Joint Health and Social Care Integration Programme Information Sharing Protocol

Agenda Item – 11
Joint Health and Social Care Integration
Programme
Information Sharing Protocol
Meeting
Health and Social Care Integration Board
Date
19th July 2013
Subject
Information sharing protocol to support the
provision of integrated care in Barnet
Paper
7.1
Summary
Work has been undertaken to develop an overarching
framework for sharing information between partner
organisations in Barnet.
The information sharing protocol will enable the sharing
of appropriate personal data between health, social
care and other agencies to support working together in
an integrated way and the implementation of integrated
care services in Barnet.
The protocol seeks to provide a framework that will:
 Promote information sharing to enable improved
co-ordination of services for the individual
 Ensure that information is shared in ways which
are consistent with legislation and guidance
Decision required
The Integrated Care Board is asked to approve the
information sharing protocol and data sharing template.
Contact for Further Information: Christine Cornwall
Email: Christine.cornwall@barnetccg.nhs.uk
Version 0.1
1.
PREFACE
1.1.
This Information Sharing Protocol (ISP) has been jointly developed jointly by health and social care
organisations operating in Barnet to facilitate the sharing of information between them so that members
of the public receive the best possible service.
2.
CONTEXT AND BACKGROUND
2.1.
POLICY CONTEXT
2.1.1
The aim of public policy is for citizens to receive the health and social care services that they need and
that the organisation of services should not impede the service provided. This requires organisations
to work effectively and efficiently together to tailor services to the particular circumstances of each
individual, and monitor provision of services across a geographical area. Sharing appropriate and
relevant personal information about individuals between parties in a secure framework is vital to the
provision of co-ordinated and seamless care to both the local population and individual service users
and to improve quality and reduce inequality across the locality. Such steps are supported by the
Department of Health policy “The Power of Information” and the NHS informatics service.
2.1.2
This need for lawful and secure sharing of information is also reflected in the “Information Governance
Review1” report that was recently published by the Caldicott2 Review Team chaired by Dame Fiona
Caldicott.
2.1.3
All the Parties recognise that the initial legal responsibility for personal information resides with the
organisation that first created or received it – in this case being the participating Data Controllers. But
if personal information is shared, the responsibility extends to the recipient in the receiving
organisation regardless of how transitory that storage of the personal information by the receiving
organisation might be
2.1.4
The Information Commissioner advocates that information sharing should take place in the context of
a set of common rules, binding on all the organisations involved in a data sharing arrangement. This
Protocol takes account of the principles and recommendations for sharing information provided in the
Information Commissioner’s Data Sharing Code of Practice2.
2.1.5 Integrated care systems are being developed across the NHS and Social Care. It is clearly recognised
that sharing information about an individual between provider organisations is a key enabler of joined up
and effective service delivery. However, organisations involved in providing health and social care
services to the public have a legal responsibility to ensure that their use of personal information is
lawful, properly controlled and that an individual’s rights are respected. This balance between the need
to share information to provide quality services and protection of confidentiality can at times be a difficult
one to achieve.
3
AIMS AND OBJECTIVES
3.1
The overall aim of this Protocol is to provide a framework for the partner organisations to establish and
regulate working practices in order to ensure that information is managed and shared in a lawful,
necessary and appropriate way.
3.2
The main objectives are:
1
The Information Governance Review, available at: https://www.gov.uk/government/publications/the-information-governance-review, last accessed on
09/04/2013
2
ICO Data Sharing Code of Practice, available at: http://ico.org.uk/for_organisations/data_protection/topic_guides/data_sharing, last accessed on
09/04/2013
2
a) to increase awareness and understanding of the relevant legislation and especially the Data
Protection Act 1998 (DPA);
b) to guide partner organisations on how to share personal information lawfully to support the
provision of integrated care;
c) to promote the development and use of Data Sharing Agreements or Contracts;
d) to encourage lawful flows of information; and
e) to support a process, which will monitor and review information flows.
3.3
This Protocol will be used in conjunction with local data sharing contracts or any other formal
agreements that will be put in place between partner organisations to establish legally binding
relationships as regards the sharing of information.
3.4
Whilst this Protocol may also be used to provide direction and guidance as regards compliance with
information sharing law and standards for various projects, technical detail about specific data sharing
initiatives should be obtained from their respective subject-specific information sharing Protocols or
Agreements.
3.5
Government guidance Information Sharing: Guidance for practitioners and managers should also be
consulted. The guidance offers clarity on when and how information can be shared legally and
professionally. It can be downloaded from:
http://www.education.gov.uk/childrenandyoungpeople/strategy/integratedworking/a0072915/informationsharing
4
PURPOSES FOR SHARING DATA
4.1
The partner organisations have identified the following purposes that aim to support the objectives of an
integrated care initiative.
4.2
CARE PURPOSES
4.2.1 These purposes cover uses of data that contribute to the diagnosis, care and treatment of an individual
or the audit of the quality of the care provided. Where data are used for care purposes person
identifiable data can be used providing that only the minimum necessary information is used. The
following are considered examples of care purposes under this initiative:
a) With appropriate consent and access permissions, to contact individuals identified as needing further
support with the intention of preventing and reducing the likelihood of hospitalisation, adverse events
and other poor health outcomes by health and/or social care professionals that can establish a
legitimate relationship with the individuals concerned 3; and
b) Having obtained consent and with access permissions to share information between health and / or
social care professionals legitimately involved in the provision of integrated care.
4.3
NON-CARE PURPOSES
4.3.1 These purposes cover uses of data that support activities such as preventative medicine, medical
research, financial management and the management of care services. Where data are used for noncare purposes, effectively anonymised or pseudonymised data must be used. The following are
considered examples of non-care purposes under this initiative:
3
Please see the Advice on Risk Prediction and Stratification Activities issued of the National Information Governance Board, June 2012, available at:
http://www.nigb.nhs.uk/pubs/guidance/riskpred.pdf, last accessed on 13/12/2012.
3
o
With consent and appropriate access permissions to identify service users / patients who may
require further support to prevent the likelihood of hospitalisation, adverse events and other poor
health outcomes (risk stratification); and
o
Support commissioning processes.
5
ORGANISATIONS INVOLVED IN DATA SHARING
5.1
All organisations involved in sharing information are required to sign up to and adhere to this
Information Sharing Protocol
6
DATA ITEMS AND FLOWS
6.1
The appendices of this protocol show examples of data that may be shared. Details of what will be
shared will be specified in Information Sharing Agreements which are completed and agreed locally:






7
Appendix 1 – Primary care data sets;
Appendix 2 – Exclusion of sensitive codes;
Appendix 3 – Acute hospital data sets;
Appendix 4 – Community data sets;
Appendix 5 – Mental health data sets; and
Appendix 6 – Adult social care data sets.
PRINCIPAL INFORMATION SHARING REQUIREMENTS
The partner organisations agree:
7.1
to acknowledge their respective roles and responsibilities in implementing this protocol;
7.2
to put in place policies, procedures and controls that ensure full compliance with the legal framework for
sharing information;
7.3
to effective notify the Information Commissioner’s Office of the purposes for handling information under
this protocol and maintain a valid data protection registration as appropriate;
7.4
Statutory organisations to achieve a minimum level 2 performance against all requirements in the
relevant NHS IG Toolkit applicable to it; those non-statutory organisations e.g. voluntary sector, should
use this as a benchmark.
7.5
to ensure that information is requested and shared on the principle that it will be made available only on
a justifiable ‘need to know basis’ and only to those individuals who are legitimately entitled to access it;
7.6
to contribute to the shared environment information that is accurate and up-to-date and carry out
frequent reviews to assess the accuracy of information shared;
7.7
to ensure that the information supplied is retained in line with the Records Management Policies, NHS
and Social Care Code of Practice and medico-legal requirements;
7.8
to develop local Data Sharing Agreements or Contracts that govern the way transactions are
undertaken between the partner organisations and with other organisations that are not parties to this
protocol;
7.9
to ensure that its personnel are aware of and adhere to this protocol and other data sharing contracts
related to it;
4
7.10 to ensure that all personnel have access to appropriate training and development activities to enable
them to comply with information sharing requirements;
7.11 to promote public awareness of the need for information sharing through the use of appropriate
communications media including publishing the protocol on the websites of the respective agencies;
and
7.12 to ensure that a complaints procedure, confidentiality policy and procedures, and risk assessment
procedure are all in place, clearly linked to this protocol and adhered to.
8
THE LEGAL FRAMEWORK
8.1
It is essential that the sharing of information and data complies with the law. To establish whether there
is a legal basis for sharing information, the purpose must be justified taking account of the core
legislation that governs data sharing between providers of health and social care services.
8.2
The core rules that govern how personal and sensitive personal data should be handled are as follows:













