernisatin Seeking advice frm all healthcare prfessins t imprve patient care This pause, listen and respnd initiative prvided stakehlder feedback fr the resulting Health and Scial Care Bill (nw Act). As a result f this cnsultatin, pwers were included in the Act t allw the Health and Scial Care Infrmatin Centre t btain and prcess infrmatin extracted frm patient recrds, which in sme circumstances may impact n individuals privacy. The fllwing sectin uses examples f larger Health and Scial Care Infrmatin Centre services and prgrammes t demnstrate infrmatin flws that are subject t this PIA, which will be equally applicable t mst Health and Scial Care Infrmatin Centre services and prgrammes. In instances where specific privacy issues are intrduced thrugh the cllectin f persnal data, a separate PIA will be carried ut. Page 9 f 29

2.3.1 Data Services fr Cmmissiners The Data Service fr Cmmissiners is a new service that prcesses data t supprt lcal cmmissining whilst prtecting patient cnfidentiality. NHS England has cmmissined the Health and Scial Care Infrmatin Centre t deliver this service. Staff secnded int the Health and Scial Care Infrmatin Centre frm Cmmissining Supprt Units (CSUs) will deliver the service. Secnded staff cntinue t wrk frm their lcal ffices using reginal prcessing centres. The service will receive and prcess persnal infrmatin n behalf f Cmmissining Supprt Units (CSUs) and Clinical Cmmissining Grups (CCGs). This will reduce r remve the need fr these rganisatins t handle persnal infrmatin and allw them t deliver fcus n their cre cmmissining functins. The Health and Scial Care Infrmatin Centre is authrised t securely prvide persnal infrmatin where there is a lawful basis t d s, such as fr direct patient care, where patient cnsent has been given r if apprval has been given by the Secretary f State fr Health under sectin 251 apprval. Patients receive care in different care settings frm different health prfessinals, all f whm recrd the care and treatment given. This means infrmatin abut patient care is recrded in a number f different places. In rder t plan and rganise care treatment, cmmissiners must be able t view all the treatment a patient receives. Persnal infrmatin is needed, such as NHS number, date f birth, gender and pstcde t ensure the right infrmatin is matched t the right persn t give a true picture f care. After infrmatin has been securely linked within the DSC the identifiers such as the NHS number, date f birth, gender and pstcde can be remved befre that infrmatin is shared with Cmmissining Supprt Units (CSUs), NHS England Area Teams and Lcal Authrities. 2.3.2 GPES The General Practice Extractin Service (GPES) is a centrally managed primary care data extractin service that will, fr the first time, extract infrmatin frm GP IT systems fr a range f purpses at a natinal level. GPES is part f the new prcess t prvide payments t GPs and clinical cmmissining grups. GPES will extract data frm GP clinical systems t supprt payments t GPs and pass this t the Calculating Quality Reprting Service wh will calculate the payments. By imprving access t primary care data fr the NHS and ther apprved rganisatins, GPES will supprt a diverse range f services and initiatives that aim t imprve the diagnsis, treatment and preventin f illness. Cnfidentiality and security f patient data is f paramunt imprtance which is why GPES has established Infrmatin Gvernance principles. These have been apprved by the Natinal Infrmatin Gvernance Bard and als by the Medical Ethics Cmmittees f the British Medical Assciatin and the Ryal Cllege f GPs 5. In rder t safeguard patient cnfidentiality and maintain data security, ptential GPES custmers are required t underg an apprvals prcess t use the service, demnstrating hw they plan t use the data they have requested and hw that data will be used t prvide benefits and imprved care and utcmes fr patients. 5 See; GPES IG Principles ; http://www.hscic.gv.uk/media/1532/gpes-ig- Principles/pdf/GPES_IG_Principles_0312.pdf Page 10 f 29

