50
105
12 Data management
The Review Panel concluded that in such cases, a two-stage approach should be adopted.
This would mean initially using de-identified data for local disclosure or access and a single
identifier, such as NHS number to narrow down a data set, before using personal
confidential data to complete the matching. Personal confidential data should not be used
from the outset.
12.4 Data quality and indirect care
In general, there are two main causes of poor quality data for indirect care. The first is
when data for indirect care is derived from professional health and social care records for
direct care that are themselves of insufficient quality. The second stems from the way in
which indirect care data sets are created. This is done by either using an automated
approach to produce new data sets from health and social care records (sometimes called
‘mapping’), or more frequently, relying on human transcription; taking data from one
source and recording it in another system or database. Data transcription errors can be
significant with rates of 6.5% or 650 errors per 10,000 fields quoted in research studies
100
.
However depending on context these error rates may be even higher
101
, especially when
the transcribing process requires the source data to undergo a change or transformation.
The use of human transcription therefore not only increases the exposure of personal
confidential data it also reduces data quality.
The Review Panel endorses the First National Data Quality Report of the Quality
Information Committee of the National Quality Board
102
, which seeks improvements in
data quality in the health and social care system.
12.5 Record management incidents
The records management systems of any organisation is integral to the quality of its data.
Health and social care organisations need to ensure they have robust procedures in place
for transferring, archiving and disposing of data in an appropriate and timely way. A
significant number of serious incidents happen because of a failure to manage data
appropriately, for example ‘wrong-site’ surgery or incorrect treatment being provided to
an individual. Some of these feature failures of information systems. There have also been
a number of incidents resulting in breaches of the Data Protection Act when data has been
archived or destroyed in an inappropriate or insecure manner.
While these will be reported as serious clinical incidents allowing key lessons to be
learned, they may not identify more systemic failures. This means that issues caused by
poor information management may not be identified and addressed as quickly as they
could be.
The Review Panel concludes that serious clinical incidents in which any data
management issue is identified should be reported in a similar manner to data
breaches (see section 4.6).
100 Wahi et al, Reducing Errors from the Electronic Transcription of Data Collected on Paper Forms: A Research Data Case Study,
http://www.ncbi.nlm.nih.gov/pmc/articles/PMC2409998/
101 Automated quality checks on repeat prescribing, J E Rogers, C J Wroe, A Roberts, et al, http://www.ncbi.nlm.nih.gov/pmc/articles/
PMC1314725/
102 http://www.dh.gov.uk/health/category/policy-areas/nhs/nqb/
45
106
Information: To share or not to share? The Information Governance Review
12.6 Administrative Data Taskforce and ‘What Works’ Centres
The Administrative Data Taskforce was formed in December 2011 by the Economic and
Social Research Council, the Medical Research Council and the Wellcome Trust. The
Administrative Data Taskforce has been working with a range of government departments,
academic experts, the funding agencies and representatives from all four nations in the UK
to examine the best procedures and mechanisms to make administrative data available
for research, safely.
The Administrative Data Taskforce report, Improving Access for Research and Policy
(December 2012)
103
, proposes a UK Administrative Data Research Network responsible for
linking data between government departments. The Review Panel endorses the approach in
this report and believes that it should provide a basis for providing the linkage service to
support identification for early help or intervention with effective information safeguards.
In particular, the Review Panel supports:
• the recommendation to establish an Administrative Data Research Centre in each of the
four countries of the UK;
• the potential legislation to facilitate pan-government work on research and statistics
through access to administrative data and to allow data linkage between departments
to take place more efficiently using their recommended methods; and
• the model of using a ‘trusted third party’
104
to provide linkage of data while maintaining
appropriate security and confidentiality.
The Economic Social Research Council is also involved in ‘What Works’ networks that are
undertaking separate initiatives
105
. Such approaches may be appropriate for the early
identification and help social welfare intervention initiatives.
12.7 Safeguarding
Across the health and social care system, the resistance and fear that exists about sharing
information is less evident in instances of safeguarding children. Professionals (and their
organisations) do not want to be left holding crucial information that could have been used
to prevent harm, and professionals would sooner defend a situation of a breach in
confidentiality by sharing, rather than defend an unnecessary death through not sharing.
The difference is not just in attitudes, but also in time and resources. The Review Panel
heard professionals could spend up to ten times the amount of time on cases involving
safeguarding and associated sharing than on routine care and sharing.
103 The UK Administrative Data Research Network: Improving Access for Research and Policy Report from the Administrative Data Taskforce,
December 2012, http://www.esrc.ac.uk/_images/ADT-Improving-Access-for-Research-and-Policy_tcm8-24462.pdf
104 Model Three in the ADT report.
105 Examples include: www.centreformentalhealth.org.uk/pdfs/briefing37_Doing_What_Works.pdf, http://www.primarycarefoundation.co.uk/
what-we-do/urgent-care-centres, http://www.barnardos.org.uk/reaching_families_in_need.pdf
41
107
12 Data management
The Review Panel took into consideration a number of reports on safeguarding children and
concluded that considerable progress was being made but as the Edlington Report and the
report from the Office of the Children’s Commissioner entitled ‘I thought I was the only
one. The only one in the world
106
’ make clear, there is still more to do.
With regard to safeguarding adults the new Care and Support Bill highlights this subject in
several sections. It was noted that there is no provision for a statutory gateway for
reporting safeguarding concerns.
The Review Panel concludes that the good practice in sharing around safeguarding
children is improving. There are concerns about inconsistent practice relating to
identifying young people at serious risk. In addition, serious consideration should be
given to reporting safeguarding concerns involving adults and whether patient consent
should be sought or whether safeguarding concerns should be raised utilising a
statutory gateway particularly about adults being cared for away from home.
Multi Agency Safeguarding Hubs (MASH) address a problem that has been brought up in
almost every serious case review — lack of information sharing. The first MASH was the
developed by Nigel Boulton, area commander of the Devon police. Professionals from
children’s care, police, education and health sitting alongside one another, with their
respective IT systems, using shared information to inform an appropriate safeguarding
response to a vulnerable person.
Example
A police report on a drugs warrant noted a young woman present who was in
possession of a high quantity of valium pills. On processing it through the MASH, it
was discovered that the woman was seven months pregnant, living in temporary
accommodation, had exhibited anti-social behaviour, poor engagement with
antenatal services and had a history of involvement with social services. The case
was immediately passed to an assessment team and a child protection plan was
drawn up due to fears of neglect
107
.
12.8 ‘The unborn’
Within the NHS, a foetus does not have a record and its details are recorded as part of the
mother’s record. Additionally foetuses are not allocated an NHS number. Within the social
care system in England, however, a record may be opened for a foetus if a pre-birth
assessment is required. This difference of approach poses problems when it comes to
data sharing.
106 The Office of the Children’s Commissioner’s Inquiry into Child Sexual Exploitation In Gangs and Groups — Interim report, November 2012.
107 http://www.communitycare.co.uk/articles/07/06/2011/116936/multi-agency-safeguarding-centre-for-childrens-referrals.htm
42
108
Information: To share or not to share? The Information Governance Review
For example, a pregnant woman showing symptoms of alcohol abuse might be assessed in a
pre-birth plan. She would almost certainly be assessed if she had a previous child adopted
or taken into care. The national statistics show clearly the increases in babies being born
with foetal alcohol syndrome, and this is becoming an increasing challenge to the health
and social care system, not least as many of these children may become subject to the
adoption services.
Children’s social care providers do not hold case records on adults. Therefore, details of
the mother are recorded in the foetus’s electronic record. A duty to share relevant
information concerning a child’s welfare is set out in ‘Working Together to Safeguard
Children: A guide to inter-agency working to safeguard and promote the welfare of
children’ (March 2010)
108
. This is generally supplemented with local policies
and procedures.
To give an idea of scale, a local authority with responsibility for a population which has a
significant drug and alcohol problem would have as many as a dozen ‘unborn’ cases at any
one time.
Data sharing and service integration will present serious challenges when the NHS, Local
Authorities and social care services adopt such different legal, cultural, organisational,
operational and technical approaches. The Review Panel recognise that this is a complex
issue, but conclude that further consideration should be given to finding a solution. As the
issue starts at the point that different government departments are involved in the social
care of adults and children any lasting solution needs to begin at this level.
Recommendation 18
The Department of Health and the Department for Education should jointly
commission a task and finish group to develop and implement a single approach to
recording information about ‘the unborn’ to enable integrated, safe and effective
care through the optimum appropriate data sharing between health and social
care professionals.
12.9 Information governance framework
As a general point, the same standards and rules across health and adult social care,
including domiciliary care, would be extremely helpful. A recurring theme was the diversity
and inconsistency of advice and guidance from a wide range of sources, which made it
difficult to share data even to support the care of individuals. The Review Panel concludes
there is a need for improvement in the appropriate sharing of information across sectors,
with simple messages communicated to patients, staff and carers.
Small care providers may not have the capacity or capability to reach an adequate
standard of information governance performance or understanding and may need support
from their local principal commissioner.
108 https://www.education.gov.uk/publications/standard/publicationdetail/page1/DCSF-00305-2010
44
109
12 Data management
The Review Panel concludes that consistency in the information governance
requirements for providers is key.
In many instances providers are having to meet five or six different sets of requirements
from different commissioners or government departments creating an undue burden. The
position may be further complicated in the future, with the ability to commission from any
qualified provider, designing specific new processes, perhaps in agreement with
the provider.
The Information Governance Toolkit is an online resource that allows NHS organisations and
other bodies to assess themselves against the Department of Health’s information
governance standards and policies. In practice, there is no independent audit of the self-
assessments submitted and it is questionable how well they reflect actual information
governance practice in organisations, particularly given the obligations to publish the
results. Version 8 of the toolkit had required both supporting evidence of the self-
assessment score to be submitted and for the scoring and evidence for some of the
requirements to be internally audited. As a consequence, there was a marked decline in
the results
109
. Additionally, the Department of Health subsequently initiated a ‘deep dive’
assessment of the scoring of five of the requirements in a number of acute trusts
110
, looking
at the efficacy of the internal audit process. The quality of the audit was found to be
variable and the consistency of scoring across organisations to be poor.
The Review Panel concludes that Information Governance Toolkit self-assessments
could be strengthened and their profile raised by inclusion of declarations in the
Statements of Internal Control accompanying the annual quality reports of NHS
organisations or for non-NHS organisations, in the annual report or performance report,
signed off by the organisation’s board or equivalent body.
The Review Panel concludes that in order to encourage openness and transparency,
every health and social care organisation should publish a description of what personal
confidential data it discloses, to whom and for what purpose. This information should
already exist within the Data Protection Act privacy notices and data sharing
agreements that organisations have produced.
Recommendation 19
All health and social care organisations must publish in a prominent and
accessible form:
• a description of the personal confidential data they disclose;
• a description of the de-identified data they disclose on a limited basis;
• who the disclosure is to; and
• the purpose of the disclosure.
109 NIGB Information Governance Toolkit Review, March 2013 http://www.nigb.nhs.uk/pubs/wgreports/index_html
110 https://www.igt.connectingforhealth.nhs.uk/Bulletins/Information%20Governance%20Bulletin%20No%201%20July%202011%20(Vers%201).pdf
52
110
Information: To share or not to share? The Information Governance Review
12.10 Contractual arrangements for data sharing
There are broadly three types of legal arrangement when data is shared. These are shown
in the table below. A fuller explanation of the health service body to health service body
contracts is set out in section 7.5.
Figure 2: Information governance contractual agreements for the legal sharing of data
Type of contractual agreement Enforced by the ICO?
Requirement for
contractual agreement
to contain explicit
penalties and
liabilities?
Requirement for
section 251 support
for health service
body to health
service body
sharing? **
Disclosure of de-identified
data for limited access
Yes, if the data
becomes re-identified
Yes
Yes
Disclosure of personal
confidential data from one
data controller to another
data controller*
Yes
No
No
Disclosure of personal
confidential data: from a
data controller to a data
processor
Yes
Yes
Yes
* Although it may appear that there are fewer safeguards in agreements for disclosing personal confidential data from one data controller
to another data controller, this type of sharing already requires a legal basis of consent, statute or exceptionally, public interest.