The Data Protection Act 1998 (“DPA 1998”)
The Human Rights Act 1998 (“HRA 1998”)
The Common Law Duty of Confidentiality
The Caldicott Principles
Access to Health Records Act 1990
Freedom of Information Act 2000
The NHS Health Service Act 2006
The NHS Care Record Guarantee for England
The Social Care Record Guarantee for England
The ISO/IEC 27000 Series on Information Security Standards
The Information Security NHS Code of Practice
The Records Management NHS Code of Practice
The Health and Social Care Act 2012
8.3
All partner organisations will ensure that the sharing of information under this initiative will fully comply
with the legal framework as appropriate.
9
FAIR AND TRANSPARENT SHARING
9.1
It is a requirement of the DPA 1998 that all organisations that process personal data should have a “Fair
Processing Notice” which will inform individuals about how their personal data will be used by the
organisation to ensure that consent to the sharing of personal information is informed. Partner
organisations agree to provide the following information to patients and/or service users:

the identity of the data controller and the partner organisations that work in partnership. If the data
controller has nominated a representative for the purposes of the DPA 1998, the identity of the
representative;

the purpose or purposes for which the data are intended to be processed and shared;

the rights of individuals under the DPA 1998, particularly in relation to sensitive personal data;

details of the procedures in place to enable individuals to access their records including audit trails as
regards access to data;

details of the procedures which may have to be initiated when a member of Personnel suspects that
an individual has been or is at risk of abuse for example under a ‘Service User Protection Policy’ or
5
‘Mental Health Risk Assessment & Management Policy’. Such policies will explain in general terms to
whom the personal information will be shared at differing stages, as well as what personal information
will be shared, how it will be used and will be compliant with the Mental Capacity Act 2005;

details of the complaints procedures to follow in the event that the individual concerned believes
personal information about him or her has been inappropriately disclosed;

Details of how the personal information individuals provide will be recorded, stored and the length of
time it will be retained both by the originating organisation and the organisations to whom they may
disclose that personal information;

details of the length of time for which consent to particular disclosures is valid, for example in the case
of adoption 75 years; and

any further information which is necessary, taking into account the specific circumstances in which the
data are or are to be processed, to enable processing in respect of the patient to be fair.
9.2
Each party to this Agreement will ensure that the information referred to above will be made available to
individuals in routine episodes of care and treatment. All of the above notices will be referenced on
each Party’s website. The above information will be available in a variety of languages and formats
where reasonable to reflect the ethnic composition of each of the boroughs within the local health/care
community.
10
OBTAINING CONSENT TO SHARE DATA
10.1 The “NHS Constitution for England4” grants patients a right to privacy and confidentiality and to have
their information treated safely and securely. In addition, the Social Care and NHS Care Records
Guarantees for England 5specifies that individuals are entitled to make their own decisions about how
their confidential information is shared.
10.2 Whilst there may be circumstances to share information lawfully without obtaining an individual’s
consent, partner organisations understand that individuals should be able to make decisions about their
information used for and have their wishes respected as appropriate. The partner organisations agree
to the following:
 Each partner organisation, in its capacity as data controller, will be required to obtain consent from the
individual;
 It will be the responsibility of the partner organisation that obtains individual’s consent to ensure that
individual’s consent is valid, fully informed, express, explicit and reflects the true wishes of the
individual as regards the sharing of data;
 Individual consent may be recorded in the respective clinical IT system of the partner organisation and
also be made available to partner organisations;
11
ENABLING INDIVIDUALS TO EXERCISE THEIR RIGHTS
11.1 The Parties will comply with the rights of individuals under the DPA 1998 to be informed about personal
information that is recorded about them.
4
NHS Constitution for England, available at: https://www.gov.uk/government/publications/the-nhs-constitution-for-england, last accessed on
09/04/2013.
5
See the NHS Care Records Guarantee published by the National Information Governance Board, available at: http://www.nigb.nhs.uk/pubs/nhscrg.pdf,
last accessed on 09/04/2013.
6
11.2 Unless statutory grounds exist for restricting an individual’s access to personal information relating to him
or her, an individual will be given every opportunity to gain access to personal information held about him
or her and to correct any factual errors that have been made. Similarly, where an opinion about an
individual has been recorded and the individual feels this opinion is based on incorrect factual personal
information, the individual will be given every opportunity to correct the factual error and record his or her
disagreement with the recorded opinion.
11.3 All parties recognise that, where a risk prediction algorithm is to be applied to an individual’s data and the
risk score generated is then used as the sole basis of decision-making, this would be classified as
“automated decision taking”. Where such decision-making is likely to have a significant impact on the
individual, as would be the case for determining whether they gain access to additional preventive
services, then this processing must be notified to the individual and the individual must be given the
opportunity to object to the use of their data in this way and for a care professional to manually review the
decision.
11.4 Parties to this Agreement will also respond to any notices from the ICO or Court Orders that impose
requirements to cease or change the way in which data is processed.
11.5 “Except where there is a legal requirement to do so, sharing of identifiable, personal information and/or
sensitive data with another organisation can only be permitted with the individual’s informed, express
consent”
METHODOLOGY FOR INFORMATION SHARING
12
This protocol can be taken as applicable to all forms of information sharing, irrespective of the method. In all
situations and methods procedures should follow this protocol and any standards for best practice.
This agreement covers the following methods of information sharing in the first instance, each method will be
supported by a detailed Data Sharing agreement:




13
Transfer of personal data to an Integrated Care IT System or to another record-holding system;
Discussion in multi-disciplinary teams established for the purpose of delivering integrated care;
Extraction of data into a shared care record or other format for access by members of the MDT; and
Access to data by health and social care professionals in an MDT providing care to the patient/ service
user.
COMPLAINTS
13.1 The Parties confirm to each other that:
(a)
they have put in place efficient and effective procedures to address complaints relating to the
disclosure of personal information, and data subjects will be provided with information about
these procedures where it is deemed relevant;
(b)
they will keep a record of all such complaints received; and
(c)
they have established a procedure by which their complaints officers report complaints
regarding the inappropriate use or disclosure of personal information to the Caldicott
Guardian or Information Governance Lead / Data Protection Officer or equivalent.
7
INFORMATION SECURITY
14
14.1 All providers will maintain a safe haven to ensure the secure receipt and processing of personal data.
14.2 Where information is shared electronically the processes will conform to the following minimum
standards:
15

Role based access controls;

Robust user authentication based on best practice;

Network, hardware, database and application security controls;

System monitoring and audit trails;

System ability to generate alerts in the event of users by-passing access controls;

System capability to respond to and deal with an individual’s rights exercised under Part II of the DPA
1998;

Protection of the confidentiality and integrity of data in transit including key management of
cryptographic services to ensure the secure communication of data;

Labelling of clinical data as “NHS Confidential” in line with the NHS Data Classification and Labelling
Schemes.

Measures to safeguard against user error or system-to-system transfer errors by validating data input
and transfer and ensuring inputs and transfers are correct and appropriate.

System capability to use appropriate common identifiers to link data correctly i.e. NHS number, DoB
etc;

All personal and sensitive personal data processed by the system will only be retained for as long as
necessary.

All personal and sensitive personal data processed by the system will be stored and destroyed
securely.

The system must contain appropriate intrusion detection and prevention controls to protect against
unauthorised external access attempts.

Appropriate controls to ensure the physical security of the system.
OVERSEAS TRANSFERS
15.1 All personal and sensitive personal data processed under this initiative will not be transferred outside
the UK.
16
MONITORING AND REVIEWING ARRANGEMENTS
16.1 All organisations party to this protocol will have an individual responsibility to monitor the
implementation of the aims and objectives and their responsibilities under this protocol.
16.2 In addition, all partner organisations agree to establish an Information Sharing Working/Steering
Group that will oversee the implementation of this protocol and the associated data sharing
contracts/agreements. Partner organisations agree that individuals shall be represented in this Group.
8
The parties have read understood and agree this protocol, its appendices and undertake to implement
it in full.
Signatures of the Caldicott Guardians/Authorised Person of the Parties to this protocol
Organisation
Name
Role
Date
Signed
London Borough
of Barnet
Royal Free London
NHS Foundation
Barnet Clinical
Commissioning
Group
Barnet and Chase
Farm Hospitals
NHS Trust
Barnet, Enfield,
Haringey Mental
Health Trust
CLCH
Personnel & Care
Bank
London Care
CommUnity Barnet
MiHomecare
Housing 21
9
APPENDIX 1 - KEY LEGISLATION, COMMON LAW, STANDARDS AND CODES OF PRACTICE
I
Introduction
The two most relevant elements of the legal framework governing information sharing are the Data Protection
Act 1998 and the common law duty of confidentiality, each of which must be viewed in the light of the Human
Rights Act 1998.
1. The Data Protection Act 1998 (“DPA 1998”)
1.1 Compliance with the DPA 1998 should ensure that when personal information is used or disclosed, it is
done safely and with regard to the rights of the individual concerned. The DPA 1998 does not apply to
information relating to the deceased.
1.2 The personal information falling within the meaning of “Personal Data” includes expressions of opinion
about individuals and indications of intentions of persons in relation to individuals. The DPA 1998 applies
to manual and electronic records. For some categories of manual personal information there are
exemptions from some aspects of the DPA 1998 up to 24 October 2007.
1.3 The DPA 1998 gives seven rights to individuals in respect of their own personal information held by
others. They are:







the right of subject access;
the right to prevent processing likely to cause unwarranted, substantial damage or distress;
the right to prevent processing for the purposes of direct marketing;
rights in relation to automated decision taking;
the right to take action for compensation if the individual suffers damage;
the right to take action to rectify, block, erase or destroy inaccurate personal information; and
the right to make a request to the Information Commissioner for an assessment to be made as to
whether any provision of the DPA 1998 has been contravened.
1.4 The “processing” of personal information by “data controllers” (i.e. the person or organisation that alone
or jointly with others determines the purposes for which, and the manner in which, personal information is
processed) is regulated by eight Data Protection Principles. “Processing” is defined very broadly and
encompasses more or less anything that might be done with personal information, including just holding it.
The eight Data Protection Principles are:




personal information shall be processed fairly and lawfully and, in
particular, shall not be processed unless:
o (subject to limited exemptions) the “fair processing code” information has been supplied;
o at least one of the conditions in Schedule 2 of the DPA 1998 is met; and
o in the case of personal information which is “sensitive personal data”, at least one of the
conditions in Schedule 3 of the DPA 1998 is also met.
personal information shall be obtained only for one or more
specified and lawful purposes, and shall not be further processed in any manner incompatible with that
purpose or those purposes;
personal information shall be adequate, relevant and not
excessive in relation to the purpose or purposes for which it is processed;
personal information shall be accurate and, where necessary,
kept up to date;
10




personal information processed for any purpose or purposes shall
not be kept longer than is necessary for that purpose or purposes;
personal information shall be processed in accordance with the
rights of individuals under the DPA 1998;
appropriate technical and organisational measures shall be taken
against unauthorised or unlawful processing of personal information and against accidental loss or
destruction of, or damage to, personal information; and
personal information shall not be transferred to a country or
territory outside the European Economic Area unless that country or territory ensures an adequate
level of protection for the rights and freedoms of individuals in relation to the processing of personal
information.
1.5 The “fair processing code” (imposed by Schedule 1 of the DPA 1998) requires that when obtaining
personal information from an individual a data controller must inform the individual of:




the identity of the data controller;
any nominated representative of the data controller for the purposes of the DPA 1998;
the purposes for which the personal information is intended to be processed; and
any further information which is necessary to enable the processing to be fair having regard to the
specific circumstances of the intended processing (e.g. who it may be disclosed to)
1.6 Schedule 2 of the DPA 1998 is a list of conditions, at least one of which must be met before personal
information can be processed fairly and lawfully.
1.7 The DPA 1998 defines “sensitive personal data” as personal information which relates to:








the individual’s racial or ethnic origin;
the individual’s political opinions;
the individual’s religious beliefs or other beliefs of a similar nature;
whether the individual is a member of a trade union;
the individual’s physical or mental health or condition;
the individual’s sexual life;
the commission or alleged commission by the individual of any offence; or
any proceedings for any offence committed or alleged to have been committed by the individual,
the disposal of such proceedings or the sentence of any court in such proceedings.
1.8 Schedule 3 of the DPA 1998 provides an additional list of conditions for processing sensitive personal
data fairly and lawfully. Unless an exemption applies, the individual must give his or her explicit consent or
one of the other conditions must be met. These conditions – importantly - contain a medical purposes
condition allowing processing without consent.
1.9 Processing must be lawful. The DPA 1998 does not provide any guidance on the meaning of “lawful” but
“unlawful” has been defined by the Courts as “something which is contrary to some law or enactment or is
done without lawful justification or excuse”.
1.10
Nonetheless, even where the Schedule 2 and 3 conditions in the DPA 1998 are satisfied, that alone
may not permit disclosure. However, there are circumstances where organisations would still be able to
make a disclosure. For example:

Section 29 of the DPA 1998 provides an exemption from compliance with:
o the first data protection principle (apart from the need for satisfaction of the Schedule 2 and 3
conditions) – so, where section 29 applies the obligation to tell individuals about the disclosure
is removed;
o the second, third, fourth and fifth data protection principles; and
o the subject access obligations (described in paragraph 11 below)
11
to the extent that the application of those provisions would be likely to prejudice the prevention
or detection of crime, or the apprehension or prosecution of offenders or the assessment or
collection of any tax or duty or similar, and where those purposes by non-disclosure. Section
29 does not override common law obligations of confidentiality, but see sub-paragraph (c)
below;


disclosure without consent is also permitted where disclosure is required by law; and
for the purposes of the common law duty of confidentiality, if there is no consent, the individual’s right
to confidentiality would need to be balanced against countervailing public interests - again preventing
crime is accepted as one of those interests where the offence is sufficiently serious that the public
interest overrides. The rights in Article 8 in the Human Rights Act 1998 would also need to be
considered.
1.11 Individuals have rights of access to personal information about themselves. An individual is
entitled:







to be informed by any data controller whether personal information about that individual is being
processed by or on behalf of that data controller;
if that is the case, to be given by the data controller a description of:
the personal information held about that individual;
the purposes for which they are being or are to be processed; and
the recipients or classes of recipients to whom the personal information is being or may be disclosed
to have communicated to him or her in an intelligible form:
o the personal information held about that individual; and
o any information available to the data controller as to the source of that personal information,
and
to be informed by the data controller of the rational involved in decision-taking where there is
processing by automatic means of personal information about that individual for the purpose of
evaluating matters relating to him or her (such as, for example, his or her performance at work, his or
her creditworthiness, his or her reliability or his or her conduct) which constituted or is likely to
constitute the sole basis for any decision significantly affecting the individual.
1.12
Section 9A of the DPA 1998 provides limits on the rights of access to manual personal data held by
public authorities other than information which is “recorded as part of, or with the intention that it should
form part of, any set of information relating to individuals to the extent that the set is structured by
reference to individuals or by reference to criteria relating to individuals.” The limits mean that if the
individual concerned wants access to this kind of manual personal information, he or she must provide a
description of the personal data. Also the public authority does not have to comply if it estimates (in
accordance with regulations under the FoIA) that the cost of complying would exceed an amount
prescribed by statutory instrument from time to time – the current statutory limit is £450 for public
authorities which are not government departments or certain other central government bodies. However,
the requirement in paragraph 11(a) above will have to be complied with unless it is estimated that
compliance with that alone will exceed the £450 limit.
1.13
By virtue of orders under Section 30 of the DPA 1998 the individual’s access to some health,
education and social work personal information may be restricted or denied.
1.14
The DPA 1998 requires all organisations which process personal information to make a formal
notification to the Information Commissioner. It is particularly important when engaging in information
sharing that the purposes for which the personal information is to be used are included in the notification if the notification is incomplete in any way, appropriate amendments must be submitted before processing
can start.
2.
The Common Law Duty of Confidentiality
2.1 All Personnel working in both the public and private sectors should understand that they are subject to the
common law duty of confidentiality, and must abide by this. The duty of confidentiality applies to
12
information about an identifiable individual and not to aggregated data derived from such personal
information or to personal information that has otherwise been effectively anonymised — i.e. it is not
possible for anyone to link the information to a specific individual.
2.2 The duty of confidentiality means that confidential information should only be used for purposes that the
subject has been informed about and has consented to unless:


there is a statutory requirement to use information that has been provided in confidence, for example
regulations in relation to the “Information Sharing Index” in relation to children are likely to include
exemptions from the duty of confidentiality in order to enable the Information Sharing Index to operate;
or
if the holder of the confidential information can justify disclosure as being in the public interest (e.g. to
protect others from harm).
2.3 Whilst it is not entirely clear under law whether a common law duty of confidentiality extends to deceased
persons, the Department of Health and professional bodies responsible for setting ethical standards for
health professionals accept that it does extend to deceased persons.
2.4 Unless there is a sufficiently robust public interest justification for using confidential information that has
been provided in confidence then the consent of the individual concerned should be obtained (deceased
individuals may have provided their consent before death). For living individuals, Schedules 2 and 3 of the
DPA 1998 apply in addition whether or not the personal information was provided in confidence.
2.5 Whilst, under current law, no-one can provide consent on behalf of an adult in order to satisfy the common
law requirement, it is generally accepted that decisions about treatment, and the disclosure of information,
should be made by those responsible for providing care and that they should be in the best interests of the
individual concerned.
3. The Caldicott Principles
3.1 The recently-published Information Governance Review Report has recommended that the existing
Caldicott Principles be reviewed and an additional principle is created to establish a duty to share information
where appropriate. However, until the recommendations are adopted in the NHS the existing Caldicott
Principles are as follows:






