4. www.england.nhs.uk
The following terms are crucial to getting to grips with Information Governance
Data Protection Act
Human Rights Act
Common Law Duty of Confidentiality
Caldicott Principles and Data Protection Principles
Consent (implied and explicit)
Capacity
Direct Care
Data Controller and Data Processors
Data Sharing Agreement
Data Processing Agreement
Data Sets
Data “treatments”: Anonymised, pseudonymised, De-identified, Aggregated
Key Terms
5. www.england.nhs.uk
Responsibilities to Data (not ownership) under the law
Responsibility for the appropriate handling of patient data
(from privacy, confidentiality and the ethics of using patient
data)
Challenges: How do you innovate? (Building in the
capacity for change)
Legal Context (as well as a little policy)
Patient choice and patient information
Art of the possible
Are we really doing direct care? (No really…)
Consent, Capacity and Choice
Key Things to Remember
6. www.england.nhs.uk
Working with commercial partners:
You will need a contract! (Not a data sharing agreement or a
collaboration agreement)
This needs to set out what can and cannot be done with the
data (Data Processor Agreement)
This needs to be lawful (i.e. its as if you – the data
controller(s) are doing it)
Innovation is a challenge and relies on informing for patient
and management of their choices (i.e. build it in)
Must deal with the whole life of the data and project (from
creation to destruction)
If you are the data controller, you have to act like the data
controller
Key Things to Remember
(Commercial)
7. www.england.nhs.uk
Enabling Information Sharing
Set out rules, policy and objectives to getting
“The right data, to the right people at the right time”
Note: Most folks add a “only” to show that there are
appropriate controls and relationships between those using
the data and those receiving the care.
“Only the right data, to only the right people at only the right
time”
Information Governance (?)
8. www.england.nhs.uk
Continual change in organisational structures and
relationships
Framed by the same legal and policy structure*
Still rooted in statutory and legal organisations
GDPR* arriving in 2018
Technology providing more options for:
i. Sharing information
ii. Working with patients
iii. Working with colleagues
iv. Working remotely
8
Context
9. www.england.nhs.uk
The patient:
Working with patient data requires
i. The processing to be fair (DPA, Principle 1)
ii. The use to match the “reasonable” expectations
of the patient (CLDC)
Particularly crucial for the implied consent model
Commitments to patient on clarity and choice
Ongoing communication campaign (integrated with
explaining the service and changes)
9
IG Challenges: At Scale (Part 1)
10. www.england.nhs.uk
Must be fair and must be a reasonable expectation
Points of collection – making information available where
the data is collected
Managing innovation
How do you explain to the data subject (patient, client or
citizen)?
Who do they trust?
What are the risks, what are the benefits?
Feedback loop (or is our fair processing working?)
Patient preference – how will it be accounted for?
Where does the decision making sit?
Fair Processing and Patient
Preference
11. www.england.nhs.uk
Organisations:
Clarity
i. Who are the data controllers? [Managing
variations]
ii. Who are the data processors?
How will the data flow?
Contracts in place between data controllers and
data processors (no contract, no lawful basis)
Data Controllers and governance [Data Sharing
Agreements]
11
IG Challenges: At Scale (Part 2)
12. www.england.nhs.uk
IG at scale:
Who and where is governance body?
Does it have the right input and decision makers?
Contracts (Data Processor, Employment)
Policies and training
Procedures and support
Hubs, Federations
Care Pathways
12
IG Challenges: At Scale (Part 3)
13. www.england.nhs.uk
Your plan:
Who is on the journey with you
Are there any other initiatives going on in your area?
Your IG support:
Have you spoken to your local IG team?
It’s usually a, Yes, but….
Language
Are we speaking the same language?
Different terms used in different ways
13
Lessons Learnt (part 1)
14. www.england.nhs.uk
Art of the possible (again)
You will have to fair process (and you will have to
learn to do it better)
You can convince some of the people, all of the time,
and all of the people, some of the time but not…
How much data do you actually need?
What do you need to prove value (and get
commissioned again)?
Margins of error
14
Lessons Learnt (part 2)
15. www.england.nhs.uk
Privacy by Design
Privacy Impact Assessment
Data Flow Maps (where does data start, pass through and
end up)
Patient communication, choice and involvement
Clinical communication as above… (don’t forget practice
managers)
What’s the feedback loop?
How will we innovate?
What can we get up and running now? (i.e. maintaining
momentum needs progress even if it isn’t perfect)
Getting off on the right foot
16. www.england.nhs.uk
What are the blocks to progress?
Where are they coming from?
Is it IG? Or is it cultural or is it change?
You’ve signed 15 DSA’s before breakfast but the data
still doesn’t flow
Pseudo. Anon and De-id – they all sound like fun but
what are they?
Moving on from where you are
17. www.england.nhs.uk
Be careful when talking about data and data sets.
Different people (and organisations) can use the
same term to mean different things
Don’t be afraid to concept check (early and often) as it
can make a world of difference
If you are using data that falls outside of the DPA (its
not identifiable) then it makes the use (and
innovation) with that data much easier
An unofficial guide to data terms
or “are we speaking the same
language”?
18. www.england.nhs.uk
Term Unofficial description Is it identifiable?
Patient Row
Level
A data set that has individual
rows of data for each patient
Maybe
Doesn’t have to be, but usually
is. There will be a lot of data
about an individual, so
identifiability will be a key
consideration
Aggregate Data Data which combines individuals
to tell you about groups (by age,
condition, or a number of criteria)
No (though you may need to
think about results that produce
small numbers – verging on a
Maybe..)
Linkage Linking two data sets generally
through an identifier with the
intention of creating a richer data
source. (so linking the data about
Ms Smith to the right data about
Ms Smith is crucial)
Linkage requires identification
(i.e. to join up the two data sets)
but it is possible to produce an
output that is not identifiable.
Overall, linkage will increase the
identifiability of individuals as the
data set gets richer (or more
detailed)
The unofficial guide to data set
language, part 1
19. www.england.nhs.uk
Anonymisation and Pseudonymisation are umbrella terms
• They describe a range of techniques used to hide the
identity of the person.
• Different data items can have different techniques applied
such as: encryption, truncation, derivation, masking,
aggregation,
• You need to know what data fields a data set comprises,
and what treatment, if any, you are going to apply to each
field.
• A lot of times these terms are used but without
understanding clearly what they mean or how they will be
applied. [Hint: You need that detail!]
• Deleting columns from a spreadsheet is rarely adequate
(sorry folks, it takes a little more thought…)
More thoughts on…
20. www.england.nhs.uk
Term Unofficial description Is it identifiable?
Patient Data Any data about a patient Not necessarily
Identifiable Data Data which can clearly identify
an individual or be highly likely to
identify an individual
Yes
Anonymised
Data
Data which has had all of the
identifiable data out. Its patient X
and we have no way of knowing
that patient X is Jane Smith
No
De-Identified
Data
Data which has gone through a
process of having identifiers
removed. However, some people
use it as a term for a reversal
process (so an individual could
be identified if necessary)
No (though it will have been at
some point in its history)
The unofficial guide to data set
language, part 2
21. www.england.nhs.uk
Term Unofficial description Is it identifiable?
Pseudonymised
Data (or
identifiable in
context)
Data where the identity of the
individual has been obscured
(pseudonymised) for those
receiving the data set. This
should make the individual
unable to be identified. However,
if you have the key you can
identify (or re-identify the
individual)
Depends on who you are. If you
hold the key “Yes”, if not “No” but
that applies to organisations not
to individuals (and the data
would have be identifiable at
some point)
The unofficial guide to data set
language, part 3
22. www.england.nhs.uk
What you need to know:
Ask questions and if you don’t understand, say so
There are very few no’s in IG, there are a lot of Yes, buts…
What are you trying to achieve?
What data are you using? What do the data sets consist
of?
What current patient communication and engagement
groups do you have?
If you can’t have perfection, what can you live with that
moves your forward
What governance group do you have in place and who is
are the decision makers
Working with an IG Resource
23. www.england.nhs.uk
What the IG resource needs to know:
The standard who, what, when, how and even why…
for the data flows and data sets
There maybe alternative solutions will you consider
them?
Who is championing the change
Who needs to be convinced
Does everyone have the same understanding of what
you’re trying to achieve?
What’s been signed
Working with an IG Resource
24. www.england.nhs.uk
Information Governance Alliance
http://systems.digital.nhs.uk/infogov/iga
Data Services for Commissioners programme
https://www.england.nhs.uk/ourwork/tsd/data-services/
National Data Guardian Review and webpage
https://www.gov.uk/government/organisations/national-
data-guardian
https://www.gov.uk/government/publications/review-of-
data-security-consent-and-opt-outs
Some Useful links