The GPES apprvals prcess includes the cnsideratin f extract requests by an Independent Advisry Grup (IAG) that includes members f the public and representatives frm General Practice. 2.3.3 Care.data Care.data is a service that has been cmmissined by NHS England and will be delivered by the Health and Scial Care Infrmatin Centre. Care.data will make increased use f infrmatin frm recrds acrss health and scial care with the intentin f imprving healthcare and utcmes fr patients, fr example by ensuring that timely and accurate data are made available t: NHS cmmissiners and prviders s that they can better design integrated services fr patients, help the NHS plan ahead fr public health emergencies, prvide researchers with infrmatin they can study t find better ways t prevent illness and treat cnditins. As an initial stage in the prgramme, the Health and Scial Care Infrmatin Centre will link data extracted frm GP systems with data frm ther health and scial care settings. Data abut patients will be used fr the linkage t ensure that the right recrds relating t the right patients are matched tgether. Once the data has been linked tgether it will nly be shared with cmmissiners, prviders and researchers where there is a lawful basis and apprpriate apprvals in place t d s. The data will be extracted frm GP systems mnthly frm late 2013 via the GPES. Extractins will be based n fur grups f data; patient demgraphics, events, referrals and prescriptins, and the GPES Independent Advisry Grup has recmmended that these extractins shuld prceed and be made available in a way that des nt identify any persn r individual. Any changes t this extractin will be subject t further IAG cnsideratin. 2.4 Balancing public interest and privacy This dcument cnsiders the balance between the need t prtect patient privacy and the need t prcess data in the public interest. Fr example, there may be in instances where secure prcessing f patient recrd data will prtect public health and imprve patient care. This sectin identifies ptential benefits f the Health and Scial Care Infrmatin Centre s functins using data extracted frm patient recrds. The main benefits are achieved frm infrming the public, future health and care services, and the gvernment. 2.4.1 Infrming the public The gvernment wants t drive frward an infrmatin revlutin in the NHS. The general public has a central rle in this revlutin; Patients will be mre invlved in making decisins abut their wn health and care, imprving utcmes and reducing csts. Patient chice will reward the mst efficient, high quality services, reducing expenditure n less efficient care. The NHS infrmatin revlutin will als lead t mre efficient ways f prviding care, such as n-line cnsultatins. Greater transparency will make it easier t cmpare the perfrmance f cmmissiners and prviders. Page 11 f 29

Liberating the NHS: An infrmatin strategy lists the kinds f infrmatin that peple will use, including 6 : suitable medicines, treatments, and any risks, benefits and side effects; clinical utcmes and success rates, such as readmissin r mrtality rates; ther indicatrs f quality and perfrmance, such as infectin rates. An imprtant rle f the Health and Scial Care Infrmatin Centre is t prvide such infrmatin, enabling patients t make infrmed chices and play their part in making a mre effective, efficient health service. The Health and Scial Care Infrmatin Centre must be practive, encuraging peple t make use f infrmatin we publish. We must als be respnsive; prviding apprpriate infrmatin, subject t apprpriate infrmatin gvernance cntrls. 2.4.2 Infrming future healthcare services The Health and Scial Care Infrmatin Centre will als prvide infrmatin t enable research, public health surveillance, clinical audit and ther imprtant purpses that are fundamental t imprving health care. This can best be illustrated by an example. Cnsider a patient with lung cancer attending a hspital ut-patient clinic in rder t receive chemtherapy. The patient s treatment relies upn use f patient-related data fr a hst f medical purpses including: Decades f research int the mst effective interventins fr that frm f cancer, including: Clinical trials f each cnstituent drug in the grup f drugs they are receiving in that chemtherapy regime, and each f the sub-ptimal alternative drugs nt being used, s that results and side-effects can be identified, Clinical trials int different cmbinatins f ptential drugs, in different dses, administered in different frequencies thrugh different methds in rder t test ptential chemtherapy regimes, Desk-based research t assess evidence frm arund the wrld f utcmes f clinical trials and actual treatment using different chemtherapy regimes; Natinal clinical audit t assess the prvisin f cancer care 7 ; Review f patient-reprted experiences t identify hw the prvisin f care can imprve utcmes; Reprting t the Health Prtectin Agency thrugh the yellw card scheme f adverse reactins f ther lung cancer patients t chemtherapy regimes; Analysis by the Natinal Patient Safety Agency f cases f misdiagnsis f lung cancer; Surveillance by lcal authrities and ther public health agencies t identify highrisk target grups that might benefit mst frm stp smking campaigns, and assess different methds f cnveying the public health message effectively; Wrk by cmmissining rganisatins t assess, cmmissin and mnitr the chemtherapy service prvided by the acute trust; 6 See Liberating the NHS: An infrmatin strategy available at: https://www.gv.uk/gvernment/publicatins/liberating-the-nhs-white-paper 7 Such as the Natinal Lung Cancer Audit - see: http://www.hscic.gv.uk/lung Page 12 f 29

