Fair Processing Strategy

Similar documents
NATIONAL HEALTH SERVICE, ENGLAND

Priority Issues in Information Governance

Methods: Commissioning through Evaluation

Use of social care data for impact analysis and risk stratification

Framework for managing performer concerns NHS (Performers Lists) (England) Regulations 2013

How we use your information. Information for patients and service users

Enhanced service specification. Avoiding unplanned admissions: proactive case finding and patient review for vulnerable people 2016/17

Guidance on the use of the draft model Grant Funding Agreement

NHS England Complaints Policy

OFFICIAL. Integrated Urgent Care Key Performance Indicators and Quality Standards Page 1 of 20

Privacy Impact Assessment: care.data

I SBN Crown copyright Astron B31267

GP Practice Data Export and Sharing Agreement

Fair Processing Notice or Privacy Notice

Commissioner Guidelines for Responding to Requests from Practices to Temporarily Suspend Patient Registration

Safeguarding Alerts Policy and Procedure

CLINICAL SERVICES POLICY & PROCEDURE (CSPP No. 25) Clinical Photography Policy in the Pre-Hospital Setting. January 2017

Independent Group Advising (NHS Digital) on the Release of Data (IGARD)

GPs as data controllers under the General Data Protection Regulation

Integrating care: contracting for accountable models NHS England

Patient and Public Voice Assurance Group (PPV AG) for Specialised Commissioning Assurance Report 2017/18

Principles of Data Sharing for GPs and LMCs

Cambridgeshire County Council Public Health Directorate. Privacy Notice, February 2017

Extended access to general practice. A guide to completing the extended access survey

NATIONAL PATIENT REPORTED OUTCOME MEASURES (PROMS) SUPPLIER ACCREDITATION PROCESS

Prescribed Connections to NHS England

Monthly and Quarterly Activity Returns Statistics Consultation

Personal Identifiable Information Policy

Developing a framework for the secondary use of My Health record data WA Primary Health Alliance Submission

White Rose Surgery. How we collect, look after and use your data.

Open and Honest Care: Driving Improvement. Board Compact. Version 3.2

European Reference Networks. Guidance on the recognition of Healthcare Providers and UK Oversight of Applications

OFFICIAL. NHS e-referral Service: guidance for managing referrals

Patient Registration Standard Operating Principles for Primary Medical Care (General Practice)

Scottish Clinical Trials Research Unit (SCTRU) Data Protection Notice

Sample Privacy Impact Assessment Report Project: Outsourcing clinical audit to an external company in St. Anywhere s hospital

MAKING AND USING VISUAL AND AUDIO RECORDINGS OF PATIENTS

Head of Joint Commissioning committee/individual: Effective from: 6 th February Review date: April 2017

How your health information is used in Lambeth

CODE OF CONDUCT CODE OF ACCOUNTABILITY IN THE NHS

COMMISSIONING FOR QUALITY FRAMEWORK

SPONSORSHIP AND JOINT WORKING WITH THE PHARMACEUTICAL INDUSTRY

Wandsworth CCG. Continuing Healthcare Commissioning Policy

Chief Officer following agreed delegation from February 2014 Governing Body Date approved: 6 th March 2014

Epsom and St Helier University Hospitals NHS Trust JOB DESCRIPTION. Director of Operations (Planned Care)

POLICY ON JOINT WORKING WITH THE PHARMACEUTICAL INDUSTRY. Issued by: Director of Quality, Governance and Patient Safety

Version Number Date Issued Review Date V1: 28/02/ /08/2014

Improving Systems for Cost Recovery for Overseas Visitors

Introducing the care.data programme

S2 and Directive routes: guidance for commissioners

Implied Consent Model and Permission to View

Occupational Health Privacy Notice

Access to Records Procedure under Data Protection Act 1998 Access to Health Records Act 1990

Integrated Health and Care in Ipswich and East Suffolk and West Suffolk. Service Model Version 1.0

NHS Continuing Healthcare

Research and Innovation. Fellowship Scheme

Delivering the Five Year Forward View Personalised Health and Care 2020

Statement of Arrangements and Guidance on Patient and Public Participation in Commissioning

