Joint Health and Social Care Integration Programme Information Sharing Protocol
Agenda Item – 11 Joint Health and Social Care Integration Programme Information Sharing Protocol Meeting Health and Social Care Integration Board Date 19th July 2013 Subject Information sharing protocol to support the provision of integrated care in Barnet Paper 7.1 Summary Work has been undertaken to develop an overarching framework for sharing information between partner organisations in Barnet. The information sharing protocol will enable the sharing of appropriate personal data between health, social care and other agencies to support working together in an integrated way and the implementation of integrated care services in Barnet. The protocol seeks to provide a framework that will: Promote information sharing to enable improved co-ordination of services for the individual Ensure that information is shared in ways which are consistent with legislation and guidance Decision required The Integrated Care Board is asked to approve the information sharing protocol and data sharing template. Contact for Further Information: Christine Cornwall Email: [email protected] Version 0.1 1. PREFACE 1.1. This Information Sharing Protocol (ISP) has been jointly developed jointly by health and social care organisations operating in Barnet to facilitate the sharing of information between them so that members of the public receive the best possible service. 2. CONTEXT AND BACKGROUND 2.1. POLICY CONTEXT 2.1.1 The aim of public policy is for citizens to receive the health and social care services that they need and that the organisation of services should not impede the service provided. This requires organisations to work effectively and efficiently together to tailor services to the particular circumstances of each individual, and monitor provision of services across a geographical area. Sharing appropriate and relevant personal information about individuals between parties in a secure framework is vital to the provision of co-ordinated and seamless care to both the local population and individual service users and to improve quality and reduce inequality across the locality. Such steps are supported by the Department of Health policy “The Power of Information” and the NHS informatics service. 2.1.2 This need for lawful and secure sharing of information is also reflected in the “Information Governance Review1” report that was recently published by the Caldicott2 Review Team chaired by Dame Fiona Caldicott. 2.1.3 All the Parties recognise that the initial legal responsibility for personal information resides with the organisation that first created or received it – in this case being the participating Data Controllers. But if personal information is shared, the responsibility extends to the recipient in the receiving organisation regardless of how transitory that storage of the personal information by the receiving organisation might be 2.1.4 The Information Commissioner advocates that information sharing should take place in the context of a set of common rules, binding on all the organisations involved in a data sharing arrangement. This Protocol takes account of the principles and recommendations for sharing information provided in the Information Commissioner’s Data Sharing Code of Practice2. 2.1.5 Integrated care systems are being developed across the NHS and Social Care. It is clearly recognised that sharing information about an individual between provider organisations is a key enabler of joined up and effective service delivery. However, organisations involved in providing health and social care services to the public have a legal responsibility to ensure that their use of personal information is lawful, properly controlled and that an individual’s rights are respected. This balance between the need to share information to provide quality services and protection of confidentiality can at times be a difficult one to achieve. 3 AIMS AND OBJECTIVES 3.1 The overall aim of this Protocol is to provide a framework for the partner organisations to establish and regulate working practices in order to ensure that information is managed and shared in a lawful, necessary and appropriate way. 3.2 The main objectives are: 1 The Information Governance Review, available at: https://www.gov.uk/government/publications/the-information-governance-review, last accessed on 09/04/2013 2 ICO Data Sharing Code of Practice, available at: http://ico.org.uk/for_organisations/data_protection/topic_guides/data_sharing, last accessed on 09/04/2013 2 a) to increase awareness and understanding of the relevant legislation and especially the Data Protection Act 1998 (DPA); b) to guide partner organisations on how to share personal information lawfully to support the provision of integrated care; c) to promote the development and use of Data Sharing Agreements or Contracts; d) to encourage lawful flows of information; and e) to support a process, which will monitor and review information flows. 3.3 This Protocol will be used in conjunction with local data sharing contracts or any other formal agreements that will be put in place between partner organisations to establish legally binding relationships as regards the sharing of information. 3.4 Whilst this Protocol may also be used to provide direction and guidance as regards compliance with information sharing law and standards for various projects, technical detail about specific data sharing initiatives should be obtained from their respective subject-specific information sharing Protocols or Agreements. 3.5 Government guidance Information Sharing: Guidance for practitioners and managers should also be consulted. The guidance offers clarity on when and how information can be shared legally and professionally. It can be downloaded from: http://www.education.gov.uk/childrenandyoungpeople/strategy/integratedworking/a0072915/informationsharing 4 PURPOSES FOR SHARING DATA 4.1 The partner organisations have identified the following purposes that aim to support the objectives of an integrated care initiative. 4.2 CARE PURPOSES 4.2.1 These purposes cover uses of data that contribute to the diagnosis, care and treatment of an individual or the audit of the quality of the care provided. Where data are used for care purposes person identifiable data can be used providing that only the minimum necessary information is used. The following are considered examples of care purposes under this initiative: a) With appropriate consent and access permissions, to contact individuals identified as needing further support with the intention of preventing and reducing the likelihood of hospitalisation, adverse events and other poor health outcomes by health and/or social care professionals that can establish a legitimate relationship with the individuals concerned 3; and b) Having obtained consent and with access permissions to share information between health and / or social care professionals legitimately involved in the provision of integrated care. 4.3 NON-CARE PURPOSES 4.3.1 These purposes cover uses of data that support activities such as preventative medicine, medical research, financial management and the management of care services. Where data are used for noncare purposes, effectively anonymised or pseudonymised data must be used. The following are considered examples of non-care purposes under this initiative: 3 Please see the Advice on Risk Prediction and Stratification Activities issued of the National Information Governance Board, June 2012, available at: http://www.nigb.nhs.uk/pubs/guidance/riskpred.pdf, last accessed on 13/12/2012. 3 o With consent and appropriate access permissions to identify service users / patients who may require further support to prevent the likelihood of hospitalisation, adverse events and other poor health outcomes (risk stratification); and o Support commissioning processes. 5 ORGANISATIONS INVOLVED IN DATA SHARING 5.1 All organisations involved in sharing information are required to sign up to and adhere to this Information Sharing Protocol 6 DATA ITEMS AND FLOWS 6.1 The appendices of this protocol show examples of data that may be shared. Details of what will be shared will be specified in Information Sharing Agreements which are completed and agreed locally: 7 Appendix 1 – Primary care data sets; Appendix 2 – Exclusion of sensitive codes; Appendix 3 – Acute hospital data sets; Appendix 4 – Community data sets; Appendix 5 – Mental health data sets; and Appendix 6 – Adult social care data sets. PRINCIPAL INFORMATION SHARING REQUIREMENTS The partner organisations agree: 7.1 to acknowledge their respective roles and responsibilities in implementing this protocol; 7.2 to put in place policies, procedures and controls that ensure full compliance with the legal framework for sharing information; 7.3 to effective notify the Information Commissioner’s Office of the purposes for handling information under this protocol and maintain a valid data protection registration as appropriate; 7.4 Statutory organisations to achieve a minimum level 2 performance against all requirements in the relevant NHS IG Toolkit applicable to it; those non-statutory organisations e.g. voluntary sector, should use this as a benchmark. 