Inspectin f the acute trust and its services by the Care Quality Cmmissin; Respnses by the trust t previus cmplaints frm patients receiving lung cancer services; Review f trust perfrmance figures by the GP referring the patient; and Review by the acute trust nclgy service manager f previus ut-patient clinic appintment lengths fr similar patients t plan and schedule the timings and skillmix required fr appintments in the clinic; and Reprting and mnitring f waiting times t meet targets fr cancer patients. Whilst nne f the abve activities invlves the care f an individual patient, they are all fundamental t the lung cancer patient s care. All depend upn access t annymised data derived frm cnfidential infrmatin in patient recrds. A majr rle f the Health and Scial Care Infrmatin Centre will be t prvide such infrmatin. 2.4.3 Infrming Gvernment A vast amunt f data are cllected and submitted centrally and the gvernment has asked the Health and Scial Care Infrmatin Centre t review and eliminate returns f limited value. Nevertheless, gd infrmatin is essential t effective plicy: it relies n high quality, timely infrmatin abut what health services are prvided, and the quality, effectiveness and efficiency f thse services. The Health and Scial Care Infrmatin Centre has a central rle in prviding this infrmatin. Page 13 f 29

3 The Ptential Impact n Privacy 3.1 Intrductin This sectin assesses the ptential impact n privacy f the Health and Scial Care Infrmatin Centre functins utlined abve. Safeguards t prtect privacy are explained in Sectin 4. The main ptential impact n privacy results frm using data extracted frm patient recrds. Functins carried ut by the Health and Scial Care Infrmatin Centre include the requirement t: I. cllect, and where necessary stre, patient identifiable data extracted frm patient recrds, which can ccur withut the cnsent f the individual in exceptinal circumstances, but with the means t make an bjectin; II. assure the quality f patient identifiable data, which may require patient identifiable data t be viewed; III. link and de-identify patient identifiable data; IV. publish and in sme circumstances, disseminate annymised data t specific bdies; V. where necessary, in exceptinal circumstances and with lawful authrity, disseminate patient identifiable data t specific bdies. These five cases are discussed belw. In each case, the privacy impact is cnsidered and the need fr the prcessing is explained. 3.2 Prcessing patient identifiable data securely The Health and Scial Care Infrmatin Centre, like all rganisatins that prcess and stre patient identifiable data, must prtect the cnfidentiality f that data and must guard against risks and threats frm inside and utside the rganisatin. Recgnising the increasing impact f cyberspace the Gvernment als acknwledge new threats that cme with it and have cmmitted t a 2015 target t make the UK the safest place in the wrld t d business in cyberspace and t be mre resilient t cyber attacks. The UK Cyber Security Strategy Prtecting and Prmting the UK in a Digital Wrld 8 ges n t say; While cyberspace fsters pen markets and pen scieties, this very penness can als make us mre vulnerable t thse criminals, hackers, freign intelligence services wh want t harm us by cmprmising r damaging ur critical data and systems. The impacts are already being felt and will grw as ur reliance n cyberspace grws. The Health and Scial Care Infrmatin Centre is cnducting a review f the fitness fr purpse f the plicies, prcesses and cntrls placed arund health and scial care data t ensure that it is secure amid increasing cncerns abut infrmatin assurance and cyber security. 8 https://www.gv.uk/gvernment/uplads/system/uplads/attachment_data/file/60961/uk-cybersecurity-strategy-final.pdf Page 14 f 29