How NICE clinical guidelines are developed

Implementation of the right to access services within maximum waiting times

Methods: National Clinical Policies

Urgent Treatment Centres Principles and Standards

RD SOP12 Research Passport Honorary Contracts / Letters of Access

Data Protection Privacy Notice

Patient Reported Outcome Measures Frequently Asked Questions (PROMs FAQ)

Document Details Clinical Audit Policy

JOB DESCRIPTION. Joint Commissioning Manager for Older People s Residential Care and Nursing Homes

DISCLOSURE OF CERVICAL CANCER SCREENING AUDIT RESULTS POLICY

Code of Guidance for Private Practice for Consultants and Speciality Doctors

CARERS POLICY. All Associate Director of Patient Experience. Patient & Carers Experience Committee & Trust Management Committee

Section 132 of the Mental Health Act 1983 Procedure for Informing Detained Patients of their Legal Rights

Precedence Privacy Policy

England. Questions and Answers. Draft Integrated Care Provider (ICP) Contract - consultation package

Direct Commissioning Assurance Framework. England

Freedom to speak up: raising concerns (whistleblowing) policy

DATA PROTECTION ACT (1998) SUBJECT ACCESS REQUEST PROCEDURE

The NHS Constitution

National Standards for the Conduct of Reviews of Patient Safety Incidents

Information Governance Management Framework

Sharing Healthcare Records

Winter Plans and Arrangements for Primary Medical Care Services during the Christmas and New Year Period

Standards conduct, accountability

Programme Update: care.data

Guideline on good pharmacovigilance practices (GVP)

NHS CHOICES COMPLAINTS POLICY

Privacy Policy - Australian Privacy Principles (APPs)

Independent Mental Health Advocacy. Guidance for Commissioners

Aligning the Publication of Performance Data: Outcome of Consultation

Version 1.0. Quality, Performance & Finance. Date Ratified 31 st March 2015 Iain Stewart, Head of Direct Commissioning

INTRODUCTION SOLUTION IMPLEMENTATION BENEFITS SUCCESS FACTORS LESSONS LEARNED. Implemented the ehealthscope Tool to provide information to GPs

High level guidance to support a shared view of quality in general practice

Sources of evidence [note: you may reference other sources of evidence] Quarterly National Reporting Systems to the SHA on Waiting Times.

Policy on Sponsorship and Joint Working with the Pharmaceutical Industry and other Commercial Organisations

Hospital Generated Inter-Speciality Referral Policy Supporting people in Dorset to lead healthier lives

Barnet Health Overview and Scrutiny Committee 6 October 2016

Reservation of Powers to the Board & Delegation of Powers

Enhanced service specification. Avoiding unplanned admissions: proactive case finding and patient review for vulnerable people

WORKING WITH THE PHARMACEUTICAL INDUSTRY

Our next phase of regulation A more targeted, responsive and collaborative approach

SOMERSET INFORMATION SHARING PROTOCOL

Transcription:

Fair Processing Strategy March 2014 Fair Processing Strategy v8 2014.03.25 Page 1 of 15

NHS England INFORMATION READER BOX Directorate Medical Operations Patients and Information Nursing Policy Commissioning Development Finance Human Resources Publications Gateway Reference: 01389 Document Purpose Document Name Author Publication Date Target Audience Additional Circulation List Description Cross Reference Guidance Fair Processing Strategy W. Gowing March 2014 CCG Clinical Leads, CCG Accountable Officers, CSU Managing Directors #VALUE! This document sets out NHS England s Fair Processing Strategy for direct and indirect care uses of personal and confidential data. This document is primarily for those with responsibility for use of patient data, whether from primary or secondary care, and for information governance within NHS England. None Superseded Docs (if applicable) Action Required None N/A Timing / Deadlines (if applicable) Contact Details for further information N/A Stuart A Notholt Information Governance Communications Lead Phone 07796994375 0 Document Status This is a controlled document. Whilst this document may be printed, the electronic version posted on the intranet is the controlled copy. Any printed copies of this document are not controlled. As a controlled document, this document should not be saved onto local or network drives but should always be accessed from the intranet Publications Gateway Reference 01389 Fair Processing Strategy v8 2014.03.25 Page 2 of 15