7.5 to ensure that information is requested and shared on the principle that it will be made available only on a justifiable ‘need to know basis’ and only to those individuals who are legitimately entitled to access it; 7.6 to contribute to the shared environment information that is accurate and up-to-date and carry out frequent reviews to assess the accuracy of information shared; 7.7 to ensure that the information supplied is retained in line with the Records Management Policies, NHS and Social Care Code of Practice and medico-legal requirements; 7.8 to develop local Data Sharing Agreements or Contracts that govern the way transactions are undertaken between the partner organisations and with other organisations that are not parties to this protocol; 7.9 to ensure that its personnel are aware of and adhere to this protocol and other data sharing contracts related to it; 4 7.10 to ensure that all personnel have access to appropriate training and development activities to enable them to comply with information sharing requirements; 7.11 to promote public awareness of the need for information sharing through the use of appropriate communications media including publishing the protocol on the websites of the respective agencies; and 7.12 to ensure that a complaints procedure, confidentiality policy and procedures, and risk assessment procedure are all in place, clearly linked to this protocol and adhered to. 8 THE LEGAL FRAMEWORK 8.1 It is essential that the sharing of information and data complies with the law. To establish whether there is a legal basis for sharing information, the purpose must be justified taking account of the core legislation that governs data sharing between providers of health and social care services. 8.2 The core rules that govern how personal and sensitive personal data should be handled are as follows: The Data Protection Act 1998 (“DPA 1998”) The Human Rights Act 1998 (“HRA 1998”) The Common Law Duty of Confidentiality The Caldicott Principles Access to Health Records Act 1990 Freedom of Information Act 2000 The NHS Health Service Act 2006 The NHS Care Record Guarantee for England The Social Care Record Guarantee for England The ISO/IEC 27000 Series on Information Security Standards The Information Security NHS Code of Practice The Records Management NHS Code of Practice The Health and Social Care Act 2012 8.3 All partner organisations will ensure that the sharing of information under this initiative will fully comply with the legal framework as appropriate. 9 FAIR AND TRANSPARENT SHARING 9.1 It is a requirement of the DPA 1998 that all organisations that process personal data should have a “Fair Processing Notice” which will inform individuals about how their personal data will be used by the organisation to ensure that consent to the sharing of personal information is informed. Partner organisations agree to provide the following information to patients and/or service users: the identity of the data controller and the partner organisations that work in partnership. If the data controller has nominated a representative for the purposes of the DPA 1998, the identity of the representative; the purpose or purposes for which the data are intended to be processed and shared; the rights of individuals under the DPA 1998, particularly in relation to sensitive personal data; details of the procedures in place to enable individuals to access their records including audit trails as regards access to data; details of the procedures which may have to be initiated when a member of Personnel suspects that an individual has been or is at risk of abuse for example under a ‘Service User Protection Policy’ or 5 ‘Mental Health Risk Assessment & Management Policy’. Such policies will explain in general terms to whom the personal information will be shared at differing stages, as well as what personal information will be shared, how it will be used and will be compliant with the Mental Capacity Act 2005; details of the complaints procedures to follow in the event that the individual concerned believes personal information about him or her has been inappropriately disclosed; Details of how the personal information individuals provide will be recorded, stored and the length of time it will be retained both by the originating organisation and the organisations to whom they may disclose that personal information; details of the length of time for which consent to particular disclosures is valid, for example in the case of adoption 75 years; and any further information which is necessary, taking into account the specific circumstances in which the data are or are to be processed, to enable processing in respect of the patient to be fair. 9.2 Each party to this Agreement will ensure that the information referred to above will be made available to individuals in routine episodes of care and treatment. All of the above notices will be referenced on each Party’s website. The above information will be available in a variety of languages and formats where reasonable to reflect the ethnic composition of each of the boroughs within the local health/care community. 10 OBTAINING CONSENT TO SHARE DATA 10.1 The “NHS Constitution for England4” grants patients a right to privacy and confidentiality and to have their information treated safely and securely. In addition, the Social Care and NHS Care Records Guarantees for England 5specifies that individuals are entitled to make their own decisions about how their confidential information is shared. 10.2 Whilst there may be circumstances to share information lawfully without obtaining an individual’s consent, partner organisations understand that individuals should be able to make decisions about their information used for and have their wishes respected as appropriate. The partner organisations agree to the following: Each partner organisation, in its capacity as data controller, will be required to obtain consent from the individual; It will be the responsibility of the partner organisation that obtains individual’s consent to ensure that individual’s consent is valid, fully informed, express, explicit and reflects the true wishes of the individual as regards the sharing of data; Individual consent may be recorded in the respective clinical IT system of the partner organisation and also be made available to partner organisations; 11 ENABLING INDIVIDUALS TO EXERCISE THEIR RIGHTS 11.1 The Parties will comply with the rights of individuals under the DPA 1998 to be informed about personal information that is recorded about them. 4 NHS Constitution for England, available at: https://www.gov.uk/government/publications/the-nhs-constitution-for-england, last accessed on 09/04/2013. 5 See the NHS Care Records Guarantee published by the National Information Governance Board, available at: http://www.nigb.nhs.uk/pubs/nhscrg.pdf, last accessed on 09/04/2013. 6 11.2 Unless statutory grounds exist for restricting an individual’s access to personal information relating to him or her, an individual will be given every opportunity to gain access to personal information held about him or her and to correct any factual errors that have been made. Similarly, where an opinion about an individual has been recorded and the individual feels this opinion is based on incorrect factual personal information, the individual will be given every opportunity to correct the factual error and record his or her disagreement with the recorded opinion. 11.3 All parties recognise that, where a risk prediction algorithm is to be applied to an individual’s data and the risk score generated is then used as the sole basis of decision-making, this would be classified as “automated decision taking”. Where such decision-making is likely to have a significant impact on the individual, as would be the case for determining whether they gain access to additional preventive services, then this processing must be notified to the individual and the individual must be given the opportunity to object to the use of their data in this way and for a care professional to manually review the decision. 11.4 Parties to this Agreement will also respond to any notices from the ICO or Court Orders that impose requirements to cease or change the way in which data is processed. 11.5 “Except where there is a legal requirement to do so, sharing of identifiable, personal information and/or sensitive data with another organisation can only be permitted with the individual’s informed, express consent” METHODOLOGY FOR INFORMATION SHARING 12 This protocol can be taken as applicable to all forms of information sharing, irrespective of the method. In all situations and methods procedures should follow this protocol and any standards for best practice. This agreement covers the following methods of information sharing in the first instance, each method will be supported by a detailed Data Sharing agreement: 13 Transfer of personal data to an Integrated Care IT System or to another record-holding system; Discussion in multi-disciplinary teams established for the purpose of delivering integrated care; Extraction of data into a shared care record or other format for access by members of the MDT; and Access to data by health and social care professionals in an MDT providing care to the patient/ service user. COMPLAINTS 13.1 The Parties confirm to each other that: (a) they have put in place efficient and effective procedures to address complaints relating to the disclosure of personal information, and data subjects will be provided with information about these procedures where it is deemed relevant; (b) they will keep a record of all such complaints received; and (c) they have established a procedure by which their complaints officers report complaints regarding the inappropriate use or disclosure of personal information to the Caldicott Guardian or Information Governance Lead / Data Protection Officer or equivalent. 