** This section 251 is to convert an unenforceable contract into an enforceable contract.
The Review Panel concludes that suitable section 251 support is required for data
controller to data processor disclosures and disclosures of de-identified data for limited
access from one health service body to another health service body (see section 7.5).
Based on the evidence gathered during the review, the Review Panel is aware of the
significant resources used by health and social care organisations to produce Data
Controller to Data Controller data sharing agreements. Given the resource constraints the
whole system is under, the Review Panel believes that designing and implementing a single
health and social care system process or template for data controller to data controller
sharing agreements could reduce unnecessary duplication and prevent people
re-inventing wheels.
31
111
12 Data management
Recommendation 20
The Department of Health should lead the development and implementation of
a standard template that all health and social care organisations can use when
creating data controller to data controller data sharing agreements. The template
should ensure that agreements meet legal requirements and require minimum
resources to implement.
12.11 Provider service contracts
When a commissioner changes provider, the fate of the records held by the original
provider, both for services with episodic data and for services with continuity of care
responsibilities, remained unclear to those giving evidence. This point was made
eloquently in respect of independent sexual health services
111
.
Professional standards and good practice
All patient records held by provider organisations should be kept in line with health
and social care system record retention requirements. The Review Panel concludes
there are two ways this could be done:
• The provider holding the records could be funded to deliver this retention and
security of the records as part of their commissioning contract. If the provider is
providing care services they will need to retain the data for a period for their own
financial probity and clinical or care governance. If the provider is purely a data
processor then they should not need to retain the data beyond the
contracted period.
• Another part of the health and social care system, for example the Health and
Social Care Information Centre, could be commissioned to provide a ‘safe vault’
for this data which can only be accessed when there is anonymisation at source,
or when there is complaint, legal challenge or criminal investigation.
111 Note: Between 30% and 56% of people accessing sexual health services do not want their GP to be informed. Therefore, storing records with
the GP is not always an option.
37
112
Information: To share or not to share? The Information Governance Review
12.12 Access to patient records from insurers and
mortgage providers
The Panel also heard concerns that insurers and mortgage lenders may seek to use their
influence to request whole records from GPs, as a condition of supplying insurance or a
mortgage. The General Medical Council has issued specific guidance for GPs
112
and the
British Medical Association and the Association of British Insurers (ABI) have produced joint
guidelines
113
to allow relevant data about patients to be shared appropriately with insurers
on a basis of explicit, written consent.
In addition, principle 3 of the Data Protection Act
114
offers further safeguards as it allows
organisations to hold only “adequate, relevant and not excessive” personal data about an
individual. This means insurers and mortgage lenders cannot hold more information about
an individual than they need. The act also requires organisations to identify in advance and
then request only the minimum amount of data needed for a particular purpose.
The Review Panel concluded that these guidelines, combined with the safeguards offered
by the Data Protection Act offer sufficient to prevent inappropriate sharing of whole
records with insurers and mortgage lenders.
112 ‘Confidentiality: disclosing information for insurance, employment and similar purposes’, General Medical Council, 2009, states that:
• “[GPs] must inform patients about disclosures for purposes they would not reasonably expect, or check that they have already received
information about such disclosures”; and
• “as a general rule, you should seek a patient’s express consent before disclosing identifiable information for purposes other than the
provision of their care or local clinical audit, such as financial audit and insurance or benefits claims.”
http://www.gmc-uk.org/Confidentiality_disclosing_info_insurance_2009.pdf_27493823.pdf
113 ‘Medical information and insurance: Joint guidelines from the British Medical Association and the Association of British Insurers,
March 2010’ states:
• “Consent for disclosure of information is valid only where applicants understand the nature and extent of the information that is being
requested, and the use to which it will be put. If doctors are in any doubt about whether valid consent has been given, they should check
with the applicant.”
www.abi.org.uk/Information/64827.pdf
114 http://www.ico.gov.uk/for_organisations/data_protection/the_guide/information_standards/principle_3.aspx
Documents you may be interested
Documents you may be interested