Fair Processing Strategy First published: March 2014 Prepared by Information Governance Taskforce Fair Processing Strategy v8 2014.03.25 Page 3 of 15

Contents 1. Purpose and scope... 5 1.1 Purpose... 5 1.1 Scope... 6 2. Context... 6 2.1 Use of personal data... 6 2.1.1 Direct Care... 6 2.1.2 Indirect Care... 7 2.2 Intended end state on processing patient data for indirect uses... 7 3. The Fair Processing Strategy... 8 3.1 Strategy Overview... 8 3.2 Privacy Notices...10 3.3 Communications mechanisms...11 3.4 Specific purposes...12 Annexe 1...13 Equality statement Equality and diversity are at the heart of the NHS strategy. Due regard to eliminate discrimination, harassment and victimisation, to advance equality of opportunity, and to foster good relations between people who share a relevant protected characteristic (as cited in under the Equality Act 2010) and those who do not share it, has been given throughout the development of the policies and processes cited in this document. Fair Processing Strategy v8 2014.03.25 Page 4 of 15

1. Purpose and scope 1.1 Purpose This document sets out NHS England s Fair Processing Strategy for direct and indirect care uses 1 of personal and confidential data. These data are derived from the provision of health and social care services on behalf both of NHS England as a commissioner and the wider NHS. A fair processing strategy is needed to support the NHS in meeting the legal requirement for fair processing of personal and confidential information by organisations involved in commissioning and providing care in an extremely complex organisational and operational environment. The strategy is also needed to ensure that both organisations and staff are clear about their legal and professional obligations and to ensure that NHS England meets its own obligations and supports the service effectively in meeting its obligations. The use of patients data is a vital part of the delivery of care and commissioning process at Clinical Commissioning Group (CCG) and national level. Providing information to the public is integral to the provision of care and the commissioning cycle (e.g., specification to contract) It is also an important part of the overall engagement with a health economy of a commissioner as part of their public participation and involvement. This document is primarily for those with responsibility for use of patient data, whether from primary or secondary care, and for information governance within NHS England. In addition, this document will aid in the development of local fair processing strategies and implementation, which should be part of that wider engagement referred to above. This strategy is also relevant, therefore, for those with similar responsibilities in health and social care organisations, particularly senior management, such as chief executives, senior information risk owners and Caldicott Guardians. The strategy will also be of use to the wider information governance and information asset owner communities, including information governance training leads, in playing their part in the wider engagement process. NHS England s remit is limited to the NHS and its providers. However, as personal and confidential data often needs to be shared between the health and social care sectors, it is important that a consistent approach to fair processing (and information governance more generally) is adopted to provide the necessary assurance to the public and to bodies disclosing such data to others. 1 The Caldicott Review 2013 defined indirect care as activities that contribute to the overall provision of services to a population as a whole or a group of patients with a particular condition, but which fall outside the scope of direct care. It covers health services management, preventative medicine, and medical research. Examples of activities would be risk prediction and stratification, service evaluation, needs assessment, financial audit. Fair Processing Strategy v8 2014.03.25 Page 5 of 15

1.1 Scope The scope of the Fair Processing Strategy covers: why a fair processing strategy is needed and the strategic context; what organisations need to do to meet fair processing requirements, including developing privacy notices, outlining the information that should be given to patients and what to do to disseminate the information; the need to enable, support and inform clinicians to meet relevant legal and professional obligations in the use of patient data for both direct and indirect care purposes. The document also sets out the means of communicating the Strategy and its supporting materials, and need for organisations to generate their own strategies and implementation plans. 2. Context 2.1 Use of personal data The NHS and social care organisations use personal data in various aspects of their operations. It is a requirement of the Data Protection Act 1998 2 that such data are processed on a fair basis 3 and that data subjects are duly informed about such uses. It is necessary therefore to provide privacy notices 4 to deliver explanations to individuals when information is collected about them in effect stating how we use your data. Thus, fair processing is a means to an end to ensure that patients know how NHS and social care organisations use their data and to ensure that NHS and social care organisations can legally process patient data by fulfilling their fair processing obligations. The uses of personal data in health and social care can be grouped in two main ways: The primary use is for provision of direct care and care services The second use is for indirect care purposes - that is for uses other than for direct care and care services. These are considered further below. 2.1.1 Direct Care 2 see http://www.legislation.gov.uk/ukpga/1998/29/contents 3 see Fair Processing, the first Principle of the Data Protection Act: http://www.ico.org.uk/for_organisations/data_protection/the_guide/principle_1 4 for guidance on privacy notices see Information Commissioner s Office Privacy Notices Code of Practice http://www.ico.org.uk/for_organisations/data_protection/topic_guides/privacy_notices Fair Processing Strategy v8 2014.03.25 Page 6 of 15

The primary use is for provision of direct care and care services. Data are collected from patients and shared between regulated professionals (whether in the same or different health care organisations) to enable the provision of care. Relevant data are stored and processed in computer systems within care providers, such as general practices and provider trusts, (e.g. hospitals and community services), and any contracted data processing organisations. The sharing of data between regulated professionals and their organisations is implicit in the process of the provision of care. Fair processing requires that such sharing is explicit to the patient in the process of the provision of care and is understood by the patient. This is especially so when there are changes to the delivery of services, for example Secondary care such as where services are to be outsourced to a new provider, the use of independent sector providers, potential sharing with social care for integrated care purposes or in Primary care - where practices are proposing to share o back office functions with wider access to identifiable patient data o with other practices o where information is to be shared to support out of hours services Sharing across primary and secondary care, e.g., GP records to be made available to the local hospital trust Where such changes are to be made, there is a need to update fair processing leaflets, and to proactively communicate these proposed changes well in advance of implementation. Information about how to raise concerns will also be required and consideration given to accommodating patient objections. 2.1.2 Indirect Care The second use is for indirect care purposes, which is to support the commissioning of the provision of services, organisation of services; the management of funding and resources; monitoring the effectiveness and provision of services Relevant data are derived from the data collected in the provision of direct care. Such data are stored and processed within commissioning organisations, such as CCGs and NHS England, and any contracted data processing organisations. 2.2 Intended end state on processing patient data for indirect uses As indicated above: 1. health and social care organisations use personal data in providing relevant care services; 2. data derived from the care process is used for other purposes, not directly related to the provision of care and called indirect care purposes or indirect uses in this strategy; Fair Processing Strategy v8 2014.03.25 Page 7 of 15

The intended end-state of how the restructured NHS will process patient data for indirect care purposes following the 2012 Health and Social Care Act and the outcome of the Caldicott Review 5 is based on use of anonymised and pseudonymised data wherever feasible to avoid the use of personal confidential data where this is not necessary; or use of a controlled environment (i.e. secure area with restrictions on physical and electronic access) and weakly pseudonymised data, which is based on a single pseudonym or identifier, such as the NHS Number. The need for this arises where fully pseudonymised data cannot be used because, for example, data quality checks or cross reference to other person level data may need to be made prior to processing or analysing the data. The use of weakly pseudonymised data in a controlled environment is such a way is technically feasible and secure, although this may require statutory support to proceed. Such arrangements can be provided by the Health & Social Care Information Centre (HSCIC) operating on a statutory basis and potentially with Accredited Safe Havens (ASH), assuming statutory support is provided; or consent for the activities that require personal confidential data and consent is feasible; or use of regulation 5 of the Section 251 regulations through the Confidentiality Advisory Group (CAG) to set aside the common law of confidence (CLC), where pseudonymised data, ASH arrangements or consent are not feasible routes and the use of personal confidential data can be justified (e.g. in Research). Data may be legitimately obtained and held for a range of for indirect care purposes in a variety of forms. The Data Protection Act requires the holders of the data to be clear to relevant data subjects how their data will be used. This is achieved through publication of privacy notices. 3. The Fair Processing Strategy 3.1 Strategy Overview This overarching Fair Processing Strategy is intended to facilitate: informing health and social care organisations of how data relating to patients and service users may be collected, processed and used, together with their responsibilities for utilising privacy notices; reminding organisations that are data controllers that they need to check that they do indeed process personal data fairly within the meaning of the Data Protection Act; outlining the ways in which privacy notices should be developed and utilised; informing clinicians and professional staff how the data from patients and service users may be used, and their obligations; informing patients and service users of how the data they provide to health and social care organisations is collected, protected and used and providing information about who they should contact if they want to complain or know 5 see https://www.gov.uk/government/publications/the-information-governance-review Fair Processing Strategy v8 2014.03.25 Page 8 of 15