7 INFORMATION SECURITY 14 14.1 All providers will maintain a safe haven to ensure the secure receipt and processing of personal data. 14.2 Where information is shared electronically the processes will conform to the following minimum standards: 15 Role based access controls; Robust user authentication based on best practice; Network, hardware, database and application security controls; System monitoring and audit trails; System ability to generate alerts in the event of users by-passing access controls; System capability to respond to and deal with an individual’s rights exercised under Part II of the DPA 1998; Protection of the confidentiality and integrity of data in transit including key management of cryptographic services to ensure the secure communication of data; Labelling of clinical data as “NHS Confidential” in line with the NHS Data Classification and Labelling Schemes. Measures to safeguard against user error or system-to-system transfer errors by validating data input and transfer and ensuring inputs and transfers are correct and appropriate. System capability to use appropriate common identifiers to link data correctly i.e. NHS number, DoB etc; All personal and sensitive personal data processed by the system will only be retained for as long as necessary. All personal and sensitive personal data processed by the system will be stored and destroyed securely. The system must contain appropriate intrusion detection and prevention controls to protect against unauthorised external access attempts. Appropriate controls to ensure the physical security of the system. OVERSEAS TRANSFERS 15.1 All personal and sensitive personal data processed under this initiative will not be transferred outside the UK. 16 MONITORING AND REVIEWING ARRANGEMENTS 16.1 All organisations party to this protocol will have an individual responsibility to monitor the implementation of the aims and objectives and their responsibilities under this protocol. 16.2 In addition, all partner organisations agree to establish an Information Sharing Working/Steering Group that will oversee the implementation of this protocol and the associated data sharing contracts/agreements. Partner organisations agree that individuals shall be represented in this Group. 8 The parties have read understood and agree this protocol, its appendices and undertake to implement it in full. Signatures of the Caldicott Guardians/Authorised Person of the Parties to this protocol Organisation Name Role Date Signed London Borough of Barnet Royal Free London NHS Foundation Barnet Clinical Commissioning Group Barnet and Chase Farm Hospitals NHS Trust Barnet, Enfield, Haringey Mental Health Trust CLCH Personnel & Care Bank London Care CommUnity Barnet MiHomecare Housing 21 9 APPENDIX 1 - KEY LEGISLATION, COMMON LAW, STANDARDS AND CODES OF PRACTICE I Introduction The two most relevant elements of the legal framework governing information sharing are the Data Protection Act 1998 and the common law duty of confidentiality, each of which must be viewed in the light of the Human Rights Act 1998. 1. The Data Protection Act 1998 (“DPA 1998”) 1.1 Compliance with the DPA 1998 should ensure that when personal information is used or disclosed, it is done safely and with regard to the rights of the individual concerned. The DPA 1998 does not apply to information relating to the deceased. 1.2 The personal information falling within the meaning of “Personal Data” includes expressions of opinion about individuals and indications of intentions of persons in relation to individuals. The DPA 1998 applies to manual and electronic records. For some categories of manual personal information there are exemptions from some aspects of the DPA 1998 up to 24 October 2007. 1.3 The DPA 1998 gives seven rights to individuals in respect of their own personal information held by others. They are: the right of subject access; the right to prevent processing likely to cause unwarranted, substantial damage or distress; the right to prevent processing for the purposes of direct marketing; rights in relation to automated decision taking; the right to take action for compensation if the individual suffers damage; the right to take action to rectify, block, erase or destroy inaccurate personal information; and the right to make a request to the Information Commissioner for an assessment to be made as to whether any provision of the DPA 1998 has been contravened. 1.4 The “processing” of personal information by “data controllers” (i.e. the person or organisation that alone or jointly with others determines the purposes for which, and the manner in which, personal information is processed) is regulated by eight Data Protection Principles. “Processing” is defined very broadly and encompasses more or less anything that might be done with personal information, including just holding it. The eight Data Protection Principles are: personal information shall be processed fairly and lawfully and, in particular, shall not be processed unless: o (subject to limited exemptions) the “fair processing code” information has been supplied; o at least one of the conditions in Schedule 2 of the DPA 1998 is met; and o in the case of personal information which is “sensitive personal data”, at least one of the conditions in Schedule 3 of the DPA 1998 is also met. personal information shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes; personal information shall be adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed; personal information shall be accurate and, where necessary, kept up to date; 10 personal information processed for any purpose or purposes shall not be kept longer than is necessary for that purpose or purposes; personal information shall be processed in accordance with the rights of individuals under the DPA 1998; appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal information and against accidental loss or destruction of, or damage to, personal information; and personal information shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of individuals in relation to the processing of personal information. 1.5 The “fair processing code” (imposed by Schedule 1 of the DPA 1998) requires that when obtaining personal information from an individual a data controller must inform the individual of: the identity of the data controller; any nominated representative of the data controller for the purposes of the DPA 1998; the purposes for which the personal information is intended to be processed; and any further information which is necessary to enable the processing to be fair having regard to the specific circumstances of the intended processing (e.g. who it may be disclosed to) 1.6 Schedule 2 of the DPA 1998 is a list of conditions, at least one of which must be met before personal information can be processed fairly and lawfully. 1.7 The DPA 1998 defines “sensitive personal data” as personal information which relates to: the individual’s racial or ethnic origin; the individual’s political opinions; the individual’s religious beliefs or other beliefs of a similar nature; whether the individual is a member of a trade union; the individual’s physical or mental health or condition; the individual’s sexual life; the commission or alleged commission by the individual of any offence; or any proceedings for any offence committed or alleged to have been committed by the individual, the disposal of such proceedings or the sentence of any court in such proceedings. 1.8 Schedule 3 of the DPA 1998 provides an additional list of conditions for processing sensitive personal data fairly and lawfully. Unless an exemption applies, the individual must give his or her explicit consent or one of the other conditions must be met. These conditions – importantly - contain a medical purposes condition allowing processing without consent. 1.9 Processing must be lawful. The DPA 1998 does not provide any guidance on the meaning of “lawful” but “unlawful” has been defined by the Courts as “something which is contrary to some law or enactment or is done without lawful justification or excuse”. 1.10 Nonetheless, even where the Schedule 2 and 3 conditions in the DPA 1998 are satisfied, that alone may not permit disclosure. However, there are circumstances where organisations would still be able to make a disclosure. For example: Section 29 of the DPA 1998 provides an exemption from compliance with: o the first data protection principle (apart from the need for satisfaction of the Schedule 2 and 3 conditions) – so, where section 29 applies the obligation to tell individuals about the disclosure is removed; o the second, third, fourth and fifth data protection principles; and o the subject access obligations (described in paragraph 11 below) 11 to the extent that the application of those provisions would be likely to prejudice the prevention or detection of crime, or the apprehension or prosecution of offenders or the assessment or collection of any tax or duty or similar, and where those purposes by non-disclosure. Section 29 does not override common law obligations of confidentiality, but see sub-paragraph (c) below; disclosure without consent is also permitted where disclosure is required by law; and for the purposes of the common law duty of confidentiality, if there is no consent, the individual’s right to confidentiality would need to be balanced against countervailing public interests - again preventing crime is accepted as one of those interests where the offence is sufficiently serious that the public interest overrides. The rights in Article 8 in the Human Rights Act 1998 would also need to be considered. 