There have been a number f surveys f public attitudes t use f patient recrds and privacy risks 9. One such study by the Ryal Cllege f Engineering led t the publicatin f Privacy and prejudice: yung peple s views n the develpment and use f electrnic patient recrds. Mst f the cncerns reprted were abut privacy and the risk f data getting int the wrng hands 10 : The wrng hands include thse wh might gain access by illegal means (fr example, by hacking, fraudulent activity r cercin) in additin t thse wh might be given fficial access by the EPR regulatrs. [Nte: EPR regulatrs means the bdies in cntrl f the electrnic patient recrds.] The set f rganisatins that made up the wrng hands were cmmercial cmpanies, private cmpanies, rganisatins that wanted t sell yur data, advertising agencies, insurance cmpanies, emplyers r ptential emplyers, the media and in sme cases, the Gvernment. The Gvernment itself culd be cnsidered a pair f wrng hands with questins raised ver whether it wuld have access and therefre wuld be able t misuse r explit the data. Thus, key public cncerns, which are likely t apply t all health recrds held and prcessed by public agencies such as the Health and Scial Care Infrmatin Centre, are: the risk f data being accessed illegally and then sld r therwise misused by cmmercial rganisatins, criminals r thers; and the risk f data being accessed legally and then the data being misused. Ptential types f misuse are wider than articulated in the Ryal Cllege reprt. Fr example, data culd be accidentally r purpsefully changed, deleted, therwise crrupted r lst. Hwever, misuse frm illegal access, and misuse frm legal access prvide tw helpful and legitimate headings fr understanding risk. Althugh, as with any risk, these risks can never be eliminated cmpletely, they can be addressed and minimised by effective and rbust infrmatin gvernance cntrls (see sectin 4). 3.3 Cllecting and string data abut patients The Health and Scial Care Infrmatin Centre is defined under the Health and Scial Care Act 2012, which establishes it as a safe haven with pwers t cllect and analyse cnfidential infrmatin abut patients. This means the rganisatin has been entrusted by the Gvernment t be the place where data cllected abut health and scial care patients and services users can be analysed fr purpses ther than the direct prvisin f care, such as identifying verall trends in health r shaping services t deliver better care in the future. Sme f this infrmatin is cnfidential data, meaning that details such as names, NHS numbers, pstcdes r ther identifiers may be included and must be held securely. The table belw sets ut sme reasns fr cllecting and string cnfidential data, the ptential impact that may have n their privacy and the cntrls t mitigate impacts. 9 See: DH Paper; Liberating the NHS; N decisin abut me, withut me https://www.gv.uk/gvernment/uplads/system/uplads/attachment_data/file/156256/liberatingthe-nhs-n-decisin-abut-me-withut-me-gvernment-respnse.pdf.pdf 10 See sectin 5.8 f the reprt, available at: http://www.raeng.rg.uk/news/publicatins/list/reprts/privacy_and_prejudice_epr_views.pdf Page 15 f 29

Reasn fr prcessing and benefits Data cllected are fundamental t the peratin f the NHS, and/r necessary t imprving public health r health services. Patient identifiable data is necessary fr specific prgrammes f research. It is nt practicable t gain cnsent fr the data disclsure when millins f recrds are submitted n a rutine basis (e.g. fr Hspital Episde Statistics recrds). In sme cases (but nt all), mitting individual recrds wuld affect the accuracy f Hspital Episde Statistics recrds, fr example. Impact n privacy Data strage and prcessing creates risk f cnfidential infrmatin being accessed withut knwledge r cnsent f patients Sme peple may feel a lss f individual autnmy (n patient cnsent) Cntrls and Pledges Statutry basis fr data cllectin required by law Identifiable data must be necessary t satisfy the purpse Identifiable data stred nly where necessary and destryed r annymised as sn as n lnger necessary Cntrls 1, 2, 3, 4, 7 (see Sectin 4.2 Infrmatin Gvernance Cntrls ) Pledges A, B, C, D & E (see sectin 4.3 Additinal pledges t prtect infrmatin ) 3.3.1 The right t bject Patients have a right t bject t persnal infrmatin abut them being cllected and used by the Health and Scial Care Infrmatin Centre see Sectin 4.3 Additinal Health and Scial Care Infrmatin Centre pledges t prtect infrmatin. The Health and Scial Care Infrmatin Centre will take accunt f patients bjectins but in very exceptinal circumstances we may have t verride bjectins and cllect infrmatin frm all patient recrds. Such circumstances wuld depend n there being an verwhelming public interest, such as a public health emergency where a cntagius disease has brken ut and accurate infrmatin is needed t prtect the public. T date this has never actually happened. This des nt verride the statutry duty t respect the patient pt ut if sectin 10 f the Data Prtectin Act is invked, fr example, when prcessing is likely t cause substantial damage r distress. Page 16 f 29