more; plus clarity about the right to complain to the Information Commissioner s Office (ICO) if there is a problem. Initially, information should be made available to patients and service users giving basic privacy information at a high level, with directions or links to more detailed information for those that wish to follow this up. The more detailed information will also need to cover the specific uses referred to in the last bullet point above. The specific uses relate to the various major domains, such as research, commissioning and care.data, for which additional detail about the use and management of relevant data will need to be provided. Thus the strategy is based on a layered approach as illustrated in Figure 1, including the communications aspects of the strategy itself. The communications aspects of this Strategy build on existing communications materials and routes. Communications will be based on a mix of paper-based communications, (e.g. in practices and clinics), and web based, eg NHS Choices, the websites of NHS England and CCGs. The paper-based communications will cross reference relevant websites and the websites enabling drilling down to greater detail and links through to other related sites. This Strategy document contains high-level statements on the direct and indirect uses of the data from patients and service users, as well as more detailed documentation on commissioning. As there are different uses of the data and different issues for different organisations, it is logical that each organisation with a fair processing responsibility should develop their own plans for implementing the key aspects of fair processing. Communications and interaction with patients and the public are inherent in meeting the requirements of the Fair Processing and privacy notices, so these subjects need to be an integral part of any wider local communications processes, (e.g. at CCG level). Fair Processing Strategy v8 2014.03.25 Page 9 of 15

Figure 1 Fair Processing Strategy Approach NHS England and NHS Choices websites - Fair Processing generic statement about direct and indirect uses of pa ent/service user data with reference to this Strategy and signpos ng to use-purpose specific informa on Audience Policy / approach Uses/ Purposes Forms & templates Commissioners & Providers High level statements on direct & indirect uses of pa ent/service user PaHigh ents level statements data including on direct legal & framework indirect uses of pa ent/service user High level statements data including on direct legal & framework indirect uses of pa ent/service user data including legal framework Research Overview Consent care.data Overview Consent Research Overview Consent Commissioning Overview Consent Direct Care Overview Consent Local forms and templates Clinicians Cross reference / click to greater detail: Eg Commissioning under S251; Individual Commissioning Overview Consent Funding Requests; Con nuing Health Care; Integrated care; Risk Stra fica on; etc Cross reference / click to greater detail: care.data Eg Commissioning Overview under S251; Consent Individual Commissioning Funding Requests; Overview Con nuing Health Consent Care; Research Integrated Care; Overview Invoice Valida Consent on; Risk Stra fica on; etc care.data Overview Consent Cross reference / click to greater detail: Eg Commissioning under S251; Individual Funding Requests; Con nuing Health Care; Integrated care; Risk Stra fica on; etc Local forms and templates Local forms and templates 3.2 Privacy Notices The Information Commissioner s Office Privacy Notice Code of Practice 6 states that privacy notices should tell people who you are, what you are going to do with their information and who it will be shared with. However, it can also tell people more than this. It can, for example provide information about people s rights of access to their data or your arrangements for keeping their data secure. Whatever you include in your notice, its primary purpose is to make sure that is collected and used fairly. A privacy notice should be genuinely informative. Properly and thoughtfully drawn up, it can make your organisation more transparent and should reassure people that they can trust you with their personal information. It is necessary for organisations to provide relevant privacy notices to patients and service users and to highlight their use. 6 see http://www.ico.org.uk/for_organisations/data_protection/topic_guides/privacy_notices Fair Processing Strategy v8 2014.03.25 Page 10 of 15

