Guidance for Sponsors & Registration Agents on the Granting of SUS RBAC Activities

Transcription

1 Programme NPFIT Document Record ID Key Sub-Prog / Project Secondary Uses Service Prog. Director J Thorp Version 5.1 Owner Status Author Craig Watson Version Oct- 12 Date Secondary Uses Service Guidance for Sponsors & Registration Agents on the Granting of SUS RBAC Activities V5.1 Oct 2012

2 Amendment History: Version Date Amendment History /1/08 First version for Comment 0.2 7/2/08 Incorporates first round of comments from Steve Davison and Colin Fincham /2/08 Incorporates second round of comments from Steve Davison; added references /4/08 Final version for release /5/08 Upgrade to issue v /04/2009 Addition of guidance for Strategic Data Deletion Service /05/2009 Addition of R5 PbR Activities /12/2009 R6 Update and further clarification around business functions available and those still in UAT /06/2010 R6.1 and R7 update. Reorganised sections, added information on shared services, ISHPs and user limits /02/2012 Updated all the hyperlinks from CfH to HSCIC /10/2012 Review all sections, update as required Forecast Changes: Anticipated Change Guidance may be updated with each SUS release as new functionality is delivered. Reviewers: This document must be reviewed by the following: When Signature Title / Responsibility Date Version Service Delivery Manager Approvals: This document must be approved by the following: Signature Title / Responsibility Date Version Jeremy Thorp SUS Programme 21/4/08 Distribution: Sponsors and Registration Authorities. Document Status: This is a controlled document. Whilst this document may be printed, the electronic version maintained in FileCM is the controlled copy. Any printed copies of the document are not controlled. Related Documents: These documents will provide additional information. Ref no Doc Reference Number Title Version Page 2 of 39

3 Glossary of Terms: List any new terms created in this document. Mail the NPO Quality Manager to have these included in the master glossary above [1]. Term Acronym Definition Page 3 of 39

4 Contents 1 Introduction Audience Purpose SUS Functionality SUS Information Governance and Access Controls How SUS implements RBAC Guidance for RAs Access to the SUS Application is via B Rules on Accessing Identifiable and Pseudonymised Data Availability of SUS Functionality Limits on The Number of SUS Users to the SUS Data Access Service Cross Organisational Access to SUS Data Shared Services Independent Sector/Healthcare Providers Guidance on Granting SUS Activities CDS Extract Users Payment by Results Users Users who monitor the submission of data to SUS Users Requiring Access to the Strategic Data Deletions Service Further Support Appendix A - Index of SUS Activities (Business Functions) Appendix B Conflicting Business Functions Appendix C Restricted Business Functions Appendix D - Redundant Business Functions Page 4 of 39

5 1 Introduction 1.1 Audience This document is intended to provide guidance to Registration Authorities (RAs) and Sponsors who will be responsible for granting access to the Secondary Uses Service (SUS) to their user community. It may also prove a useful guide to Information Managers and SUS users when determining the appropriate SUS access required to meet their business needs. 1.2 Purpose The document presents a simple description of the decisions that RAs and Sponsors will have to take in deciding which RBAC Activities should be granted to particular users Although this document presents high-level descriptions of the SUS functionality, it is not intended to be a user guide for the SUS applications. Further information about SUS can be found at the SUS Guidance pages 1.3 SUS Functionality The SUS suite of applications is maintained centrally on the NHS Spine. These applications support several NHS business areas including: Commissioning Data Set (CDS) Extracts Payment by Results Strategic Data Deletion Service 1.4 SUS Information Governance and Access Controls In order to comply with the Law and with Confidentiality: the NHS of Practice, SUS is required to provide reports and extracts with patient information in aggregate or anonymous form wherever possible. Where this is not practicable, SUS provides information in pseudonymised form (which enables records about individuals to be linked together without revealing their identities) and, in exceptional cases, in identifiable form. According to current policy as specified by the Ethics & Confidentiality Committee (EEC), and accepted best practice, where data is required in pseudonymised or identifiable form for secondary purposes, only the data relevant to the particular purpose of access should be provided to the user. For example, if a user requires pseudonymised or identifiable data to manage their 18 Week Referral to Treatment Times, they should only be given access to the particular records that are relevant to their query, and should not be given general access to all (pseudonymised or identifiable) records in their organisation. Please refer to section 2.2 for further rules around access to patient identifiable and pseudonymised data. 1.5 How SUS implements RBAC As with other Spine applications, access to SUS is enabled via the NHS Smartcard system 1 which implements Role Based Access Controls (RBAC). 1 Access to NHS Comparators is via a separate mechanism GP Practices have been allocated accounts for access, other users should contact the Health and Social Care Information Centre, Contact Centre for further information enquiries@ic.nhs.uk or available from 9-5 Monday to Friday. Page 5 of 39

6 1.5.2 Each user has a Smartcard with a Unique User ID (UUID). In the RBAC system this UUID is associated with any number of Roles (or User Role Profiles URPs). A URP contains, among other information: An organisation code A (three-level) Role Identifier Optionally, one or more (three-level) Areas of Work [Not used in SUS] Optionally, one or more s and s (also known as Business Functions or BFs) This is represented diagrammatically in Figure 1 below: Smartcard with UUID URP 1 Role Org Activities URP 2 URP 3, etc Figure The SUS applications use these elements to determine which functionality will be available to the user It is crucial to note that SUS only uses elements, namely activities and the organisation code, within a single URP to determine the access rights that will be granted to the user for each session. Thus if a user has several URPs, they will be asked to choose which URP they want to use for the session As described above, the SUS application looks at two elements within the URP in particular to determine what access is given to the users: The Activities determine which area of functionality can be accessed by the user e.g. local views of 18 week RTT reports, commissioner PbR extracts, etc. A user may have several activities within each URP although some combinations of activities are not allowed within a single URP, and some activities are not allowed for users in all organisations. It is important to note that there is no technical constraint on the granting of combinations and Organisation combinations in Calendra but that if a forbidden combination of Activities and/or Organisations is granted, the user will be denied access to SUS using the URP concerned. The main example of this is that users are not allowed access to applications to see both clear data and pseudonymised data from the same URP. An RA should therefore not allocate combinations of Activities within a URP that provide a mixture of clear and pseudonymised data. The Organisation is used to restrict which data can be seen within some reports. The Organisation is also used, as described above, to check for forbidden Page 6 of 39

7 combinations of activities and organisation. Please note that where data is restricted by the Organisation, this does not necessarily mean that data ONLY from the Organisation in the URP can be seen by the user when logging in with that URP the SUS application can hold organisational relationships that can allow organisation to see appropriate data from all of the other organisations for which it is responsible, providing suitable contractual or other agreements are in place. e.g. in a Shared Service [See Section 3.1 below]. Page 7 of 39

8 2 Guidance for RAs 2.1 Access to the SUS Application is via B In order for any user to access the SUS application, they must possess the activity B1500 within the URP they will use. All URPs that will be used to access SUS must contain B1500. This must be explicitly granted as it does not appear in any baseline. The SUS application does not use baselines, and none of the SUS Activities therefore appear in any baseline. 2.2 Rules on Accessing Identifiable and Pseudonymised Data Sponsors and RAs should also be aware that in order to comply with the rules and policies in the Care Record Guarantee and Confidentiality: the NHS of Practice access to identifiable data should be minimised for secondary purposes, even within a single organisation In order to comply with policy and information governance best practice, users are not able to simultaneously view identifiable (clear) and pseudonymised records during a single SUS session; IMPORTANT - RAs should not allocate business functions for pseudonymised data and business functions for clear data within the same URP SUS enforces this Information Governance principal. RAs should not allocate business functions for pseudonymised data and business functions for clear data within the same URP. There is no business need for an individual to access both types of data for one functional area. There should therefore be no need for an RA to artificially create 2 URPs for a user simply to access one area of functionality For an index of all the SUS Business Functions/Activities please refer to Appendix A. For further information please see the guidance material referenced in Section Availability of SUS Functionality Not all of the functionality described in this document will be available immediately. Training will be provided to users on the various SUS functions as they are released. Sponsors and RAs should ensure that users have received the appropriate training to use the SUS applications before access is granted. Some applications are currently in pilot undergoing user assurance testing. They are therefore not yet available to be used. Any user trying to access these using the appropriate business functions will receive an error message when they try to access the applications from the SUS Portal. 2.4 Limits on The Number of SUS Users to the SUS Data Access Service Each organisation is only permitted 3 user licenses to use the SUS Data Access Service (Ardentia). The SUS activities/business functions that are used to access this area are shown in the table below. NB - This is different to the SUS Business Intelligence Service (BO) which does not restrict the number of user licenses per organisation. Page 8 of 39

9 SUS enforces certain Information Governance principals around the type of data that users are allowed to access. There are therefore certain combination of SUS activities that should not be allocated to a user s role. A user can mix activities shown in column A with those from any one other column. However users cannot mix activities from columns B, C or D. For example you cannot not use both B1505 and B0164 together. You can use B1505 and B0163 together. SHAs can only use activities from columns A and/or D. A B C D SEM CDS Extracts PbR B Access Financial Integrity Extracts B Execute CDS Extracts (Clear) B Access PbR Extracts (clear view) Old PbR B Run Aggregate PbR Reports B Run PbR Commissioning Extracts B Run PbR Provider Extracts MHMDS service not yet live Tracker B Manage Tracking and Data Quality B MHMDS Ad Hoc Report Generation (local, clear) B Execute CDS Extracts (NHS Group Pseud. Data) B Access PbR Extracts (pseudonymised view) B MHMDS Ad Hoc Report Generation (local, pseudo) B Execute CDS Extracts (Spatial key Pseud. Data, Clear Postcode) B Access PbR Extracts (Spatial view) Please refer to Appendix B For a full table of conflicting activities. 3 Cross Organisational Access to SUS Data 3.1 Shared Services In brief, shared services must: Register with the NHS Organisation Data Service (ODS); and Inform the SUS Helpdesk to enable SUS to be set up to recognise the Shared Service Page 9 of 39

10 Shared Services must register with SUS using the Shared Services Registration form found at the SUS Guidance pages under the section How do I set up a Shared Service or Specialist Commissioning Service?. 3.2 Independent Sector Providers Facilities have been set up in SUS to enable Independent Sector Providers (ISP) to process data for itself as the parent or Head Quarters of the organisation and other child or satellite sites within the same overall ISP organisation. To implement this, the ISP will need to: Register with the NHS Organisation Data Service (ODS); and Inform the SUS Helpdesk to enable SUS to be set up to handle each ISHP ISHPs must register with SUS using the Independent Sector Registration form found at the SUS Guidance pages under the section How do I set up an Independent Sector Provider in SUS? Page 10 of 39

11 4 Guidance on Granting SUS Activities The SUS descriptions in the National RBAC Database (listed in Appendix A) give detailed explanations of the functionality provided by each individual, grouped by Subgroup / SUS Reporting Area. The additional high-level guidance below is designed to assist sponsors and RAs to determine the correct combination of Activities for particular users. NB individuals may work across different areas and so may need several Activities within a single URP Please note that certain combinations of Activities are not permitted within a single URP this is to comply with Information Governance rules that apply to SUS. Importantly business functions giving access to clear data and pseudonymised data must not be mixed in the same URP. As described above, it is important to note that there is no technical constraint on the granting of and Organisation combinations in the Calendra system but that if a forbidden combination of Activities / Organisations is granted, the user will be denied access to SUS using the URP concerned Please refer to Appendix B For a full table of conflicting activities. Users that attempt to log into SUS with conflicting activities will be presented with the following error message: Your currently selected User Role Profile contains an invalid combination of SUS Activities. Please contact your local Registration Agent. Page 11 of 39

12 4.2 CDS Extract Users The following Activities are available: Execute CDS Extracts (Clear) Execute CDS Extracts (Pseud. Data, Clear Postcode) Execute Spatial CDS Extracts (Pseud. Data, Clear Postcode) B1505 B1510 B Users in Provider and Commissioner (including Shared Services) organisations should be granted B1505. This will provide a local view of CDS data based on the organisation code in the URP. Users in Shared Service organisations should have a URP created with the Shared Service organisation code, and should separately notify SUS of the relationship between the Shared Service organisation and its child organisations 2. It is envisaged that small numbers of users in each organisation will require this activity and that these users will then share the extracted data locally in line with the SUS Data Handling protocol Users who are only permitted to view pseudonymised data should only be granted B1510. All SHA users must use B1840 instead. This will provide pseudonymised extracts but with the postcode in clear data format. This is to facilitate detailed geographical and spatial analysis. B1840 cannot be granted to a user alongside the other two activities. Refer to Section 2.4 to check the conflicting activities for SHA users. 4.3 Payment by Results Users The following Activities are available: Access Financial Integrity Extracts Access PbR Extracts (clear view) Access PbR Extracts (pseudonymised view) Access PbR Extracts (Spatial pseudonymised view) B0162 B0163 B0164 B B0164 will not work for SHA users. All SHA users must use B1841 instead. This will provide pseudonymised extracts but with the postcode in clear data format. This is to facilitate detailed geographical and spatial analysis. It is important to note that B1841 will not work if allocated on the same URP as B0163 and B0164. Refer to Section 2.4 to check the conflicting activities for SHA users For further guidance on these activities please refer to the latest SUS PbR Online User Guide and also the latest Technical Guidance found at the PbR Guidance pages 2 see 3 see Page 12 of 39

13 The following Activities are available: Run Aggregate PbR Reports Run PbR Commissioning Extracts Run PbR Provider Extracts B1555 B1560 B PbR users may be granted any or all of these Activities, although for a typical provider or commissioner organisation, only B1560 or B1565 will be applicable (both would be required for organisations that act both as provider and commissioner). B1555 is applicable to PbR users in provider and commissioner organisations. 4.4 Users who monitor the submission of data to SUS B1525 (Manage Tracking and Data Quality) allows users to execute data quality reports against specified data sets, and to accept and reject submissions. It may therefore be granted to Information Service staff in provider and commissioner organisations, and in SHAs. 4.5 Users Requiring Access to the Strategic Data Deletions Service The following is available: Access Data Deletion Request Service B This activity allows users in NHS Organisations to request service from the Health and Social Care Information Centre Data Deletion Service. Further information is found at the Data Deletion Guidance page This activity also includes reporting on the progress of the data deletion request (local organisational view).further Support Further information is available from the SUS Guidance pages: and via the Health and Social Care Information Centre enquiries@ic.nhs.uk or available from 9-5 Monday to Friday. Page 13 of 39

14 Appendix A - Index of SUS Activities (Business Functions) NB Please refer to the SUS Progress Tracker to determine the latest functionality that is available. Sub Group Online Query Services Business Function / BF / Business Function / Description Functionality currently available to use. NB This does not include restricted activities. Access SUS B1500 This activity is required for the SUS link to appear on the Spine portal page. Without this activity users will not be able to access the SUS application, so this must be granted to all SUS users. Notes Page 14 of 39

15 Sub Group Business Function / BF / Business Function / Description Extracts Execute CDS Extracts (Clear) B1505 Allows a user to run parameterised or pre-set CDS data extracts with patient identifiable data for a commissioning organisation within the NHS. Notes Allows a user to view previously executed parameterised or pre-set CDS data extracts with patient identifiable data for a commissioning organisation within the NHS. Allows a user to run parameterised or pre-set CDS data extracts with patient identifiable data for a provider organisation (within the NHS). Allows a user to view previously executed parameterised or pre-set CDS data extracts with patient identifiable data for a provider organisation (within the NHS). Only applicable to information service staff in commissioner and provider organisations. NB In the future all identifiers will be replaced with pseudonyms in all reports accessible via this activity. Extracts Execute CDS Extracts (NHS Group Pseud. Data) B1510 Allows a user to run parameterised or pre-set CDS data extracts with patient identifiable data in pseudonymised form, using the NHS Group key, for their organisation. Allows a user to view previously executed parameterised or pre-set CDS data extracts with patient identifiable data in pseudonymised form, using the NHS Group key, for their organisation. Page 15 of 39

16 Sub Group Business Function / BF / Business Function / Description Notes Extracts Execute Spatial CDS Extracts (Pseud. Data, Clear Postcode) B1840 Allows a user to run parameterised or pre-set CDS data extracts with patient identifiable data in pseudonymised form using the Spatial Group key, but with postcode in clear form, for their organisation. Available from SUS R6 Allows a user to view previously executed parameterised or pre-set CDS data extracts with patient identifiable data in pseudonymised form using the Spatial Group key, but with postcode in clear form, for their organisation. Payment by Results Payment by Results Access Financial Integrity Extracts Access PbR Extracts (clear view) B0162 B0163 Access Financial Integrity extracts with one of the following views depending on the organisation of the user: - SHA View of Financial Integrity, - Commissioner View of Financial Integrity, - Provider View of Financial Integrity Aggregate data. This includes Main extracts + Error Extracts + Supplementary Reports, via managed service and via PbR Online application For these reports: - there is only one functional view i.e. all functionality is available to all users (i.e. they can select any of the parameters within the forms displayed) however data will only be displayed that is relevant to the user s organisation (as in the selected URP); - clear views should not be provided to SHAs; - all of the detailed rules for which data, etc. is available in each report for each organisation will be specified in the reporting specification; - a user should not have a clear and a pseudo activity within a single URP. Allows user to run extract for other roles, eg copy recipient, PCT Residence, PCT Responsible. PbR Processing from 1st April 2009 PbR Processing from 1st April 2009 Page 16 of 39

17 Sub Group Business Function / BF / Business Function / Description Notes Payment by Results Access PbR Extracts (pseudonymised view) B0164 This includes Main extracts + Error Extracts + Supplementary Reports, via managed service and via PbR Online application For these reports: - there is only one functional view i.e. all functionality is available to all users (i.e. they can select any of the parameters within the forms displayed) however data will only be displayed that is relevant to the user s organisation (as in the selected URP); - clear views should not be provided to SHAs; - all of the detailed rules for which data, etc. is available in each report for each organisation will be specified in the reporting specification; - a user should not have a clear and a pseudo activity within a single URP. Allows user to run extract for other roles, eg copy recipient, PCT Residence, PCT Responsible. PbR Processing from 1st April 2009 Payment by Results Access PbR Extracts (Spatial pseudonymised view) B1841 This includes Main Extracts, Error Extracts and Supplementary Reports, via managed service and via PbR Online application. PbR Processing from 1st April 2009 For these reports: - there is only one functional view i.e. all functionality is available to all users which means they can select any of the parameters within the forms displayed but data will only be displayed that is relevant to the user s organisation (as in the selected user role profile); - clear or NHS Group pseudonymised views will not be provided to SHAs, only Spatial Group pseudonymised views; - all of the detailed rules for which data is available in each report for each organisation will be specified in the SUS PbR Online Service User Guide; - a user should not have a clear and a pseudo activity within a single User Role Profile. Access to the service will be denied in such cases. Allows a user run extracts on records that are linked to the users organisation by a specified reason. Please refer to SUS PbR Online Service User Guide for a list of valid reasons. Page 17 of 39

18 Sub Group Payment by Results Business Function / BF / Business Function / Description Run Aggregate PbR Reports B1555 Allows a user to run parameterised or pre-set PbR data aggregate reports. Only applicable to PbR users. Notes PbR Processing Prior to Payment by Results Run PbR Commissioning Extracts B1560 Allows a user to run a parameterised or pre-set data extract from the PbR data set with patient identifiable data for a commissioning organisation within the NHS. PbR Processing Prior to Allows a user to view a previously executed parameterised or pre-set data extract from the PbR data set with pseudonymised data for a commissioning organisation within the NHS. Allows a user to run a parameterised or pre-set data With Errors extract from the PbR data set with pseudonymised data for an Organisation. Allows a user to run a parameterised or pre-set data With Errors extract from the PbR data set with pseudonymised data for an Organisation. Allows user to run extract for other roles, eg copy recipient, PCT Residence, PCT Responsible. Only applicable to information service staff in commissioner organisations. Page 18 of 39

19 Sub Group Payment by Results Business Function / BF / Business Function / Description Run PbR Provider Extracts B1565 Allows a user to run a parameterised or pre-set data extract from the PbR data set with patient identifiable data for a provider organisation within the NHS. Allows a user to view a previously executed parameterised or pre-set data extract from the PbR data set with pseudonymised data for a provider organisation within the NHS. Allows a user to run a parameterised or pre-set data With Errors extract from the PbR data set with pseudonymised data for an Organisation. Allows a user to run a parameterised or pre-set data With Errors extract from the PbR data set with pseudonymised data for an Organisation. Allows user to run extract for other roles, eg copy recipient, PCT Residence, PCT Responsible. Only applicable to information service staff in provider organisations. Notes PbR Processing Prior to Tracking and Data Quality Manage Tracking and Data Quality B1525 Allows a user to run predefined standard service tracking reports for submitted data and also accessed through Extract Mart Detail. Allows a user to execute the latest data quality report, for data the provider organisation has submitted to SUS, and accept or reject the submission and also accessed from Extract Mart. Allows a user to execute a data quality report against an existing specified data set (APC, outpatient, A&E, MHMDS) and other data validations. PCT / GP reports not yet live. Functionality undergoing user assurance. Allows users to view predefined PCT / GP derivation reports - view tailored to current organisation. (Reports 3) Only applicable to information service staff in commissioner organisations, provider organisations and SHAs. Page 19 of 39

20 Sub Group Business Function / BF / Business Function / Description Notes Data Deletion Service Access Data Deletion Request Service B0141 Allows users in NHS Organisations to request service from the Health and Social Care Information Centre Data Deletion Service. Also includes reporting on the progress of the data deletion request (local organisational view). Population Analysis Reports Run Population Analysis Extracts (Local, Pseudonymised) B1813 Allows access to underlying person data for the user's own organisation (or PCT Group if applicable - see s.pdf for guidance.). There is no national view accessible via this activity. If the Org code in the corresponding URP is DH, IC, PHO or SHA then no data is displayed. Population Analysis Reports Run Population Analysis Extracts (Local, Clear) B1815 NB. Only one Population Analysis reporting activity should be granted within a URP; a full list of disallowed combinations of activities is available on the SUS website. Allows access to underlying person data for the user's own organisation (or PCT Group if applicable - see s.pdf for guidance.). There is no national view accessible via this activity. If the Org code in the corresponding URP is DH, IC, PHO or SHA then no data is displayed. NB. Only one Population Analysis reporting activity should be granted within a URP; a full list of disallowed combinations of activities is available on the SUS website. The following functionality is not yet available to use. If allocated users may receive an error message. Announcements will be made via the SUS website as and when functionality that is currently undergoing user assurance is released. Tracking and Data Quality Access predefined PCT/GP Derivation reports (provider, clear) B0116 Allows users to access predefined PCT/GP derivation reports. View tailored to current organisation - applicable to provider organisations only. Patient identifiers are displayed as clear text. Not yet live. R4 functionality undergoing user assurance. Tracking and Data Quality Access predefined PCT / GP Derivation reports (pseudo) B0117 Allows users to access predefined PCT/GP derivation reports. View tailored to current organisation only. Patient identifiers are displayed as pseudonyms. Not yet live. R4 functionality undergoing user assurance. Page 20 of 39

21 Sub Group 18 Weeks RTT 18 Weeks RTT Business Function / National aggregate and dashboard 18 Weeks RTT reports (no drill-through to patient level data) Run Ad Hoc 18W RTT Queries (National, Aggregate) BF / Business Function / Description Notes B0155 Allows access to RTT dashboards and Aggregate RTT reports. Not yet live. R4 functionality undergoing user assurance. B1800 Ad hoc reporting tool with ability to formulate queries on Aggregate data (no pseudonyms or identifiers), for data across the whole nation. NB only one 18W RTT should be granted within a URP; a full list of disallowed combinations of Activities is available on the SUS website. Not yet live. R4 functionality undergoing user assurance. 18 Weeks RTT Run Ad Hoc 18W RTT Queries (Local, Pseudonymised) B1803 Run the ad hoc reporting tool with ability to formulate queries on RTT data with pseudonymised identifiers, restricted to organisation in logon URP. HISs are allowed access to data via this activity. However, please refer to s.pdf for guidance. Not yet live. R4 functionality undergoing user assurance. Only data relevant to the user's organisation is available. Also includes access to whole nation aggregate ad hoc views although no national pseudonymised view is accessible via this activity. If a user tries to access data via this activity with a DH or HSCIC / CFH org code then no data is displayed. NB only one 18W RTT activity should be granted within a URP; a full list of disallowed combinations of activities is available on the SUS website. Page 21 of 39

22 Sub Group Business Function / BF / Business Function / Description Notes 18 Weeks RTT Run Ad Hoc 18W RTT Queries (Local, Clear) B1804 Run ad hoc reporting tool with ability to formulate queries on RTT data with cleartext identifiers, restricted to organisation in logon URP. HISs are allowed access to data via this activity, however should refer to s.pdf for guidance. Not yet live. R4 functionality undergoing user assurance. Drill-through data is only available for the user's organisation and below in the NHS organisation hierarchy. Also includes access to whole nation aggregate ad hoc views although no national drill-through is accessible via this activity. If a user tries to access data via this activity with a DH or HSCIC / CFH org code then no data is displayed. NB only one 18W RTT activity should be granted within a URP; a full list of disallowed combinations of activities is available on the SUS website. Page 22 of 39

23 Sub Group Business Function / BF / Business Function / Description Notes 18 Weeks RTT Run Fixed 18W RTT Reports (Local, Pseudonymised) B1805 Predefined Pathway & Event data and DQ reports on data that relates to the user's own organisation only to allow drill-through to individual records. All identifiers are pseudonymised. HISs are allowed access to data via this activity. However, please refer to s.pdf for guidance. Not yet live. R4 functionality undergoing user assurance. Drill-through data is only available for the user's organisation and below in the NHS organisation hierarchy. No national drill through is accessible via this activity. If a user tries to access data via this activity with a DH or HSCIC / CFH org code then no data is displayed. NB only one 18W RTT activity should be granted within a URP; a full list of disallowed combinations of activities is available on the SUS website. 18 Weeks RTT Run Fixed 18W RTT Reports (Local, Clear) B1807 Predefined Pathway & Event data and DQ reports on data that relates to the user's own organisation only to allow drill-through to individual records. HISs are allowed access to data via this activity, however, should refer to s.pdf for guidance. Not yet live. R4 functionality undergoing user assurance. All identifiers should be displayed as cleartext. If a user tries to access data via this activity with a DH or HSCIC / CFH org code then no data is displayed. NB only one 18W RTT activity should be granted within a URP; a full list of disallowed combinations of activities is available on the SUS website. Page 23 of 39

24 Sub Group Business Function / BF / Business Function / Description Notes 18 Weeks RTT RTT Pilot - Run National PTL RTT008 Report B1837 This activity should only be allocated to Referral To Treatment (RTT) pilot users. Pilot users will require separate authorisation from the HSCIC in order to gain access. Pilot users only Allows temporary access to RTT008 National Patient Tracking List (PTL) report for live piloting. Aggregate data. 18 Weeks RTT RTT Pilot Run PTL Report Validation RTT011 and Summary Objects B1838 This activity should only be allocated to Referral To Treatment (RTT) Pilot users. Pilot users will require separate authorisation from the HSCIC in order to gain access. Allows temporary access to RTT011 Patient Tracking List (PTL) Report Validation and whole universe and new summary objects. Aggregate data. Pilot users only 18 Weeks RTT RTT Pilot Run PTL Report Validation RTT011 and Period/Detail Objects. Local- Clear B1839 This activity should only be allocated to Referral To Treatment (RTT) Pilot users. Pilot users will require separate authorisation from the HSCIC in order to gain access. Allows temporary access to RTT011 Patient Tracking List (PTL) Report Validation and whole universe and new Period/Detail objects. Data returned is local and clear. Pilot users only 18 Weeks RTT RTT Pilot Run PTL Report Validation RTT011 and Period/Detail Objects. Local - Pseudo B0171 This activity should only be allocated to Referral To Treatment (RTT) Pilot users. Pilot users will require separate authorisation from the HSCIC in order to gain access. Allows temporary access to RTT011 Patient Tracking List (PTL) Report Validation and whole universe and new Period/Detail objects. Data returned is local and pseudonymised. Pilot users only Page 24 of 39

25 Sub Group Business Function / BF / Business Function / Description Notes Population Analysis Reports Run national Population Analysis Aggregate reports B0154 Allows access to National Aggregate NSTS Reports. NB. Only one Population Analysis reporting activity should be granted within a URP; a full list of disallowed combinations of activities is available on the SUS website. Not yet live. R4 functionality undergoing user assurance. Should only be granted to PHO, DH, HSCIC or SHA staff. CAB Reporting CAB Reporting Run Aggregate Choose and Book Reports Run Choose and Book Reports (Expert view) B0156 Allows access to CAB General User Domain (predefined aggregate reports). Not yet live. R4 functionality undergoing user assurance. B1817 Allows access to Analyst views of the Choose and Book reports. Applicable to expert users (who have undergone appropriate training) only. Not yet live. R4 functionality undergoing user assurance. CAB Reporting Run Choose and Book Data Quality Reports B1818 Allows access to Data Quality reports for Choose and Book. Applicable only to staff working in CAB DQ only. Not yet live. R4 functionality undergoing user assurance. Mental Health Minimum Dataset Access MHMDS Predefined Reports (local, aggregate) B0119 Access predefined reports displaying aggregate data that relates to the user's own organisation only. HISs are allowed access to data via this activity, however, should refer to s.pdf for guidance. Not yet live. R4 functionality undergoing user assurance. No individual patient identifiers are displayed. If a user tries to access data via this activity with a DH or HSCIC / CFH org code then no data is displayed. NB only one MHMDS activity should be granted within a URP; a full list of disallowed combinations of activities is available on the SUS website. Page 25 of 39

26 Sub Group Business Function / BF / Business Function / Description Notes Mental Health Minimum Dataset Access MHMDS Predefined Reports (local, clear) B0134 Access predefined reports displaying data that relates to the user's own organisation with drill-through to individual records. HISs are allowed access to data via this activity, however, should refer to s.pdf for guidance. Not yet live. R4 functionality undergoing user assurance. All identifiers should be displayed as cleartext. If a user tries to access data via this activity with an SHA, DH or HSCIC / CFH org code then no data is displayed. NB only one MHMDS activity should be granted within a URP; a full list of disallowed combinations of activities is available on the SUS website. Mental Health Minimum Dataset MHMDS Ad Hoc Report Generation (local, aggregate) B0135 Ad hoc report generation and extracts for SHAs - aggregate data only. Outputs aggregate data for Trusts in the SHA only. NB only one MHMDS activity should be granted within a URP; a full list of disallowed combinations of activities is available on the SUS website. Not yet live. R4 functionality undergoing user assurance. Mental Health Minimum Dataset Access MHMDS Predefined Reports (local, pseudo) B0136 Access predefined reports displaying data that relates to the user's own organisation with drill-through to individual records. HISs are allowed access to data via this activity, however, should refer to s.pdf for guidance. Not yet live. R4 functionality undergoing user assurance. All identifiers should be displayed as pseudonyms. If a user tries to access data via this activity with an SHA, DH or HSCIC / CFH org code then no data is displayed. NB only one MHMDS activity should be granted within a URP; a full list of disallowed combinations of activities is available on the SUS website. Page 26 of 39

27 Sub Group Business Function / BF / Business Function / Description Notes Mental Health Minimum Dataset MHMDS Ad Hoc Report Generation (local, pseudo) B0137 Access ad hoc reporting tool and extracts service for MHMDS data. Users may view patient level data for their own organisation, patient identifiers are replaced by pseudonyms. If a user tries to access data via this activity with an SHA, DH or HSCIC / CFH org code then no data is displayed. Not yet live. R4 functionality undergoing user assurance. NB only one MHMDS activity should be granted within a URP; a full list of disallowed combinations of activities is available on the SUS website. Mental Health Minimum Dataset MHMDS Ad Hoc Report Generation (local, clear) B0138 Access ad hoc reporting tool and extract service for MHMDS data. Users may view patient identifiable information for their own organisation. If a user tries to access data via this activity with an SHA, DH or HSCIC / CFH org code then no data is displayed. NB only one MHMDS activity should be granted within a URP; a full list of disallowed combinations of activities is available on the SUS website. Not yet live. R4 functionality undergoing user assurance. Page 27 of 39

28 Appendix B Conflicting Business Functions The following pairs of SUS Business Functions / Activities conflict: BF 1 BF 2 BF 1 BF2 BF 1 BF2 BF 1 BF2 B0116 B0117 B1807 B1801 B1813 B1812 B1819 B1801 B0160 B1505 B1807 B1805 B1813 B1804 B1819 B1802 B0160 B1840 B1808 B1801 B1813 B1808 B1819 B1803 B0160 B0163 B1808 B1803 B1813 B1811 B1819 B1804 B0160 B1841 B1808 B1805 B1814 B1801 B1819 B1805 B0163 B1510 B1808 B1806 B1814 B1803 B1819 B1806 B0163 B1840 B1808 B1807 B1814 B1805 B1819 B1807 B0163 B0164 B1808 B1804 B1814 B1806 B1819 B1808 B0163 B0160 B1809 B1540 B1814 B1807 B1819 B1809 B0163 B1841 B1809 B1545 B1814 B1809 B1819 B1810 B0163 B0165 B1809 B1835 B1814 B1810 B1819 B1813 B0164 B1505 B1809 B1836 B1814 B1812 B1819 B1816 B0164 B1840 B1809 B0255 B1814 B1813 B1819 B1540 B0164 B0163 B1809 B1801 B1814 B1804 B1819 B1811 B0164 B1841 B1809 B1802 B1814 B1808 B1819 B1812 B1505 B1510 B1809 B1803 B1814 B1811 B1819 B1814 B1505 B1840 B1809 B1805 B1815 B1801 B1819 B1815 B1505 B0164 B1809 B1806 B1815 B1805 B1819 B1817 B1505 B0160 B1809 B1808 B1815 B1806 B1819 B1818 B1505 B1841 B1809 B1525 B1815 B1808 B1834 B1510 B1505 B0165 B1809 B1550 B1815 B1810 B1834 B1840 B1510 B1505 B1809 B1800 B1815 B1803 B1834 B0160 B1510 B1840 B1809 B1804 B1815 B1809 B1834 B0164 B1510 B0163 B1809 B1807 B1815 B1812 B1834 B1841 B1510 B1841 B1810 B1525 B1815 B1811 B1834 B0165 B1560 B1510 B1810 B1540 B1815 B1813 B1840 B1505 B1560 B1840 B1810 B1550 B1815 B1814 B1840 B1510 B1560 B0160 B1810 B1835 B1816 B1803 B1840 B0163 B1560 B0164 B1810 B1836 B1816 B1807 B1840 B0164 B1560 B1841 B1810 B1800 B1816 B1810 B1840 B0160 B1560 B0165 B1810 B1804 B1816 B1815 B1840 B0165 B1565 B1510 B1810 B1805 B1816 B1801 B1841 B1505 B1565 B1840 B1810 B1807 B1816 B1804 B1841 B1510 Page 28 of 39

29 B1565 B0160 B1810 B1808 B1816 B1805 B1841 B0163 B1565 B0164 B1810 B1545 B1816 B1806 B1841 B0164 B1565 B1841 B1810 B0255 B1816 B1808 B1841 B0160 B1565 B0165 B1810 B1802 B1816 B1809 B1841 B0165 B1802 B1801 B1810 B1806 B1816 B1811 B1803 B1801 B1810 B1801 B1816 B1812 B1803 B1802 B1810 B1803 B1816 B1813 B1804 B1801 B1812 B1802 B1817 B1809 B1804 B1802 B1812 B1807 B1817 B1810 B1804 B1803 B1812 B1808 B1817 B1811 B1805 B1801 B1812 B1810 B1818 B1809 B1805 B1802 B1812 B1811 B1818 B1810 B1805 B1804 B1812 B1804 B1818 B1811 B1806 B1803 B1812 B1809 B1819 B1525 B1806 B1804 B1813 B1802 B1819 B1545 B1806 B1805 B1813 B1805 B1819 B1550 B1806 B1802 B1813 B1806 B1819 B1835 B1807 B1802 B1813 B1807 B1819 B1836 B1807 B1803 B1813 B1809 B1819 B0255 B1807 B1806 B1813 B1810 B1819 B1800 Page 29 of 39

30 Appendix C Restricted Business Functions Only some Activities are available for granting by RAs in the NHS outside central organisations. The Activities shown here are only for use by RAs in NHS Connecting for Health, The Department of Health and Health and Social Care Information Centre. They should not be granted by RAs in other organisations, nor should they be granted to users from other organisations. If users outside NHS CFH, the DH and the HSCIC are granted any of these Activities they will automatically be denied access to SUS. If a URP is created that has any of these Activities with any other organisation code, the SUS application will not allow the access via that URP (although other URPs that the user has with valid combinations of Activities and Organisations will continue to work). NB users who require these Activities must apply to the SUS Helpdesk at Health and Social Care Information Centre 4. All of these users will additionally require B1500. Subgroup / Description SUS Reporting Area Online Query Services Run On Line Queries B1535 Allows Access to Sim Mart and On Line Query Business Models for MH & PbR. Restricted to HSCIC only via organisationally filtered controls (in initial release) Payment by Results Run National non-uk NHS Users B1834 Report Allows access to Payment by Results reports that give the name, address and country of residence of non-uk nationals who have used NHS services, in order to allow costs to be reclaimed from the patients' home nations. Should only be granted to users if their org code is DH (or another organisation nominated by the DH). Access PbR National Extract B0160 Solely users in the IC. 4 The Health and Social Care Information Centre Contact Centre enquiries@ic.nhs.uk or available from 9-5 Monday to Friday Page 30 of 39

31 Subgroup / SUS Reporting Area Access Financial Integrity Extracts DH/IC view B0161 Description Extracts which show that data balances at national level for all providers and commissioners, split out across SHAs (possibly will be the same as the SHA view - requirements still under development). National support for end users B0165 This would be a restricted function used within the HSCIC to gain access to particular reports from any organisation when queries/ issues are raised around the content of the reports SUS Restricted Perform SUS Helpdesk Support B1540 Enables the Helpdesk service to mimic users activities in order to replicate and resolve problems. Do not allocate pending consideration of the paper 'RA Supplier Application Support Agreement'. Perform User Information Support B1545 Restricted to SUS Helpdesk staff only. Should only be granted to users in the HSCIC / CFH. Enables maintenance of SUS metadata, help text and documentation. Restricted to HSCIC User Support Team only. Should only be granted to users in the HSCIC / CFH. Perform Implementation Support B1550 Enables the implementation support team to undertake user assurance and information governance activities. Restricted to SUS Implementation Team. Should only be granted to users in the HSCIC / CFH. Page 31 of 39

32 Subgroup / SUS Reporting Area Perform BO Favourites folder management B0151 Description Enables maintenance of BO Personal Favourites folder. Restricted to particular members of HSCIC User Support Team only. Should only be granted to users in the HSCIC / CFH. Monitor SUS Processing B1835 Allows a user to run ad hoc queries to see how the data is being processed within SUS via a BO universe. The number of errors that were raised, the time taken to process data, and the records processed. Should only be granted to HSCIC / CFH users. Investigate SUS Usage B1836 Allows a user to run simple ad hoc queries to view how users are using the system, and provides an ability to investigate improper use. Access Data Deletion Authorisation Service B0142 Should only be granted to HSCIC / CFH users. Allows users in the Health and Social Care Information Centre to perform Data Deletion Requests following requests submitted by users in NHS. organisations. Includes national reporting on the data deletion request service. Pseudonymisation service Access Depseudo. Service for NHS Group Pseudonyms B0139 Should be granted to Information Centre users only. Access to user functionality to allow return of NHS number from NHS Group Pseudonym. Page 32 of 39

33 Subgroup / SUS Reporting Area National Reports Run National SUS Reports (HES, MHMDS, PbR) B1530 Description Allows a user to run predefined standard: HES data extracts for provider organisations; MHMDS data extracts for provider organisations; and National PbR Extracts. Restricted to HSCIC and DH access to specific reports through organisation filtered controls. SUS Temporary SUS001 B1515 (Not used) SUS002 B1520 (Not used) SUS003 B Weeks RTT Run Ad Hoc 18W RTT Queries (National, Pseudonymised) B1801 Proof of Concept Ad hoc reporting tool with ability to formulate queries on RTT data with pseudonymised identifiers, for data across the whole nation. NB only one 18W RTT should be granted within a URP; a full list of disallowed combinations of Activities is available on the SUS website. Should only be granted to DH / HSCIC / CFH users. Page 33 of 39

34 Subgroup / SUS Reporting Area Run Ad Hoc 18W RTT Queries (National, Clear) B1802 Description Ad hoc reporting tool with ability to formulate queries on RTT data with cleartext identifiers, for data across the whole nation. NB only one 18W RTT should be granted within a URP; a full list of disallowed combinations of Activities is available on the SUS website. Run Fixed 18W RTT Reports (National, Pseudonymised) B1806 Should only be granted to DH / HSCIC / CFH users. Precanned Pathway & Event data and DQ reports on national data that allow drill-through to individual records. All identifiers are pseudonymised. NB only one 18W RTT should be granted within a URP; a full list of disallowed combinations of Activities is available on the SUS website. Run Fixed 18W RTT Reports (National, Clear) B1808 Should only be granted to DH / HSCIC / CFH users. Precanned Pathway & Event data and DQ reports on national data that allow drill-through to individual records. All identifiers displayed as cleartext. NB only one 18W RTT should be granted within a URP; a full list of disallowed combinations of Activities is available on the SUS website. Should only be granted to DH / HSCIC / CFH users. Page 34 of 39