INFORMATION GOVERNANCE REVIEW EVIDENCE GATHERING: COMMISSIONING

Transcription

1 INFORMATION GOVERNANCE REVIEW EVIDENCE GATHERING: COMMISSIONING Introduction In producing these questions, the Information Governance Review Panel has reviewed the legal and statutory basis for the processing of information in relation to Commissioning functions and the emerging structure of NHS Commissioning services. Together with a common group of questions relating to the use of identifiable information, the Panel has generated questions around the four domains of Commissioning. Powers and Duties Commissioning contracting Analysis for performance management and intelligence Other Position Statement The Information Governance Review Panel is open to receiving notice of other authoritative publications in the field of information governance and commissioning. In addition, in setting out the questions below the Information Governance Review Panel wish to stress they have NOT reached any conclusions and are using the questions to explore the subject matter, so any written input from any interested party on the subject of information governance and commissioning is welcomed - including answers to the questions posed. Similarly, organisations should not feel compelled to answer all of the questions posed, where they are specifically pertinent to others. These raise issues identified by the panel and are intended to stimulate discussion but need not all be regarded as essential. 29 May

2 QUESTIONS 1. Terminology and Definitions One of the frequently voiced concerns detected early in the review s progress has been around the richness of terms used and the variety of definitions, this applies to the technical, clinical and legal aspects of information governance (see Annex 1): a. Do you think this is a valid concern? b. Do you think it is both systemically desirable and practically feasible for relevant statutory bodies and professional regulators to agree some common terms and definitions? And what may have prevented this from happening in the past? c. What do you perceive to be identifiable data? 2. Powers, rights and duties with regard to information and information governance The Health and Social Care Act 2012 creates a major shift in the health and social care system. Perhaps the biggest change is the setting up of the NHS Commissioning Board, these set of questions focus on the big picture with regard to the NHS CB, its relationships with other parties and the high level structures and processes it plans to put in place to ensure public confidence in the balance it achieves between sharing and privacy. General powers and obligations: a. Whilst NHS CB and CCGs will need information to support them in their role, it does not necessarily follow that identifiable patient and service user information will be needed to what extent: i. Do you think the NHS CB will need to process sensitive personal information? If so what data and data sources will be used? Will sensitive personal data be used in the analysis function of the NHS CB? If yes could you describe the purposes, extent of identifiability and retention needed. (E.g., will you need the NHS number?) And do you think providers and those responsible for the information governance system will consider this reasonable? 29 May

3 ii. Do you think CCGs will need to process sensitive personal information? Or will seek to commission others to process it on their behalf (e.g. a CSS or other third party organisation)? If so what data and data sources will be used? Will sensitive personal data be used in the analysis function of CCGs? If yes could you describe the purposes, extent of identifiability and retention needed. (E.g. will you need the NHS number?) And do you think providers and those responsible for the information governance system will consider this reasonable? b. The H & SC Act 2012 only provides exception to the common law duty of confidentiality for the Information Centre and for some limited disclosures to other bodies. In light of this, how do you envisage obtaining a legal basis for local data collections at CCG level and for national data collections at NHS CB level that include confidential patient information? c. How would you see the health and Social Care system demonstrating to the public in an open and transparent way that it processes their data securely and confidentially to maintain their trust? And what roles should the NHS CB and CCGs have in this? d. The NHS CB, along with all NHS bodies, has a statutory duty to involve the public, how do you think they will, could or should meet this obligation with regard to information governance? e. To what extent will providers e.g. GPs, still be able to exercise data controllership given the likelihood of increasing demands for disclosure of information by CCGs and the NHS CB? System-wide responsibilities and integration: f. Information Governance could be regarded as a type of information standard and be managed as such. Do you think information governance should be managed separately from information standards? g. The NHS CB has a duty to publish guidance on information processing for registered persons including processing of patient information: Do you think it should fully conform to that guidance itself? How should it incorporate and integrate professional regulatory standards, guidance and codes of conduct? 29 May

4 How should this guidance relate to the Statutory Code of Practice to be developed by the IC on the same subject? Given the NHS CB and SoS will be consulted on the IC s Code of Practice and that it will apply to all public bodies and not just registered persons, how will you address differences between the IC and the NHS CB documents? How should this guidance integrate with the CQC assessment of performance covering the same area? How do you think the CQC will, could or should monitor performance against the standards? What is the relationship with the IG toolkit and how will this affect commissioners? Given the CQC duty to inform NHS CB and Monitor of the conformance results of the other bodies do think the CQC should inform the other bodies of the performance of Monitor and NHS CB? Research: h. The NHS CB has the right to fund, undertake and support research do you envisage the NHS CB taking up this opportunity? If yes how would you see any section 251 approval taking place i. CCGs have the right to fund, undertake and support research do you envisage them taking up this opportunity? If yes how would you see any section 251 approval taking place j. Do you see the NHS CB placing any limitation on CCG freedom in this domain? Disclosures: k. The NHS CB has wide powers of disclosure, do you think this extends to confidential information and sensitive personal information: To other organisations within the health and social care system? To other government departments? Who else may be included under section 13Z3:1(3) of the Health and Social Care Act of 2012? 29 May

5 3. Commissioning including its support services Clearly, the NHS Commissioning Board main function is commissioning, this set of questions looks at what information it needs to support commissioning both in terms of assessing requirements, putting in place contracts and measuring performance for payment. This set of questions explores how it will do this and how reliant on sensitive personal data or confidential information it envisages it will be. It also considers how information governance requirements could be met through contracting and in particular in relation to the roles and responsibilities of Commissioning Support Services. a. The Panel would like to understand what you envisage to be the NHSCB s requirements and CCG requirements in relation to the use of patient information for assessing requirements, putting in place contracts and measuring performance for commissioning; i. To what extent will you require this information to be identifiable e.g. the NHS number, date of birth etc for linkage; ii. What do you see as the important Information Governance concerns related to this information; iii. What are your intentions in relation to how the data is managed? E.g. data warehousing / safe havens / use of pseudonymisation etc iv. What do you see as the important information governance concerns related to the role of Commissioning Support Services? How will CCGs commission and manage CSSs. v. What do you envisage to be the relationship between GPs, CCGs and CSSs? Will the NHS CB have a direct relationship with CSSs? if so what is the nature of that relationship? vi. How do you envisage using contracting arrangements to address information governance requirements? What lessons can be learnt from previous contracting arrangements? vii. How do you envisage information governance requirements conformance (currently via the IG toolkit) will need to be assessed and evaluated in future? 29 May

6 viii. Should conformance be more strictly regulated and checked? ix. What penalties and incentives would you suggest to support performance? x. Are there particular issues in relation to commissioning children s services? b. What do you perceive to be the issues relating to cross-sector commissioning? i. How will linkages be managed and undertaken lawfully? ii. What are the issues related to any qualified provider? 4. Analysis function The NHS CB has identified a central function of 150 WTE s staff for analysis at an annual cost of around 10 million. Additionally there are suggestions of a number of data centres around the country to support CCG required analysis functions. This set of questions explores to what extent that analysis function will be itself accessing, analysing and linking sensitive personal information or confidential information and to what extent some or all of these functions will be fully or partially delivered by the Information Centre both now and in the future. a. To what extent is it likely that some or all of these analysis functions will be delivered by the Information Centre and to what extent will analysis happen in other places? Is duplication inevitable? Is it feasible to minimise duplication and if so, how? b. If CCGs or their Commissioning Support Units or Services intend to have a number of identifiable data sets and potentially link them do you see them having to meet the same standards of information governance as the Information Centre? And how might they do this? c. To what extent have you considered collaborating with Monitor, the CQC, NICE, the IC, Public Health Observatories, Quality Observatories, and Local Authority Public Health staff to minimise duplication of effort and the number of staff across the system that need access to identifiable patient data? 29 May

7 5. Other This section picks up a number of subjects important from an information governance perspective, but which are not big enough to support a theme in their own right. a. Health and well being Boards Do you envisage Health and Well Being Boards seeking to obtain /being given any personal sensitive data or confidential data? If H&WBBs ask questions that need data sets linking where do you envisage that would take place? Under Sec 196, a local authority may arrange for a Health and Wellbeing Board established by it to exercise any functions that are exercisable by the authority, do you see this as a risk to the disclosure of sensitive personal data? How do you think LAs and others might ensure that more junior staff are not pressured into disclosing sensitive and confidential personal data to H&WBBs unnecessarily / inappropriately? b. Mandatory Collections Monitor, CQC, NICE, and such other persons as may be prescribed in regulations, can make requests to the IC for data to be collected; the IC have a duty to comply with requests from these bodies. These collections are information standards but may also have considerable information governance implications. Currently, there are a number of approvals mechanisms, in relation to both Information Standards and Information Governance. These will change in future, but do you have a view on how an integrated approval system for both might operate? 6. Pressing Missed issues Are there any issues you wish to raise about information governance and commissioning, which you think the Review needs to consider and for which (ideally) you have a suggested solution? 29 May

8 Annex 1 What is Information Governance? Information governance is the term used to describe the principles, processes, legal and ethical responsibilities for managing and handling information. It sets the requirements and standards that health and social care organisations need to achieve to ensure they fulfil their obligations so that information is handled legally, securely, efficiently and effectively. Information governance is essential for the lawful and ethical use of patient and service user information both for the benefit of the individual to whom the information relates and for the public good. Further Information can be found at: Standards Framework for Information Governance Information Standards Board website: National Information Governance Board for Health and Social Care Department of Health ongovernance/index.htm 29 May