To support organisations in developing their own privacy notices, guidance on Fair Processing for health and social care organisations will be produced, based on the ICO Privacy Code of Practice. 3.3 Communications mechanisms The delivery of the communication elements of the Fair Processing Strategy, whether in NHS England or at local CCG level, needs to be an integral part of the public engagement processes. The precise methods and mechanisms for relevant communications, therefore, should follow from organisations public engagement processes. However, it is clear that the privacy notices that support the Fair Processing Strategy need to be communicated to three separate audiences, namely: patients and service users; clinicians and professional staff; The NHS and social care related organisations, such as Commissioners and Providers. It is intended to achieve this through the national care.data 7 leaflet drop, local leaflets in practices and providers and through websites of relevant organisations, directly or via links, nationally - NHS England, Health and Social Care Information Centre locally - Clinical Commissioning Groups, Commissioning Support Units, Practices and Providers. In addition, consideration should be given to a variety of mechanisms such as videos on websites, use of social media, as well as radio, straplines in NHS communications and letters, and newspaper and magazine articles. The national leaflet drop to each household is a positive action to raise public awareness directly, supplementing privacy notices. As such this is a major actively communicated communications component. Other components are based on making privacy notices available for members of the public to see, for example in surgeries, clinics, or on national websites). It is intended that materials, including templates, will be made available for local usage, with websites based on the approach indicated in Figure 1. With an overarching Fair Processing notice to be posted on the NHS England website (see Figure 1) followed by notices at the level of Clinical Commissioning Group and their support units, by providers and practices, a hierarchy of Fair Processing Notices will be created. The hierarchy will be differ depending on topic, (e.g. commissioning does not directly involve general practices, whilst care.data will involve providers and practices). This hierarchy approach should help ensure that relevant privacy notices are available to increase the potential awareness of patients, hopefully without overwhelming patients in the process. 7 see ww.england.nhs.uk/ourwork/tsd/care-data Fair Processing Strategy v8 2014.03.25 Page 11 of 15

Implementation of the communication elements of the Strategy requires there to be clearly separate views for the three different audiences, with simple structures to enable and support easy navigation by use/purpose or user type, including the ability to drill through to greater detail. a master or reference site of updated content to provide relevant and necessary information in order to meet the NHS s legal obligations. Therefore consideration needs to be given to: o the options of where that reference site best sits for both access and maintenance; o who has responsibility for maintaining the Fair Processing technical content, (potentially the relevant Information Governance Lead with subject matter input from those responsible for the purpose of the use of the information). 3.4 Specific purposes The high level overview setting out how your data are collected and used is set out in Annexe 1. This overview will need to be complemented by more detailed information in relation to specific purposes within the range of uses and purposes made of personal data. The detailed information for patients and public needs to include: the uses of their data; the related purpose of the uses; the forms in which the data will be used; who the users will be, such as national bodies or other types of users; how their data will be protected This has been undertaken for commissioning purposes and is set out toward the end of Annexe 1. Topics on which specific Fair Processing statements will be required in relation to commissioning include: Invoice validation, for example by providers (when they are required to invoice) and by commissioners (why they are required to validate invoices); ensuring patients are aware of how confidential data are processed for invoice validation Data linkage and analysis Risk stratification covering both population scoring and case finding Case management by commissioners Research National registries Fair Processing Strategy v8 2014.03.25 Page 12 of 15

Annexe 1 The Fair Processing Strategy uses of data for direct and indirect care purposes Overview Direct care rationale and benefits The reasons health and social care organisations, both locally and nationally, need to use patient based data include: supporting the administrative and operational processes of the provision and management of appropriate care, whether within primary care, within secondary care or across care and/or organisational boundaries, to enable appointments with relevant clinicians and clinics to be made ensuring case notes and relevant information are provided in the process of care providing information from the referring clinician to the subsequent service, such as laboratory tests to enable the appropriate service to be provided providing clinical information from the referring clinician to another clinician for investigations, tests and treatment to be undertaken/provided. Examples of benefits arising include: ensuring that the patients receive the care that they need minimising the repetition of information gathering from patients by clinicians managing the workload of clinicians and associated resources, such as clinics, test machinery and buildings supporting safe delivery of services. Indirect care rationale and benefits The reasons health and social care organisations, both locally and nationally, need to use data about the services provided to patients and service users and their outcomes include enabling the organisations to monitor how well they are doing in terms of providing the services and the quality of the services enabling health and social care services to be planned comparing care received in one area with another to determine what has worked best supporting ethically approved research making sure the NHS receives the correct payments for the services it provides determining where improvements may be needed to deliver highest quality care. Examples of benefits arising include: finding more effective ways of preventing, treating and managing illnesses; guiding local decisions about the changes that are needed to respond to the needs of local patients; Fair Processing Strategy v8 2014.03.25 Page 13 of 15