3.3.2 Assuring data quality Usually checking data accuracy (and exceptinally, reslving cmputer system prblems) can be dne autmatically using cmputer sftware. Hwever, smetimes errrs can nly be identified and reslved by peple accessing and viewing identifiable r nn-identifiable data. The fllwing table shws the reasns fr cllecting and sharing patient identifiable data withut the cnsent f patients, the ptential impact n privacy, and the cntrls t mitigate the impact n privacy. Reasn fr prcessing and benefits Infrmatin used by the public t make health care decisins, and by peple inside and utside the NHS fr activities such as medical research, public health and natinal clinical audit, has t be f a gd quality. The Health and Scial Care Infrmatin Centre is respnsible fr assuring this. Impact n privacy Ptential risk f cnfidential infrmatin being accessed withut knwledge r cnsent f patient Sme peple may feel a lss f individual autnmy (n patient cnsent) Cntrls and Pledges Cntrls 2, 3, 4, 7 (see Sectin 4.2 Infrmatin Gvernance Cntrls ) Pledges B, C, D & E - (see sectin 4.3 Additinal pledges t prtect infrmatin ) Accuracy has t be checked befre data are de-identified (it is nt pssible afterwards) Page 17 f 29

3.3.3 Linking and de-identifying patient identifiable data Linkage invlves matching tgether tw r mre recrds abut the same patient t prvide a fuller picture f patient health characteristics and needs. Fr example, hspital recrds and general practice recrds abut diabetic patients culd be linked in rder t assess whether patients are receiving apprpriate care. De-identificatin typically invlves remving identifiers (like name and address) and remving r changing ther data items (e.g. changing date f birth int age). Alternatively, it culd invlve aggregating data (e.g. calculating the ttal number f patients in England receiving a hip replacement, brken dwn by age). Deidentifying data is a fundamental means f prtecting cnfidentiality. Reasn fr prcessing and benefits Once data are deidentified it can be used withut breaching cnfidentiality fr a large number f secndary purpses that are fundamental t the peratin f the NHS and/r necessary t imprving public health r health services. Linking tgether tw recrds abut a patient is a pwerful means f increasing knwledge and is used, fr example, in medical research, public health and natinal clinical audit. It can als be used fr direct care purpses e.g. linking data frm general practice and hspital recrds t enable practices t invite patients at risk f heart failure and emergency hspital admissin t be screened by a specialist nurse. Impact n privacy De-identifying data reduces r eliminates the risk f a persn s identity being revealed and thus prtects privacy Sme peple may feel a lss f individual autnmy (n patient cnsent) Cntrls and Pledges Cntrls 1, 2, 3, 4, 7 (see Sectin 4.2 Infrmatin Gvernance Cntrls ) Pledges B, C, D & E - (See sectin 4.3 Additinal pledges t prtect infrmatin ) Page 18 f 29

3.3.4 Publishing and disseminating annymised data Organisatins must seek t achieve the balance between laws that prtect patient cnfidentially and thse that relate t public interest and transparency. Human Rights and Data Prtectin legislatin, alng with ur dmestic cmmn law duty t respect cnfidentiality, require us t prtect infrmatin that culd identify an individual. In cntrast, the Freedm f Infrmatin Act requires public authrities t release infrmatin abut their activities, while the Health and Scial Care Act allws the Health and Scial Care Infrmatin Centre t btain and disseminate infrmatin. Transfrming identifiable data int annymised data prtects persnal privacy and enables published infrmatin t be used fr public benefit. But althugh the law makes a clear distinctin between identifiable and nn-identifiable data, the line between the tw requires scrutiny and cnsideratin, ften n a case by case basis. The Health and Scial Care Infrmatin Centre Infrmatin Standards Bard (ISB) has published an annymisatin standard t ensure health and scial care rganisatins can securely transfrm data that identifies individuals int data that is annymised. This prcess standard 11 prvides an agreed and standardised apprach, grunded in the law, enabling rganisatins t: Distinguish between identifying and nn-identifying infrmatin Deply a standard apprach and a set f standard tls t annymise infrmatin t ensure that, as far as it is reasnably practicable t d s, infrmatin published des nt identify individuals. Reasn fr prcessing and benefits Impact n privacy Cntrls and Pledges The data utput are fundamental t the peratin f the NHS, and/r necessary t imprving public health r health services and infrming the public. In sme cases, a small residual risk that identifiable data culd be revealed Risks may increase as mre annymised data are made available, and t mre rganisatins (bth public and nnpublic) Sme peple may feel a lss f individual autnmy N cnstraints fr use f published statistics r reprts Restrictins n re-use apply in ther circumstances Cntrls 2, 6, 7 (see Sectin 4.2 Infrmatin Gvernance Cntrls ) Pledges A, B, C, D & E - (See sectin 4.3 Additinal pledges t prtect infrmatin ) 11 http://www.isb.nhs.uk/library/standard/128 Ref ISB 1523 Annymisatin Standard fr Publishing Health and Scial Care Data Page 19 f 29

3.3.5 Disseminating patient identifiable data (in exceptinal circumstances) The Health and Scial Care Infrmatin Centre will nt disclse patient identifiable data t ther rganisatins ther than in exceptinal circumstances. The Health and Scial Care Act des nt prvide the Health and Scial Care Infrmatin Centre with any special pwers t disclse patient identifiable data. T be lawful, explicit patient cnsent, apprval under sectin 251 f the NHS Act 2006 r sme ther statutry authrity will be required. Reasn fr prcessing and benefits There may be specific reasns fr the Health and Scial Care Infrmatin Centre t prvide identifiable data t ther rganisatins, but each case must be legally justifiable. Impact n privacy Sme peple may feel a lss f individual autnmy (unless dne with explicit patient cnsent) Cntrls and Pledges Disclsure must be lawful 12 Cntrls 1, 2, 3, 4, 5, 7 (see Sectin 4.2 Infrmatin Gvernance Cntrls ) Pledges A, B, C, D & E - (See sectin 4.3 Additinal pledges t prtect infrmatin ) 3.4 Cnclusins A ptential psitive impact f the functins f the Health and Scial Care Infrmatin Centre is that mre rganisatins shuld be able t make use f annymised infrmatin prvided by the Health and Scial Care Infrmatin Centre rather than using identifiable infrmatin. The ptential risks t privacy frm the functins f the Health and Scial Care Infrmatin Centre are: A. Lss f individual autnmy frm use f patient identifiable data withut cnsent B. Risk f cnfidential infrmatin being accessed and viewed withut the knwledge r cnsent f patients C. Linking and de-identificatin prcesses may nt be reliable enugh t achieve ttal annymisatin f data D. Risk f data being accessed illegally and then sld r therwise misused by cmmercial rganisatins, criminals r thers; and E. Risk f data being accessed legally and then the data being misused. The actual impact n privacy will be mitigated by a full range f cntrls which the Health and Scial Care Infrmatin Centre will use t safeguard the identifiable infrmatin it uses discussed in sectin 4. 12 The Health and Scial Care Infrmatin Centre has n special pwers t disclse patient identifiable data under the Health and Scial Care Act. Shuld this ever be necessary, it must be lawful and justifiable either thrugh explicit patient cnsent, sectin 251 f the NHS Act 2006, statute r the public interest. Page 20 f 29

4 What will the Health and Scial Care Infrmatin Centre d t Prtect Privacy? 4.1 Intrductin This sectin explains what the Health and Scial Care Infrmatin Centre will d in rder t safeguard patient privacy. The Health and Scial Care Infrmatin Centre has been prcessing patient recrds safely and securely since its inceptin. It has intrduced strng security cntrls, published and implemented security plicies and published infrmatin abut its prcessing as required fr cmpliance with the Department f Health s Infrmatin Gvernance Framewrk. The Health & Scial Care Infrmatin Centre takes its respnsibilities as a custdian f patient infrmatin extremely seriusly and is als cmmitting t a number f pledges t prtect privacy as set ut belw (see 4.3). A table in Appendix B shws hw the privacy risks identified in sectin 3 are addressed by the infrmatin gvernance cntrls and pledges belw. 4.2 Infrmatin Gvernance Cntrls The Health and Scial Care Infrmatin Centre prvides assurances regarding Infrmatin Gvernance thrugh:- an Infrmatin Assurance Steering Grup, with reprting lines t the Executive Bard satisfactry cmpletin f the NHS Infrmatin Gvernance Tlkit 13, and cmpliance with ISO27001/2 Infrmatin Security Standards, which include: Staff training and cntracts infrmatin technlgy system security and audit trails Rbust management arrangements Full cmpliance with legislative requirements. Prvisin f the safe haven fr sensitive infrmatin Specifically, the Health and Scial Care Infrmatin Centre will:- 1) Obtain and prcess nly the minimum necessary patient identifiable data frm ther rganisatins: 2) Stre and prcess identifiable data securely, meeting r exceeding the standards required f NHS rganisatins, including prcesses and technlgy t: i. De-identify data received as early as pssible, and where recrds have t be linked, separate patient identifying data frm clinical data, and assign a meaningless identifier (psuednymisatin). ii. iii. iv. Stre data in its capacity as the safe haven under the Health and Scial Care Act (2012) prtect against attacks frm unauthrised individuals (e.g. hackers) prtect against inapprpriate behaviur by staff; 13 See https://www.igt.cnnectingfrhealth.nhs.uk/ Page 21 f 29

v. prvide nly legitimate persnnel with access t Health and Scial Care Infrmatin Centre systems, and t n mre access than they legitimately require; 3) Keep t the abslute minimum the number f staff able t access and view patient identifiable data, and wherever practicable assign staff rights f access t either patient identifiers r clinical data but nt bth; 4) Destry data held in identifiable frm as sn as it is n lnger required, r in accrdance with the retentin plicy; 5) Disclse nly annymised data, ther than: i. With explicit patient cnsent; ii. iii. where required by law, r where allwed by law, with necessary supprt and apprvals, and either: - the supprt f an Independent Advisry Grup; r - where urgent, with the agreement f bth the Senir Infrmatin Risk Owner and Caldictt Guardian fr the Health and Scial Care Infrmatin Centre; 6) When disclsing annymised data, restrict the data disclsed accrding t the cntext in which the data will be used: i. When publishing statistics and ther aggregated infrmatin, apply disclsure cntrl standards 14 t ensure data are annymised; ii. When disclsing patient-level data t a trusted rganisatin: - cnfirm the data are annymised by carrying ut a risk assessment - maintain a written agreement with the recipient rganisatin that stipulates the permitted access t, and uses f, the data; 7) Mnitr wh accesses patient identifiable data. 4.3 Additinal Health and Scial Care Infrmatin Centre pledges t prtect infrmatin In additin t the infrmatin gvernance best practice utlined abve, the Health and Scial Care Infrmatin Centre will put further safeguards in place t prtect infrmatin and will be held t accunt against these pledges by the Department f Health. The Health and Scial Care Infrmatin Centre will: A. Publish a Cde f Practice t gvern the use f cnfidential data supplied t the Health and Scial Care Infrmatin Centre; B. Act n patient bjectins t the Health and Scial Care Infrmatin Centre using their data (unless there is a statutry duty r an verriding public interest (e.g. public health emergency) t d therwise); C. Cmmissin, at least annually, external infrmatin gvernance audit against infrmatin gvernance standards. 14 The Health and Scial Care Infrmatin Centre s current plicy is available at: http://www.hscic.gv.uk/media/1350/publicatins-calendar-statistical-gvernance- Plicy/pdf/The_HSCIC_Statistical_Gvernance_Plicy_v3.1.pdf Page 22 f 29

D. Be transparent abut its activities and cmmunicate penly, fairly and lawfully thrugh its public website and ther channels where apprpriate; E. Publish prcedures fr dealing with requests fr infrmatin and perate effective plicies and prcedures t encurage gd infrmatin gvernance by staff, with prprtinate sanctins (e.g. dismissal) fr inapprpriate r negligent behaviur. 5 Cnclusins The functins f the Health and Scial Care Infrmatin Centre t cllect, analyse and publish natinal data and statistical infrmatin must be augmented by prtecting the cnfidentiality f that data and guarding against risks and threats frm inside and utside the rganisatin. Its infrmatin services are used extensively by a range f rganisatins t supprt the cmmissining and delivery f health and care services, which are used t infrm decisinmaking and patient chice. But the public must have cnfidence in the way infrmatin is used. It is imprtant that they are fully aware f arrangements t exercise their autnmy as individuals in the use f their infrmatin. The Health and Scial Care Infrmatin Centre will respect patient bjectins t the use f their data (unless there is a statutry duty r an verriding public interest (e.g. public health emergency) t d therwise). Sme peple may believe that any use f patient identifiable data withut explicit patient cnsent is unacceptable. These peple are unlikely t be supprtive f the Health and Scial Care Infrmatin Centre s functins whatever the ptential benefits. Even peple wh feel the impact will be detrimental t privacy may recgnise that the ptential benefits f the Health and Scial Care Infrmatin Centre using data frm patient recrds are great, and may feel they are justifiable ethically n that basis. Thse wh cnclude that the net impact n privacy will be psitive are very likely t be supprtive f the functins f the Health and Scial Care Infrmatin Centre. The Health and Scial Care Infrmatin Centre has a range f cntrls t safeguard the infrmatin it uses and t mitigate risks. It is cmmitted t meeting r exceeding all infrmatin gvernance standards, prviding greater assurance than mst rganisatins are able t prvide. But there is als a psitive impact n privacy resulting frm the Health and Scial Care Infrmatin Centre de-identifying data which can then be used mre widely. Making annymised r de-identified data available t researchers, public health specialists, clinical auditrs and thers eliminates their risk f inapprpriate use f identifiable data. While the Health and Scial Care Infrmatin Centre is new, its functins, including the safe and secure prcessing f data, are well funded, tried and tested in previus cnstituent rganisatins. The patient, and therefre prtecting patient cnfidentiality, is at the heart f everything we d. Page 23 f 29

Appendix A - Managing Privacy Risk A (i) - Types f privacy risk The Infrmatin Cmmissiner s Office Privacy Impact Assessment Handbk explains why privacy matters and identifies and describes fur classes f privacy risk: privacy f persnal infrmatin; privacy f the persn; privacy f persnal behaviur; and privacy f persnal cmmunicatins. The Health and Scial Care Infrmatin Centre s functins culd ptentially pse risks t the privacy f persnal infrmatin i.e. the first f the bullets abve. Tw categries f risk t the privacy f persnal infrmatin are relevant: A. Risks t individuals as a result f cntraventin f their rights in relatin t privacy, r lss, damage, misuse r abuse f their persnal infrmatin; B. Risks t rganisatins prviding and/r using the Health and Scial Care Infrmatin Centre with data as a result f: I. perceived harm t privacy; II. a failure t meet public expectatins n the prtectin f persnal infrmatin (causing damage t the rganisatin s reputatin); III. failure t cmply with the law, leading t enfrcement actin frm the Infrmatin Cmmissiner; r cmpensatin claims frm individuals. Page 24 f 29

A(ii) - Risk Mitigatin Matrix This sectin identifies a list f ptential privacy risks and ptential impacts, with crrespnding infrmatin gvernance cntrls and pledges t reduce the risks t privacy. The table belw indicates which risks each f the pledges is intended t address. Cntrl/Pledge t reduce risk/impact Lss f autnmy Cnfidential infrmatin viewed withut cnsent Misuse fllwing illegal access Misuse fllwing lawful access 1) Obtain the minimum necessary identifiable data 2) Stre and prcess identifiable data securely 3) Minimise staff able t view identifiable data 4) Destry identifiable data when n lnger necessary 5) Disclse nly annymised data (ther than lawful exceptins) 6) Restrict the data disclsed accrding t cntext e.g. whether r nt published 7) Mnitr wh accesses patient identifiable data A. Establish an Independent Advisry Grup B. Maintain agreements with data suppliers C. Respect patient pt uts D. Cmmissin infrmatin gvernance audits E. Be transparent and cmmunicate fairly and lawfully F. Operate gd infrmatin gvernance amngst staff with sanctins fr miscnduct Page 25 f 29

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback