Guidance for Sponsors & Registration Agents on the Granting of SUS RBAC Activities

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Guidance for Sponsors & Registration Agents on the Granting of SUS RBAC Activities"

Transcription

1 Programme NPFIT Document Record ID Key Sub-Prog / Project Secondary Uses Service Prog. Director J Thorp Version 5.1 Owner Status Author Craig Watson Version Oct- 12 Date Secondary Uses Service Guidance for Sponsors & Registration Agents on the Granting of SUS RBAC Activities V5.1 Oct 2012

2 Amendment History: Version Date Amendment History /1/08 First version for Comment 0.2 7/2/08 Incorporates first round of comments from Steve Davison and Colin Fincham /2/08 Incorporates second round of comments from Steve Davison; added references /4/08 Final version for release /5/08 Upgrade to issue v /04/2009 Addition of guidance for Strategic Data Deletion Service /05/2009 Addition of R5 PbR Activities /12/2009 R6 Update and further clarification around business functions available and those still in UAT /06/2010 R6.1 and R7 update. Reorganised sections, added information on shared services, ISHPs and user limits /02/2012 Updated all the hyperlinks from CfH to HSCIC /10/2012 Review all sections, update as required Forecast Changes: Anticipated Change Guidance may be updated with each SUS release as new functionality is delivered. Reviewers: This document must be reviewed by the following: When Signature Title / Responsibility Date Version Service Delivery Manager Approvals: This document must be approved by the following: Signature Title / Responsibility Date Version Jeremy Thorp SUS Programme 21/4/08 Distribution: Sponsors and Registration Authorities. Document Status: This is a controlled document. Whilst this document may be printed, the electronic version maintained in FileCM is the controlled copy. Any printed copies of the document are not controlled. Related Documents: These documents will provide additional information. Ref no Doc Reference Number Title Version Page 2 of 39

3 Glossary of Terms: List any new terms created in this document. Mail the NPO Quality Manager to have these included in the master glossary above [1]. Term Acronym Definition Page 3 of 39

4 Contents 1 Introduction Audience Purpose SUS Functionality SUS Information Governance and Access Controls How SUS implements RBAC Guidance for RAs Access to the SUS Application is via B Rules on Accessing Identifiable and Pseudonymised Data Availability of SUS Functionality Limits on The Number of SUS Users to the SUS Data Access Service Cross Organisational Access to SUS Data Shared Services Independent Sector/Healthcare Providers Guidance on Granting SUS Activities CDS Extract Users Payment by Results Users Users who monitor the submission of data to SUS Users Requiring Access to the Strategic Data Deletions Service Further Support Appendix A - Index of SUS Activities (Business Functions) Appendix B Conflicting Business Functions Appendix C Restricted Business Functions Appendix D - Redundant Business Functions Page 4 of 39

5 1 Introduction 1.1 Audience This document is intended to provide guidance to Registration Authorities (RAs) and Sponsors who will be responsible for granting access to the Secondary Uses Service (SUS) to their user community. It may also prove a useful guide to Information Managers and SUS users when determining the appropriate SUS access required to meet their business needs. 1.2 Purpose The document presents a simple description of the decisions that RAs and Sponsors will have to take in deciding which RBAC Activities should be granted to particular users Although this document presents high-level descriptions of the SUS functionality, it is not intended to be a user guide for the SUS applications. Further information about SUS can be found at the SUS Guidance pages 1.3 SUS Functionality The SUS suite of applications is maintained centrally on the NHS Spine. These applications support several NHS business areas including: Commissioning Data Set (CDS) Extracts Payment by Results Strategic Data Deletion Service 1.4 SUS Information Governance and Access Controls In order to comply with the Law and with Confidentiality: the NHS of Practice, SUS is required to provide reports and extracts with patient information in aggregate or anonymous form wherever possible. Where this is not practicable, SUS provides information in pseudonymised form (which enables records about individuals to be linked together without revealing their identities) and, in exceptional cases, in identifiable form. According to current policy as specified by the Ethics & Confidentiality Committee (EEC), and accepted best practice, where data is required in pseudonymised or identifiable form for secondary purposes, only the data relevant to the particular purpose of access should be provided to the user. For example, if a user requires pseudonymised or identifiable data to manage their 18 Week Referral to Treatment Times, they should only be given access to the particular records that are relevant to their query, and should not be given general access to all (pseudonymised or identifiable) records in their organisation. Please refer to section 2.2 for further rules around access to patient identifiable and pseudonymised data. 1.5 How SUS implements RBAC As with other Spine applications, access to SUS is enabled via the NHS Smartcard system 1 which implements Role Based Access Controls (RBAC). 1 Access to NHS Comparators is via a separate mechanism GP Practices have been allocated accounts for access, other users should contact the Health and Social Care Information Centre, Contact Centre for further information or available from 9-5 Monday to Friday. Page 5 of 39

6 1.5.2 Each user has a Smartcard with a Unique User ID (UUID). In the RBAC system this UUID is associated with any number of Roles (or User Role Profiles URPs). A URP contains, among other information: An organisation code A (three-level) Role Identifier Optionally, one or more (three-level) Areas of Work [Not used in SUS] Optionally, one or more s and s (also known as Business Functions or BFs) This is represented diagrammatically in Figure 1 below: Smartcard with UUID URP 1 Role Org Activities URP 2 URP 3, etc Figure The SUS applications use these elements to determine which functionality will be available to the user It is crucial to note that SUS only uses elements, namely activities and the organisation code, within a single URP to determine the access rights that will be granted to the user for each session. Thus if a user has several URPs, they will be asked to choose which URP they want to use for the session As described above, the SUS application looks at two elements within the URP in particular to determine what access is given to the users: The Activities determine which area of functionality can be accessed by the user e.g. local views of 18 week RTT reports, commissioner PbR extracts, etc. A user may have several activities within each URP although some combinations of activities are not allowed within a single URP, and some activities are not allowed for users in all organisations. It is important to note that there is no technical constraint on the granting of combinations and Organisation combinations in Calendra but that if a forbidden combination of Activities and/or Organisations is granted, the user will be denied access to SUS using the URP concerned. The main example of this is that users are not allowed access to applications to see both clear data and pseudonymised data from the same URP. An RA should therefore not allocate combinations of Activities within a URP that provide a mixture of clear and pseudonymised data. The Organisation is used to restrict which data can be seen within some reports. The Organisation is also used, as described above, to check for forbidden Page 6 of 39

7 combinations of activities and organisation. Please note that where data is restricted by the Organisation, this does not necessarily mean that data ONLY from the Organisation in the URP can be seen by the user when logging in with that URP the SUS application can hold organisational relationships that can allow organisation to see appropriate data from all of the other organisations for which it is responsible, providing suitable contractual or other agreements are in place. e.g. in a Shared Service [See Section 3.1 below]. Page 7 of 39

8 2 Guidance for RAs 2.1 Access to the SUS Application is via B In order for any user to access the SUS application, they must possess the activity B1500 within the URP they will use. All URPs that will be used to access SUS must contain B1500. This must be explicitly granted as it does not appear in any baseline. The SUS application does not use baselines, and none of the SUS Activities therefore appear in any baseline. 2.2 Rules on Accessing Identifiable and Pseudonymised Data Sponsors and RAs should also be aware that in order to comply with the rules and policies in the Care Record Guarantee and Confidentiality: the NHS of Practice access to identifiable data should be minimised for secondary purposes, even within a single organisation In order to comply with policy and information governance best practice, users are not able to simultaneously view identifiable (clear) and pseudonymised records during a single SUS session; IMPORTANT - RAs should not allocate business functions for pseudonymised data and business functions for clear data within the same URP SUS enforces this Information Governance principal. RAs should not allocate business functions for pseudonymised data and business functions for clear data within the same URP. There is no business need for an individual to access both types of data for one functional area. There should therefore be no need for an RA to artificially create 2 URPs for a user simply to access one area of functionality For an index of all the SUS Business Functions/Activities please refer to Appendix A. For further information please see the guidance material referenced in Section Availability of SUS Functionality Not all of the functionality described in this document will be available immediately. Training will be provided to users on the various SUS functions as they are released. Sponsors and RAs should ensure that users have received the appropriate training to use the SUS applications before access is granted. Some applications are currently in pilot undergoing user assurance testing. They are therefore not yet available to be used. Any user trying to access these using the appropriate business functions will receive an error message when they try to access the applications from the SUS Portal. 2.4 Limits on The Number of SUS Users to the SUS Data Access Service Each organisation is only permitted 3 user licenses to use the SUS Data Access Service (Ardentia). The SUS activities/business functions that are used to access this area are shown in the table below. NB - This is different to the SUS Business Intelligence Service (BO) which does not restrict the number of user licenses per organisation. Page 8 of 39

9 SUS enforces certain Information Governance principals around the type of data that users are allowed to access. There are therefore certain combination of SUS activities that should not be allocated to a user s role. A user can mix activities shown in column A with those from any one other column. However users cannot mix activities from columns B, C or D. For example you cannot not use both B1505 and B0164 together. You can use B1505 and B0163 together. SHAs can only use activities from columns A and/or D. A B C D SEM CDS Extracts PbR B Access Financial Integrity Extracts B Execute CDS Extracts (Clear) B Access PbR Extracts (clear view) Old PbR B Run Aggregate PbR Reports B Run PbR Commissioning Extracts B Run PbR Provider Extracts MHMDS service not yet live Tracker B Manage Tracking and Data Quality B MHMDS Ad Hoc Report Generation (local, clear) B Execute CDS Extracts (NHS Group Pseud. Data) B Access PbR Extracts (pseudonymised view) B MHMDS Ad Hoc Report Generation (local, pseudo) B Execute CDS Extracts (Spatial key Pseud. Data, Clear Postcode) B Access PbR Extracts (Spatial view) Please refer to Appendix B For a full table of conflicting activities. 3 Cross Organisational Access to SUS Data 3.1 Shared Services In brief, shared services must: Register with the NHS Organisation Data Service (ODS); and Inform the SUS Helpdesk to enable SUS to be set up to recognise the Shared Service Page 9 of 39

10 Shared Services must register with SUS using the Shared Services Registration form found at the SUS Guidance pages under the section How do I set up a Shared Service or Specialist Commissioning Service?. 3.2 Independent Sector Providers Facilities have been set up in SUS to enable Independent Sector Providers (ISP) to process data for itself as the parent or Head Quarters of the organisation and other child or satellite sites within the same overall ISP organisation. To implement this, the ISP will need to: Register with the NHS Organisation Data Service (ODS); and Inform the SUS Helpdesk to enable SUS to be set up to handle each ISHP ISHPs must register with SUS using the Independent Sector Registration form found at the SUS Guidance pages under the section How do I set up an Independent Sector Provider in SUS? Page 10 of 39

11 4 Guidance on Granting SUS Activities The SUS descriptions in the National RBAC Database (listed in Appendix A) give detailed explanations of the functionality provided by each individual, grouped by Subgroup / SUS Reporting Area. The additional high-level guidance below is designed to assist sponsors and RAs to determine the correct combination of Activities for particular users. NB individuals may work across different areas and so may need several Activities within a single URP Please note that certain combinations of Activities are not permitted within a single URP this is to comply with Information Governance rules that apply to SUS. Importantly business functions giving access to clear data and pseudonymised data must not be mixed in the same URP. As described above, it is important to note that there is no technical constraint on the granting of and Organisation combinations in the Calendra system but that if a forbidden combination of Activities / Organisations is granted, the user will be denied access to SUS using the URP concerned Please refer to Appendix B For a full table of conflicting activities. Users that attempt to log into SUS with conflicting activities will be presented with the following error message: Your currently selected User Role Profile contains an invalid combination of SUS Activities. Please contact your local Registration Agent. Page 11 of 39

12 4.2 CDS Extract Users The following Activities are available: Execute CDS Extracts (Clear) Execute CDS Extracts (Pseud. Data, Clear Postcode) Execute Spatial CDS Extracts (Pseud. Data, Clear Postcode) B1505 B1510 B Users in Provider and Commissioner (including Shared Services) organisations should be granted B1505. This will provide a local view of CDS data based on the organisation code in the URP. Users in Shared Service organisations should have a URP created with the Shared Service organisation code, and should separately notify SUS of the relationship between the Shared Service organisation and its child organisations 2. It is envisaged that small numbers of users in each organisation will require this activity and that these users will then share the extracted data locally in line with the SUS Data Handling protocol Users who are only permitted to view pseudonymised data should only be granted B1510. All SHA users must use B1840 instead. This will provide pseudonymised extracts but with the postcode in clear data format. This is to facilitate detailed geographical and spatial analysis. B1840 cannot be granted to a user alongside the other two activities. Refer to Section 2.4 to check the conflicting activities for SHA users. 4.3 Payment by Results Users The following Activities are available: Access Financial Integrity Extracts Access PbR Extracts (clear view) Access PbR Extracts (pseudonymised view) Access PbR Extracts (Spatial pseudonymised view) B0162 B0163 B0164 B B0164 will not work for SHA users. All SHA users must use B1841 instead. This will provide pseudonymised extracts but with the postcode in clear data format. This is to facilitate detailed geographical and spatial analysis. It is important to note that B1841 will not work if allocated on the same URP as B0163 and B0164. Refer to Section 2.4 to check the conflicting activities for SHA users For further guidance on these activities please refer to the latest SUS PbR Online User Guide and also the latest Technical Guidance found at the PbR Guidance pages 2 see 3 see Page 12 of 39

13 The following Activities are available: Run Aggregate PbR Reports Run PbR Commissioning Extracts Run PbR Provider Extracts B1555 B1560 B PbR users may be granted any or all of these Activities, although for a typical provider or commissioner organisation, only B1560 or B1565 will be applicable (both would be required for organisations that act both as provider and commissioner). B1555 is applicable to PbR users in provider and commissioner organisations. 4.4 Users who monitor the submission of data to SUS B1525 (Manage Tracking and Data Quality) allows users to execute data quality reports against specified data sets, and to accept and reject submissions. It may therefore be granted to Information Service staff in provider and commissioner organisations, and in SHAs. 4.5 Users Requiring Access to the Strategic Data Deletions Service The following is available: Access Data Deletion Request Service B This activity allows users in NHS Organisations to request service from the Health and Social Care Information Centre Data Deletion Service. Further information is found at the Data Deletion Guidance page This activity also includes reporting on the progress of the data deletion request (local organisational view).further Support Further information is available from the SUS Guidance pages: and via the Health and Social Care Information Centre or available from 9-5 Monday to Friday. Page 13 of 39

14 Appendix A - Index of SUS Activities (Business Functions) NB Please refer to the SUS Progress Tracker to determine the latest functionality that is available. Sub Group Online Query Services Business Function / BF / Business Function / Description Functionality currently available to use. NB This does not include restricted activities. Access SUS B1500 This activity is required for the SUS link to appear on the Spine portal page. Without this activity users will not be able to access the SUS application, so this must be granted to all SUS users. Notes Page 14 of 39

15 Sub Group Business Function / BF / Business Function / Description Extracts Execute CDS Extracts (Clear) B1505 Allows a user to run parameterised or pre-set CDS data extracts with patient identifiable data for a commissioning organisation within the NHS. Notes Allows a user to view previously executed parameterised or pre-set CDS data extracts with patient identifiable data for a commissioning organisation within the NHS. Allows a user to run parameterised or pre-set CDS data extracts with patient identifiable data for a provider organisation (within the NHS). Allows a user to view previously executed parameterised or pre-set CDS data extracts with patient identifiable data for a provider organisation (within the NHS). Only applicable to information service staff in commissioner and provider organisations. NB In the future all identifiers will be replaced with pseudonyms in all reports accessible via this activity. Extracts Execute CDS Extracts (NHS Group Pseud. Data) B1510 Allows a user to run parameterised or pre-set CDS data extracts with patient identifiable data in pseudonymised form, using the NHS Group key, for their organisation. Allows a user to view previously executed parameterised or pre-set CDS data extracts with patient identifiable data in pseudonymised form, using the NHS Group key, for their organisation. Page 15 of 39

16 Sub Group Business Function / BF / Business Function / Description Notes Extracts Execute Spatial CDS Extracts (Pseud. Data, Clear Postcode) B1840 Allows a user to run parameterised or pre-set CDS data extracts with patient identifiable data in pseudonymised form using the Spatial Group key, but with postcode in clear form, for their organisation. Available from SUS R6 Allows a user to view previously executed parameterised or pre-set CDS data extracts with patient identifiable data in pseudonymised form using the Spatial Group key, but with postcode in clear form, for their organisation. Payment by Results Payment by Results Access Financial Integrity Extracts Access PbR Extracts (clear view) B0162 B0163 Access Financial Integrity extracts with one of the following views depending on the organisation of the user: - SHA View of Financial Integrity, - Commissioner View of Financial Integrity, - Provider View of Financial Integrity Aggregate data. This includes Main extracts + Error Extracts + Supplementary Reports, via managed service and via PbR Online application For these reports: - there is only one functional view i.e. all functionality is available to all users (i.e. they can select any of the parameters within the forms displayed) however data will only be displayed that is relevant to the user s organisation (as in the selected URP); - clear views should not be provided to SHAs; - all of the detailed rules for which data, etc. is available in each report for each organisation will be specified in the reporting specification; - a user should not have a clear and a pseudo activity within a single URP. Allows user to run extract for other roles, eg copy recipient, PCT Residence, PCT Responsible. PbR Processing from 1st April 2009 PbR Processing from 1st April 2009 Page 16 of 39

17 Sub Group Business Function / BF / Business Function / Description Notes Payment by Results Access PbR Extracts (pseudonymised view) B0164 This includes Main extracts + Error Extracts + Supplementary Reports, via managed service and via PbR Online application For these reports: - there is only one functional view i.e. all functionality is available to all users (i.e. they can select any of the parameters within the forms displayed) however data will only be displayed that is relevant to the user s organisation (as in the selected URP); - clear views should not be provided to SHAs; - all of the detailed rules for which data, etc. is available in each report for each organisation will be specified in the reporting specification; - a user should not have a clear and a pseudo activity within a single URP. Allows user to run extract for other roles, eg copy recipient, PCT Residence, PCT Responsible. PbR Processing from 1st April 2009 Payment by Results Access PbR Extracts (Spatial pseudonymised view) B1841 This includes Main Extracts, Error Extracts and Supplementary Reports, via managed service and via PbR Online application. PbR Processing from 1st April 2009 For these reports: - there is only one functional view i.e. all functionality is available to all users which means they can select any of the parameters within the forms displayed but data will only be displayed that is relevant to the user s organisation (as in the selected user role profile); - clear or NHS Group pseudonymised views will not be provided to SHAs, only Spatial Group pseudonymised views; - all of the detailed rules for which data is available in each report for each organisation will be specified in the SUS PbR Online Service User Guide; - a user should not have a clear and a pseudo activity within a single User Role Profile. Access to the service will be denied in such cases. Allows a user run extracts on records that are linked to the users organisation by a specified reason. Please refer to SUS PbR Online Service User Guide for a list of valid reasons. Page 17 of 39

18 Sub Group Payment by Results Business Function / BF / Business Function / Description Run Aggregate PbR Reports B1555 Allows a user to run parameterised or pre-set PbR data aggregate reports. Only applicable to PbR users. Notes PbR Processing Prior to Payment by Results Run PbR Commissioning Extracts B1560 Allows a user to run a parameterised or pre-set data extract from the PbR data set with patient identifiable data for a commissioning organisation within the NHS. PbR Processing Prior to Allows a user to view a previously executed parameterised or pre-set data extract from the PbR data set with pseudonymised data for a commissioning organisation within the NHS. Allows a user to run a parameterised or pre-set data With Errors extract from the PbR data set with pseudonymised data for an Organisation. Allows a user to run a parameterised or pre-set data With Errors extract from the PbR data set with pseudonymised data for an Organisation. Allows user to run extract for other roles, eg copy recipient, PCT Residence, PCT Responsible. Only applicable to information service staff in commissioner organisations. Page 18 of 39

19 Sub Group Payment by Results Business Function / BF / Business Function / Description Run PbR Provider Extracts B1565 Allows a user to run a parameterised or pre-set data extract from the PbR data set with patient identifiable data for a provider organisation within the NHS. Allows a user to view a previously executed parameterised or pre-set data extract from the PbR data set with pseudonymised data for a provider organisation within the NHS. Allows a user to run a parameterised or pre-set data With Errors extract from the PbR data set with pseudonymised data for an Organisation. Allows a user to run a parameterised or pre-set data With Errors extract from the PbR data set with pseudonymised data for an Organisation. Allows user to run extract for other roles, eg copy recipient, PCT Residence, PCT Responsible. Only applicable to information service staff in provider organisations. Notes PbR Processing Prior to Tracking and Data Quality Manage Tracking and Data Quality B1525 Allows a user to run predefined standard service tracking reports for submitted data and also accessed through Extract Mart Detail. Allows a user to execute the latest data quality report, for data the provider organisation has submitted to SUS, and accept or reject the submission and also accessed from Extract Mart. Allows a user to execute a data quality report against an existing specified data set (APC, outpatient, A&E, MHMDS) and other data validations. PCT / GP reports not yet live. Functionality undergoing user assurance. Allows users to view predefined PCT / GP derivation reports - view tailored to current organisation. (Reports 3) Only applicable to information service staff in commissioner organisations, provider organisations and SHAs. Page 19 of 39

20 Sub Group Business Function / BF / Business Function / Description Notes Data Deletion Service Access Data Deletion Request Service B0141 Allows users in NHS Organisations to request service from the Health and Social Care Information Centre Data Deletion Service. Also includes reporting on the progress of the data deletion request (local organisational view). Population Analysis Reports Run Population Analysis Extracts (Local, Pseudonymised) B1813 Allows access to underlying person data for the user's own organisation (or PCT Group if applicable - see s.pdf for guidance.). There is no national view accessible via this activity. If the Org code in the corresponding URP is DH, IC, PHO or SHA then no data is displayed. Population Analysis Reports Run Population Analysis Extracts (Local, Clear) B1815 NB. Only one Population Analysis reporting activity should be granted within a URP; a full list of disallowed combinations of activities is available on the SUS website. Allows access to underlying person data for the user's own organisation (or PCT Group if applicable - see s.pdf for guidance.). There is no national view accessible via this activity. If the Org code in the corresponding URP is DH, IC, PHO or SHA then no data is displayed. NB. Only one Population Analysis reporting activity should be granted within a URP; a full list of disallowed combinations of activities is available on the SUS website. The following functionality is not yet available to use. If allocated users may receive an error message. Announcements will be made via the SUS website as and when functionality that is currently undergoing user assurance is released. Tracking and Data Quality Access predefined PCT/GP Derivation reports (provider, clear) B0116 Allows users to access predefined PCT/GP derivation reports. View tailored to current organisation - applicable to provider organisations only. Patient identifiers are displayed as clear text. Not yet live. R4 functionality undergoing user assurance. Tracking and Data Quality Access predefined PCT / GP Derivation reports (pseudo) B0117 Allows users to access predefined PCT/GP derivation reports. View tailored to current organisation only. Patient identifiers are displayed as pseudonyms. Not yet live. R4 functionality undergoing user assurance. Page 20 of 39

21 Sub Group 18 Weeks RTT 18 Weeks RTT Business Function / National aggregate and dashboard 18 Weeks RTT reports (no drill-through to patient level data) Run Ad Hoc 18W RTT Queries (National, Aggregate) BF / Business Function / Description Notes B0155 Allows access to RTT dashboards and Aggregate RTT reports. Not yet live. R4 functionality undergoing user assurance. B1800 Ad hoc reporting tool with ability to formulate queries on Aggregate data (no pseudonyms or identifiers), for data across the whole nation. NB only one 18W RTT should be granted within a URP; a full list of disallowed combinations of Activities is available on the SUS website. Not yet live. R4 functionality undergoing user assurance. 18 Weeks RTT Run Ad Hoc 18W RTT Queries (Local, Pseudonymised) B1803 Run the ad hoc reporting tool with ability to formulate queries on RTT data with pseudonymised identifiers, restricted to organisation in logon URP. HISs are allowed access to data via this activity. However, please refer to s.pdf for guidance. Not yet live. R4 functionality undergoing user assurance. Only data relevant to the user's organisation is available. Also includes access to whole nation aggregate ad hoc views although no national pseudonymised view is accessible via this activity. If a user tries to access data via this activity with a DH or HSCIC / CFH org code then no data is displayed. NB only one 18W RTT activity should be granted within a URP; a full list of disallowed combinations of activities is available on the SUS website. Page 21 of 39

22 Sub Group Business Function / BF / Business Function / Description Notes 18 Weeks RTT Run Ad Hoc 18W RTT Queries (Local, Clear) B1804 Run ad hoc reporting tool with ability to formulate queries on RTT data with cleartext identifiers, restricted to organisation in logon URP. HISs are allowed access to data via this activity, however should refer to s.pdf for guidance. Not yet live. R4 functionality undergoing user assurance. Drill-through data is only available for the user's organisation and below in the NHS organisation hierarchy. Also includes access to whole nation aggregate ad hoc views although no national drill-through is accessible via this activity. If a user tries to access data via this activity with a DH or HSCIC / CFH org code then no data is displayed. NB only one 18W RTT activity should be granted within a URP; a full list of disallowed combinations of activities is available on the SUS website. Page 22 of 39

23 Sub Group Business Function / BF / Business Function / Description Notes 18 Weeks RTT Run Fixed 18W RTT Reports (Local, Pseudonymised) B1805 Predefined Pathway & Event data and DQ reports on data that relates to the user's own organisation only to allow drill-through to individual records. All identifiers are pseudonymised. HISs are allowed access to data via this activity. However, please refer to s.pdf for guidance. Not yet live. R4 functionality undergoing user assurance. Drill-through data is only available for the user's organisation and below in the NHS organisation hierarchy. No national drill through is accessible via this activity. If a user tries to access data via this activity with a DH or HSCIC / CFH org code then no data is displayed. NB only one 18W RTT activity should be granted within a URP; a full list of disallowed combinations of activities is available on the SUS website. 18 Weeks RTT Run Fixed 18W RTT Reports (Local, Clear) B1807 Predefined Pathway & Event data and DQ reports on data that relates to the user's own organisation only to allow drill-through to individual records. HISs are allowed access to data via this activity, however, should refer to s.pdf for guidance. Not yet live. R4 functionality undergoing user assurance. All identifiers should be displayed as cleartext. If a user tries to access data via this activity with a DH or HSCIC / CFH org code then no data is displayed. NB only one 18W RTT activity should be granted within a URP; a full list of disallowed combinations of activities is available on the SUS website. Page 23 of 39

24 Sub Group Business Function / BF / Business Function / Description Notes 18 Weeks RTT RTT Pilot - Run National PTL RTT008 Report B1837 This activity should only be allocated to Referral To Treatment (RTT) pilot users. Pilot users will require separate authorisation from the HSCIC in order to gain access. Pilot users only Allows temporary access to RTT008 National Patient Tracking List (PTL) report for live piloting. Aggregate data. 18 Weeks RTT RTT Pilot Run PTL Report Validation RTT011 and Summary Objects B1838 This activity should only be allocated to Referral To Treatment (RTT) Pilot users. Pilot users will require separate authorisation from the HSCIC in order to gain access. Allows temporary access to RTT011 Patient Tracking List (PTL) Report Validation and whole universe and new summary objects. Aggregate data. Pilot users only 18 Weeks RTT RTT Pilot Run PTL Report Validation RTT011 and Period/Detail Objects. Local- Clear B1839 This activity should only be allocated to Referral To Treatment (RTT) Pilot users. Pilot users will require separate authorisation from the HSCIC in order to gain access. Allows temporary access to RTT011 Patient Tracking List (PTL) Report Validation and whole universe and new Period/Detail objects. Data returned is local and clear. Pilot users only 18 Weeks RTT RTT Pilot Run PTL Report Validation RTT011 and Period/Detail Objects. Local - Pseudo B0171 This activity should only be allocated to Referral To Treatment (RTT) Pilot users. Pilot users will require separate authorisation from the HSCIC in order to gain access. Allows temporary access to RTT011 Patient Tracking List (PTL) Report Validation and whole universe and new Period/Detail objects. Data returned is local and pseudonymised. Pilot users only Page 24 of 39

25 Sub Group Business Function / BF / Business Function / Description Notes Population Analysis Reports Run national Population Analysis Aggregate reports B0154 Allows access to National Aggregate NSTS Reports. NB. Only one Population Analysis reporting activity should be granted within a URP; a full list of disallowed combinations of activities is available on the SUS website. Not yet live. R4 functionality undergoing user assurance. Should only be granted to PHO, DH, HSCIC or SHA staff. CAB Reporting CAB Reporting Run Aggregate Choose and Book Reports Run Choose and Book Reports (Expert view) B0156 Allows access to CAB General User Domain (predefined aggregate reports). Not yet live. R4 functionality undergoing user assurance. B1817 Allows access to Analyst views of the Choose and Book reports. Applicable to expert users (who have undergone appropriate training) only. Not yet live. R4 functionality undergoing user assurance. CAB Reporting Run Choose and Book Data Quality Reports B1818 Allows access to Data Quality reports for Choose and Book. Applicable only to staff working in CAB DQ only. Not yet live. R4 functionality undergoing user assurance. Mental Health Minimum Dataset Access MHMDS Predefined Reports (local, aggregate) B0119 Access predefined reports displaying aggregate data that relates to the user's own organisation only. HISs are allowed access to data via this activity, however, should refer to s.pdf for guidance. Not yet live. R4 functionality undergoing user assurance. No individual patient identifiers are displayed. If a user tries to access data via this activity with a DH or HSCIC / CFH org code then no data is displayed. NB only one MHMDS activity should be granted within a URP; a full list of disallowed combinations of activities is available on the SUS website. Page 25 of 39

26 Sub Group Business Function / BF / Business Function / Description Notes Mental Health Minimum Dataset Access MHMDS Predefined Reports (local, clear) B0134 Access predefined reports displaying data that relates to the user's own organisation with drill-through to individual records. HISs are allowed access to data via this activity, however, should refer to s.pdf for guidance. Not yet live. R4 functionality undergoing user assurance. All identifiers should be displayed as cleartext. If a user tries to access data via this activity with an SHA, DH or HSCIC / CFH org code then no data is displayed. NB only one MHMDS activity should be granted within a URP; a full list of disallowed combinations of activities is available on the SUS website. Mental Health Minimum Dataset MHMDS Ad Hoc Report Generation (local, aggregate) B0135 Ad hoc report generation and extracts for SHAs - aggregate data only. Outputs aggregate data for Trusts in the SHA only. NB only one MHMDS activity should be granted within a URP; a full list of disallowed combinations of activities is available on the SUS website. Not yet live. R4 functionality undergoing user assurance. Mental Health Minimum Dataset Access MHMDS Predefined Reports (local, pseudo) B0136 Access predefined reports displaying data that relates to the user's own organisation with drill-through to individual records. HISs are allowed access to data via this activity, however, should refer to s.pdf for guidance. Not yet live. R4 functionality undergoing user assurance. All identifiers should be displayed as pseudonyms. If a user tries to access data via this activity with an SHA, DH or HSCIC / CFH org code then no data is displayed. NB only one MHMDS activity should be granted within a URP; a full list of disallowed combinations of activities is available on the SUS website. Page 26 of 39

27 Sub Group Business Function / BF / Business Function / Description Notes Mental Health Minimum Dataset MHMDS Ad Hoc Report Generation (local, pseudo) B0137 Access ad hoc reporting tool and extracts service for MHMDS data. Users may view patient level data for their own organisation, patient identifiers are replaced by pseudonyms. If a user tries to access data via this activity with an SHA, DH or HSCIC / CFH org code then no data is displayed. Not yet live. R4 functionality undergoing user assurance. NB only one MHMDS activity should be granted within a URP; a full list of disallowed combinations of activities is available on the SUS website. Mental Health Minimum Dataset MHMDS Ad Hoc Report Generation (local, clear) B0138 Access ad hoc reporting tool and extract service for MHMDS data. Users may view patient identifiable information for their own organisation. If a user tries to access data via this activity with an SHA, DH or HSCIC / CFH org code then no data is displayed. NB only one MHMDS activity should be granted within a URP; a full list of disallowed combinations of activities is available on the SUS website. Not yet live. R4 functionality undergoing user assurance. Page 27 of 39

28 Appendix B Conflicting Business Functions The following pairs of SUS Business Functions / Activities conflict: BF 1 BF 2 BF 1 BF2 BF 1 BF2 BF 1 BF2 B0116 B0117 B1807 B1801 B1813 B1812 B1819 B1801 B0160 B1505 B1807 B1805 B1813 B1804 B1819 B1802 B0160 B1840 B1808 B1801 B1813 B1808 B1819 B1803 B0160 B0163 B1808 B1803 B1813 B1811 B1819 B1804 B0160 B1841 B1808 B1805 B1814 B1801 B1819 B1805 B0163 B1510 B1808 B1806 B1814 B1803 B1819 B1806 B0163 B1840 B1808 B1807 B1814 B1805 B1819 B1807 B0163 B0164 B1808 B1804 B1814 B1806 B1819 B1808 B0163 B0160 B1809 B1540 B1814 B1807 B1819 B1809 B0163 B1841 B1809 B1545 B1814 B1809 B1819 B1810 B0163 B0165 B1809 B1835 B1814 B1810 B1819 B1813 B0164 B1505 B1809 B1836 B1814 B1812 B1819 B1816 B0164 B1840 B1809 B0255 B1814 B1813 B1819 B1540 B0164 B0163 B1809 B1801 B1814 B1804 B1819 B1811 B0164 B1841 B1809 B1802 B1814 B1808 B1819 B1812 B1505 B1510 B1809 B1803 B1814 B1811 B1819 B1814 B1505 B1840 B1809 B1805 B1815 B1801 B1819 B1815 B1505 B0164 B1809 B1806 B1815 B1805 B1819 B1817 B1505 B0160 B1809 B1808 B1815 B1806 B1819 B1818 B1505 B1841 B1809 B1525 B1815 B1808 B1834 B1510 B1505 B0165 B1809 B1550 B1815 B1810 B1834 B1840 B1510 B1505 B1809 B1800 B1815 B1803 B1834 B0160 B1510 B1840 B1809 B1804 B1815 B1809 B1834 B0164 B1510 B0163 B1809 B1807 B1815 B1812 B1834 B1841 B1510 B1841 B1810 B1525 B1815 B1811 B1834 B0165 B1560 B1510 B1810 B1540 B1815 B1813 B1840 B1505 B1560 B1840 B1810 B1550 B1815 B1814 B1840 B1510 B1560 B0160 B1810 B1835 B1816 B1803 B1840 B0163 B1560 B0164 B1810 B1836 B1816 B1807 B1840 B0164 B1560 B1841 B1810 B1800 B1816 B1810 B1840 B0160 B1560 B0165 B1810 B1804 B1816 B1815 B1840 B0165 B1565 B1510 B1810 B1805 B1816 B1801 B1841 B1505 B1565 B1840 B1810 B1807 B1816 B1804 B1841 B1510 Page 28 of 39

29 B1565 B0160 B1810 B1808 B1816 B1805 B1841 B0163 B1565 B0164 B1810 B1545 B1816 B1806 B1841 B0164 B1565 B1841 B1810 B0255 B1816 B1808 B1841 B0160 B1565 B0165 B1810 B1802 B1816 B1809 B1841 B0165 B1802 B1801 B1810 B1806 B1816 B1811 B1803 B1801 B1810 B1801 B1816 B1812 B1803 B1802 B1810 B1803 B1816 B1813 B1804 B1801 B1812 B1802 B1817 B1809 B1804 B1802 B1812 B1807 B1817 B1810 B1804 B1803 B1812 B1808 B1817 B1811 B1805 B1801 B1812 B1810 B1818 B1809 B1805 B1802 B1812 B1811 B1818 B1810 B1805 B1804 B1812 B1804 B1818 B1811 B1806 B1803 B1812 B1809 B1819 B1525 B1806 B1804 B1813 B1802 B1819 B1545 B1806 B1805 B1813 B1805 B1819 B1550 B1806 B1802 B1813 B1806 B1819 B1835 B1807 B1802 B1813 B1807 B1819 B1836 B1807 B1803 B1813 B1809 B1819 B0255 B1807 B1806 B1813 B1810 B1819 B1800 Page 29 of 39

30 Appendix C Restricted Business Functions Only some Activities are available for granting by RAs in the NHS outside central organisations. The Activities shown here are only for use by RAs in NHS Connecting for Health, The Department of Health and Health and Social Care Information Centre. They should not be granted by RAs in other organisations, nor should they be granted to users from other organisations. If users outside NHS CFH, the DH and the HSCIC are granted any of these Activities they will automatically be denied access to SUS. If a URP is created that has any of these Activities with any other organisation code, the SUS application will not allow the access via that URP (although other URPs that the user has with valid combinations of Activities and Organisations will continue to work). NB users who require these Activities must apply to the SUS Helpdesk at Health and Social Care Information Centre 4. All of these users will additionally require B1500. Subgroup / Description SUS Reporting Area Online Query Services Run On Line Queries B1535 Allows Access to Sim Mart and On Line Query Business Models for MH & PbR. Restricted to HSCIC only via organisationally filtered controls (in initial release) Payment by Results Run National non-uk NHS Users B1834 Report Allows access to Payment by Results reports that give the name, address and country of residence of non-uk nationals who have used NHS services, in order to allow costs to be reclaimed from the patients' home nations. Should only be granted to users if their org code is DH (or another organisation nominated by the DH). Access PbR National Extract B0160 Solely users in the IC. 4 The Health and Social Care Information Centre Contact Centre or available from 9-5 Monday to Friday Page 30 of 39

31 Subgroup / SUS Reporting Area Access Financial Integrity Extracts DH/IC view B0161 Description Extracts which show that data balances at national level for all providers and commissioners, split out across SHAs (possibly will be the same as the SHA view - requirements still under development). National support for end users B0165 This would be a restricted function used within the HSCIC to gain access to particular reports from any organisation when queries/ issues are raised around the content of the reports SUS Restricted Perform SUS Helpdesk Support B1540 Enables the Helpdesk service to mimic users activities in order to replicate and resolve problems. Do not allocate pending consideration of the paper 'RA Supplier Application Support Agreement'. Perform User Information Support B1545 Restricted to SUS Helpdesk staff only. Should only be granted to users in the HSCIC / CFH. Enables maintenance of SUS metadata, help text and documentation. Restricted to HSCIC User Support Team only. Should only be granted to users in the HSCIC / CFH. Perform Implementation Support B1550 Enables the implementation support team to undertake user assurance and information governance activities. Restricted to SUS Implementation Team. Should only be granted to users in the HSCIC / CFH. Page 31 of 39

32 Subgroup / SUS Reporting Area Perform BO Favourites folder management B0151 Description Enables maintenance of BO Personal Favourites folder. Restricted to particular members of HSCIC User Support Team only. Should only be granted to users in the HSCIC / CFH. Monitor SUS Processing B1835 Allows a user to run ad hoc queries to see how the data is being processed within SUS via a BO universe. The number of errors that were raised, the time taken to process data, and the records processed. Should only be granted to HSCIC / CFH users. Investigate SUS Usage B1836 Allows a user to run simple ad hoc queries to view how users are using the system, and provides an ability to investigate improper use. Access Data Deletion Authorisation Service B0142 Should only be granted to HSCIC / CFH users. Allows users in the Health and Social Care Information Centre to perform Data Deletion Requests following requests submitted by users in NHS. organisations. Includes national reporting on the data deletion request service. Pseudonymisation service Access Depseudo. Service for NHS Group Pseudonyms B0139 Should be granted to Information Centre users only. Access to user functionality to allow return of NHS number from NHS Group Pseudonym. Page 32 of 39

33 Subgroup / SUS Reporting Area National Reports Run National SUS Reports (HES, MHMDS, PbR) B1530 Description Allows a user to run predefined standard: HES data extracts for provider organisations; MHMDS data extracts for provider organisations; and National PbR Extracts. Restricted to HSCIC and DH access to specific reports through organisation filtered controls. SUS Temporary SUS001 B1515 (Not used) SUS002 B1520 (Not used) SUS003 B Weeks RTT Run Ad Hoc 18W RTT Queries (National, Pseudonymised) B1801 Proof of Concept Ad hoc reporting tool with ability to formulate queries on RTT data with pseudonymised identifiers, for data across the whole nation. NB only one 18W RTT should be granted within a URP; a full list of disallowed combinations of Activities is available on the SUS website. Should only be granted to DH / HSCIC / CFH users. Page 33 of 39

34 Subgroup / SUS Reporting Area Run Ad Hoc 18W RTT Queries (National, Clear) B1802 Description Ad hoc reporting tool with ability to formulate queries on RTT data with cleartext identifiers, for data across the whole nation. NB only one 18W RTT should be granted within a URP; a full list of disallowed combinations of Activities is available on the SUS website. Run Fixed 18W RTT Reports (National, Pseudonymised) B1806 Should only be granted to DH / HSCIC / CFH users. Precanned Pathway & Event data and DQ reports on national data that allow drill-through to individual records. All identifiers are pseudonymised. NB only one 18W RTT should be granted within a URP; a full list of disallowed combinations of Activities is available on the SUS website. Run Fixed 18W RTT Reports (National, Clear) B1808 Should only be granted to DH / HSCIC / CFH users. Precanned Pathway & Event data and DQ reports on national data that allow drill-through to individual records. All identifiers displayed as cleartext. NB only one 18W RTT should be granted within a URP; a full list of disallowed combinations of Activities is available on the SUS website. Should only be granted to DH / HSCIC / CFH users. Page 34 of 39

How is RBAC used in SUS?

How is RBAC used in SUS? Role Based Access Control What is RBAC? SUS is a part of the NHS Care Record Service (NCRS) application from the National Programme for IT (NPfIT) and is accessed from the NHS national data network, the

More information

Data quality checks performed on SUS and HES data

Data quality checks performed on SUS and HES data Data quality checks performed on SUS and HES data Author: HES Data Quality Team Date: 24 th February 2014 1 Copyright 2013, Health and Social Care Information Centre. Version Control Version Date Author

More information

SUS Data Quality Dashboards Survey September 2012

SUS Data Quality Dashboards Survey September 2012 File Name: Document Reference No: Version: 1.0 Status: Final Issue Date: January 2013 Author: J. Clough SUS Data Quality Dashboards Survey September 2012 For more information on the status of this document,

More information

IAPT Data Standard. Frequently Asked Questions

IAPT Data Standard. Frequently Asked Questions IAPT Data Standard Frequently Asked Questions Version 1.0 March 2012 IAPT FAQs 1.0-1 - Contents Section 1: About the IAPT Data Standard.. 3 Section 2: Who is responsible for doing what?. 5 Section 3: How

More information

SUS R13 PbR Technical Guidance

SUS R13 PbR Technical Guidance SUS R13 PbR Technical Guidance Published 2nd April 2013 We are the trusted source of authoritative data and information relating to health and care. www.hscic.gov.uk enquiries@hscic.gov.uk Contents Introduction

More information

NHS Business Partners miniguide. Introductory guidance for NHS-commissioned healthcare providers from the independent and third sectors

NHS Business Partners miniguide. Introductory guidance for NHS-commissioned healthcare providers from the independent and third sectors NHS Business Partners Introductory guidance for NHS-commissioned healthcare Introductory guidance for NHS-commissioned healthcare NHS Business Partners Contents Section Description Page 1 Introduction

More information

Guidance document for EMIS Web EPS Release 2 deployment

Guidance document for EMIS Web EPS Release 2 deployment Guidance document for EMIS Web EPS Release 2 deployment Crown Copyright 2011 Contents Guidance document for EMIS Web EPS Release 2 deployment... 1 1 Introduction... 4 1.1 Background... 4 1.2 Purpose...

More information

Policy: D9 Data Quality Policy

Policy: D9 Data Quality Policy Policy: D9 Data Quality Policy Version: D9/02 Ratified by: Trust Management Team Date ratified: 16 th October 2013 Title of Author: Head of Knowledge Management Title of responsible Director Director of

More information

Copyright 2016 Health and Social Care Information Centre

Copyright 2016 Health and Social Care Information Centre Document filename: Registration Authorities Operational and Process Guidance Directorate / Programme Access Control Project Access Control Document Reference Project Manager John Winter Status Final Owner

More information

Gloucestershire Hospitals

Gloucestershire Hospitals Gloucestershire Hospitals NHS Foundation Trust TRUST POLICY DATA QUALITY FAST FIND: For information on the Trust s Data Quality standards, see Section 7. For information on the Trust s computer systems,

More information

De-identification of Data using Pseudonyms (Pseudonymisation) Policy

De-identification of Data using Pseudonyms (Pseudonymisation) Policy De-identification of Data using Pseudonyms (Pseudonymisation) Policy Version: 2.0 Page 1 of 7 Partners in Care This is a controlled document. It should not be altered in any way without the express permission

More information

2011/12 SUS Payment by Results (PbR) Release 9 Webinars - Questions and Answers

2011/12 SUS Payment by Results (PbR) Release 9 Webinars - Questions and Answers 2011/12 SUS Payment by Results (PbR) Release 9 Webinars - Questions and Answers This document contains the Questions and Answers from the five Release 9 webinar sessions run by BT. The answers to the questions

More information

Information Governance and Risk Stratification: Advice and Options for CCGs and GPs

Information Governance and Risk Stratification: Advice and Options for CCGs and GPs Information Governance and Risk Stratification: Advice and Options for CCGs and GPs 1 NHS England INFORMATION READER BOX Directorate Medical Operations Patients and Information Nursing Policy Commissioning

More information

Civica Health & Social Care

Civica Health & Social Care Civica Health & Social Care Focus on > SLAM for Healthcare Providers Improved communications with commissioners, leading to clarity and better relationships Civica Focus on> The solution SLAM is the ideal

More information

DNS Naming Schema for EndPoint Sites

DNS Naming Schema for EndPoint Sites DNS Naming Schema for EndPoint Sites Crown Copyright 2013 Page 1 of 11 Amendment History: Version Date Amendment History 0.1 26/01/06 First draft for comment 0.2 02/02/06 Various Typos/Syntax amended 0.3

More information

Information Security Assurance Plan 2015/16

Information Security Assurance Plan 2015/16 Information Security Assurance Plan 2015/16 Policy number: N/A Version 2.0 Approved by Name of author/originator Owner (Exec Director) Date of approval August 2015 Date of last review July 2015 Next due

More information

Data Quality Policy SH NCP 2. Version: 5. Summary:

Data Quality Policy SH NCP 2. Version: 5. Summary: SH NCP 2 Summary: Keywords (minimum of 5): (To assist policy search engine) Target Audience: The Trust provides a framework to ensure all data that is recorded by the Trust is accurate and complies to

More information

Health and Social Care Information Centre

Health and Social Care Information Centre Health and Social Care Information Centre Information Governance Assessment Customer: Clinical Audit Support Unit of the Health and Social Care Information Centre under contract to the Royal College of

More information

HSCIC Audit of Data Sharing Activities:

HSCIC Audit of Data Sharing Activities: Directorate / Programme Data Dissemination Services Project Data Sharing Audits Status Approved Director Terry Hill Version 1.0 Owner Rob Shaw Version issue date 26/10/2015 HSCIC Audit of Data Sharing

More information

Shropshire Community Health Service NHS Trust Policies, Procedures, Guidelines and Protocols

Shropshire Community Health Service NHS Trust Policies, Procedures, Guidelines and Protocols Shropshire Community Health Service NHS Trust Policies, Procedures, Guidelines and Protocols Title Trust Ref No 1340-29497 Local Ref (optional) Main points the document covers Who is the document aimed

More information

E-Mail, Calendar and Messaging Services Good Practice Guideline

E-Mail, Calendar and Messaging Services Good Practice Guideline E-Mail, Calendar and Messaging Services Good Practice Guideline Programme NPFIT Document Record ID Key Sub-Prog / Project Information Governance NPFIT-FNT-TO-IG-GPG-0017.01 Prog. Director Mark Ferrar Status

More information

Pseudonymisation Implementation Project (PIP)

Pseudonymisation Implementation Project (PIP) Pseudonymisation Implementation Project (PIP) Reference Paper 3 Guidance on De-identification Final v1.0-20 November 2009 Without Prejudice Header text Guidance on De-identification Programme NPFIT Document

More information

GP Systems of Choice (GPSoC)

GP Systems of Choice (GPSoC) GP Systems of Choice (GPSoC) Update October 2006 Contents 1 Introduction 3 2 Scheme status 4 3 Overview of the scheme 5 4 Funding 4.1 IT infrastructure 6 4.2 Annual service charges 6 4.3 Migration 6 5

More information

Consultation on amendments to the Compliance Framework. Dated 31 January 2008

Consultation on amendments to the Compliance Framework. Dated 31 January 2008 Consultation on amendments to the Compliance Framework Dated 31 January 2008 1. Introduction 1.1. Developing the regulatory framework Monitor continues to develop a regulatory framework within which boards

More information

Electronic Palliative Care Co-Ordination Systems: Information Governance Guidance

Electronic Palliative Care Co-Ordination Systems: Information Governance Guidance QIPP Digital Technology Electronic Palliative Care Co-Ordination Systems: Information Governance Guidance Author: Adam Hatherly Date: 26 th March 2013 Version: 1.1 Crown Copyright 2013 Page 1 of 19 Amendment

More information

Data Quality Policy. DOCUMENT CONTROL: Version: 4.0

Data Quality Policy. DOCUMENT CONTROL: Version: 4.0 Data Quality Policy DOCUMENT CONTROL: Version: 4.0 Ratified By: Risk Management Sub Group Date Ratified 27 August 2013 Name of Originator/Author: Head of Information Services Name of Responsible Risk Management

More information

Use and verification of the NHS number for all active patients.

Use and verification of the NHS number for all active patients. Title: Reference No: Owner: Author: Use and verification of the NHS number for all active patients. NHSNYYIG-004 Director of Standards Information Governance Team First Issued On: March 2008 Latest Issue

More information

Information Governance Plan

Information Governance Plan Information Governance Plan 2013 2015 1. Overview 1.1 Information is a vital asset, both in terms of the clinical management of individual patients and the efficient organisation of services and resources.

More information

BOARD PAPER - NHS ENGLAND. Title: Publication of Directions to Health and Social Care Information Centre for the collection of primary care data

BOARD PAPER - NHS ENGLAND. Title: Publication of Directions to Health and Social Care Information Centre for the collection of primary care data Paper NHSE130903 BOARD PAPER - NHS ENGLAND Title: Publication of Directions to Health and Social Care Information Centre for the collection of primary care data Clearance: Tim Kelsey, Director of Patients

More information

Information Sharing Protocol

Information Sharing Protocol Information Sharing Protocol South Central PCTs, General Practices and Tribal Consulting Limited Commissioning Enablement Service (Analytics) Document Control Date Version Author Comment 08/02/10 0.1 A.

More information

Delivering the Forward View: NHS planning guidance for 2016/17 2020/21

Delivering the Forward View: NHS planning guidance for 2016/17 2020/21 Delivering the Forward View: NHS planning guidance for 2016/17 2020/21 Annex 1 to the Technical Guidance Activity Plan, Contract Tracker and SRG Operational Resilience Template Guidance January 2016 1

More information

Remote Data Extraction Policy and Procedure

Remote Data Extraction Policy and Procedure Remote Data Extraction Policy and Procedure Prepared by PRIMIS June 2015 The University of Nottingham. All rights reserved. Contents 1. Introduction... 3 2. Purpose and scope... 3 3. Policy Statement...

More information

General Practice Extraction Service (GPES)

General Practice Extraction Service (GPES) General Practice Extraction Service (GPES) Customer: Health and Social Care Information Centre (HSCIC) Requirement: Patient Objections Management (POM) Customer Requirement Reference Number: NIC-228038-V5Z0L

More information

Information Governance Strategy :

Information Governance Strategy : Item 11 Strategy Strategy : Date Issued: Date To Be Reviewed: VOY xx Annually 1 Policy Title: Strategy Supersedes: All previous Strategies 18/12/13: Initial draft Description of Amendments 19/12/13: Update

More information

Data Quality Management Strategy 2013-16

Data Quality Management Strategy 2013-16 Data Quality Management Strategy 2013-16 Document Information Board Library Reference Document Type Strategy Document Subject Data Quality Original Document Author Head of Information & Performance Management

More information

Senior Governance Manager, North of England. North Tyneside CCG Quality and Safety Committee (01/12/15)

Senior Governance Manager, North of England. North Tyneside CCG Quality and Safety Committee (01/12/15) Corporate IG02: Data Quality Version Number Date Issued Review Date V4 07/12/2015 01/01/18 Prepared By: Consultation Process: Senior Governance Manager, North of England Commissioning CCG Quality & Safety

More information

NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT

NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT 9.7 Date of the meeting 15/07/2015 Author Sponsoring Clinician Purpose of Report Recommendation J Green - Head

More information

National Institute for Health Research Coordinated System for gaining NHS Permission (NIHR CSP)

National Institute for Health Research Coordinated System for gaining NHS Permission (NIHR CSP) National Institute for Health Research Coordinated System for gaining NHS Permission (NIHR CSP) Operating Manual Please check the CRN Website for the latest version. Version: 6.0 Status: Consultation in

More information

NHS Commissioning Board: Information governance policy

NHS Commissioning Board: Information governance policy NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION

More information

Open Data Platform Requirements Workshop 24 th February 2012

Open Data Platform Requirements Workshop 24 th February 2012 Open Data Platform Requirements Workshop 24 th February 2012 Workshop Agenda Objectives: To discuss outline scope To gather short and longer term requirements/benefits To identify some success measures

More information

Introduction to the NHS Information Governance Requirements

Introduction to the NHS Information Governance Requirements Introduction to the NHS Information Governance Requirements 2 Version April 2014 Information Governance ensures necessary safeguards for, and appropriate use of, patient and personal information. The widely

More information

Evidence-based Healthcare Management

Evidence-based Healthcare Management Evidence-based Healthcare Management Helping you to deliver consistent, high quality, cost effective care ARDENTIA OVERVIEW and KEY services Evidence-based Healthcare Management Why Ardentia? ardentia

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date

More information

Informatics: The future. An organisational summary

Informatics: The future. An organisational summary Informatics: The future An organisational summary DH INFORMATION READER BOX Policy HR/Workforce Management Planning/Performance Clinical Document Purpose Commissioner Development Provider Development Improvement

More information

Advice and Guidance for the ODS Organisation Codes Contacts (OC1s)

Advice and Guidance for the ODS Organisation Codes Contacts (OC1s) The purpose of this document is to provide advice and guidance about the role and responsibilities of the ODS Organisation Codes Contacts (OC1). The leaflet also provides guidance around the process of

More information

NATIONAL HEALTH SERVICE, ENGLAND

NATIONAL HEALTH SERVICE, ENGLAND D I R E C T I O N S NATIONAL HEALTH SERVICE, ENGLAND The Health and Social Care Information Centre (Establishment of Information Systems for NHS Services: Collection and Analysis of Primary Care Data)

More information

Proxy Services: Good Practice Guidelines

Proxy Services: Good Practice Guidelines Programme NPFIT DOCUMENT RECORD ID KEY Sub-Prog / Project Information Governance Prog. Director Mark Ferrar Owner Tim Davis Version 1.0 Author James Wood Version Date 26/01/2006 Status APPROVED Proxy Services:

More information

[Type text] SERVICE CATALOGUE

[Type text] SERVICE CATALOGUE [Type text] SERVICE CATALOGUE IT Services 1 IT Support and Management Services SERVICE AREA: SERVICE DESK Users can contact the Service Desk via the phone or an online web form for all their ICT service

More information

NHS Business Services Authority Registration Authority and Smartcard Management Procedure

NHS Business Services Authority Registration Authority and Smartcard Management Procedure NHS Business Services Authority Registration Authority and Smartcard Management Procedure NHS Business Services Authority Corporate Secretariat NHSBSAIS005 Issue Sheet Document reference Document location

More information

Peninsula Community Health. Integrated Identity Management Policy (Registration Authority Policy)

Peninsula Community Health. Integrated Identity Management Policy (Registration Authority Policy) Peninsula Community Health (Registration Authority Policy) Title: (Registration Authority) Procedural Document Type: Policy Reference: HRP 43 and ITP04 CQC Outcome: 13 Version: 2 Approved by: Information

More information

Electronic Prescription Service Implementation Strategy

Electronic Prescription Service Implementation Strategy Electronic Prescription Service Implementation Strategy Introduction The implementation of the electronic service presents an enormous logistical challenge. In order for the service to operate, primary

More information

Electronic Prescription Service (EPS2)

Electronic Prescription Service (EPS2) Electronic Prescription Service (EPS2) The Fort House Surgery 6 TH October Ashley Medical Centre - 20 th October Business Process Change Workshop Gary Mortimer EPS Implementation Manager gmortimer@hscic.gov.uk

More information

Clinical Comparators: A Guide By Physicians For Physicians

Clinical Comparators: A Guide By Physicians For Physicians Clinical Comparators: A Guide By Physicians For Physicians A Pilot Website for Gastroenterologists in England Contents Aims of the project A new approach to NHS data Analysis by physicians for physicians

More information

Report on: Strategic and operational planning 2016/17 to 2020/21

Report on: Strategic and operational planning 2016/17 to 2020/21 To: The Board For meeting on: 25 February 2016 Agenda item: 7 Report by: Bob Alexander Report on: Strategic and operational planning 2016/17 to 2020/21 Purpose 1. The purpose of this paper is to invite

More information

Populating the Tracking Database - Guidance for SCR Project Managers

Populating the Tracking Database - Guidance for SCR Project Managers Document filename: Populating the Tracking Database - Guidance for SCR Project Managers Directorate / Programme SCR Project SCR Planning and Reporting Tool Document Reference Project Manager Emma

More information

NHS Information Governance: 2010/11 UPDATE

NHS Information Governance: 2010/11 UPDATE NHS Information Governance: 2010/11 UPDATE JANUARY 2011 Contents Outline of the Changes Quick reference to additional evidence requirements Guide to using the online Toolkit Frequently asked questions

More information

GP Patient Survey Your Doctor, Your Experience, Your Say

GP Patient Survey Your Doctor, Your Experience, Your Say To: GP Practices Chief Executives of Primary Care Trusts Dear Colleague GP Patient Survey Your Doctor, Your Experience, Your Say This letter confirms arrangements for delivery of the 2008 GP Patient Survey.

More information

TRUST POLICY FOR DATA QUALITY

TRUST POLICY FOR DATA QUALITY TRUST POLICY FOR DATA QUALITY Reference Number: IG 2012 001 Version: 2.3 Status: Final Author: Vanessa Forman Job Title: Head of Information Version / Amendment History Version Date Author Reason 1 September

More information

ADDITIONAL CONTRACTUAL TERMS RELATING TO THE PROVISION OF MANAGED SERVICES

ADDITIONAL CONTRACTUAL TERMS RELATING TO THE PROVISION OF MANAGED SERVICES ADDITIONAL CONTRACTUAL TERMS RELATING TO THE PROVISION OF MANAGED SERVICES ACT Document Version: 3.0 Customer Document Version: 1.0 Issue Date: XXXXXX COMMERCIAL IN CONFIDENCE Please replace this image

More information

A Question of Balance

A Question of Balance A Question of Balance Independent Assurance of Information Governance Returns Audit Requirement Sheets Contents Scope 4 How to use the audit requirement sheets 4 Evidence 5 Sources of assurance 5 What

More information

Electronic Prescription Service. Guidance for community pharmacy contractors on implementing Release 1

Electronic Prescription Service. Guidance for community pharmacy contractors on implementing Release 1 Electronic Prescription Service The Electronic Prescription Service Guidance for community pharmacy contractors on implementing Release 1 Contents With about 1.3 million prescriptions now being issued

More information

Electronic Prescription. Service. Services offered by HSCIC to support EPS

Electronic Prescription. Service. Services offered by HSCIC to support EPS Electronic Prescription Service Services offered by HSCIC to support EPS NHS England through its Area Teams (ATs) is responsible for the planning and implementation of EPS. The purpose of this document

More information

Hospital Episode Statistics

Hospital Episode Statistics Hospital Episode Statistics Accident and Emergency Attendances in England 2012-13 28 th January 2014 1 Copyright 2014, Health and Social Care Information Centre. This product may be of interest to members

More information

Supporting all NHS Trusts to achieve NHS Foundation Trust status by April 2014

Supporting all NHS Trusts to achieve NHS Foundation Trust status by April 2014 TFA document Supporting all NHS Trusts to achieve NHS Foundation Trust status by April 2014 Tripartite Formal Agreement between: Walsall Healthcare NHS Trust NHS West Midlands Department of Health Introduction

More information

THE HEALTH AND SOCIAL CARE INFORMATION CENTRE DATA SHARING CONTRACT

THE HEALTH AND SOCIAL CARE INFORMATION CENTRE DATA SHARING CONTRACT THE HEALTH AND SOCIAL CARE INFORMATION CENTRE DATA SHARING CONTRACT CONTRACT TYPE CONTRACT REF HIGH RISK REF HIGH RISK N/A 1. PARTIES TO THE CONTRACT This Contract is made between: The Health & Social

More information

Patient Reported Outcome Measures (PROMs) Standards

Patient Reported Outcome Measures (PROMs) Standards Patient Reported Outcome Measures (PROMs) Standards A. Information Governance Requirement This Information Governance Requirement Standard covers four Areas: 1. NHS Systems Requirements, 2. Data Sharing,

More information

www.gov.uk/monitor The maternity pathway payment system: Supplementary guidance

www.gov.uk/monitor The maternity pathway payment system: Supplementary guidance www.gov.uk/monitor The maternity pathway payment system: Supplementary guidance Contents Introduction... 3 Inclusions and exclusions from the pathway payments... 4 Early pregnancy unit and emergency gynaecology

More information

Use of tablet devices in NHS environments: Good Practice Guideline

Use of tablet devices in NHS environments: Good Practice Guideline Use of Tablet Devices in NHS environments: Good Practice Guidelines Programme NPFIT Document Record ID Key Sub-Prog / Project Technology Office Prog. Director Chris Wilber Status APPROVED Owner James Wood

More information

Report to Trust Board 31 st January 2013. Executive summary

Report to Trust Board 31 st January 2013. Executive summary Report to Trust Board 31 st January 2013 Title Sponsoring Executive Director Author(s) Purpose Previously considered by Transforming our Booking and Scheduling Systems Steve Peak - Director of Transformation

More information

Emergency Care Weekly Situation Report Standard Specification

Emergency Care Weekly Situation Report Standard Specification Title Emergency Care Weekly Situation Report Specification Document ID ISB 1607 Specification Sponsor Sarah Butler, DH Status FINAL Developer Paul Steele Version 1.0 Author Paul Steele Version Date 19/03/2014

More information

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework Putting Barnsley People First Barnsley Clinical Commissioning Group Information Governance Policy and Management Framework Version: 1.1 Approved By: Governing Body Date Approved: 16 January 2014 Name of

More information

The EDGE 2014 User Conference Information Governance Workshop

The EDGE 2014 User Conference Information Governance Workshop The EDGE 2014 User Conference Information Governance Workshop Monday 17 th March 2014 Debbie Terry Agenda What is Information Governance? New developments in legislation Your questions answered Caldicott

More information

SNOMED CT. The Language of Electronic Health Records

SNOMED CT. The Language of Electronic Health Records SNOMED CT The Language of Electronic Health Records Contents SNOMED CT: An overview page 02 What is a Clinical Terminology? What is SNOMED CT? The International Health Terminology Standards Development

More information

EPS R2 Transition and Smartcards

EPS R2 Transition and Smartcards EPS R2 Project EPS R2 Transition and Smartcards Guidance for Community Pharmacists and Pharmacies NHS smart card support is available from the SWCS Registration Authority. Contact the IT Service Desk 8:30am

More information

GPES Independent Advisory Group Minutes

GPES Independent Advisory Group Minutes Meeting date: Thursday 13 December 2012 Location: Ambassadors Bloomsbury, 12 Upper Woburn Place, London WC1H 0HX Members in attendance: Name Neil Serougi Angus Dawson Joanne Bailey Eve Sariyiannidou MacDonald

More information

Offshore and Internet Connection Addendum to the. Data Sharing Agreement. Version 1.3

Offshore and Internet Connection Addendum to the. Data Sharing Agreement. Version 1.3 Offshore and Internet Connection Addendum to the Data Sharing Agreement Version 1.3 Document Control Owners IEP User Group Author Steve Jessop Document Preparation Date Version Author Comment 11/01/12

More information

2. Which clinical records should be included in hospital data submission?

2. Which clinical records should be included in hospital data submission? Hospital FAQs Episode record data 1. What is the minimum activity volume required to join PHIN? There is no minimum activity volume in the Competition and Markets Authority (CMA) Order. Any healthcare

More information

System Center Configuration Manager

System Center Configuration Manager System Center Configuration Manager Software Update Management Guide Friday, 26 February 2010 Version 1.0.0.0 Baseline Prepared by Microsoft Copyright This document and/or software ( this Content ) has

More information

ORGANISATION DATA SERVICE ACCESS DATABASE

ORGANISATION DATA SERVICE ACCESS DATABASE ORGANISATION DATA SERVICE ACCESS DATABASE Version 6.0 June 2014 1. Introduction The Organisation Data Service Access Database was created from the current download files distributed by ODS. It is available

More information

Integrated Identity Management (IIM) and Registration Authority (RA) Policy NO. HRP14

Integrated Identity Management (IIM) and Registration Authority (RA) Policy NO. HRP14 Integrated Identity Management (IIM) and Registration Authority (RA) Policy NO. HRP14 Applies to: All Staff Committee for Approval Education and Workforce Committee Date of Approval: 21 January 2013 Review

More information

Eligibility Criteria for Patient Transport Services (PTS)

Eligibility Criteria for Patient Transport Services (PTS) Eligibility Criteria for Patient Transport Services (PTS) Eligibility Criteria for Patient Transport Services (PTS) PTS eligibility criteria document Prepared by DH Ambulance Policy 2 3 DH INFORMATION

More information

Emailing and Texting with Patients

Emailing and Texting with Patients Emailing and Texting with Patients Trust Board Meeting - Part 1 Item: 8.4 25 September 2013 Enclosure: I Purpose of the Report: This paper explores the use of email and texting in certain forms of communication

More information

WSIC Integrated Care Record FAQs

WSIC Integrated Care Record FAQs WSIC Integrated Care Record FAQs How your information is shared now Today, all the places where you receive care keep records about you. They can usually only share information from your records by letter,

More information

Business Continuity Policy and Business Continuity Management System

Business Continuity Policy and Business Continuity Management System Business Continuity Policy and Business Continuity Management System Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain

More information

<INSERT PROJECT NAME> DATA MIGRATION CHECKLIST

<INSERT PROJECT NAME> DATA MIGRATION CHECKLIST DATA MIGRATION CHECKLIST Ensure you always have the latest version of this document. Document Location This document is only valid on the day it was printed. The source of the document

More information

IAAS Recommendation Report

IAAS Recommendation Report Standardisation Committee for Care Information (SCCI) 30 April 2014 Agenda Item:09 For: (insert action/decision/info) IAAS Recommendation Report ISB 1513 Maternity Services Data Set (Amd 45/2012) IAAS

More information

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation Northumberland, Newcastle North and East, Newcastle West, Gateshead, South Tyneside, Sunderland, North Durham, Durham Dales, Easington and Sedgefield, Darlington, Hartlepool and Stockton on Tees and South

More information

SCCI SUPPORTING. SCCI2036 Palliative Care Clinical Data Set. Implementation Strategy. Project: SCCI2036 Palliative Care Clinical Data Set

SCCI SUPPORTING. SCCI2036 Palliative Care Clinical Data Set. Implementation Strategy. Project: SCCI2036 Palliative Care Clinical Data Set Document filename: Project Manager SCCI2036 Implementation Strategy v0.3 Helen Bolton Project: SCCI2036 Palliative Care Clinical Data Set Owner Julia Verne Version 0.3 Author Malcolm Roxburgh Version issue

More information

Information Governance Policy

Information Governance Policy Information Governance Policy UNIQUE REF NUMBER: AC/IG/013/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT HISTORY

More information

Information Sharing Policy

Information Sharing Policy Information Sharing Policy REFERENCE NUMBER IG 010 / 0v3 February 2013 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive Committee 5.2.13 REVIEW DUE DATE February 2016 West Lancashire CCG is committed

More information

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY INFORMATION GOVERNANCE AND DATA PROTECTION POLICY WN CCG Information Governance & Data Protection Policy July 2013 1 Document Control Sheet Name of Document: Information Governance & Data Protection Policy

More information

Present: 1. Apologies and Introductions. 2. Minutes of previous meeting of 26th June 2013

Present: 1. Apologies and Introductions. 2. Minutes of previous meeting of 26th June 2013 Present: Sue Millard (ODS - HSCIC) Alan Keen (ODS - HSCIC) Mike Presence (ODS - HSCIC) Hayley Sims (ODS - HSCIC) Danny Ruttle (ODS - HSCIC) Mat Jordan (HSCIC) Angela Faulding (NHS DM&D) Nicky Turner (NWIS)

More information

IG Toolkit Version 8. Information Security Assurance. Requirement 322. Detailed Guidance on Secure Transfers

IG Toolkit Version 8. Information Security Assurance. Requirement 322. Detailed Guidance on Secure Transfers IG Toolkit Version 8 Information Security Assurance Requirement 322 Detailed Guidance on Secure Transfers IG Toolkit Version 8 Requirement 322: Detailed guidance on secure transfers Page 1 of 7 All transfers

More information

GP2GP Utilisation Framework

GP2GP Utilisation Framework Document filename: GP2GP Utilisation Framework Directorate / Programme Cross Government Programmes Project GP2GP Document Reference Project Manager Status Live Owner Andrew Walsham Version 1.2

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

Information Governance Toolkit Assessment 2009/10

Information Governance Toolkit Assessment 2009/10 Information Governance Toolkit Assessment 2009/10 Document Reference: Version: Ratified by: Date ratified: Name of originator/author: Name of responsible committee/individual: Document owner: Document

More information

6 Section 6 Who Can Help?

6 Section 6 Who Can Help? 6 Section 6 Who Can Help? 6.1 In this Section This section provides a list of contacts that can provide support during the implementation of the project, under the following broad headings: Regional Cluster

More information

JOB DESCRIPTION. Contract Management and Business Intelligence

JOB DESCRIPTION. Contract Management and Business Intelligence JOB DESCRIPTION DIRECTORATE: DEPARTMENT: JOB TITLE: Contract Management and Business Intelligence Business Intelligence Business Insight Manager BAND: 7 BASE: REPORTS TO: Various Business Intelligence

More information

Electronic Transmission of Prescriptions. FP10 Stationery Changes for ETP

Electronic Transmission of Prescriptions. FP10 Stationery Changes for ETP Electronic Transmission of Prescriptions Programme NPfIT DOCUMENT NUMBER Sub-Prog/Project ETP National Prog Org Prog/Proj Doc Ver Prog. Director Tim Donohoe Sub Prog/Proj Mgr Tim Donohoe NPFIT ETP EDB

More information

DATA SET CHANGE NOTICE

DATA SET CHANGE NOTICE DSC Notice: 44/2007 Date of Issue: December 2007 Sponsoring Organisation: Implementation Date: 1 st January 2008 Subject: Department of Health Data Standards; Inter-Provider Transfer Administrative inimum

More information