1.11 Individuals have rights of access to personal information about themselves. An individual is entitled: to be informed by any data controller whether personal information about that individual is being processed by or on behalf of that data controller; if that is the case, to be given by the data controller a description of: the personal information held about that individual; the purposes for which they are being or are to be processed; and the recipients or classes of recipients to whom the personal information is being or may be disclosed to have communicated to him or her in an intelligible form: o the personal information held about that individual; and o any information available to the data controller as to the source of that personal information, and to be informed by the data controller of the rational involved in decision-taking where there is processing by automatic means of personal information about that individual for the purpose of evaluating matters relating to him or her (such as, for example, his or her performance at work, his or her creditworthiness, his or her reliability or his or her conduct) which constituted or is likely to constitute the sole basis for any decision significantly affecting the individual. 1.12 Section 9A of the DPA 1998 provides limits on the rights of access to manual personal data held by public authorities other than information which is “recorded as part of, or with the intention that it should form part of, any set of information relating to individuals to the extent that the set is structured by reference to individuals or by reference to criteria relating to individuals.” The limits mean that if the individual concerned wants access to this kind of manual personal information, he or she must provide a description of the personal data. Also the public authority does not have to comply if it estimates (in accordance with regulations under the FoIA) that the cost of complying would exceed an amount prescribed by statutory instrument from time to time – the current statutory limit is £450 for public authorities which are not government departments or certain other central government bodies. However, the requirement in paragraph 11(a) above will have to be complied with unless it is estimated that compliance with that alone will exceed the £450 limit. 1.13 By virtue of orders under Section 30 of the DPA 1998 the individual’s access to some health, education and social work personal information may be restricted or denied. 1.14 The DPA 1998 requires all organisations which process personal information to make a formal notification to the Information Commissioner. It is particularly important when engaging in information sharing that the purposes for which the personal information is to be used are included in the notification if the notification is incomplete in any way, appropriate amendments must be submitted before processing can start. 2. The Common Law Duty of Confidentiality 2.1 All Personnel working in both the public and private sectors should understand that they are subject to the common law duty of confidentiality, and must abide by this. The duty of confidentiality applies to 12 information about an identifiable individual and not to aggregated data derived from such personal information or to personal information that has otherwise been effectively anonymised — i.e. it is not possible for anyone to link the information to a specific individual. 2.2 The duty of confidentiality means that confidential information should only be used for purposes that the subject has been informed about and has consented to unless: there is a statutory requirement to use information that has been provided in confidence, for example regulations in relation to the “Information Sharing Index” in relation to children are likely to include exemptions from the duty of confidentiality in order to enable the Information Sharing Index to operate; or if the holder of the confidential information can justify disclosure as being in the public interest (e.g. to protect others from harm). 2.3 Whilst it is not entirely clear under law whether a common law duty of confidentiality extends to deceased persons, the Department of Health and professional bodies responsible for setting ethical standards for health professionals accept that it does extend to deceased persons. 2.4 Unless there is a sufficiently robust public interest justification for using confidential information that has been provided in confidence then the consent of the individual concerned should be obtained (deceased individuals may have provided their consent before death). For living individuals, Schedules 2 and 3 of the DPA 1998 apply in addition whether or not the personal information was provided in confidence. 2.5 Whilst, under current law, no-one can provide consent on behalf of an adult in order to satisfy the common law requirement, it is generally accepted that decisions about treatment, and the disclosure of information, should be made by those responsible for providing care and that they should be in the best interests of the individual concerned. 3. The Caldicott Principles 3.1 The recently-published Information Governance Review Report has recommended that the existing Caldicott Principles be reviewed and an additional principle is created to establish a duty to share information where appropriate. However, until the recommendations are adopted in the NHS the existing Caldicott Principles are as follows: justify the purpose(s) for using confidential information; only use when absolutely necessary; use the minimum that is required; access should be on a strict “need to know” basis; everyone must understand his or her responsibilities; and understand and comply with the law. 4. The Human Rights Act 1998 (“HRA”) 4.1 Article 8.1 in Schedule 1 of the HRA establishes a right to ‘respect for private and family life’. This underscores the duty to protect the privacy of individuals and preserve the confidentiality of their health and social care records. This is however a qualified right, so there are specified grounds upon which it may be legitimate for authorities to override or limit those rights. Current understanding is that compliance with the DPA 1998 and the common law of confidentiality should satisfy HRA requirements. 5. The Access to Health Records Act 1990 (“AHRA”) 13 5.1 The DPA 1998 supersedes the AHRA apart from the sections dealing with access to information about the deceased. The AHRA provides rights of access to health records of deceased individuals for their personal representatives and others having a claim on the deceased’s estate. In other circumstances, disclosure of health records relating to the deceased should be carried out in such a way as to comply with the common law duty of confidentiality. 6. Freedom of Information Act 2000 (“FoIA”) 6.1. For public bodies, the FoIA will extend access rights to information to allow access to all the types of information held, whether personal or non-personal. However, the public authority will not be required to release information to which any of the exemptions in the FoIA applies. Anyone will be able to make a request for information, although the request must be in a permanent form. The FoIA gives applicants two related rights: the right to be told whether the information exists; and the right to receive the information (and where possible, in the manner requested, i.e. as a copy or summary, or the applicant may ask to inspect a record). 6.2. All the Parties to this Protocol are subject to the provisions of the as well as the DPA 1998. 7. NHS Health Service Act 2006 7.1. Section 251 of the NHS HSA gives the Secretary of State the power to make regulations relating to the processing of prescribed patient information for medical purposes in the interests of patients or the wider public good (e.g. disclosing patient identifiable information to specified bodies, such as cancer registries). 7.2. The proposed use of patient identifiable information for which regulations under Section 251 are made must be acceptable under the HSA. Acceptable purposes are preventative medicine, medical diagnosis, medical research, provision of care and treatment, management of health and social care services and informing individuals about their physical or mental health or condition, the diagnosis of their condition or their care or treatment but the primary purpose of the processing cannot be to determine the care and treatment of specific patients. 7.3. Section 251does not change the DPA 1998 requirements but where regulations apply it does set aside the legal duty of confidentiality and replace it with a range of safeguards intended to ensure that the use of a patient’s information has no detrimental effect on that patient. The existing regulations under Section 251 are in the Health Service (Control of Patient Information) Regulations 2002. 8. The Health and Social Care Act 2012 8.1. The HSCA reshapes the structure of the NHS. It transfers commissioning powers to new organisations, CCGs and NHS England. Importantly, the HSCA empowers the Health and Social Care Information Centre to process health and social care patient confidential information. 9. The ISO/IEC 27000 Series on Information Security Standards 9.1. This Standard provides a code of practice and a set of requirements for the management of information security. The Standard is published in two parts. Part 1 provides a code of practice for information security management. Part 2 provides recommendations and controls for information security management systems. 10. NHS Care Record Guarantee 14 10.1. The NHS Care Record Guarantee for England sets out the rules that govern how patient information is used in the NHS and what control the patient can have over this. It is based on professional guidelines, best practice and the law and applies to both paper and electronic records. Whilst not a legal document, the Guarantee could be used as the basis for a complaint. 11. Social Care Record Guarantee 11.1. The Social Care Record Guarantee for England sets out the rules that govern how service user information is used within both Adults and Children's Social Care Services and what control individuals can have over this. It is based on professional guidelines, best practice and the law and applies to both paper and electronic records. Whilst not a legal document, the Guarantee could be used as the basis for a complaint. 12. The Information Security NHS Code of Practice 12.1. The Information Security Code of Practice has been published by the Department of Health and provides a guide to the methods and required standards of practice in the management of information security in the NHS. 13. The Records Management NHS Code of Practice 13.1. The Code offers detailed guidance on the management of all NHS record types, clinical and corporate records and provides minimum retention period schedules for NHS records. Appendix 2 - GENERAL CONSENT PROCEDURE 15 1. OBTAINING, RECORDING AND WITHDRAWING CONSENT 1.1 The Providers will seek consent from all service users or their legal representative, normally at the first contact with the person concerned unless the individual is unable, at that time, to fully comprehend the implications or make an informed judgment, in line with the Mental Capacity Act 2005. The Personnel who seek consent from individuals will have been trained in the correct processes and procedures. An individual’s consent may be recorded on the specific line of care IT system or the health and / or social care record maintained by the Provider. In addition, individuals will also be given the opportunity to optout of the data sharing initiative and such dissent will also be recorded on the line of care IT system or the health and / or social care record maintained by the Provider. Any systems will be configured to ensure that a full audit trail can be performed as appropriate. 1.2 In seeking consent to disclose personal information, organisations will ensure that: (a) the consent is a “freely given informed indication of the individual’s wishes”; (b) the individual understands the purposes for which it will be used; (c) the individual is made aware of the persons (whether or not parties to this Agreement) with whom the personal information may be shared; and (d) consent will not be treated as having been given either by the individual or his or her representative, unless it has been made clear to them what the implications of such consent will be. 1.3 Where Parties obtain personal information about an individual which is “sensitive personal data” as defined in the DPA 1998 in the course of their direct contact with that individual, they shall whenever it is, or may be, appropriate for a specific purpose seek to obtain the Explicit Consent of that individual to disclose that personal information to any other Party or any other body for such purpose. If such consent is not given, because the individual is either unable or unwilling to give that consent, then that sensitive personal data will only be released to another Party if there are grounds for overriding the duty of confidence and one of the remaining conditions of Schedule 3 of the DPA can be demonstrated or one of the few circumstances where there is an applicable statutory exemption can be demonstrated. 1.4 “Explicit Consent” means that the consent should be absolutely clear and in appropriate cases it should cover the specific detail of the processing, the particular type of personal information to be processed (or even the specific personal information), the purposes of the processing and any special aspects of the processing which may affect the individual, for example, disclosures which may be made of the personal information. 1.5 The Parties each confirm that they have in place a policy that addresses consent requirements and that is monitored, and supports compliance with the DPA 1998. 1.6 To the extent appropriate consent for sharing personal information has not already been obtained under the relevant Party’s consent recording policy, the party will obtain any necessary consent from service users, using a consent to disclosure form (“Consent to Disclosure Form”). Consent to Disclosure Forms must be completed and signed by either the service user or his or her legally authorised representative and shall detail the restrictions (what is shared, who it is shared with, when it is to be shared and for how long- details will be defined in the relevant Data Sharing Agreements) to be placed upon the disclosure of personal information. 1.7 Completed Consent to Disclosure Forms shall be placed in an easy to find, accessible place within the service user’s file, all clearly date marked, because individuals have the right to change their minds about consent in the future. 16 1.8 A copy of the completed Consent to Disclosure Form should be given to either the service user, or his or her legally authorised representative, and must be dated and signed by a member of Personnel, the service user, and/or his or her legally authorised representative. 1.9 The Parties agree that, subject to certain statutory exceptions, an individual has the right to limit: (a) the ways in which the Party first receiving or generating personal information o can share personal information with other organisations o can disclose what can be shared, and what remains confidential. the specific purposes in which confidential personal information might be disclosed, and has a right to redress if personal information about the individual has been unlawfully disclosed 1.10 There will be some circumstances where you should not seek consent, for example where to do so would: place a child or young person at increased risk of significant harm; or place an adult at risk of serious harm; or prejudice the prevention or detection of a serious crime; or lead to unjustified delay in making enquiries about allegations of significant harm. 1.11 Each Party will ensure that individuals are given the right to opt out of having their information shared or withdraw consent at any given time. Such decisions should be recorded and documented in the same way as consent is obtained. 1.12 Where an individual declines consent to disclosure and/or the nature of a requested disclosure is problematic, then guidance must be sought from the individual or (where appropriate) his or her legally authorised representative, if any, and he or she should be informed in a sensitive manner where the lack of consent may place a limitation on the provision of specific services and why the specific information is required for the provision of that service. In the absence of the individual or (where appropriate) his or her legally authorised representative, then Personnel must, where practicable: (a) discuss the situation with the Caldicott Guardian or equivalent officer within the Party, and take guidance from him/her on the best way in which to proceed; (b) undertake a risk assessment to establish whether withdrawal of consent to disclose personal information might result in significant harm to the individual or others. This must be written-up, and dated and signed; (c) evidence of significant risk based on professional judgement may be sufficient to override the wishes of the person deemed to be at actual/potential risk; and (d) consider whether there are legal bases which permit disclosing without consent (for example, under the DPA 1998, the HRA and exceptions to the duty of confidentiality). 2. CAPACITY TO GIVE INFORMED CONSENT 2.1 Individuals are only able to give informed consent if they have the cognitive ability to do so, and in some instances, this ability might be intermittent, for example, where adults and older people have certain forms of dementia, individuals with learning disabilities, and adults with particular forms of mental illness. A significant number of the Parties’ health and care service users will be unable to give informed consent, or are unable to do so consistently. 2.2 The capacity to give informed consent can be assessed by considering whether the individual: 17 (a) has the capacity to make this particular decision; (b) has the capacity to understand and retain the information relevant to the decision; (c) will be able to understand the reasonably foreseeable consequences of deciding one way or Patient Data Set ther; and (d) 2.3 will have the capacity to communicate the decision he or she has come to. If it is proposed to share personal information in respect of a child under 16, a judgment needs to be made in each case as to whether the child understands the nature of the request and therefore has the capacity to give consent. 2.4 Adults (including for this purpose young people aged 16-17) are always assumed to be competent to give consent unless it is demonstrated otherwise. If there is doubt about capacity this should be considered in relation to the criteria listed. APPENDIX 3 - Patient Data Set (Primary Care) Full Patient Data-set (to be extracted) the category of individuals who are permitted to view the data sets outlines the specific purpose for which data will be processed. 18 NHS Number Name Address Postcode DOB Appointment Date Appointment Time Appointment Location Admission type/source of referral Attended Discharge Date Appointment frequency Number Discharge description Outcome Service Name Healthcare Care Professional (HCP) Contact Name Diagnosis Medications Procedures Referrals Current problems or diagnosis Past problems Procedures Current medication, repeat medication Examination Findings Allergies or contra-indications Test results Referrals 19 Investigations Encounters Medical history Allergies 20 APPENDIX 4 Exclusions: List of sensitive codes Terms Read Codes HSA1-Therap. Abort. Green Form 956% H/O: Venereal Disease 1415% Hysterotomy And Termination Of Pregnancy 7E066% Dilation Of Cervix Uteri And Curettage Of Products Of Conception From Uterus 7E070% Curettage Of Products Of Conception From Uterus NEC 7E071% Suction Termination Of Pregnancy 7E084% Dilation Of Cervix And Extraction Termination Of Pregnancy 7E085% Termination Of Pregnancy NEC 7E086% Cervical Smear 4K36% Cervical Smear 4K36% Gonorrhoea 65Q8% Introduction Of Abortifacient Into Uterine Tract 7E0B% Introduction Of Abortifacient Into Uterine Tract 7E0B% Genital Herpes A541% Viral Hepatitis B With Coma A702% Viral Hepatitis B With Serum A703% Other Spec Viral Hepatitis With Coma A7040% Viral Hepatitis C Without Mention Of Hepatitis Coma A7050% Chronic Viral Hepatitis A707% Unspecified Viral Hepatitis A70z% Cytomegalic Hepatitis A7852% HIV Resulting In Cytomegalic Disease A7891% Chlamydia A78A0% Chlamydia Anus And Rectum A78A2% Human Papilloma Virus Infection A79B% 21 Papilloma As Cause Of Diseases Class. In Other Chapters A7y05% Trichomonas AD1% Phthrius Pubis Lice AD22% Sexual Deviations E22y4% Gender Identity Disorders Eu64% Cystitis In Gonorrhea K1545% Prostatitis In Gonorrhea K2144% Prostatitis In Trichomonosis K2146% Chlamydia Epidymitis K2416% Female Chlamydia In Pelvic Infumonotary K40y1% Chlamydia Cervilitis K4209% Unspecified Abortion L07% Failed Attempted Abortion L08% Complication Following Abortion/Ectopic/ Molar Pregnancies L09% Failed Attempted Abortion L0A% Failed Attempted Abortion L0A% Other Specified Pregnancy With Abortive Outcome L0y% Pregnancy With Abortive Outcome NOS L0z% Maternal Syphilis In Pregnancy/Childbirth/Peurperium L170% Maternal Gonorrhea In Pregnancy/Childbirth/Peurperium L171% Lab Evidence Of HIV R109% Complications Assoc With Artificial Fertilization SPOD% Gonorrhea Carrier ZV027% Hepatitis B Carrier ZV02B% Hepatitis C Carrier ZV02C% High Risk Pregnancy With History Of Infertility ZV230% Contraception Mgt Admission Of Administration Of Abortifacient ZV25B% IVF ZV267% Venereal Disease Carrier NOS 65Q9% 22 AIDS Carrier 65QA% Notification Of AIDS 65VE% Treatment For Infertility 8C8% Acquired Immune Deficiency Syndrome A788% Human Immunodef Virus Resulting In Other Disease A789% Chlamydial Infection A78A% Chlamydial Infection Of Pelviperitoneum And Other Genitourinary Organs A78A3% Chlamydial Infection, Unspecified A78AW% Chlamydial Infection Of Genitourinary Tract, Unspecified A78AX% Syphilis And Other Venereal Diseases A9% [X]Hiv Disease Resulting In Other Infectious And Parasitic Diseases AyuC4% [X]Dementia In Human Immunodef Virus [HIV] Disease Eu024% Legally Induced Abortion L05% Illegally Induced Abortion L06% Other Maternal Venereal Diseases During Pregnancy, Childbirth And The Puerperium L172% [V]Asymptomatic Human Immunodeficiency Virus Infection Status ZV01A% 23 Appendix 5 - Acute data sets required for the NHS Integrated Care IT System NHS Number Birth of Date Date of Death Postcode of Usual Address General Medical Practice Code (Patient Registration) Organisation Code (PCT of GP Practice) Person Marital Status Employment Status Ethnic Category Preferred Communication Language Organisation Code (PCT of Residence) Disability Code Death Location Type (Preferred) Death Location Type (Actual) Death Not at Preferred Location Reason Code Referral Request Received Date Referral Request Received Time Organisation Code (Code of Commissioner) Source of Referral Referral date Priority Type Code Primary Reason for Referral Referring Organisation Code Diagnosis Scheme In Use Diagnosis At Referral Referral Closure Date Referral Closure Reason Discharge Date Discharge Letter Issued Date Unique Booking Reference Number (Converted) Patient Pathway Identifier Organisation Code (Patient Pathway Identifier Issuer) Waiting Time Measurement Type Referral to Treatment Period Start Date Referral to Treatment Period End Date Referral to Treatment Period Status Organisation Code (Code of Commissioner) Care Professional Staff Group Physical assessment date Medication review date ASSESSMENT DATE DIAGNOSIS DATE PRIMARY DIAGNOSIS PATHOLOGY INVESTIGATION TYPE SAMPLE RECEIPT DATE CONSULTANT CODE (PATHOLOGIST) ORGANISATION CODE (OF REPORTING PATHOLOGY) RADIOLOGY INVESTIGATION TYPE Examination Date 24 SUS APC Spells SUS Version Spell Identifier Excluded Episode Spell ID Pseudonymised Status Reason Access Provided Local Patient Identifier Org Code Local Patient Identifier NHS Number Organisation Code Patient Pathway Identifier RTT Patient Pathway Identifier RTT Period End Date RTT Period Start Date RTT Status Unique Booking Reference Number (Converted) Birth Date Age At CDS Activity Date Age At Start of Spell Age At End of Spell Patient Type Carer Support Indicator Legal Status Classification Code Ethnic Category Code Marital Status NHS Number Status Indicator Gender Code Postcode of Usual Address Postcode Sector of Usual Address Organisation Code (PCT of Residence) Patient Postcode Derived PCT Type Patient Postcode Derived PCT Hospital Provider Spell No ADMINISTRATIVE CATEGORY (ON ADMISSION) Administrative Category (Derived) Patient Classification Admission Method (Hospital Provider Spell) Admission Type (Derived) Admission Subtype (Derived) Discharge Destination (Hospital Provider Spell) Discharge Method (Hospital Provider Spell) Source of Admission (Hospital Provider Spell) Start Date (Hospital Provider Spell) Ready for Discharge Date End Date (Hospital Provider Spell) Delay Discharge Reason Spell In PbR/Not In PbR Spell Exclusion Reason Spell Version As At Date And Time Applicable Costing Period Commissioner Serial No (Agreement No) NHS Service Agreement Line No Provider Reference No Commissioner Reference No SHA Commissioner SHA Provider 25 Organisation Code (Code of Provider) Provider Code (Original Data) Provider Site Code Organisation Code (Code of Commissioner) Commissioner Code (Original Data) Commissioner Site Code Organisation Code Type Commissioner PCT Derived from GP PCT Derived from GP Practice GP Practice Derived from PDS Main Specialty Code Treatment Function Code Registered GMP Code GP Code (Original data) GP Practice Code GP Consortium Code GP Practice Code (Original Data) GP Practice Code (Derived) Organisation Code Type GP Practice Referrer Code Referring Organisation Code Duration of Elective Wait Intended Management Decided To Admit Date Length of Stay (Hospital Provider Spell) PbR NCC PCC Adjusted Length of Stay PbR Final Adjusted Length of Stay Number of Commissioners in PbR Spell Number Diagnosis Number Hospital Provider Spell ID Number Procedures Number Unbundled HRGs Number Unbundled Non Priced HRGs Number Unbundled Priced HRGs Excluded Episodes in Hospital Provider Spell PbR Spell Trimpoint Days PbR Days Beyond Trimpoint Spell ACC Length Of Stay Spell NCC Length Of Stay Spell PCC Length Of Stay Spell Primary Diagnosis Spell Secondary Diagnosis Spell Dominant Procedure Primary Procedure Code Significant Specialised Service Code Best Practice SSC Best Practice SSC Applicable Tariff Initial Amount National Tariff Day Case National Tariff Short Stay Emergency National Tariff Service Adjustment National Tariff Long Stay Rate National Tariff Long Stay Payment National Aggregate UnBundled Adjustment National Tariff Financial Adjustment National Tariff Adjustment Future Use_1 National Tariff Adjustment Future Use_2 National 26 Applied MFF Elective Applied MFF Non Elective MFF Adjustment Tariff Pre MFF Adjusted National Tariff Total Payment National Tariff Initial Amount Non Mandatory Tariff Day Case Non Mandatory Tariff Short Stay Emergency Non Mandatory Tariff Spec Serv Adjustment Non Mandatory Tariff Long Stay Rate Non Mandatory Tariff Long Stay Payment Non Mandatory Aggregate UnBundled Adjustment Non Mandatory Tariff Financial Adjustment Non Mandatory Tariff Adjustment Future Use_1 Non Mandatory Tariff Adjustment Future Use_2 Non Mandatory Applied MFF Elective Non Mandatory Applied MFF Non Elective Non Mandatory Tariff Pre MFF Adjusted Non Mandatory Tariff Total Payment Non Mandatory Non Mandatory Core Tariff (with UB) Tarrif Initial Amount Local Tariff Day Case Local Tariff Short Stay Emergency Local Tariff Long Stay Rate Local Aggregate UnBundled Adjustment Local Tariff Long Stay Payment Local Tariff Total Payment Local Local Core Tariff (with UB) PbR Final Tariff Final Tariff Applied PbR Costed Indicator Grouping Method Best Practice Indicator 1 Best Practice Indicator 2 Best Practice Indicator 3 Best Practice Indicator 4 Best Practice Indicator 5 BP Combination Indicator Configurable Indicator Code Cleaning Spell Core HRG Core HRG Version (Calculated) HRG Submitted HRG Version (Submitted) SPELL Construction Algorithm slab Grouping Algorithm Version Grouping Reference Data Version Grouping HRG Version Unbundled HRG 1 Unbundled HRG 2 Unbundled HRG 3 Unbundled HRG 4 Unbundled HRG 5 Unbundled HRG 6 Unbundled HRG 7 Unbundled HRG 8 Unbundled HRG 9 27 Unbundled HRG 10 Unbundled HRG 11 Unbundled HRG 12 Spell Programme Budget Code Number of Babies PbR Spell Error Status PbR Spell Frozen Indicator PbR Spell Status Indicator Match Criterion Indicator PbR Readmission Indicator Number of Spells Prior to Readmission Number of Spells Following Readmission First Spell Identifier (Readmission) Organisation Code (Code of Provider of Original Parent Admission) Applicable Date Extract Date Extract Type Spare 1 Spare 2 Spare 3 Spare 4 Spare 5 CDS Schema Version Query Date Unique Query Id SUS APC Episodes SUS Version NHS RID (From Provider) Spell Identifier Excluded Episode Spell ID Generated Record ID CDS Record Type Reason Access Provided Pseudonymised Status Confidentiality Category Local Patient Identifier Org Code Local Patient Identifier NHS Number Lead Care Activity Indicator Organisation Code Patient Pathway Identifier RTT Patient Pathway Identifier RTT Period End Date RTT Period Start Date RTT Status Unique Booking Reference Number (Converted) Birth Date Age At CDS Activity Date Patient Type Age at Start of Episode Derived Age At Start of Spell Carer Support Indicator Legal Status Classification Code Ethnic Category Code Marital Status NHS Number Status Indicator 28 Gender Code Total Previous Pregnancies Postcode of Usual Address Postcode Sector of Usual Address Organisation Code (PCT of Residence) Patient Postcode Derived PCT Type Patient Postcode Derived PCT Hospital Provider Spell No ADMINISTRATIVE CATEGORY (AT START OF EPISODE) ADMINISTRATIVE CATEGORY (ON ADMISSION) Patient Classification Admission Method (Hospital Provider Spell) Admission Method (Original Data) Admission Type (Derived) Admission Subtype (Derived) Discharge Destination (Hospital Provider Spell) Discharge Method (Hospital Provider Spell) Source of Admission (Hospital Provider Spell) Start Date (Hospital Provider Spell) End Date (Hospital Provider Spell) Spell In PbR/Not In PbR Spell Version As At Date And Time Applicable Costing Period Episode Number First Regular Day Night Admission Last Episode in Spell Indicator Neonatal Level of Care Operation Status Episode Start Date Episode End Date CDS Activity Date Commissioner Serial No (Agreement No) NHS Service Agreement Line No Provider Reference No Commissioner Reference No SHA Commissioner SHA Provider Organisation Code (Code of Provider) Provider Site Code Organisation Code (Code of Commissioner) Commissioner Code (Original Data) Commissioner Site Code Spell Commissioner Code PCT Derived from GP PCT Derived from GP Practice GP Practice Derived from PDS Site code of Treatment (at start of episode) Consultant Code Main Specialty Code Treatment Function Code Registered GMP Code GP Code (Original data) GP Practice Code GP Consortium Code GP Practice Code (Original Data) GP Practice Code (Derived) Referrer Code 29 Referring Organisation Code Duration of Elective Wait Intended Management Decided To Admit Date Episode Duration Episode Duration Grouper HRG Submitted HRG Version (Submitted) Core HRG (Calculated) Episode HRG Version (Calculated) Episode Dominant Procedure Grouping Algorithm Version Grouping Reference Data Version Grouping HRG Version Unbundled HRG 1 Unbundled HRG 2 Unbundled HRG 3 Unbundled HRG 4 Unbundled HRG 5 Unbundled HRG 6 Unbundled HRG 7 Unbundled HRG 8 Unbundled HRG 9 Unbundled HRG 10 Unbundled HRG 11 Unbundled HRG 12 Programme Budget Code Spell Report Flag PbR Excluded Indicator Episode Exclusion Reason Code Cleaning Diagnosis Scheme In Use Primary Diagnosis Code Secondary Diagnosis Code 1 Secondary Diagnosis Code 2 Secondary Diagnosis Code 3 Secondary Diagnosis Code 4 Secondary Diagnosis Code 5 Secondary Diagnosis Code 6 Secondary Diagnosis Code 7 Secondary Diagnosis Code 8 Secondary Diagnosis Code 9 Secondary Diagnosis Code 10 Secondary Diagnosis Code 11 Secondary Diagnosis Code 12 Procedure Scheme In Use Primary Procedure Code Primary Procedure Date Secondary Procedure Code 1 Secondary Procedure Date 1 Secondary Procedure Code 2 Secondary Procedure Date 2 Secondary Procedure Code 3 Secondary Procedure Date 3 Secondary Procedure Code 4 Secondary Procedure Date 4 Secondary Procedure Code 5 30 Secondary Procedure Date 5 Secondary Procedure Code 6 Secondary Procedure Date 6 Secondary Procedure Code 7 Secondary Procedure Date 7 Secondary Procedure Code 8 Secondary Procedure Date 8 Secondary Procedure Code 9 Secondary Procedure Date 9 Secondary Procedure Code 10 Secondary Procedure Date 10 Secondary Procedure Code 11 Secondary Procedure Date 11 Secondary Procedure Code 12 Secondary Procedure Date 12 Advanced Cardiovascular Support Days Advanced Respiratory Support Days Basic Cardiovascular Support Days Basic Respiratory Support Days Critical Care Level2 Days Critical Care Level3 Days Critical Care Unit Function Dermatological Support Days Neurological Support Days Renal Support Days Liver Support Days Episode ACC Length Of Stay Episode NCC Length Of Stay Episode PCC Length Of Stay Number of Babies Number of Commissioners in PbR Spell Number Diagnosis Number Procedures Number Unbundled HRGs Number Unbundled Non Priced HRGs Number Unbundled Priced HRGs Organisation Code (Sender) Staging Loaded Date Protocol Identifier Unique CDS Identifier Applicable Date Extract Date Report Period Start Date Report Period End Date Spare 1 Spare 2 Spare 3 Spare 4 Spare 5 CDS Schema Version Query Date Unique Query Id SUS Outpatient SUS Version NHS RID (From Provider) 31 Spell Identifier Generated Record ID CDS Record Type Reason Access Provided Spell In PbR/Not In PbR Exclusion Reason Pseudonymised Status Confidentiality Category Best Practice Indicator 1 Best Practice Indicator 2 Best Practice Indicator 3 Best Practice Indicator 4 Best Practice Indicator 5 BP Combination Indicator Configurable Indicator Code Cleaning Local Patient Identifier Org Code Local Patient Identifier NHS Number Lead Care Activity Indicator Organisation Code Patient Pathway Identifier RTT Patient Pathway Identifier RTT Period End Date RTT Period Start Date RTT Status Unique Booking Reference Number (Converted) Birth Date Age Derived Age Carer Support Indicator Ethnic Category Code Marital Status NHS Number Status Indicator Gender Code Postcode of Usual Address Postcode Sector of Usual Address Organisation Code (PCT of Residence) Patient Postcode Derived PCT Type Patient Postcode Derived PCT Attendance Identifier Administrative Category Attended Or Did Not Attend First Attendance Outcome Of Attendance Medical Staff Type Seeing Patient Source of Referral for Outpatients Appointment Date Operation Status OP Episode Type CDS Activity Date Commissioning Serial No (Agreement No) NHS Service Agreement Line No Provider Reference No Commissioner Reference No SHA Commissioner SHA Provider Organisation Code (Code of Provider) 32 Provider Site Code Organisation Code (Code of Commissioner) Commissioner Code (Original Data) Commissioner Site Code PCT Derived from GP PCT Derived from GP Practice GP Practice Derived from PDS Location Class Site code of Treatment Consultant Code Main Specialty Code Treatment Function Code Registered GMP Code GP Code GP Practice Code GP Consortium Code GP Practice Code (Original Data) GP Practice Code (Derived) Referrer Code Referring Organisation Code Priority Type Service Type Requested Referral Request Received Date Last DNA or Patient Cancelled Date Spell Version As At Date And Time Applicable Costing Period PbR Spell Status Indicator PbR Spell Frozen Indicator HRG (Submitted) Core HRG Version (Calculated) Core HRG SUS HRG Unbundled HRG 1 Unbundled HRG 2 Unbundled HRG 3 Unbundled HRG 4 Unbundled HRG 5 Unbundled HRG 6 Unbundled HRG 7 Unbundled HRG 8 Unbundled HRG 9 Unbundled HRG 10 Unbundled HRG 11 Unbundled HRG 12 Diagnosis Scheme In Use Primary Diagnosis Code Secondary Diagnosis Code 1 Secondary Diagnosis Code 2 Secondary Diagnosis Code 3 Secondary Diagnosis Code 4 Secondary Diagnosis Code 5 Secondary Diagnosis Code 6 Secondary Diagnosis Code 7 Secondary Diagnosis Code 8 Secondary Diagnosis Code 9 Secondary Diagnosis Code 10 Secondary Diagnosis Code 11 33 Secondary Diagnosis Code 12 Procedure Scheme In Use Primary Procedure Code Secondary Procedure Code 1 Secondary Procedure Date 1 Secondary Procedure Code 2 Secondary Procedure Date 2 Secondary Procedure Code 3 Secondary Procedure Date 3 Secondary Procedure Code 4 Secondary Procedure Date 4 Secondary Procedure Code 5 Secondary Procedure Date 5 Secondary Procedure Code 6 Secondary Procedure Date 6 Secondary Procedure Code 7 Secondary Procedure Date 7 Secondary Procedure Code 8 Secondary Procedure Date 8 Secondary Procedure Code 9 Secondary Procedure Date 9 Secondary Procedure Code 10 Secondary Procedure Date 10 Secondary Procedure Code 11 Secondary Procedure Date 11 Secondary Procedure Code 12 Secondary Procedure Date 12 HRG Used for Tariff Tariff Initial Amount National Aggregate UnBundled Adjustment National Tariff Financial Adjustment National Tariff Adjustment Future Use_1 National Tariff Adjustment Future Use_2 National Tariff Pre MFF Adjusted National Applied MFF National MFF Adjustment Tariff Total Payment National Tariff Initial Amount Non Mandatory Aggregate UnBundled Adjustment Non Mandatory Tariff Financial Adjustment Non Mandatory Tariff Adjustment Future Use_1 Non Mandatory Tariff Adjustment Future Use_2 Non Mandatory Tariff Pre MFF Adjusted Non Mandatory Applied MFF Non Mandatory MFF Adjustment Non Mandatory Tariff Total Payment Non Mandatory Non Mandatory Core Tariff (with UB) Tarrif Initial Amount Local Aggregate UnBundled Adjustment Local Tariff Total Payment Local Local Core Tariff (with UB) PbR Final Tariff Final Tariff Applied Number Diagnosis Number Procedures Number Unbundled HRGs Number Unbundled Non Priced HRGs 34 Number Unbundled Priced HRGs Organisation Code (Sender) Staging Loaded Date Protocol Identifier Unique CDS Identifier Applicable Date Extract Date Report Period Start Date Report Period End Date Spare 1 Spare 2 Spare 3 Spare 4 Spare 5 Grouping Algorithm Version Grouping Reference Data Version Grouping HRG Version CDS Schema Version Query Date Unique Query Id SUS A&E SUS Version NHS RID (From Provider) Spell Identifier Generated Record ID CDS Record Type Reason Access Provided Spell In PbR/Not In PbR Exclusion Reason Pseudonymised Status Confidentiality Category Configurable Indicator Code Cleaning Local Patient Identifier Org Code Local Patient Identifier NHS Number Lead Care Activity Indicator Organisation Code Patient Pathway Identifier RTT Patient Pathway Identifier RTT Period End Date RTT Period Start Date RTT Status Unique Booking Reference Number (Converted) Birth Date Age At CDS Activity Date Derived Age Carer Support Indicator Ethnic Category Code Marital Status NHS Number Status Indicator Gender Code Postcode of Usual Address Postcode Sector of Usual Address Organisation Code (PCT of Residence) Patient Postcode Derived PCT Type 35 Patient Postcode Derived PCT EM Attendance Number EM Mode of Arrival EM Attendance Category EM Attendance Disposal EM Incident Location Type EM Staff Member Code EM Referral Source Arrival Date EM Patient Group EM Attendance Conclusion Time EM Departure Time EM Initial Assessment Time EM Time Seen for Treatment Arrival Time CDS Activity Date Commissioning Serial No (Agreement No) NHS Service Agreement Line No Provider Reference No Commissioner Reference No SHA Commissioner SHA Provider Organisation Code (Code of Provider) Provider Site Code Organisation Code (Code of Commissioner) Commissioner Code (Original Data) Commissioner Site Code PCT Derived from GP PCT Derived from GP Practice GP Practice Derived from PDS Registered GMP Code Registered GMP Code (Original Data) GP Practice Code (Original Data) GP Practice Code GP Consortium Code Spell Version As At Date And Time Applicable Costing Period PbR Spell Status Indicator PbR Spell Frozen Indicator HRG Code - Submitted HRG Code Version - Submitted Core HRG HRG Code Version - Calculated Core HRG For Information HRG Code Version - For Information Diagnosis Scheme In Use EM Diagnosis First EM Diagnosis Second 1 EM Diagnosis Second 2 EM Diagnosis Second 3 EM Diagnosis Second 4 EM Diagnosis Second 5 EM Diagnosis Second 6 EM Diagnosis Second 7 EM Diagnosis Second 8 EM Diagnosis Second 9 EM Diagnosis Second 10 36 EM Diagnosis Second 11 EM Diagnosis Second 12 Investigation Scheme In Use EM Investigation First EM Investigation Second 1 EM Investigation Second 2 EM Investigation Second 3 EM Investigation Second 4 EM Investigation Second 5 EM Investigation Second 6 EM Investigation Second 7 EM Investigation Second 8 EM Investigation Second 9 EM Investigation Second 10 EM Investigation Second 11 EM Investigation Second 12 Procedure Scheme In Use EM Treatment First PROCEDURE DATE (of First Treatment) EM Treatment Second 1 PROCEDURE DATE (of Subsequent Treatments) 1 EM Treatment Second 2 PROCEDURE DATE (of Subsequent Treatments) 2 EM Treatment Second 3 PROCEDURE DATE (of Subsequent Treatments) 3 EM Treatment Second 4 PROCEDURE DATE (of Subsequent Treatments) 4 EM Treatment Second 5 PROCEDURE DATE (of Subsequent Treatments) 5 EM Treatment Second 6 PROCEDURE DATE (of Subsequent Treatments) 6 EM Treatment Second 7 PROCEDURE DATE (of Subsequent Treatments) 7 EM Treatment Second 8 PROCEDURE DATE (of Subsequent Treatments) 8 EM Treatment Second 9 PROCEDURE DATE (of Subsequent Treatments) 9 EM Treatment Second 10 PROCEDURE DATE (of Subsequent Treatments) 10 EM Treatment Second 11 PROCEDURE DATE (of Subsequent Treatments) 11 EM Treatment Second 12 PROCEDURE DATE (of Subsequent Treatments) 12 Derived EM Department Type EM Department Type EM Department Type MIU Indicator Derived Tariff Initial Amount National Tariff Financial Adjustment National Tariff Adjustment Future Use_1 National Tariff Adjustment Future Use_2 National Tariff Pre MFF Adjusted National Applied MFF National MFF Adjustment Tariff Total Payment National Tariff Initial Amount Non Mandatory Tariff Financial Adjustment Non Mandatory Tariff Adjustment Future Use_1 Non Mandatory 37 Tariff Adjustment Future Use_2 Non Mandatory Tariff Pre MFF Adjusted Non Mandatory Applied MFF Non Mandatory MFF Adjustment Non Mandatory Tariff Total Payment Non Mandatory Tarrif Initial Amount Local Tariff Total Payment Local PbR Final Tariff Final Tariff Applied Number Diagnosis Number Procedures Number EM Investigations Number EM Treatments Organisation Code (Sender) Staging Loaded Date Protocol Identifier Unique CDS Identifier Applicable Date and Time Extract Date Report Period Start Date Report Period End Date Spare 1 Spare 2 Spare 3 Spare 4 Spare 5 Grouping Algorithm Version Grouping Reference Data Version Grouping HRG Version CDS Schema Version Query Date Unique Query Id 38 APPENDIX 6 - Community Dataset Required for Integrated Care IT System NHS Number Person Birth Date Person Death Date Postcode of Usual Address General Medical Practice Code (Patient Registration) Organisation Code (PCT of GP Practice) Person Marital Status Employment Status Ethnic Category Preferred Communication Language Carer Support Indicator Patient Care Responsibility Indicator Organisation Code (PCT of Residence) Disability Code Death Location Type (Preferred) Death Location Type (Actual) 39 Death Not at Preferred Location Reason Code Referral Request Received Date Referral Request Received Time Organisation Code (Code of Commissioner) Source of Referral for Community Source of Referral for Community Priority Type Code Primary Reason for Referral (Community Care) Diagnosis Scheme In Use Diagnosis At Referral (Community Care) Referral Closure Date (Community Care) Referral Closure Reason (Community Care) Discharge Date (Community Health Service) Discharge Letter Issued Date (Community Care) Unique Booking Reference Number (Converted) Patient Pathway Identifier Organisation Code (Patient Pathway Identifier Issuer) Waiting Time Measurement Type Referral to Treatment Period Start Date Referral to Treatment Period End Date Referral to Treatment Period Status Indirect Patient Activity Identifier Organisation Code (Code of Commissioner) Indirect Patient Activity Date Indirect Patient Activity Duration Indirect Patient Activity Type Code (Community Care) 40 Care Professional Staff Group Appendix 7 Mental Health Dataset required for Integrated Care IT System CURRENCY_POD PROVIDER_TYPE_DESC PROVIDER_CODE PROVIDERNAMEINITIALS PROVIDER_NAME ENDOFEACHLINE PCT_CODE DISCH_METHOD PCT_NAME LEAVETYPEDESC LOCAL_PATIENT_IDENTIFIER TRANSFERED_FROM_WARD NHS_NUMBER ADMISSIONSOURCEDESC PATIENT_DATE_OF_BIRTH ADMISSIONMETHODDESC PATIENT_GENDER AGE_AT_ADM PATIENT_POSTCODE OCCUPANCY_START PCT_CODE_RESIDENCE OCCUPANCY_END GP_CODE TOTAL_OBDS GP_PRACTICE_CODE LEAVE SUBSERVICE ACTUAL_OBDS WARD_NAME REFERRAL_DATE SERVICE REFERRAL_TIME WARD_TYPE TEAM_NAME WARD_START_DATE DIRECTORATE_GROUP_NAME WARD_END_DATE BOROUGH_NAME PRIMARY_DIAGNOSIS SOURCE_DESC SPECIALTY_CODE SOURCE_NAME ACTIVITY_START_DATE GP_CODE MONTH REASON_DESC COUNT_OR_SUM_OF_ACTIVITY PRIORITY_DESC 41 CONTACT_TYPE OUTCOME_DATE TEAM_NAME OUTCOME_DESC PURPOSE ENDOFEACHLINE SUB_SERVICE SERVICE_OR_SPEC OUTCOME DV_ATT_FLAG CONTACT_DATE CONTACT_TIME AM_SESSION PM_SESSION ACTIVITY_TYPE DNA_FLAG NEW_FUP VENUE Mental health Dataset 2 Fields available within MH data - only displaying dummy data ORIGINATING_TABLE CURRENCY_POD PROVIDER_CODE PROVIDER_NAME PCT_CODE PCT_NAME LOCAL_PATIENT_IDENTIFIER NHS_NUMBER PATIENT_DATE_OF_BIRTH PATIENT_GENDER PATIENT_POSTCODE PCT_CODE_RESIDENCE GP_CODE GP_PRACTICE_CODE SUBSERVICE WARD_NAME SERVICE WARD_TYPE WARD_START_DATE WARD_END_DATE MHT_CIFT_IP_1213 MHT_CIFT_IP_1112 INPATIENT TAF CAMDEN AND ISLINGTON FOUNDATION TRUST 5K7 CAMDEN PCT 1234567 1234567890 31-Jan-31 Female/Male NW1 2HD 5K7 5K7 F83000 Trust MH Adult Services Ward/Unit Adult/Older Mental Health Cont.Care /Acute/ Comm-based 01-Mar-12 04-Mar-12 42 PRIMARY_DIAGNOSIS SPECIALTY_CODE ORIGINATING_TABLE CURRENCY_POD PROVIDER_CODE PROVIDER_NAME PCT_CODE PCT_NAME LOCAL_PATIENT_IDENTIFIER NHS_NUMBER PATIENT_DATE_OF_BIRTH PATIENT_GENDER PATIENT_POSTCODE PCT_CODE_RESIDENCE GP_CODE GP_PRACTICE_CODE ACTIVITY_START_DATE MONTH COUNT_OR_SUM_OF_ACTIVITY CONTACT_TYPE TEAM_NAME PURPOSE SUB_SERVICE SERVICE_OR_SPEC OUTCOME DV_ATT_FLAG MHT_CIFT_CONTACTS_1213 MHT_CIFT_CONTACTS_1112 COMMUNITY CONTACTS TAF CAMDEN AND ISLINGTON FOUNDATION TRUST 5K7 CAMDEN PCT 1234567 1234567890 31-Jan-31 Female/Male NW1 2HD 5K7 F83000 01-Mar-12 1 Follow Up / New Various Review / Comm / Fup Adult - Various R&R / CommOR / Acute / Subs.Misuse 43 Appendix 8 Adult Social Care Data Set Adult Social Care Dataset - Using Corelogic Framework i System Data Item Frameworki No NHS Number Demographics Forename Surname DoB Address Gender Worker Relationships Allocated Social Worker Care Co-ordinator Involved Team Last Assessment/Review Date Schedule Review Date Care Packages Provided Comments Details to be agreed Details to be agreed Mental health Details to be agreed Notes Data set would be for currently active clients ie in receipt of services or professional support or those who have had services within the last 12 months 44 Document History Version Date Change 0.1 November 2012 Initial draft issued and comments incorporated 0.2 13 May 2013 Second draft incorporated relevant comments 0.3 June 2013 Draft incorporated comments from stakeholders 45
© Copyright 2024