justify the purpose(s) for using confidential information;
only use when absolutely necessary;
use the minimum that is required;
access should be on a strict “need to know” basis;
everyone must understand his or her responsibilities; and
understand and comply with the law.
4. The Human Rights Act 1998 (“HRA”)
4.1 Article 8.1 in Schedule 1 of the HRA establishes a right to ‘respect for private and family life’. This
underscores the duty to protect the privacy of individuals and preserve the confidentiality of their health
and social care records. This is however a qualified right, so there are specified grounds upon which it
may be legitimate for authorities to override or limit those rights. Current understanding is that compliance
with the DPA 1998 and the common law of confidentiality should satisfy HRA requirements.
5. The Access to Health Records Act 1990 (“AHRA”)
13
5.1 The DPA 1998 supersedes the AHRA apart from the sections dealing with access to information about the
deceased. The AHRA provides rights of access to health records of deceased individuals for their
personal representatives and others having a claim on the deceased’s estate. In other circumstances,
disclosure of health records relating to the deceased should be carried out in such a way as to comply with
the common law duty of confidentiality.
6. Freedom of Information Act 2000 (“FoIA”)
6.1. For public bodies, the FoIA will extend access rights to information to allow access to all the types of
information held, whether personal or non-personal. However, the public authority will not be required to
release information to which any of the exemptions in the FoIA applies. Anyone will be able to make a
request for information, although the request must be in a permanent form. The FoIA gives applicants two
related rights:
 the right to be told whether the information exists; and
 the right to receive the information (and where possible, in the manner requested, i.e. as a copy or
summary, or the applicant may ask to inspect a record).
6.2. All the Parties to this Protocol are subject to the provisions of the as well as the DPA 1998.
7. NHS Health Service Act 2006
7.1. Section 251 of the NHS HSA gives the Secretary of State the power to make regulations relating to the
processing of prescribed patient information for medical purposes in the interests of patients or the wider
public good (e.g. disclosing patient identifiable information to specified bodies, such as cancer registries).
7.2. The proposed use of patient identifiable information for which regulations under Section 251 are made
must be acceptable under the HSA. Acceptable purposes are preventative medicine, medical diagnosis,
medical research, provision of care and treatment, management of health and social care services and
informing individuals about their physical or mental health or condition, the diagnosis of their condition or
their care or treatment but the primary purpose of the processing cannot be to determine the care and
treatment of specific patients.
7.3. Section 251does not change the DPA 1998 requirements but where regulations apply it does set aside
the legal duty of confidentiality and replace it with a range of safeguards intended to ensure that the use
of a patient’s information has no detrimental effect on that patient. The existing regulations under Section
251 are in the Health Service (Control of Patient Information) Regulations 2002.
8. The Health and Social Care Act 2012
8.1. The HSCA reshapes the structure of the NHS. It transfers commissioning powers to new
organisations, CCGs and NHS England. Importantly, the HSCA empowers the Health and Social
Care Information Centre to process health and social care patient confidential information.
9. The ISO/IEC 27000 Series on Information Security Standards
9.1. This Standard provides a code of practice and a set of requirements for the management of information
security. The Standard is published in two parts. Part 1 provides a code of practice for information
security management. Part 2 provides recommendations and controls for information security
management systems.
10. NHS Care Record Guarantee
14
10.1. The NHS Care Record Guarantee for England sets out the rules that govern how patient information is
used in the NHS and what control the patient can have over this. It is based on professional guidelines,
best practice and the law and applies to both paper and electronic records. Whilst not a legal document,
the Guarantee could be used as the basis for a complaint.
11. Social Care Record Guarantee
11.1. The Social Care Record Guarantee for England sets out the rules that govern how service user
information is used within both Adults and Children's Social Care Services and what control individuals
can have over this. It is based on professional guidelines, best practice and the law and applies to both
paper and electronic records. Whilst not a legal document, the Guarantee could be used as the basis for
a complaint.
12. The Information Security NHS Code of Practice
12.1. The Information Security Code of Practice has been published by the Department of
Health and provides a guide to the methods and required standards of practice in the management of
information security in the NHS.
13. The Records Management NHS Code of Practice
13.1. The Code offers detailed guidance on the management of all NHS record types, clinical and corporate
records and provides minimum retention period schedules for NHS records.
Appendix 2 - GENERAL CONSENT PROCEDURE
15
1.
OBTAINING, RECORDING AND WITHDRAWING CONSENT
1.1
The Providers will seek consent from all service users or their legal representative, normally at the first
contact with the person concerned unless the individual is unable, at that time, to fully comprehend the
implications or make an informed judgment, in line with the Mental Capacity Act 2005. The Personnel
who seek consent from individuals will have been trained in the correct processes and procedures. An
individual’s consent may be recorded on the specific line of care IT system or the health and / or social
care record maintained by the Provider. In addition, individuals will also be given the opportunity to optout of the data sharing initiative and such dissent will also be recorded on the line of care IT system or
the health and / or social care record maintained by the Provider. Any systems will be configured to
ensure that a full audit trail can be performed as appropriate.
1.2
In seeking consent to disclose personal information, organisations will ensure that:
(a)
the consent is a “freely given informed indication of the individual’s wishes”;
(b)
the individual understands the purposes for which it will be used;
(c)
the individual is made aware of the persons (whether or not parties to this Agreement) with
whom the personal information may be shared; and
(d)
consent will not be treated as having been given either by the individual or his or her
representative, unless it has been made clear to them what the implications of such consent
will be.
1.3
Where Parties obtain personal information about an individual which is “sensitive personal data” as
defined in the DPA 1998 in the course of their direct contact with that individual, they shall whenever it
is, or may be, appropriate for a specific purpose seek to obtain the Explicit Consent of that individual to
disclose that personal information to any other Party or any other body for such purpose. If such
consent is not given, because the individual is either unable or unwilling to give that consent, then that
sensitive personal data will only be released to another Party if there are grounds for overriding the duty
of confidence and one of the remaining conditions of Schedule 3 of the DPA can be demonstrated or
one of the few circumstances where there is an applicable statutory exemption can be demonstrated.
1.4
“Explicit Consent” means that the consent should be absolutely clear and in appropriate cases it
should cover the specific detail of the processing, the particular type of personal information to be
processed (or even the specific personal information), the purposes of the processing and any special
aspects of the processing which may affect the individual, for example, disclosures which may be made
of the personal information.
1.5
The Parties each confirm that they have in place a policy that addresses consent requirements and
that is monitored, and supports compliance with the DPA 1998.
1.6
To the extent appropriate consent for sharing personal information has not already been obtained under
the relevant Party’s consent recording policy, the party will obtain any necessary consent from service
users, using a consent to disclosure form (“Consent to Disclosure Form”). Consent to Disclosure Forms
must be completed and signed by either the service user or his or her legally authorised representative
and shall detail the restrictions (what is shared, who it is shared with, when it is to be shared and for
how long- details will be defined in the relevant Data Sharing Agreements) to be placed upon the
disclosure of personal information.
1.7
Completed Consent to Disclosure Forms shall be placed in an easy to find, accessible place within the
service user’s file, all clearly date marked, because individuals have the right to change their minds
about consent in the future.
16
1.8
A copy of the completed Consent to Disclosure Form should be given to either the service user, or his
or her legally authorised representative, and must be dated and signed by a member of Personnel, the
service user, and/or his or her legally authorised representative.
1.9
The Parties agree that, subject to certain statutory exceptions, an individual has the right to limit:
(a)
the ways in which the Party first receiving or generating personal information
o
can share personal information with other organisations
o
can disclose what can be shared, and what remains confidential. the specific purposes
in which confidential personal information might be disclosed,
and has a right to redress if personal information about the individual has been unlawfully disclosed
1.10 There will be some circumstances where you should not seek consent, for example where to do so
would:




place a child or young person at increased risk of significant harm; or
place an adult at risk of serious harm; or
prejudice the prevention or detection of a serious crime; or
lead to unjustified delay in making enquiries about allegations of significant harm.
1.11 Each Party will ensure that individuals are given the right to opt out of having their information shared or
withdraw consent at any given time. Such decisions should be recorded and documented in the same
way as consent is obtained.
1.12 Where an individual declines consent to disclosure and/or the nature of a requested disclosure is
problematic, then guidance must be sought from the individual or (where appropriate) his or her legally
authorised representative, if any, and he or she should be informed in a sensitive manner where the
lack of consent may place a limitation on the provision of specific services and why the specific
information is required for the provision of that service. In the absence of the individual or (where
appropriate) his or her legally authorised representative, then Personnel must, where practicable:
(a)
discuss the situation with the Caldicott Guardian or equivalent officer within the Party, and take
guidance from him/her on the best way in which to proceed;
(b)
undertake a risk assessment to establish whether withdrawal of consent to disclose personal
information might result in significant harm to the individual or others. This must be written-up,
and dated and signed;
(c)
evidence of significant risk based on professional judgement may be sufficient to override the
wishes of the person deemed to be at actual/potential risk; and
(d)
consider whether there are legal bases which permit disclosing without consent (for example,
under the DPA 1998, the HRA and exceptions to the duty of confidentiality).
2.
CAPACITY TO GIVE INFORMED CONSENT
2.1
Individuals are only able to give informed consent if they have the cognitive ability to do so, and in some
instances, this ability might be intermittent, for example, where adults and older people have certain
forms of dementia, individuals with learning disabilities, and adults with particular forms of mental
illness. A significant number of the Parties’ health and care service users will be unable to give informed
consent, or are unable to do so consistently.
2.2
The capacity to give informed consent can be assessed by considering whether the individual:
17
(a)
has the capacity to make this particular decision;
(b)
has the capacity to understand and retain the information relevant to the decision;
(c)
will be able to understand the reasonably foreseeable consequences of deciding one way or
Patient Data Set
ther; and
(d)
2.3
will have the capacity to communicate the decision he or she has come to.
If it is proposed to share personal information in respect of a child under 16, a judgment needs to be
made in each case as to whether the child understands the nature of the request and therefore has the
capacity to give consent.
2.4
Adults (including for this purpose young people aged 16-17) are always assumed to be competent
to give consent unless it is demonstrated otherwise. If there is doubt about capacity this should be considered
in relation to the criteria listed.
APPENDIX 3 - Patient Data Set (Primary Care)
Full Patient Data-set (to be extracted) the category of individuals who are permitted to view the data sets
outlines the specific purpose for which data will be processed.
18
NHS Number
Name
Address
Postcode
DOB
Appointment Date
Appointment Time
Appointment Location
Admission type/source of referral
Attended
Discharge Date
Appointment frequency Number
Discharge description
Outcome
Service Name
Healthcare Care Professional (HCP)
Contact Name
Diagnosis
Medications
Procedures
Referrals
Current problems or diagnosis
Past problems
Procedures
Current medication, repeat medication
Examination Findings
Allergies or contra-indications
Test results
Referrals
19
Investigations
Encounters
Medical history
Allergies
20
APPENDIX 4
Exclusions: List of sensitive codes
Terms
Read
Codes
HSA1-Therap. Abort. Green Form
956%
H/O: Venereal Disease
1415%
Hysterotomy And Termination Of Pregnancy
7E066%
Dilation Of Cervix Uteri And Curettage Of Products Of Conception From
Uterus
7E070%
Curettage Of Products Of Conception From Uterus NEC
7E071%
Suction Termination Of Pregnancy
7E084%
Dilation Of Cervix And Extraction Termination Of Pregnancy
7E085%
Termination Of Pregnancy NEC
7E086%
Cervical Smear
4K36%
Cervical Smear
4K36%
Gonorrhoea
65Q8%
Introduction Of Abortifacient Into Uterine Tract
7E0B%
Introduction Of Abortifacient Into Uterine Tract
7E0B%
Genital Herpes
A541%
Viral Hepatitis B With Coma
A702%
Viral Hepatitis B With Serum
A703%
Other Spec Viral Hepatitis With Coma
A7040%
Viral Hepatitis C Without Mention Of Hepatitis Coma
A7050%
Chronic Viral Hepatitis
A707%
Unspecified Viral Hepatitis
A70z%
Cytomegalic Hepatitis
A7852%
HIV Resulting In Cytomegalic Disease
A7891%
Chlamydia
A78A0%
Chlamydia Anus And Rectum
A78A2%
Human Papilloma Virus Infection
A79B%
21
Papilloma As Cause Of Diseases Class. In Other Chapters
A7y05%
Trichomonas
AD1%
Phthrius Pubis Lice
AD22%
Sexual Deviations
E22y4%
Gender Identity Disorders
Eu64%
Cystitis In Gonorrhea
K1545%
Prostatitis In Gonorrhea
K2144%
Prostatitis In Trichomonosis
K2146%
Chlamydia Epidymitis
K2416%
Female Chlamydia In Pelvic Infumonotary
K40y1%
Chlamydia Cervilitis
K4209%
Unspecified Abortion
L07%
Failed Attempted Abortion
L08%
Complication Following Abortion/Ectopic/ Molar Pregnancies
L09%
Failed Attempted Abortion
L0A%
Failed Attempted Abortion
L0A%
Other Specified Pregnancy With Abortive Outcome
L0y%
Pregnancy With Abortive Outcome NOS
L0z%
Maternal Syphilis In Pregnancy/Childbirth/Peurperium
L170%
Maternal Gonorrhea In Pregnancy/Childbirth/Peurperium
L171%
Lab Evidence Of HIV
R109%
Complications Assoc With Artificial Fertilization
SPOD%
Gonorrhea Carrier
ZV027%
Hepatitis B Carrier
ZV02B%
Hepatitis C Carrier
ZV02C%
High Risk Pregnancy With History Of Infertility
ZV230%
Contraception Mgt Admission Of Administration Of Abortifacient
ZV25B%
IVF
ZV267%
Venereal Disease Carrier NOS
65Q9%
22
AIDS Carrier
65QA%
Notification Of AIDS
65VE%
Treatment For Infertility
8C8%
Acquired Immune Deficiency Syndrome
A788%
Human Immunodef Virus Resulting In Other Disease
A789%
Chlamydial Infection
A78A%
Chlamydial Infection Of Pelviperitoneum And Other Genitourinary Organs
A78A3%
Chlamydial Infection, Unspecified
A78AW%
Chlamydial Infection Of Genitourinary Tract, Unspecified
A78AX%
Syphilis And Other Venereal Diseases
A9%
[X]Hiv Disease Resulting In Other Infectious And Parasitic Diseases
AyuC4%
[X]Dementia In Human Immunodef Virus [HIV] Disease
Eu024%
Legally Induced Abortion
L05%
Illegally Induced Abortion
L06%
Other Maternal Venereal Diseases During Pregnancy, Childbirth And The
Puerperium
L172%
[V]Asymptomatic Human Immunodeficiency Virus Infection Status
ZV01A%
23
Appendix 5 - Acute data sets required for the NHS Integrated Care IT System
NHS Number
Birth of Date
Date of Death
Postcode of Usual Address
General Medical Practice Code (Patient Registration)
Organisation Code (PCT of GP Practice)
Person Marital Status
Employment Status
Ethnic Category
Preferred Communication Language
Organisation Code (PCT of Residence)
Disability Code
Death Location Type (Preferred)
Death Location Type (Actual)
Death Not at Preferred Location Reason Code
Referral Request Received Date
Referral Request Received Time
Organisation Code (Code of Commissioner)
Source of Referral
Referral date
Priority Type Code
Primary Reason for Referral
Referring Organisation Code
Diagnosis Scheme In Use
Diagnosis At Referral
Referral Closure Date
Referral Closure Reason
Discharge Date
Discharge Letter Issued Date
Unique Booking Reference Number (Converted)
Patient Pathway Identifier
Organisation Code (Patient Pathway Identifier Issuer)
Waiting Time Measurement Type
Referral to Treatment Period Start Date
Referral to Treatment Period End Date
Referral to Treatment Period Status
Organisation Code (Code of Commissioner)
Care Professional Staff Group
Physical assessment date
Medication review date
ASSESSMENT DATE
DIAGNOSIS DATE
PRIMARY DIAGNOSIS
PATHOLOGY INVESTIGATION TYPE
SAMPLE RECEIPT DATE
CONSULTANT CODE (PATHOLOGIST)
ORGANISATION CODE (OF REPORTING PATHOLOGY)
RADIOLOGY INVESTIGATION TYPE
Examination Date
24
SUS APC Spells
SUS Version
Spell Identifier
Excluded Episode Spell ID
Pseudonymised Status
Reason Access Provided
Local Patient Identifier
Org Code Local Patient Identifier
NHS Number
Organisation Code Patient Pathway Identifier
RTT Patient Pathway Identifier
RTT Period End Date
RTT Period Start Date
RTT Status
Unique Booking Reference Number (Converted)
Birth Date
Age At CDS Activity Date
Age At Start of Spell
Age At End of Spell
Patient Type
Carer Support Indicator
Legal Status Classification Code
Ethnic Category Code
Marital Status
NHS Number Status Indicator
Gender Code
Postcode of Usual Address
Postcode Sector of Usual Address
Organisation Code (PCT of Residence)
Patient Postcode Derived PCT Type
Patient Postcode Derived PCT
Hospital Provider Spell No
ADMINISTRATIVE CATEGORY (ON ADMISSION)
Administrative Category (Derived)
Patient Classification
Admission Method (Hospital Provider Spell)
Admission Type (Derived)
Admission Subtype (Derived)
Discharge Destination (Hospital Provider Spell)
Discharge Method (Hospital Provider Spell)
Source of Admission (Hospital Provider Spell)
Start Date (Hospital Provider Spell)
Ready for Discharge Date
End Date (Hospital Provider Spell)
Delay Discharge Reason
Spell In PbR/Not In PbR
Spell Exclusion Reason
Spell Version As At Date And Time
Applicable Costing Period
Commissioner Serial No (Agreement No)
NHS Service Agreement Line No
Provider Reference No
Commissioner Reference No
SHA Commissioner
SHA Provider
25
Organisation Code (Code of Provider)
Provider Code (Original Data)
Provider Site Code
Organisation Code (Code of Commissioner)
Commissioner Code (Original Data)
Commissioner Site Code
Organisation Code Type Commissioner
PCT Derived from GP
PCT Derived from GP Practice
GP Practice Derived from PDS
Main Specialty Code
Treatment Function Code
Registered GMP Code
GP Code (Original data)
GP Practice Code
GP Consortium Code
GP Practice Code (Original Data)
GP Practice Code (Derived)
Organisation Code Type GP Practice
Referrer Code
Referring Organisation Code
Duration of Elective Wait
Intended Management
Decided To Admit Date
Length of Stay (Hospital Provider Spell)
PbR NCC PCC Adjusted Length of Stay
PbR Final Adjusted Length of Stay
Number of Commissioners in PbR Spell
Number Diagnosis
Number Hospital Provider Spell ID
Number Procedures
Number Unbundled HRGs
Number Unbundled Non Priced HRGs
Number Unbundled Priced HRGs
Excluded Episodes in Hospital Provider Spell
PbR Spell Trimpoint Days
PbR Days Beyond Trimpoint
Spell ACC Length Of Stay
Spell NCC Length Of Stay
Spell PCC Length Of Stay
Spell Primary Diagnosis
Spell Secondary Diagnosis
Spell Dominant Procedure
Primary Procedure Code
Significant Specialised Service Code
Best Practice SSC
Best Practice SSC Applicable
Tariff Initial Amount National
Tariff Day Case National
Tariff Short Stay Emergency National
Tariff Service Adjustment National
Tariff Long Stay Rate National
Tariff Long Stay Payment National
Aggregate UnBundled Adjustment National
Tariff Financial Adjustment National
Tariff Adjustment Future Use_1 National
Tariff Adjustment Future Use_2 National
26
Applied MFF Elective
Applied MFF Non Elective
MFF Adjustment
Tariff Pre MFF Adjusted National
Tariff Total Payment National
Tariff Initial Amount Non Mandatory
Tariff Day Case Non Mandatory
Tariff Short Stay Emergency Non Mandatory
Tariff Spec Serv Adjustment Non Mandatory
Tariff Long Stay Rate Non Mandatory
Tariff Long Stay Payment Non Mandatory
Aggregate UnBundled Adjustment Non Mandatory
Tariff Financial Adjustment Non Mandatory
Tariff Adjustment Future Use_1 Non Mandatory
Tariff Adjustment Future Use_2 Non Mandatory
Applied MFF Elective Non Mandatory
Applied MFF Non Elective Non Mandatory
Tariff Pre MFF Adjusted Non Mandatory
Tariff Total Payment Non Mandatory
Non Mandatory Core Tariff (with UB)
Tarrif Initial Amount Local
Tariff Day Case Local
Tariff Short Stay Emergency Local
Tariff Long Stay Rate Local
Aggregate UnBundled Adjustment Local
Tariff Long Stay Payment Local
Tariff Total Payment Local
Local Core Tariff (with UB)
PbR Final Tariff
Final Tariff Applied
PbR Costed Indicator
Grouping Method
Best Practice Indicator 1
Best Practice Indicator 2
Best Practice Indicator 3
Best Practice Indicator 4
Best Practice Indicator 5
BP Combination Indicator
Configurable Indicator
Code Cleaning
Spell Core HRG
Core HRG Version (Calculated)
HRG Submitted
HRG Version (Submitted)
SPELL Construction Algorithm slab
Grouping Algorithm Version
Grouping Reference Data Version
Grouping HRG Version
Unbundled HRG 1
Unbundled HRG 2
Unbundled HRG 3
Unbundled HRG 4
Unbundled HRG 5
Unbundled HRG 6
Unbundled HRG 7
Unbundled HRG 8
Unbundled HRG 9
27
Unbundled HRG 10
Unbundled HRG 11
Unbundled HRG 12
Spell Programme Budget Code
Number of Babies
PbR Spell Error Status
PbR Spell Frozen Indicator
PbR Spell Status Indicator
Match Criterion Indicator
PbR Readmission Indicator
Number of Spells Prior to Readmission
Number of Spells Following Readmission
First Spell Identifier (Readmission)
Organisation Code (Code of Provider of Original Parent Admission)
Applicable Date
Extract Date
Extract Type
Spare 1
Spare 2
Spare 3
Spare 4
Spare 5
CDS Schema Version
Query Date
Unique Query Id
SUS APC Episodes
SUS Version
NHS RID (From Provider)
Spell Identifier
Excluded Episode Spell ID
Generated Record ID
CDS Record Type
Reason Access Provided
Pseudonymised Status
Confidentiality Category
Local Patient Identifier
Org Code Local Patient Identifier
NHS Number
Lead Care Activity Indicator
Organisation Code Patient Pathway Identifier
RTT Patient Pathway Identifier
RTT Period End Date
RTT Period Start Date
RTT Status
Unique Booking Reference Number (Converted)
Birth Date
Age At CDS Activity Date
Patient Type
Age at Start of Episode Derived
Age At Start of Spell
Carer Support Indicator
Legal Status Classification Code
Ethnic Category Code
Marital Status
NHS Number Status Indicator
28
Gender Code
Total Previous Pregnancies
Postcode of Usual Address
Postcode Sector of Usual Address
Organisation Code (PCT of Residence)
Patient Postcode Derived PCT Type
Patient Postcode Derived PCT
Hospital Provider Spell No
ADMINISTRATIVE CATEGORY (AT START OF EPISODE)
ADMINISTRATIVE CATEGORY (ON ADMISSION)
Patient Classification
Admission Method (Hospital Provider Spell)
Admission Method (Original Data)
Admission Type (Derived)
Admission Subtype (Derived)
Discharge Destination (Hospital Provider Spell)
Discharge Method (Hospital Provider Spell)
Source of Admission (Hospital Provider Spell)
Start Date (Hospital Provider Spell)
End Date (Hospital Provider Spell)
Spell In PbR/Not In PbR
Spell Version As At Date And Time
Applicable Costing Period
Episode Number
First Regular Day Night Admission
Last Episode in Spell Indicator
Neonatal Level of Care
Operation Status
Episode Start Date
Episode End Date
CDS Activity Date
Commissioner Serial No (Agreement No)
NHS Service Agreement Line No
Provider Reference No
Commissioner Reference No
SHA Commissioner
SHA Provider
Organisation Code (Code of Provider)
Provider Site Code
Organisation Code (Code of Commissioner)
Commissioner Code (Original Data)
Commissioner Site Code
Spell Commissioner Code
PCT Derived from GP
PCT Derived from GP Practice
GP Practice Derived from PDS
Site code of Treatment (at start of episode)
Consultant Code
Main Specialty Code
Treatment Function Code
Registered GMP Code
GP Code (Original data)
GP Practice Code
GP Consortium Code
GP Practice Code (Original Data)
GP Practice Code (Derived)
Referrer Code
29
Referring Organisation Code
Duration of Elective Wait
Intended Management
Decided To Admit Date
Episode Duration
Episode Duration Grouper
HRG Submitted
HRG Version (Submitted)
Core HRG (Calculated)
Episode HRG Version (Calculated)
Episode Dominant Procedure
Grouping Algorithm Version
Grouping Reference Data Version
Grouping HRG Version
Unbundled HRG 1
Unbundled HRG 2
Unbundled HRG 3
Unbundled HRG 4
Unbundled HRG 5
Unbundled HRG 6
Unbundled HRG 7
Unbundled HRG 8
Unbundled HRG 9
Unbundled HRG 10
Unbundled HRG 11
Unbundled HRG 12
Programme Budget Code
Spell Report Flag
PbR Excluded Indicator
Episode Exclusion Reason
Code Cleaning
Diagnosis Scheme In Use
Primary Diagnosis Code
Secondary Diagnosis Code 1
Secondary Diagnosis Code 2
Secondary Diagnosis Code 3
Secondary Diagnosis Code 4
Secondary Diagnosis Code 5
Secondary Diagnosis Code 6
Secondary Diagnosis Code 7
Secondary Diagnosis Code 8
Secondary Diagnosis Code 9
Secondary Diagnosis Code 10
Secondary Diagnosis Code 11
Secondary Diagnosis Code 12
Procedure Scheme In Use
Primary Procedure Code
Primary Procedure Date
Secondary Procedure Code 1
Secondary Procedure Date 1
Secondary Procedure Code 2
Secondary Procedure Date 2
Secondary Procedure Code 3
Secondary Procedure Date 3
Secondary Procedure Code 4
Secondary Procedure Date 4
Secondary Procedure Code 5
30
Secondary Procedure Date 5
Secondary Procedure Code 6
Secondary Procedure Date 6
Secondary Procedure Code 7
Secondary Procedure Date 7
Secondary Procedure Code 8
Secondary Procedure Date 8
Secondary Procedure Code 9
Secondary Procedure Date 9
Secondary Procedure Code 10
Secondary Procedure Date 10
Secondary Procedure Code 11
Secondary Procedure Date 11
Secondary Procedure Code 12
Secondary Procedure Date 12
Advanced Cardiovascular Support Days
Advanced Respiratory Support Days
Basic Cardiovascular Support Days
Basic Respiratory Support Days
Critical Care Level2 Days
Critical Care Level3 Days
Critical Care Unit Function
Dermatological Support Days
Neurological Support Days
Renal Support Days
Liver Support Days
Episode ACC Length Of Stay
Episode NCC Length Of Stay
Episode PCC Length Of Stay
Number of Babies
Number of Commissioners in PbR Spell
Number Diagnosis
Number Procedures
Number Unbundled HRGs
Number Unbundled Non Priced HRGs
Number Unbundled Priced HRGs
Organisation Code (Sender)
Staging Loaded Date
Protocol Identifier
Unique CDS Identifier
Applicable Date
Extract Date
Report Period Start Date
Report Period End Date
Spare 1
Spare 2
Spare 3
Spare 4
Spare 5
CDS Schema Version
Query Date
Unique Query Id
SUS Outpatient
SUS Version
NHS RID (From Provider)
31
Spell Identifier
Generated Record ID
CDS Record Type
Reason Access Provided
Spell In PbR/Not In PbR
Exclusion Reason
Pseudonymised Status
Confidentiality Category
Best Practice Indicator 1
Best Practice Indicator 2
Best Practice Indicator 3
Best Practice Indicator 4
Best Practice Indicator 5
BP Combination Indicator
Configurable Indicator
Code Cleaning
Local Patient Identifier
Org Code Local Patient Identifier
NHS Number
Lead Care Activity Indicator
Organisation Code Patient Pathway Identifier
RTT Patient Pathway Identifier
RTT Period End Date
RTT Period Start Date
RTT Status
Unique Booking Reference Number (Converted)
Birth Date
Age
Derived Age
Carer Support Indicator
Ethnic Category Code
Marital Status
NHS Number Status Indicator
Gender Code
Postcode of Usual Address
Postcode Sector of Usual Address
Organisation Code (PCT of Residence)
Patient Postcode Derived PCT Type
Patient Postcode Derived PCT
Attendance Identifier
Administrative Category
Attended Or Did Not Attend
First Attendance
Outcome Of Attendance
Medical Staff Type Seeing Patient
Source of Referral for Outpatients
Appointment Date
Operation Status
OP Episode Type
CDS Activity Date
Commissioning Serial No (Agreement No)
NHS Service Agreement Line No
Provider Reference No
Commissioner Reference No
SHA Commissioner
SHA Provider
Organisation Code (Code of Provider)
32
Provider Site Code
Organisation Code (Code of Commissioner)
Commissioner Code (Original Data)
Commissioner Site Code
PCT Derived from GP
PCT Derived from GP Practice
GP Practice Derived from PDS
Location Class
Site code of Treatment
Consultant Code
Main Specialty Code
Treatment Function Code
Registered GMP Code
GP Code
GP Practice Code
GP Consortium Code
GP Practice Code (Original Data)
GP Practice Code (Derived)
Referrer Code
Referring Organisation Code
Priority Type
Service Type Requested
Referral Request Received Date
Last DNA or Patient Cancelled Date
Spell Version As At Date And Time
Applicable Costing Period
PbR Spell Status Indicator
PbR Spell Frozen Indicator
HRG (Submitted)
Core HRG Version (Calculated)
Core HRG
SUS HRG
Unbundled HRG 1
Unbundled HRG 2
Unbundled HRG 3
Unbundled HRG 4
Unbundled HRG 5
Unbundled HRG 6
Unbundled HRG 7
Unbundled HRG 8
Unbundled HRG 9
Unbundled HRG 10
Unbundled HRG 11
Unbundled HRG 12
Diagnosis Scheme In Use
Primary Diagnosis Code
Secondary Diagnosis Code 1
Secondary Diagnosis Code 2
Secondary Diagnosis Code 3
Secondary Diagnosis Code 4
Secondary Diagnosis Code 5
Secondary Diagnosis Code 6
Secondary Diagnosis Code 7
Secondary Diagnosis Code 8
Secondary Diagnosis Code 9
Secondary Diagnosis Code 10
Secondary Diagnosis Code 11
33
Secondary Diagnosis Code 12
Procedure Scheme In Use
Primary Procedure Code
Secondary Procedure Code 1
Secondary Procedure Date 1
Secondary Procedure Code 2
Secondary Procedure Date 2
Secondary Procedure Code 3
Secondary Procedure Date 3
Secondary Procedure Code 4
Secondary Procedure Date 4
Secondary Procedure Code 5
Secondary Procedure Date 5
Secondary Procedure Code 6
Secondary Procedure Date 6
Secondary Procedure Code 7
Secondary Procedure Date 7
Secondary Procedure Code 8
Secondary Procedure Date 8
Secondary Procedure Code 9
Secondary Procedure Date 9
Secondary Procedure Code 10
Secondary Procedure Date 10
Secondary Procedure Code 11
Secondary Procedure Date 11
Secondary Procedure Code 12
Secondary Procedure Date 12
HRG Used for Tariff
Tariff Initial Amount National
Aggregate UnBundled Adjustment National
Tariff Financial Adjustment National
Tariff Adjustment Future Use_1 National
Tariff Adjustment Future Use_2 National
Tariff Pre MFF Adjusted National
Applied MFF National
MFF Adjustment
Tariff Total Payment National
Tariff Initial Amount Non Mandatory
Aggregate UnBundled Adjustment Non Mandatory
Tariff Financial Adjustment Non Mandatory
Tariff Adjustment Future Use_1 Non Mandatory
Tariff Adjustment Future Use_2 Non Mandatory
Tariff Pre MFF Adjusted Non Mandatory
Applied MFF Non Mandatory
MFF Adjustment Non Mandatory
Tariff Total Payment Non Mandatory
Non Mandatory Core Tariff (with UB)
Tarrif Initial Amount Local
Aggregate UnBundled Adjustment Local
Tariff Total Payment Local
Local Core Tariff (with UB)
PbR Final Tariff
Final Tariff Applied
Number Diagnosis
Number Procedures
Number Unbundled HRGs
Number Unbundled Non Priced HRGs
34
Number Unbundled Priced HRGs
Organisation Code (Sender)
Staging Loaded Date
Protocol Identifier
Unique CDS Identifier
Applicable Date
Extract Date
Report Period Start Date
Report Period End Date
Spare 1
Spare 2
Spare 3
Spare 4
Spare 5
Grouping Algorithm Version
Grouping Reference Data Version
Grouping HRG Version
CDS Schema Version
Query Date
Unique Query Id
SUS A&E
SUS Version
NHS RID (From Provider)
Spell Identifier
Generated Record ID
CDS Record Type
Reason Access Provided
Spell In PbR/Not In PbR
Exclusion Reason
Pseudonymised Status
Confidentiality Category
Configurable Indicator
Code Cleaning
Local Patient Identifier
Org Code Local Patient Identifier
NHS Number
Lead Care Activity Indicator
Organisation Code Patient Pathway Identifier
RTT Patient Pathway Identifier
RTT Period End Date
RTT Period Start Date
RTT Status
Unique Booking Reference Number (Converted)
Birth Date
Age At CDS Activity Date
Derived Age
Carer Support Indicator
Ethnic Category Code
Marital Status
NHS Number Status Indicator
Gender Code
Postcode of Usual Address
Postcode Sector of Usual Address
Organisation Code (PCT of Residence)
Patient Postcode Derived PCT Type
35
Patient Postcode Derived PCT
EM Attendance Number
EM Mode of Arrival
EM Attendance Category
EM Attendance Disposal
EM Incident Location Type
EM Staff Member Code
EM Referral Source
Arrival Date
EM Patient Group
EM Attendance Conclusion Time
EM Departure Time
EM Initial Assessment Time
EM Time Seen for Treatment
Arrival Time
CDS Activity Date
Commissioning Serial No (Agreement No)
NHS Service Agreement Line No
Provider Reference No
Commissioner Reference No
SHA Commissioner
SHA Provider
Organisation Code (Code of Provider)
Provider Site Code
Organisation Code (Code of Commissioner)
Commissioner Code (Original Data)
Commissioner Site Code
PCT Derived from GP
PCT Derived from GP Practice
GP Practice Derived from PDS
Registered GMP Code
Registered GMP Code (Original Data)
GP Practice Code (Original Data)
GP Practice Code
GP Consortium Code
Spell Version As At Date And Time
Applicable Costing Period
PbR Spell Status Indicator
PbR Spell Frozen Indicator
HRG Code - Submitted
HRG Code Version - Submitted
Core HRG
HRG Code Version - Calculated
Core HRG For Information
HRG Code Version - For Information
Diagnosis Scheme In Use
EM Diagnosis First
EM Diagnosis Second 1
EM Diagnosis Second 2
EM Diagnosis Second 3
EM Diagnosis Second 4
EM Diagnosis Second 5
EM Diagnosis Second 6
EM Diagnosis Second 7
EM Diagnosis Second 8
EM Diagnosis Second 9
EM Diagnosis Second 10
36
EM Diagnosis Second 11
EM Diagnosis Second 12
Investigation Scheme In Use
EM Investigation First
EM Investigation Second 1
EM Investigation Second 2
EM Investigation Second 3
EM Investigation Second 4
EM Investigation Second 5
EM Investigation Second 6
EM Investigation Second 7
EM Investigation Second 8
EM Investigation Second 9
EM Investigation Second 10
EM Investigation Second 11
EM Investigation Second 12
Procedure Scheme In Use
EM Treatment First
PROCEDURE DATE (of First Treatment)
EM Treatment Second 1
PROCEDURE DATE (of Subsequent Treatments) 1
EM Treatment Second 2
PROCEDURE DATE (of Subsequent Treatments) 2
EM Treatment Second 3
PROCEDURE DATE (of Subsequent Treatments) 3
EM Treatment Second 4
PROCEDURE DATE (of Subsequent Treatments) 4
EM Treatment Second 5
PROCEDURE DATE (of Subsequent Treatments) 5
EM Treatment Second 6
PROCEDURE DATE (of Subsequent Treatments) 6
EM Treatment Second 7
PROCEDURE DATE (of Subsequent Treatments) 7
EM Treatment Second 8
PROCEDURE DATE (of Subsequent Treatments) 8
EM Treatment Second 9
PROCEDURE DATE (of Subsequent Treatments) 9
EM Treatment Second 10
PROCEDURE DATE (of Subsequent Treatments) 10
EM Treatment Second 11
PROCEDURE DATE (of Subsequent Treatments) 11
EM Treatment Second 12
PROCEDURE DATE (of Subsequent Treatments) 12
Derived EM Department Type
EM Department Type
EM Department Type MIU Indicator Derived
Tariff Initial Amount National
Tariff Financial Adjustment National
Tariff Adjustment Future Use_1 National
Tariff Adjustment Future Use_2 National
Tariff Pre MFF Adjusted National
Applied MFF National
MFF Adjustment
Tariff Total Payment National
Tariff Initial Amount Non Mandatory
Tariff Financial Adjustment Non Mandatory
Tariff Adjustment Future Use_1 Non Mandatory
37
Tariff Adjustment Future Use_2 Non Mandatory
Tariff Pre MFF Adjusted Non Mandatory
Applied MFF Non Mandatory
MFF Adjustment Non Mandatory
Tariff Total Payment Non Mandatory
Tarrif Initial Amount Local
Tariff Total Payment Local
PbR Final Tariff
Final Tariff Applied
Number Diagnosis
Number Procedures
Number EM Investigations
Number EM Treatments
Organisation Code (Sender)
Staging Loaded Date
Protocol Identifier
Unique CDS Identifier
Applicable Date and Time
Extract Date
Report Period Start Date
Report Period End Date
Spare 1
Spare 2
Spare 3
Spare 4
Spare 5
Grouping Algorithm Version
Grouping Reference Data Version
Grouping HRG Version
CDS Schema Version
Query Date
Unique Query Id
38
APPENDIX 6 - Community Dataset Required for Integrated Care IT System
NHS Number
Person Birth Date
Person Death Date
Postcode of Usual Address
General Medical Practice Code (Patient Registration)
Organisation Code (PCT of GP Practice)
Person Marital Status
Employment Status
Ethnic Category
Preferred Communication Language
Carer Support Indicator
Patient Care Responsibility Indicator
Organisation Code (PCT of Residence)
Disability Code
Death Location Type (Preferred)
Death Location Type (Actual)
39
Death Not at Preferred Location Reason Code
Referral Request Received Date
Referral Request Received Time
Organisation Code (Code of Commissioner)
Source of Referral for Community
Source of Referral for Community
Priority Type Code
Primary Reason for Referral (Community Care)
Diagnosis Scheme In Use
Diagnosis At Referral (Community Care)
Referral Closure Date (Community Care)
Referral Closure Reason (Community Care)
Discharge Date (Community Health Service)
Discharge Letter Issued Date (Community Care)
Unique Booking Reference Number (Converted)
Patient Pathway Identifier
Organisation Code (Patient Pathway Identifier Issuer)
Waiting Time Measurement Type
Referral to Treatment Period Start Date
Referral to Treatment Period End Date
Referral to Treatment Period Status
Indirect Patient Activity Identifier
Organisation Code (Code of Commissioner)
Indirect Patient Activity Date
Indirect Patient Activity Duration
Indirect Patient Activity Type Code (Community Care)
40
Care Professional Staff Group
Appendix 7 Mental Health Dataset required for Integrated Care IT System
CURRENCY_POD
PROVIDER_TYPE_DESC
PROVIDER_CODE
PROVIDERNAMEINITIALS
PROVIDER_NAME
ENDOFEACHLINE
PCT_CODE
DISCH_METHOD
PCT_NAME
LEAVETYPEDESC
LOCAL_PATIENT_IDENTIFIER
TRANSFERED_FROM_WARD
NHS_NUMBER
ADMISSIONSOURCEDESC
PATIENT_DATE_OF_BIRTH
ADMISSIONMETHODDESC
PATIENT_GENDER
AGE_AT_ADM
PATIENT_POSTCODE
OCCUPANCY_START
PCT_CODE_RESIDENCE
OCCUPANCY_END
GP_CODE
TOTAL_OBDS
GP_PRACTICE_CODE
LEAVE
SUBSERVICE
ACTUAL_OBDS
WARD_NAME
REFERRAL_DATE
SERVICE
REFERRAL_TIME
WARD_TYPE
TEAM_NAME
WARD_START_DATE
DIRECTORATE_GROUP_NAME
WARD_END_DATE
BOROUGH_NAME
PRIMARY_DIAGNOSIS
SOURCE_DESC
SPECIALTY_CODE
SOURCE_NAME
ACTIVITY_START_DATE
GP_CODE
MONTH
REASON_DESC
COUNT_OR_SUM_OF_ACTIVITY
PRIORITY_DESC
41
CONTACT_TYPE
OUTCOME_DATE
TEAM_NAME
OUTCOME_DESC
PURPOSE
ENDOFEACHLINE
SUB_SERVICE
SERVICE_OR_SPEC
OUTCOME
DV_ATT_FLAG
CONTACT_DATE
CONTACT_TIME
AM_SESSION
PM_SESSION
ACTIVITY_TYPE
DNA_FLAG
NEW_FUP
VENUE
Mental health Dataset 2
Fields available within MH data - only displaying dummy data
ORIGINATING_TABLE
CURRENCY_POD
PROVIDER_CODE
PROVIDER_NAME
PCT_CODE
PCT_NAME
LOCAL_PATIENT_IDENTIFIER
NHS_NUMBER
PATIENT_DATE_OF_BIRTH
PATIENT_GENDER
PATIENT_POSTCODE
PCT_CODE_RESIDENCE
GP_CODE
GP_PRACTICE_CODE
SUBSERVICE
WARD_NAME
SERVICE
WARD_TYPE
WARD_START_DATE
WARD_END_DATE
MHT_CIFT_IP_1213
MHT_CIFT_IP_1112
INPATIENT
TAF
CAMDEN AND ISLINGTON FOUNDATION
TRUST
5K7
CAMDEN PCT
1234567
1234567890
31-Jan-31
Female/Male
NW1 2HD
5K7
5K7
F83000
Trust MH Adult Services
Ward/Unit
Adult/Older Mental Health
Cont.Care /Acute/ Comm-based
01-Mar-12
04-Mar-12
42
PRIMARY_DIAGNOSIS
SPECIALTY_CODE
ORIGINATING_TABLE
CURRENCY_POD
PROVIDER_CODE
PROVIDER_NAME
PCT_CODE
PCT_NAME
LOCAL_PATIENT_IDENTIFIER
NHS_NUMBER
PATIENT_DATE_OF_BIRTH
PATIENT_GENDER
PATIENT_POSTCODE
PCT_CODE_RESIDENCE
GP_CODE
GP_PRACTICE_CODE
ACTIVITY_START_DATE
MONTH
COUNT_OR_SUM_OF_ACTIVITY
CONTACT_TYPE
TEAM_NAME
PURPOSE
SUB_SERVICE
SERVICE_OR_SPEC
OUTCOME
DV_ATT_FLAG
MHT_CIFT_CONTACTS_1213
MHT_CIFT_CONTACTS_1112
COMMUNITY CONTACTS
TAF
CAMDEN AND ISLINGTON FOUNDATION
TRUST
5K7
CAMDEN PCT
1234567
1234567890
31-Jan-31
Female/Male
NW1 2HD
5K7
F83000
01-Mar-12
1
Follow Up / New
Various
Review / Comm / Fup
Adult - Various
R&R / CommOR / Acute / Subs.Misuse
43
Appendix 8 Adult Social Care Data Set
Adult Social Care Dataset - Using Corelogic Framework i System
Data Item
Frameworki No
NHS Number
Demographics
Forename
Surname
DoB
Address
Gender
Worker Relationships
Allocated Social Worker
Care Co-ordinator
Involved Team
Last Assessment/Review Date
Schedule Review Date
Care Packages Provided
Comments
Details to be agreed
Details to be agreed
Mental health
Details to be agreed
Notes Data set would be for currently active clients ie in receipt of services or professional support or
those who have had services within the last 12 months
44
Document History
Version
Date
Change
0.1
November 2012
Initial draft issued and comments incorporated
0.2
13 May 2013
Second draft incorporated relevant comments
0.3
June 2013
Draft incorporated comments from stakeholders
45