Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Information Governance Environment - Beverly Carter


Published on

Making Data Work For You

Published in: Healthcare
  • Be the first to comment

  • Be the first to like this

Information Governance Environment - Beverly Carter

  1. 1. Information Governance Environment Beverly Carter Head of Information Governance Chilworth Manor Hotel Southampton
  2. 2. It’s complicated! • The legal framework governing the use of personal confidential data in healthcare is complex • It includes the NHS Act 2006, the Health and Social Care Act 2012, the Data Protection Act, and the Human Rights Act
  3. 3. Caldicott review • Following a request from the Secretary of State for Health, Dame Fiona Caldicott carried out this independent review of information sharing within the NHS to ensure that there is an appropriate balance between the protection of patient information and the use and sharing of information to improve patient care.
  4. 4. What can you use? • Care Commissioners do not provide direct patient care and therefore they have no legal basis on which to access personal confidential patient data without gaining explicit consent from each individual. • The Health and Social Care Act 2012 allows the HSCIC (now NHS Digital) to handle personal confidential data (PCD). Security, processes and tools are used to minimise the visibility and accessibility of PCD, which allows staff to perform analysis and keep patient data confidential.
  5. 5. NHS Digital • Data Services for Commissioners Regional Offices (DSCROs) provide this service • DSCROs perform their services with staff from Commissioning Support Units (CSUs) who are seconded into the DSCRO and work with data in the regional processing centres. • Staff follow strict rules on accessing, analysing and processing data. The powers granted to the organisation by the Health and Social Care Act 2012 mean that staff are operating within the approved legal framework.
  6. 6. October 2016 – Big changes to rules • In October of last year, NHS Digital introduced additional rules around the linkage of their data with the local flows being requested. • Every data flow sourced from NHS Digital needs to be included on a Data Access Request (DARS) application made by the requesting organisation. • A list of the types of data being used and for what purpose has to be included. • NHS Digital retain the role of Data Controller for any data flow that originates from themselves.
  7. 7. What are the rules now? • There are complex rules around linking and sharing data for anything other than direct patient care. However, it is possible to find solutions if the following rules are considered: • All data flows required are identified, reviewed and logged • A legal basis is identified which allows the data to flow - usually supported by the completion of a Privacy Impact Assessment and Data Sharing Agreement and Data Processing agreements • Aggregated data may now be used for secondary purposes without the need for complex paperwork (recent change) • NHS Digital retain Data Controller status for the onward use of any data provided by them.