supporting public health by anticipating risks of particular diseases and conditions, and help us to take action to prevent problems; improving the public s understanding of the outcomes of care, giving them confidence in health and social care services; guiding decisions about how to manage NHS resources so that they can best support the treatment and care of all patients supporting patients that are most at risk or would most benefit from a particular treatment helping researchers by supporting studies that identify patterns in diseases, responses to different treatments and potential solutions. These are the sorts of reasons and benefits that should be included in general and specific privacy notices: Sharing and linking data NHS patients and social care service users may receive care and treatments from a number of different places. It is necessary to link this information together to provide the full picture needed to support the activities listed above. In effect, sharing information enables the NHS to improve its understanding of the most important health needs and the quality of the treatment and care provided. Protecting data Information about individual people, such as their postcode and NHS number, rather than their name, are used to link their records in a secure system. This enables the identities of individuals to be protected. Information, which does not reveal who the individuals are, can then be used by others, such as those planning NHS services and approved researchers to support the provision of care. The Data Protection Act requires that health and social care organisations ensure they have a secure legal basis for using personal and confidential data for the particular purpose and then only share the minimum amount of information they need to understand what is happening and how to improve services. Where it is allowed, the NHS may release information to approved researchers and some third party organisations, but strict rules in place to protect individual s privacy. The NHS and social care organisations are required to use information in line with the law, national guidance and best practice and will never identify a particular person in any published reports. Individual Choice The Secretary of State for Health has committed that, except in special circumstances, individuals will be allowed to prevent their confidential information from being used for any purpose other than supporting the provision of direct care, even where the use of this data is permitted by law. If an individual does not want information to be shared outside their GP practice, this can be added to their medical record. This will prevent their confidential information being used other than where necessary by law for example, if there is a public health emergency. In future, it will also be possible to restrict the use of information held by other places where care is provided, such as hospitals and community services. Again, this can be Fair Processing Strategy v8 2014.03.25 Page 14 of 15

achieved through the individual s GP as recorded objections will be collected by the HSCIC and used to implement people s wishes within its systems. It is important to note that this is different to sharing decisions made, for example in relation to sharing medical record information in support of treatment. The choice not to share information for indirect care purposes will not generally affect the care provided. In some limited circumstances, refusal to share information may affect the care provided (e.g. consent for individual funding requests requires disclosure of relevant information to the commissioner; where this is the case, this will be clearly explained to patients at the time). Specific uses of data - commissioning There is a range of functions in the commissioning role that leads to a variety of uses of information about individuals. These different purposes will lead to the need to identify these purposes and uses in relevant privacy notices. An overview is given below. The NHS already has a set process (for fair processing notices, generic patient leaflet and standard wording for the consent form) for commissioning services that pertain to direct care or commissioned as individual packages of care. Where fair processing information is needed to support a consent process, it will need to be more detailed than more general fair processing. For commissioning purposes, there is a need to explain to patients how their data will be used to support health care management and administration, and how they can object (or where the legal basis is consent to withhold their consent ). To support this, there is the need to cover each of the scenarios where use of person level data occurs, namely: o financial purposes - to ensure that that providers are billing appropriately for the care received and that they to the correct commissioner, such as if someone is on holiday and needs emergency treatment. o determining risk profiles of the registered population to identify patients that would benefit from proactive intervention. o case management - where the NHS will offer intervention, patients should not only consent to be included, but also allow their data to be shared across health and social care or multiple partners. Thus for integrated care there is the need for a standard for fair processing notices, individual patient information about the integrated care programme, and what happens to their data if they agree or disagree o specific types of commissioning on an individual person basis, where consent to commission and use of the data are the norm. o This should be included within general fair processing as well as having specific information materials to support the consent process. Fair Processing Strategy v8 2014.03.25 Page 15 of 15

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback