Bristol, North Somerset and South Gloucestershire. Connecting Care. Data Sharing Agreement

Similar documents
Implied Consent Model and Permission to View

GP Practice Data Export and Sharing Agreement

NHS Summary Care Record. Guide for GP Practice Staff

CLINICAL SERVICES POLICY & PROCEDURE (CSPP No. 25) Clinical Photography Policy in the Pre-Hospital Setting. January 2017

Privacy Impact Assessment: care.data

Principles of Data Sharing for GPs and LMCs

White Rose Surgery. How we collect, look after and use your data.

How we use your information. Information for patients and service users

Fair Processing Notice or Privacy Notice

INTRODUCTION SOLUTION IMPLEMENTATION BENEFITS SUCCESS FACTORS LESSONS LEARNED. Implemented the ehealthscope Tool to provide information to GPs

Fair Processing Strategy

SOMERSET INFORMATION SHARING PROTOCOL

NATIONAL HEALTH SERVICE, ENGLAND

Policy for Patient Access

NHS 111 Clinical Governance Information Pack

High level guidance to support a shared view of quality in general practice

National Cervical Screening Programme Policies and Standards. Section 2: Providing National Cervical Screening Programme Register Services

DATA PROTECTION POLICY

DATA QUALITY STRATEGY IM&T DEPARTMENT

Clinical Coding Policy

National Diabetes Audit Implementation Guidance

GPs as data controllers under the General Data Protection Regulation

Informal Patients to take Leave from Adult Mental Health Inpatient Wards. Standard Operating Procedure

The Northern Ireland Electronic Care Record

integrated Doncaster Care Record (idcr)

SM-PGN 01- Security Management Practice Guidance Note Closed Circuit Television (CCTV)-V03

SystmOne COMMUNITY OPERATIONAL GUIDELINES

integrated Doncaster Care Record (idcr)

62 days from referral with urgent suspected cancer to initiation of treatment

EAST CALDER & RATHO MEDICAL PRACTICE YOUR INFORMATION

Contract of Employment

Walsall Healthcare NHS Trust School Nursing Service

Sample Privacy Impact Assessment Report Project: Outsourcing clinical audit to an external company in St. Anywhere s hospital

Page 1 of 18. Summary of Oxfordshire Safeguarding Adults Procedures

Sharing your information to improve care

NOTTINGHAM UNIVERSITY HOSPITAL NHS TRUST. PATIENT ACCESS MANAGEMENT POLICY (Previously known as Waiting List Management Policy) Documentation Control

Committee is requested to action as follows: Richard Walker. Dylan Williams

Information Governance, Electronic Patient Records and Patient Online Access

Deputise and take charge of the given area regularly in the absence of the clinical team leader who has 24 hour accountability and responsibility.

I SBN Crown copyright Astron B31267

Occupational Health Privacy Notice

Shared Care Record View Privacy Framework

Sharing Healthcare Records

Author: Kelvin Grabham, Associate Director of Performance & Information

Hospital Generated Inter-Speciality Referral Policy Supporting people in Dorset to lead healthier lives

Kent and Medway Ambulance Mental Health Referral Pathway Protocol

Use of social care data for impact analysis and risk stratification

JOB DESCRIPTION. Out of Hours Emergency Care Practitioner (Non-prescriber ECP)

ALLOCATION OF RESOURCES POLICY FOR CONTINUING HEALTHCARE FUNDED INDIVIDUALS

ACCESS TO HEALTH RECORDS POLICY & PROCEDURE

NHS LANARKSHIRE PATIENT ACCESS POLICY

Commissioning Policy

Access to Medical Records Policy

NHS BORDERS PATIENT ACCESS POLICY

NON-MEDICAL PRESCRIBING POLICY

PORTER S AVENUE DOCTORS SURGERY UPDATE

PATIENT RIGHTS ACT (SCOTLAND) 2011 ACCESS POLICY FOR TREATMENT TIME GUARANTEE

Delegation to Band 3 and 4 Nursing Unregistered Support Workers Guidance for Staff and Managers. Version No.1 Review: November 2019

Privacy Policy - Australian Privacy Principles (APPs)

THE ADULT SOCIAL CARE COMPLAINTS POLICY

Frequently Asked Questions (FAQs) About Sharing Information for Patients

DOCUMENT CONTROL Title: Use of Mobile Phones and Tablets (by services users & visitors in clinical areas) Policy. Version: Reference Number: CL062

NHS Pathways and Directory of Services

Access to Records Procedure under Data Protection Act 1998 Access to Health Records Act 1990

Counselling Policy. 1. Introduction

Staffordshire and Stoke on Trent Adult Safeguarding Partnership Board Safeguarding Adult Reviews (SAR) Protocol

Prescribing Policy between Nottinghamshire Commissioning Organisations and local providers of NHS Services

Cambridgeshire County Council Public Health Directorate. Privacy Notice, February 2017

Clinical Lead. Contract of Employment

INTRODUCTION SOLUTION IMPLEMENTATION BENEFITS SUCCESS FACTORS LESSONS LEARNED

Approve Ratify For Discussion For Information

Independent Group Advising (NHS Digital) on the Release of Data (IGARD)

CARE QUALITY COMMISSION ESSENTIAL STANDARDS OF QUALITY AND SAFETY. Outcome 6 Regulation 7 Co-operating with Other Providers

Meeting of Bristol Clinical Commissioning Group Governing Body. Title: Bristol CCG Management of Serious Incidents Agenda Item: 17

Wiltshire Clinical Commissioning Group. Information Sharing Agreement for the Purposes of Direct Patient Care. Memorandum of Understanding

SAFEGUARDING OF VULNERABLE ADULTS POLICY

Health Visiting and School Nursing Service Clinical Record Keeping Re-Audit 2014/15

Babylon Healthcare Services

Implementation guidance report Mental Health Inpatient Discharge Standard

Memorial Hermann Information Exchange. MHiE POLICIES & PROCEDURES MANUAL

Standard Operating Procedure: Mental Health Services Data Set (MHSDS) Identifier metrics

Title: Climate-HIV Case Study. Author: Keith Roberts

THERAPY CENTRE JOB DESCRIPTION

Outpatients Referrals and Waiting Lists <OP2 / OP3>

Personal Identifiable Information Policy

Safeguarding Adults Reviews Protocol

Bristol CCG Urgent Care Working Group

Safeguarding Vulnerable Adults Policy

Transfer of Care (ToC) service Frequently asked questions

Corporate. Visitors & VIP s Standard Operating Procedure. Document Control Summary. Contents

Camden Integrated Digital Record. Dr Neel Gupta Hasib Aftab

JOB DESCRIPTION FOR BROADMEAD MEDICAL CENTRE

Information Sharing Agreement

Sample. Information Governance. Copyright Notice. This booklet remains the intellectual property of Redcrier Publications L td

Developing a framework for the secondary use of My Health record data WA Primary Health Alliance Submission

MSK AHP REFERRAL HUB (ADMIN)

Policy on Sponsorship and Joint Working with the Pharmaceutical Industry and other Commercial Organisations

EMERGENCY CARE DISCHARGE SUMMARY

Patient Advice and Liaison Service (PALS) policy

Safeguarding Policy 2016/17

Transcription:

Bristol, North Somerset and South Gloucestershire Connecting Care Data Sharing Agreement Document Control Version 2.0 Author(s) Adam Tuckett, Emma Pace and Natasha Neads Date issued 19 th August 2015

Contents 1. Introduction... 3 2. Purposes & Benefits of Information Sharing... 3 2.1. Background... 3 2.2. Benefits... 3 2.3. Primary Purposes & legal basis for information sharing... 4 2.4. Secondary uses of data from Connecting Care:... 4 3. Legal Framework... 6 3.1. Regulatory controls on the use of information:... 6 4. Approach to Consent... 7 4.1. Sharing of personal/identifiable data... 7 4.2. Connecting Care Consent model... 7 4.3. Opt-Out... 9 5. Information Exchanged or Shared between Partners... 9 5.1. Data to be shared... 9 5.2. How information will be shared... 9 5.3. Data Accuracy... 9 5.4. Data retention... 10 5.5. Principles of using shared data... 10 6. Security... 10 6.1. Overview of the solution... 10 6.2. Connecting Care Portal... 11 6.3. Access Control... 12 7. Incident Management... 12 7.1. Incident types... 12 7.2. Informing individuals... 13 7.3. Responsibilities of parties... 13 8. Awareness Training/Communication to involved individuals... 13 9. Monitoring & Review... 13 10. Glossary... 14 11. Signatures of Parties Agreeing to Sharing Data... 15 12. Signatures of Organisations Using Data... 17 Appendix 1 Data Sharing Matrices... 18 Each of the tables in the following sections detail the data items to be shared (from the specific source system)and the roles that will be able to view the data in Connecting Care.... 18 11.1. RiO - Community Services... 18 11.2. RiO - Avon and Wiltshire Mental Health Partnership... 18 11.3. Cerner Millennium (NBT, Weston)... 19 11.4. System C Medway (UHB)... 19 11.5. NBT CRIS/Ultra... 19 11.6. UHB CRIS/Ultra... 20 11.7. Northgate SWIFT (North Somerset Council)... 20 11.8. PARIS (Bristol City Council)... 21 11.9. HealthCare Gateway (MIG) GP Data... 22 Appendix 2 Contents/Definition of Data Fields... 23 2

1. Introduction The purpose of this agreement is to set out the arrangements for the sharing and use of personal data for the Connecting Care initiative between the signatory organisations. The agreement also sets out how the sharing of personal data in Connecting Care is compliant with relevant legal and regulatory requirements. This agreement does not provide full detail of all compliance requirements, such as detailed technical security, and must be read in conjunction with other documents (such as the Connecting Care System Security Statement) This agreement operates in conjunction with Information Sharing Principles Agreement (see www.protectinginfo.nhs.uk) Throughout this document the term individual is used to cover the sector specific terms for members of the public in receipt of services such as patient, client, service user or similar. 2. Purposes & Benefits of Information Sharing 2.1. Background Across Bristol, North Somerset and South Gloucestershire care for individuals and clients is carried out by different organisations and varying health and social care services. Individuals frequently move between primary care to acute hospital care, to community health care and social care. In other cases, individuals are cared for within multi-disciplinary teams that draw on expertise from different parts of health and social care. However, despite the rarity of an individual s journey being limited to one particular organisational silo, most information systems are specific to one particular organisation, or even to a particular service within an organisation. Thus information is dis-connected across care pathways. These silos of information adversely impact care in terms of: The individuals experience The quality of care The ability to fully support care pathways (e.g. for long term conditions) The efficiency of services The ability to provide joined up care and care provided by the right person at the right time Connecting Care is the Bristol, North Somerset and South Gloucestershire [BNSSG] programme that aims to deliver a detailed, local, shared record. The programme will integrate clinical and social health information sourced from a variety of existing clinical and social care information systems currently in use thus providing a unified view of information that can be used to facilitate improved care provision and decision-making. 2.2. Benefits The first stage of Connecting Care was focussed around exploring the benefits & costs to support the delivery of a business case for the full strategic solution. The business case has 3

now been funded and the programme has moved to phase 2. Benefits of sharing data for Connecting Care, identified in phase 1 are: (see benefit realisation documentation) Improved security of information; reducing the risk of misdirected communications Care professionals will have the ability to find up-to-date information about the individuals that they provide care for and their encounters with other care professionals, in one place. It will support better, more effective clinical/care decision making Improved care and outcomes for individuals Improved safety for individuals e.g. allergy information will be available to care professionals, reducing the risk of adverse drug reactions Reduction of administrative costs; Connecting Care organisations frequently get asked to provide information to other services about the individuals they care for via telephone, fax, letter etc. Reduced duplication of work e.g. duplicate tests being ordered or repeat requests for information 2.3. Primary Purposes & legal basis for information sharing The key purposes of sharing information for Connecting Care are: For delivering routine care and treatment across Connecting Care organisations, based on a model of implied consent and legitimate relationship access, utilising express consent to access where this is practical. The delivery of care and treatment across Connecting Care agencies, where the failure to do so effectively carries a significant risk of avoidable substantial harm to the individual(s) in addition to the consent/legitimate relationship model, utilising the vital interests justification for processing data Each organisation accessing information will ensure the use of information relates to the above purposes as required by Data Protection Act principles. The Connecting Care Consent model is described in detail in section 4 2.4. Secondary uses of data from Connecting Care: It is expected that the Connecting Care system will become a very rich source of information for managing and planning services and the strategic development of health & social care in the community. At present potential uses are not fully understood or even identified, but a number of core principles must be in place for any secondary use of data: Data will be made available in three levels: aggregate, pseudonymised and deidentified data. Explanations of these terms can be found in the glossary Identifiable data will not be available without clear documented legal justification To support improvements in care (joined up pathways, integrated working), analysis of data at an individual row level will be required. Such activities will use either pseudonymised data, de-identified data or identifiable data (where there is clear documented legal basis). 4

This agreement will be updated when requirements to use data for secondary purposes are set out. Changes will be compliant with the Information Commissioner s Code of Practice on anonymisation (and NHS Anonymisation data standard). 5

3. Legal Framework Within a health and social care context there are numerous items of legislation and regulation that relate to information sharing, some of them place regulatory control on the sharing of data, others provide organisational powers to share data. This agreement is set within the relevant legal framework with specific references as follows: 3.1. Regulatory controls on the use of information: Data Protection Act (DPA) 1998: This is the key legislation to control the processing and sharing of personal data. All signatories to the agreement are already required to comply with the requirements of the DPA. The processing of data within Connecting Care must also be compliant with the DPA. The principles are referenced throughout this document in the relevant places: In addition to the above the following principles are addressed as follows: When an individual makes a request to an organisation for access to the data it holds on them, then the organisation will follow its standard process to provide information. An organisation is not required to provide access to data that it can access from other data controllers (advice on this has been sought and confirmation gained from the Information Commissioner s office in respect of the NHS RiO system and cross organisational access and applies here) Technical and organisational security this is as described in the Connecting Care System Security Statement (overview in section 6). All data is processed within the UK A Privacy Impact Assessment (PIA) has been conducted on the programme and this position is being regularly reviewed within the Information Governance workstream. Privacy Impacts will be considered for any significant change to the system, such as expansion of data shared by existing or new stakeholders or increased functionality. Human Rights Act (HRA) 1998 and Common Law duty of confidentiality: The requirements of the above are addressed as follows: Use of information is either by consent or other legal justification (see section 2), in line with the requirements of the common law duty of confidentiality. This also links to article 8 of the HRA (right to private and family life). Privacy is also protected by the role based access and processes to manage users of the system. Legal powers for sharing data (Legal gateways): Key to the sharing of data via Connecting Care is that in principle that the majority of data being shared via the system is already shared via other methods, such as phonecalls, emails and faxes. The data shared is intrinsic to the direct provision of health and social care requirements to the individuals in receipt of services. Therefore the sharing is done within the existing legal powers ( vires ) of the participating organisations. 6

Any new organisation wishing to share and access data in the Connecting Care programme, will as part of the take on process identify and ensure that there are sufficient legal gateways for the sharing of data between the relevant parties. Should an organisation not have a legal gateway to share with a new party, then either technical methods to prevent sharing between those organisations will need to be established, or the new party will not be able to join the programme. Sharing data for non-direct care purposes: Information held within Connecting Care is currently for direct care purposes only. Therefore, any request for information held on an individual within the Connecting Care system, other than for direct care purposes, must have a lawful reason to do so, e.g. to assist the Police with an enquiry, to assist a partner organisation with an investigation into system misuse etc. If there is a lawful reason, then the receiving organisation should consider the following when responding: Establish whether the request is appropriate, by liaising with their Information Governance lead. Only disclose information from their own source systems, in line with their own organisational policy. If deemed appropriate, refer the requester to another organisation, within Connecting Care. Please discuss this with your Information Governance leads as some 3 rd party requesters may have legitimate reasons for requesting information. 4. Approach to Consent 4.1. Sharing of personal/identifiable data It is recognised that there are concerns regarding governance and individual confidentiality with any type of information sharing. The governance controls in place therefore are focussed on ensuring that the sharing of data is carefully monitored and controlled rather than prevented. In line with the purposes set out in section 2.3, the data required for Connecting Care will be clearly identifiable. Sharing of personal/identifiable information must be done fairly and lawfully. The consent model below relates to the conditions for processing data set out in schedules 2 & 3 of the Data Protection Act (1998). 4.2. Connecting Care Consent model The approach to consent for Connecting Care is as follows: Informing individuals 7

For phase 1 a mass mailing to all individuals in the community (aged 15+) was undertaken as a key exercise to inform and allow individuals to opt out. Materials to promote the use of the system are available to all participating organisations. These include posters, leaflets and web based materials. Organisations are expected to actively promote these materials to individuals. Implied Consent This refers to instances where the consent of an individual can be implied without them having to give explicit agreement for a specific aspect of information sharing to proceed. Collation of data within Connecting Care is on the basis of implied consent, originally established by the mass mailing and supported by ongoing informing in organisations. The opt-out allows the individual to dissent from their data being used. An example of implied consent is where an individual is referred by a care professional to another local care provider. It is deemed that the individual has implicitly consented for that provider to view the areas of their record (as set out in the sharing agreement), for the episode of care. In this situation, care providers will not be required to record consent every time they are with the individual. Implied consent is only applicable within the context of direct care of individuals.. Connecting Care requires a user to claim a legitimate relationship with the individual identifying the basis for the relationship. The relationship is then in place for a set time period (based on user role). At the end of the period the relationship will cease and the access will be restricted until such time as a further relationship is established. Explicit Consent In the situation where consent is not implicit (through either being referred to a local care provider or by the care provider having an existing legitimate relationship with the individual), explicit consent will be required at the point of care, unless there is another justification (see below). This means that users providing care will be prompted to confirm consent with the individual when they access the shared Connecting Care record. Vital Interests In circumstances where the individual is unable to give consent, such as where there is severe injury or distress or where gaining consent would delay or put individuals at increased significant risk, information will be shared on the basis of vital interests of the individual(s). Break glass access within Connecting Care will be available to allow care providers to access information to provide the care that is required. Break glass access allows the record to be accessed and the reason for the access to be recorded. The system also has a privacy log of all privacy overrides that will be regularly reviewed. Break Glass access can be used where there is no ongoing care relationship, but a justifiable basis to 8

access the record, such as safeguarding concerns. Access will be provided for a limited period (60 minutes). 4.3. Opt-Out If an individual requests to opt-out of Connecting Care, this will be managed within the Connecting Care portal as approved by the Programme Board in March 2013. Information materials for individuals will highlight the process for concerns and queries to be raised. In line with the Information Governance review (March 2013), Opt out will be available as a choice. Staff dealing with individuals raising concerns will be expected to discuss the benefits of the system and the impacts of opt out, but will ensure individual wishes are respected, unless there is a legal duty to include their data. 5. Information Exchanged or Shared between Partners 5.1. Data to be shared The detail of the data to be shared by all stakeholders and the roles that can view it is available in Appendix 1 (please note this appendix is correct at the time of issue and subject to change in agreement with all parties affected by a proposed change). 5.2. How information will be shared Data for Connecting Care is shared electronically through the Orion Health Cross Community Care Record (CCCR) solution. Further detail on the Orion Health CCCR solution can found in Section 6 - Security 5.3. Data Accuracy As required by the Data Protection Act 1998, all Connecting Care organisations agree that the data to be used is: Accurate Valid Timely Relevant Complete Parties are responsible for the accuracy of data from their own clinical/social care IT system. In addition all parties as joint data controllers are responsible that the loading and access routines in Connecting Care promote and maintain accuracy. There are three categories of reporting processes when inaccurate data is identified: Direct care impact Where a user identifies and issue of accuracy that will have a direct and immediate impact on the provision or administration of an service to an 9

individual. It is proposed that the identifying user reports issues directly to the service/team responsible. Anecdotal concern Where users generally feel data from other organisation(s) has frequent minor inaccuracies (with limited impact on the individual s care). These issues need to be captured as part of the project feedback. Individual raises accuracy issue Where an individual with access to their record or concern over something that may relate to accuracy makes this known. As the issue will be with data in source system(s), then the originating organisation must follow their policy of managing such issues. 5.4. Data retention Retention of data is the responsibility of the originating organisation. If a data source removes information or a record, they will have to inform Connecting Care to remove the same data from the Connecting Care system by emailing Connecting.Care@swcsu.nhs.uk. 5.5. Principles of using shared data The information shared by Connecting Care organisations, is only done so for the specific purposes detailed in this Data Sharing Agreement (see section 2.3). Much of the data being shared via the system is already shared via other methods, such as phone calls, emails and faxes. Connecting Care will negate the need for care professionals to gather key information using these methods. The Orion solution will contain functionality to allow formatted view of data to be printed by the user e.g. patient lists, summary portal pages, laboratory results etc. A disclaimer is printed within the page footer, outlining the individual s details, document details (e.g. printed by user X at date/time Y), with a reminder warning message regarding confidentiality of the individual s information. Print functionality can be switched on/off by the system administrator and can also be limited to certain roles. 6. Security 6.1. Overview of the solution The diagram below provides an overview of the Connecting Care Solution. The solution is provided by Orion Health and is known as the Cross-Community Care Record (CCCR). It comprises a number of components, as shown in the diagram below. 10

The components in the diagram are described in the table below: Component Rhapsody Clinical Data Repository (CDR) Clinical Portal NextGate Overview Orion Health Integration engine that transforms and manages messages that come into the system. It enables the exchange of electronic data from multiple systems. A central data warehouse where information from a number of sources is transformed into a standard format to be made available to the user in the clinical portal A web-based application that provides users with a single access place to locate an individual s information from multiple systems This is the enterprise Master Patient Index (empi) used in the Orion Health Solution, which matches up the records of individuals from the separate source systems The solution has been accredited to NHS Interoperability Toolkit Standards. These are a set of national standards, frameworks and specifications to support interoperability of IT systems across local health communities. 6.2. Connecting Care Portal The Connecting Care solution (outlined in section 6.1) will be hosted in the North Bristol Trust (NBT) data centre at Southmead. This is now expanded with infrastructure in the University Hospitals Bristol (UHB) data centre, with a fail over site at Wynford House (Yeovil) The data centres have the following security features: 11

Secure building, monitored via CCTV 24x7, Intruder Alarms Access control to the building and biometric access to the computer room operating as a double perimeter security model. Only 3rd line support team have access to this room All staff required to wear visible identification at all times Regular review of staff needing access to the facilities, integrated with starter/leaver process and updates to security codes when staff leave as required. Third party support access granted only when required via a documented process and such access is monitored Network and infrastructure controls to prevent unauthorised access (firewalls) Secure firewalls and anti-malware (malicious software) solutions, to protect from external threats. 6.3. Access Control Access is managed by South, Central & West Commissioning Support Unit (CSU), with each organisation managing a process to identify and authorise their users. Each organisation has specific authorisers who can approve access to Connecting Care, with user management centrally administrated by the CSU. Access to data is based on a user s role and their need to access specific data items with respect to the needs of their role. Providers of data are advised to refer to the access control matrix at Appendix 1 of this protocol. These matrices have been set out to meet the principle of adequate, relevant and not excessive access to data. In the first stage of Connecting Care, access to the portal will be via a username and password. Once a user is logged onto the system, the solution will: Only grant access to applications to which he or she has clearance Only allow tasks to be carried out if the user has correct authorisation Deny access to specific individual s records or other information within the system (where the user is not authorised to view them) 7. Incident Management 7.1. Incident types Management of incidents will vary depending on the sort of incident encountered: Inappropriate access by own staff: Any organisation either suspecting or identifying inappropriate use by their own staff will conduct their own investigation. If this identifies that information from another organisation has been viewed or used inappropriately, the original organisation will contact the other organisation(s) at the earliest opportunity Inappropriate access by external users: Any organisation either suspecting or identifying inappropriate use by users outside of their employees will raise the issue as soon as possible with the organisation responsible for those users. Details on 12

employing or approving organisation will be held on the user s record. The investigation and disciplinary policy of the employing organisation will be followed and the reporting organisation will be engaged in the process as much as they require to be. Any incident related to the use of health or adult social care data will be checked against the HSCIC Serious Incidents Requiring Investigation (SIRI) and reported as required based on the scope and severity categories by the organisation affected. Where multiple organisations are involved, they will agree reporting between themselves as the incident does not need to be reported multiple times. 7.2. Informing individuals Where an incident identifies that the confidentiality of an individual may have been breached, consideration will be given to informing the individual. Decision making will start from a position of informing the individual, unless there is good reason not to. Decisions on informing individuals will be taken by the senior health or social care professional in charge of service provision to the individual affected, taking advice from their Caldicott Guardian/Information Governance lead. Where the breach has been caused by an individual in a different organisation, it will be the senior professional in the organisation(s) whose data has been compromised who will determine whether the affected individual should be informed as they will have the greatest knowledge as to the impact on the individual of the breach in relation to the type of data in question. If a situation such as this was to arise involving more than one other organisation, the senior staff involved will collaborate on deciding whether to inform the individual. 7.3. Responsibilities of parties This protocol cannot set out management processes for all possible types of incidents, so other than the above, if an incident is encountered, all parties agree to: Act swiftly, but not recklessly to investigate any reports Engage any other affected organisation at the earliest opportunity Commit sufficient resources to conclude investigations in a timely manner Abide by the disciplinary policy of employing organisations. 8. Awareness Training/Communication to involved individuals All users will be trained in accordance with board approved training policy, with specific reference to the Patient privacy quick reference guide (http://nww.connectingcare.swcsu.nhs.uk/training.aspx) 9. Monitoring & Review The agreement will be reviewed in the following circumstances: In the event of any incident or near miss Legislative/regulatory change Significant functionality change (e.g. sharing documents/writing data) 13

Annually or at the request of a stakeholder The matrix of roles, data views and levels of access in Appendix 1 are included as an example. This is not the formal matrix. Rather than review and update this agreement each time and require all organisations to reconfirm, the access control matrix will be agreed with each data controller specifically. Changes may not affect all parties, so any change in the matrix will be put to the relevant data controller organisations. 10. Glossary Aggregated data Anonymisation Data Controller De-identified data Episode Direct care Individual Legitimate relationship Processing Statistical data about several individuals that has been combined to show general trends or values without identifying individuals within the data. Data rendered into a form that does not identify individuals and where identification is not likely to take place. A person (individual or organisation) who determines the purposes for which and the manner in which any personal confidential data are or will be processed. Personal confidential data that has been through anonymisation in a manner conforming to the ICO Anonymisation code of practice Services provided to an individual with a medical or social care related problem within a specific period of time e.g. a visit to an emergency department for medical treatment is an episode of care A clinical, social or public health activity concerned with the prevention, investigation and treatment of illness and the alleviation of the suffering of individuals. Generic term used to cover the sector specific terms for members of the public in receipt of services such as patient, client, service user or similar. The legal relationship that exists between an individual and the health and social care professionals and staff supporting their care. In relation to information or data, this is 14

Pseudonymisation obtaining, recording or holding the information/data or carrying out any operation, or set of operations on the information/data. Process of distinguishing individuals in a data set by using a unique identifier, which does not reveal their real world identity. 11. Signatures of Parties Agreeing to Sharing Data 15

By signing this agreement, each organisation agrees to share information (as listed in Appendix 1) with Connecting Care, for the purposes outlined in this document. Bristol City Council North Bristol NHS Trust North Somerset Community Partnership North Somerset Council University Hospitals Bristol NHS Trust Bristol Community Health Sirona Care and Heath Weston Area Health NHS Trust 16

BrisDoc Healthcare Services Avon and Wiltshire Mental Health Partnership South Gloucestershire Council 12. Signatures of Organisations Using Data By signing this agreement, each organisation agrees to use the information (as listed in Appendix 1) in Connecting Care, for the purposes outlined in this document. Weston Hospice Care group St Peters Hospice

Appendix 1 Data Sharing Matrices Each of the tables in the following sections detail the data items to be shared (from the specific source system)and the roles that will be able to view the data in Connecting Care. 11.1. RiO - Community Services 12 Data Item Urgent Care Clinician GP Shared with (role) Social Care Community Professional Health Professional Consultant Current problems Yes Yes Yes Yes Yes No Alerts Yes Yes Yes Yes Yes No Referrals Yes Yes Yes Yes Yes Yes Encounters (Past) Yes Yes Yes Yes Yes Yes Appointments (future) Yes Yes Yes Yes Yes Yes Progress Notes Yes Yes Yes Yes Yes No Administrator 11.2. RiO - Avon and Wiltshire Mental Health Partnership Data Item Urgent Care Clinician GP Shared with (role) Social Care Community Professional Health Professional Consultant Referrals Yes Yes Yes Yes Yes Yes Encounters (Past) Yes Yes Yes Yes Yes Yes Appointments (future) Yes Yes Yes Yes Yes Yes Administrator 1 North Somerset Community Partnership, Bristol Community Health and Sirona Care and Health 2 Information from RiO will continue to be shared until all services have migrated to EMIS

11.3. Cerner Millennium (NBT, Weston) Data Item Urgent Care Clinician GP Shared with (role) Social Care Community Professional Health Professional Consultant Encounters (Past) Yes Yes Yes Yes Yes Yes Appointments (future) Yes Yes Yes Yes Yes Yes Administrator 11.4. System C Medway (UHB) Data Item Urgent Care Clinician GP Shared with (role) Social Care Community Professional Health Professional Consultant Encounters (Past) Yes Yes Yes Yes Yes Yes Appointments (future) Yes Yes Yes Yes Yes Yes Administrator 11.5. NBT CRIS/Ultra Data Item Urgent Care Clinician GP Shared with (role) Social Care Community Professional Health Professional Consultant Test Orders Yes Yes No Yes Yes No Test Results Yes Yes No Yes Yes No Administrator 19

11.6. UHB CRIS/Ultra Data Item Urgent Care Clinician GP Shared with (role) Social Care Community Professional Health Professional Consultant Test Orders Yes Yes No Yes Yes No Test Results Yes Yes No Yes Yes No Administrator 11.7. Northgate SWIFT (North Somerset Council) Data Item Urgent Care Clinician GP Shared with (role) Social Care Community Professional Health Professional Consultant Current Problems Yes Yes Yes Yes Yes No Alerts Yes Yes Yes Yes Yes No Referrals Yes Yes Yes Yes Yes Yes Encounters (past) Yes Yes Yes Yes Yes Yes Administrator 20

11.8. PARIS (Bristol City Council) Data Item Urgent Care Clinician GP Shared with (role) Social Care Community Professional Health Professional Consultant Current Problems Yes Yes Yes Yes Yes No Alerts Yes Yes Yes Yes Yes No Referrals Yes Yes Yes Yes Yes Yes Encounters (past) Yes Yes Yes Yes Yes Yes Administrator 11.9. Adastra Brisdoc Data Item Urgent Care Clinician GP Shared with (role) Social Care Community Professional Health Professional Consultant Appointments Yes Yes Yes Yes Yes No End of Life Yes Yes Yes Yes Yes No Administrator 21

11.10. HealthCare Gateway (MIG) GP Data Data Item Urgent Care Clinician GP Shared with (role) Social Care Community Professional Health Professional Consultant Patient details demographics Yes Yes Yes Yes Yes Yes Summary Yes Yes No Yes Yes No Problems Yes Yes No Yes Yes No Medications Yes Yes No Yes Yes No Events (appointment, Yes Yes Yes Yes Yes Yes referrals, admission) Current GP Yes Yes Yes Yes Yes Yes Procedures Yes Yes No Yes Yes No Diagnosis Yes Yes No Yes Yes No Examinations Yes Yes No Yes Yes No Investigations Yes Yes No Yes Yes No Risks and warnings ( allergies and adverse reactions) Yes Yes Yes Yes Yes No Administrator 11.11. HealthCare Gateway (MIG) Community Data 34 Data Item Urgent Care Clinician GP Shared with (role) Social Care Community Professional Health Professional Consultant Patient details - demographics Yes Yes Yes Yes Yes Yes Community View Yes Yes Yes Yes Yes No Summary Yes Yes Yes Yes Yes No Administrator 3 Note, not all of the data items will be populated this is dependent of the community providers use of EMIS 4 North Somerset Community Partnership, Bristol Community Health and Sirona Care and Health 22

Data Item Urgent Care Clinician GP Shared with (role) Social Care Community Professional Health Professional Consultant Events (Appointments, Yes Yes Yes Yes Yes Yes Referrals, Encounters ) Procedures Yes Yes Yes Yes Yes No Diagnosis Yes Yes Yes Yes Yes No Examinations Yes Yes Yes Yes Yes No Investigations Yes Yes Yes Yes Yes No Medications Yes Yes Yes Yes Yes No Problems Yes Yes Yes Yes Yes No Risks and warnings ( allergies and adverse reactions) Appendix 2 Contents/Definition of Data Fields Yes Yes Yes Yes Yes No Administrator Demographics Title First Name Current problems e.g. diabetes Problem Description Date Diagnosed Medications Allergies Alerts Test orders e.g. visit penicillin alerts' e.g. dangero us dog Medicine Name Allergy Description Alert Type Dose Notes Alert Text Test results Referrals Encounters (Past/Current) exc. to past secondary appointments/ care events and visitseverything that has happened Service Id Obs Id Source Location (e.g. ward 51) Order Obs Value Status Specialty Referred to Location Type (Home/IN NBT/Out UHB etc) Appointments (Future) future appointments Location (e.g. ward 51) Location Type (Home/Inp NBT/Outp UHB etc) Current GP GP Name Practice Name 23

Demographics Current Medications Allergies Alerts Test Test results Referrals Encounters Appointments Current GP problems orders (Past/Current) (Future) Given Name 1 End Date? Start Date Date Noted Alert Date Desired Time Units Team Referred Type (First,Followup Type (First,Followup Practice Address1 To etc) etc) Given Name 2 End Date Closed Date Closed Date Ordered By Status Date Specialty Specialty Practice Address2 Surname Date Ordered Date Reason Team Team Practice Address3 DOB Abnormal? Practitioner Name Practitioner Name Practice Address4 Gender Expected Range? Practitioner Type Practitioner Type Practice Postcode Address Line 1 Start Date Start Date Practice Phone Address Line 2 End Date Practice Fax Address Line 3 Outcome Practice Email Address Line Diagnosis? 4 Address Line 5 Postcode NHS Number Local Id Telephone? Mobile? Email? 24

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback