North West London Whole Systems Integrated Care Information Sharing and Hosting Agreement

Transcription

1 Dated 1 st October 2014 / amended 10 th February 2015 (1) NHS BRENT CLINICAL COMMISSIONING GROUP (Data Processor on behalf of Provider Partners as defined in this Agreement) - and - (2) SIGNATORY PARTNERS North West London Whole Systems Integrated Care Information Sharing and Hosting Agreement DAC Beachcroft LLP 100 Fetter Lane London EC4A 1BN UK tel: +44 (0) fax: +44 (0) DX 45 London _1 DAC Beachcroft LLP 2015 Version 1.1: Draft 21 January 2015

2 WHOLE SYSTEMS INTEGRATED CARE INFORMATION SHARING AND HOSTING AGREEMENT 1. PARTIES TO THIS AGREEMENT We the undersigned each agree that the organisation that we represent agrees the terms of this Information Sharing and Hosting Agreement and will adopt and adhere to the principles, standards and governance set out in the Information Sharing Protocol: Partner Name Address Responsible Manager Contact Details (Telephone; fax; ) Authorised Signatory (e.g. Caldicott Guardian, SIRO, Chief Executive, Director, GP partner) NHS Brent Clinical Commissioning Group Wembley Centre for Health and Care, 116 Chaplin Road, HA0 4UZ Dr Etheldreda Kong Signature: (Please sign here) _ Position: Chair of Brent CCG Date: 24 th September 2014 Partner Name Address Responsible Manager Contact Details (Telephone; fax; ) Authorised Signatory (e.g. Caldicott Guardian, SIRO, Chief Executive, Director, GP partner) NHS Brent Clinical Commissioning Group The Heights, Harrow-on-the-Hill, Lowlands Road, HA1 3AW Rob Larkman, Accountable Officer BHH CCGs [email protected] Signature: (Please sign here) Position: Accountable Officer BHH CCG s Date: 24 th September 2014 Page 1 of 49

3 Partner Name Address Responsible Manager Contact Details (Telephone; fax; ) Tel: Fax: Authorised Signatory (e.g. Caldicott Guardian, SIRO, Chief Executive, Director, GP partner) Signature: (Please sign here) Position: Date: Each Partner to this agreement must complete the table above. For each GP practice, the table should be completed and signed by a GP partner in the practice who is authorised to sign it on behalf of all the other GP partners in the practice or, in the case of an APMS practice, a director who is authorised to sign it on behalf of the practice. A complete list of GP signatory practices is at Appendix 8. This list will be updated following each meeting of the Governing Group. This page should be printed, signed, scanned and returned to [email protected] Page 2 of 49

4 THIS INFORMATION SHARING AGREEMENT IS SUBJECT TO THE PRINCIPLES, STANDARDS AND GOVERNANCE SET OUT IN THE INFORMATION SHARING PROTOCOL APPENDED AT APPENDIX 2 (THE "INFORMATION SHARING PROTOCOL") AND SHOULD BE READ TOGETHER WITH THAT INFORMATION SHARING PROTOCOL. THIS AGREEMENT OUTLINES THE INFORMATION WHICH WILL BE SHARED BETWEEN THE PARTIES TO THIS AGREEMENT AND SPECIFIC ARRANGEMENTS FOR ASSISTING COMPLIANCE WITH THE INFORMATION SHARING PROTOCOL AND RELEVANT LAW AND GUIDANCE THIS ISA COMPLEMENTS AND DOES NOT CONTRADICT ANY PROVISION OF THE INFORMATION SHARING PROTOCOL. IT SETS OUT THE SPECIFIC DETAILS OF THE INFORMATION SHARING ARRANGEMENT THAT IT COVERS, WHICH ARE IN LINE WITH ALL THE PRINCIPLES, STANDARDS AND GOVERNANCE SET OUT IN THE INFORMATION SHARING PROTOCOL All parties will hold a copy of this Agreement. It is the responsibility of each party to ensure that all individuals likely to come in contact with the Personal Confidential Data shared under this Agreement are trained in the terms of this agreement and their own responsibilities. 2. INTRODUCTION (A) (B) (C) (D) (E) (F) (G) (H) (I) (J) This is a legally binding agreement. This is the successor arrangement to the Integrated Care Pilot in North West London All the Partners which provide health or social care ("Provider Partners") have agreed to share information about their patients, service users and clients (who for convenience are all referred to in this agreement as "patients") to establish an electronic integrated care record (the "Whole Systems Integrated Care Record"). Each Provider Partner shall share necessary Personal Confidential Data extracted from each Provider Partner's patient records to establish the Whole Systems Integrated Care Record. The Whole Systems Integrated Care Record shall contain Sensitive Personal Data and Personal Data from the coded section of a patient's record, including but not limited to, medication records, diagnostic results and reports, procedure details, medications, summaries and assessments, appointment/event details, summary social care records and alerts to provide an integrated record for each patient. Certain sections of a patient's record (specified in Appendix 3) will be excluded. Any Provider Partner providing Direct Care for a patient, who has been consented into a programme of targeted care, shall be able to access that patient's record electronically at the point of care (see clause 3.1.1). The Whole Systems Integrated Care Record shall provide a view only integrated care record for each individual patient, amalgamated from each Provider Partner's source systems ("Individual Integrated Care Record"). This view only functionality shall not allow editing of the data. It is anticipated that in future Individual Integrated Care Records will be made available for the Direct Care of all patients (not just those who have been consented in a programme of targeted care). It is also anticipated that in future patients will be able to access their own Individual Integrated Care Records. These innovations will be considered by the Governing Group in due course. Provider Partners will be able to access case finding information from the Whole Systems Integrated Care Record about their own patients, to support their identification of patients suitable for targeted care ("Case Finding Information") (see clause 3.1.2). That information will be produced automatically by the Software without human intervention. The Provider Partners have agreed to appoint NHS Brent CCG as the Host of the Whole Systems Integrated Care Record, and Brent CCG has agreed to fulfil that role. The Host is a data processor of personal data shared by any of the other Provider Partners. In accordance with clause 9, the Host shall host the Software for the Whole Systems Integrated Care Record. The Host shall arrange for any necessary human analysis of the Whole Systems Integrated Care Record to support the creation of Individual Integrated Care Reports and Case Finding Information. Page 3 of 49

5 (K) (L) (M) (N) This agreement therefore regulates the sharing of specific Personal Confidential Data between the parties for the delivery of Direct Care to the Provider Partners' patients. It also regulates the processing of Personal Data by the Host on behalf of the Provider Partners. With the exception of Brent CCG's obligations as Host, this agreement does not provide for CCG Partners to have any access to personal data. They are therefore neither data controllers nor data processors in respect of the personal data shared in accordance with this agreement. Shared data may also be de-identified in accordance with all applicable law and guidance (including, but not limited to, the BMA Confidentiality Toolkit and the Health and Social Care Information Centre Guide to Confidentiality) and used for the commissioning purposes of the Partners which are CCGs ("the CCG Partners"), and for the health and social care purposes of the other Partners. The Host has conducted a privacy impact assessment in relation to the Whole Systems Integrated Care Record proposal, in accordance with the Privacy Impact Assessment Code of Practice published by the Information Commissioner's Office in February (O) The information sharing arrangement is represented in a diagram at Appendix 7 (P) (Q) Each Provider Partner agrees that it is party to this agreement as a data controller in respect of personal data that it discloses, and as a data controller in common in respect of any information that it accesses in the Whole Systems Integrated Care Record. Each Partner confirms that its Caldicott Guardian or SIRO has reviewed and agrees with the provisions of this agreement. 3. REASON FOR SHARING INFORMATION 3.1 Please specify in the designated box below the Permitted Purpose(s) for which the information sharing is required (all intended purposes should be described). Permitted Purposes 3.1 The purposes of the information sharing are to enable: any Provider Partner providing direct care to a patient who has been consented into a programme of targeted care, to access that patient's Individual Integrated Care Record electronically at the point of care. The Individual Integrated Care Record shall be a view only record comprising amalgamated information from the source systems of each Provider Partner and any other person sharing information into the Whole Systems Integrated Care Record ("the Care Planning Purpose"); Provider Partners to access information from the Whole Systems Integrated Care Record about their own patients, to support their identification of patients suitable for targeted care ("the Case Finding Purpose"); the Host of the arrangement to maintain the Whole Systems Integrated Care Record, including by human intervention where required to ensure data integrity ("the Maintenance Purpose"); and the Host of the arrangement to de-identify shared information so that it may be used for the commissioning purposes of CCG Partners ("the De-identification Purpose") (together, "the Purposes"). 3.2 The primary benefits of the sharing are anticipated to be: better access for clinicians to a patient's health and social care history for care planning; Page 4 of 49

6 3.2.2 more integrated planning and working between clinicians; and better understanding for clinicians of conditions shared by their own patients, all of which is anticipated to lead to better and more well-informed care for patients 3.3 The Provider Partners agree that shared information will be de-identified in accordance with all applicable law and guidance (including, but not limited to, the British Medical Association Confidentiality Toolkit and the Health and Social Care Information Centre Guide to Confidentiality), so that it may be used for the commissioning purposes of CCG Partners, the health and social care commissioning and provision purposes of Partners which are local authorities, and the health and social care provision purposes of other Provider Partners. 3.4 In particular, a de-identified copy of the Whole Systems Integrated Care Record, ("the De-identified Dataset") will be used to provide information and analysis to Partners. 3.5 The parties recognise that different consent arrangements are needed in respect of sharing information for Direct Care and Indirect Care purposes. 3.6 Please specify in the designated box below the consent arrangements required in respect of sharing Personal Confidential Data under this Agreement. The parties should refer to the overarching principles and clause 5 of the Information Sharing Protocol which relate to consent by individuals to share Personal Confidential Data. Consent Arrangements for sharing Personal Confidential Data 3.7 Each Provider Partner shall: effectively inform patients about the ways the information they have provided may be used, who it may be shared with, what shall be shared and for what purpose; effectively inform patients that they have the right to opt out of sharing their information or select/restrict which elements of their information may or may not be shared and that any consent can be changed in the future; effectively inform patients of the implications for the provision of care or treatment, such as the potential risks involved if their full Individual Integrated Care Record is not made available to health professionals involved in their Direct Care; and ensure fair processing notices are always in place. 3.8 Each Provider Partner shall employ a variety of channels to communicate with its patients regarding information sharing, such as information leaflets, posters, at the point of care, during the patient registration process or when referring into other services. 3.9 CCG Partners shall also employ a variety of channels to communicate with people in North West London regarding information sharing, such as operating a dedicated website setting out information about the information sharing, preparing information leaflets, and distributing posters Each Provider Partner shall have a mechanism in place to deal with patients requests to have their records excluded from the Whole Systems Integrated Care Record, either by excluding such records from their data extracts or by flagging them so that the Whole Systems Integrated Care Record system does not allow the record to be viewed, until such time as the patient opts back in Patient consent shall be obtained in line with applicable guidance then in force. Provided any disclosure is in accordance with this agreement, each Provider Partner shall share Personal Confidential Data when it is needed for the safe and effective care of an individual Explicit consent shall not be sought before Personal Confidential Data is transferred into the Whole Page 5 of 49

7 Systems Integrated Care Record, nor before Providers view reports about their own patients in line with the Case Finding Purpose. As the sharing is for Direct Care and Provider Partners shall have informed patients about the sharing in accordance with clauses 3.7 and 3.8, consent shall be implied Nevertheless, as a matter of good practice, once a record is held within the Whole Systems Integrated Care Record, a patient's GP shall seek consent to the viewing of information in that patient's Individual Integrated Care Record by the GP and other Provider Partners providing targeted integrated Direct Care to that patient. This is deemed to be good practice, given that the data to be shared may include social and mental health data. A patient may give a once-only consent to view, so that any other provider of Direct Care to that patient would need a fresh consent, or the patient may give ongoing consent covering future views by providers of Direct Care to that patient. If a patient subsequently wishes to withdraw or amend their consent they may request this via their GP If a patient lacks capacity to give consent and no existing consent is in place, the patient's GP shall follow the relevant guidance in determining whether to access the Individual Integrated Care Record Each GP shall ensure that consents it obtains are recorded and a full audit trail retained of who obtained consent If consent is withdrawn, the relevant Provider Partner(s) shall ensure that withdrawal of consent is recorded and a full audit trail retained of who recorded withdrawal of consent Consent need not be sought for use of the De-identified Dataset for commissioning purposes, as no Personal Confidential Data shall be used, and accordingly the Data Protection Legislation will not regulate the use and no confidentiality applies. However, if a patient has objected or withdrawn consent to their data being used in the Whole Systems Integrated Care Record, that data will automatically be unavailable for use in the De-identified Dataset, as the De-identified Dataset shall be a de-identified copy of the Whole Systems Integrated Care Record. 4. TYPE AND STATUS OF INFORMATION TO BE SHARED Is the information person identifiable? Yes, for use by a patient's clinical care provider. No, for commissioning/indirect care purposes. Has explicit consent been given and recorded? Has implied consent been recorded? Is the patient aware that sharing will take place? Is the information anonymised? See 'Consent arrangements' above See 'Consent arrangements' above See 'Consent arrangements' above No, for use by a patient's clinical care provider. Yes, the data will be have been effectively anonymised by being de-identified for commissioning purposes. Page 6 of 49

8 Please provide detail of information to be shared. [This list must be comprehensive and include ALL data items that are to be shared. All data items to be shared must be justifiable as necessary for the purpose and having appropriate consent in place. ] See appendix 3, "Data to be shared" Not all data items will be shared in every case - only relevant information will be shared on a case by case basis where a party has a need to know about the information relevant to the Permitted Purpose of this Agreement. Any additional comments, including detail of any risk factors or exclusions. Exclusion codes are set out in Appendix 3 5. LEGAL BASIS FOR SHARING 5.1 Each Provider Partner is considered a Data Controller in its own right under the Data Protection Act The parties shall comply at all times with all applicable laws and regulations relating to processing of personal information and privacy in effect in the England and Wales from time to time, including where applicable the guidance and codes of practice issued by the Information Commissioner, the Department of Health and other relevant NHS bodies and shall not perform its obligations under this Agreement in such a way as to cause any other party to this Agreement to breach any of its obligations under such applicable laws, regulations or guidance. 5.3 Please specify in the designated box below the legal justification for sharing Personal Confidential Data under this Agreement. Legal Justification 5.4 The sharing of personal confidential data into the Whole Systems Integrated Care Record, its linkage, and the production of Individual Integrated Care Records and Case Finding Information are for the purposes of Direct Care. Accordingly, the patient's consent to such sharing may be implied. As set out above, fair processing notices are required and the nature of the sharing will be communicated to patients by a variety of means, and all patients will have the opportunity to optout. 5.5 Explicit consent will be sought by a patient's GP before accessing an Individual Integrated Care Record. The consent sought will cover accessing the Individual Integrated Care Record and sharing it with other clinical providers of care to that patient. Although not legally necessary, this is considered good practice. 5.6 All data in the De-identified Dataset and shared with CCG Partners will be de-identified. The Host will be obliged to ensure that the data is de-identified to the Information Standards Board Standard for Health Data (ISB 1523), published at Any Partners accessing the De-identified Dataset (and any contractors acting on their behalf) are obliged not to seek to re-identify data in the De-identified Dataset, and not to use the data to identify any individual or make any decisions relating to any individual. 6. METHOD OF TRANSFER AND STORAGE OF SHARED INFORMATION 6.1 All parties to this Agreement are responsible for ensuring the accuracy, completeness and validity of the Personal Confidential Data and that appropriate security and confidentiality procedures are in place to protect Page 7 of 49

9 the transfer and use of the shared Personal Confidential Data. These obligations are set out in more detail in clauses 6.9 to 6.17 below. 6.2 All parties to this Agreement are required to keep and maintain information asset registers, data flow mapping and data sets. These obligations are set out in more detail in clauses 6.9 to 6.17 below. 6.3 All parties to this Agreement are required to restrict access to the Personal Confidential Data shared under this agreement to those personnel/staff who have a reasonable need to access it for the Permitted Purpose and who are under written obligations to respect and maintain the confidentiality and security of the Personal Confidential Data. These obligations are set out in more detail in clauses 6.9 to 6.17 below. 6.4 Please provide a detailed description in the designated box below precautions taken, systems and technical measures and method of data access and/or transfer. 6.5 As each Provider Partner is a Data Controller in its own right, each shall be responsible for handling any subject access request made under s. 7 of the Data Protection Act. Additionally each Partner shall assist the others in responding to any such request or other request made under Data Protection Legislation made by persons who wish to access copies of information held about them, in accordance with clause 13 of the Information Sharing Protocol. 6.6 Complaints about information sharing conducted further to this Agreement shall be routed through each Partner's own complaints procedure but reported to the other Partners' Responsible Managers listed in clause 1 of this Agreement and brought to the attention of the Governing Group. 6.7 The Partners shall use all reasonable endeavours to work together to resolve any dispute or complaint arising under this Agreement or any data processing carried out further to it. 6.8 Basic details of the Agreement shall be included in the appropriate log under each Partner s Publication Scheme. Information governance and security 6.9 Each Provider Partner shall comply with IGT requirements 110, 111 and 112, and make it a condition of employment that all employees, agents or contractors who may access the Whole Systems Integrated Care Record shall abide by the rules and policies of that Provider Partner in relation to information governance. This condition shall be written into employment and other contracts and each Provider Partner shall make staff aware that any failure to comply with the requirements outlined in this agreement is likely to be subject to disciplinary action. Guidance on these requirements is set out in Appendix Subject to clause 6.11, each Provider Partner shall comply with: Level 2 of the then current IGT as appropriate to its organisation type and adhere to robust information governance management and accountability arrangements, including effective security event reporting and management; and the IGT assessment, reporting and audit requirements relevant to its organisation type. Each Provider Partner shall internally audit its compliance annually and report on such audit to the Governing Group. Each Provider Partner shall audit Whole Systems Integrated Care Record access regularly. Each Provider Partner shall provide other evidence of compliance to the Governing Group or the other Provider Partners on written request made on behalf of the Governing Group Any Provider Partner which is a non-nhs organisation and unable to comply with the IGT shall obtain prior written approval from the Governing Group to adopt an alternative, but equivalent standard to the IGT. Page 8 of 49

10 Access to the Whole Systems Integrated Care Record 6.12 Each Provider Partner shall strictly restrict internal organisational access to any Individual Integrated Care Record or Case Finding Information to those personnel/staff who are providing Direct Care to the relevant patient(s) and who are under written obligations to respect and maintain the confidentiality and security of the Personal Confidential Data and have been properly trained to discharge any relevant obligations in accordance with this agreement Each Provider Partner shall use user authentication mechanisms to ensure that all instances of access to any Individual Integrated Care Record or Case Finding Information are auditable against an individual, including the following information: Job role and name of staff member accessing the system; Organisation name; What actions were performed; and The date and time the information was viewed Each Provider Partner shall establish a procedure to ensure that only authorised persons access any Individual Integrated Care Records and/or Case Finding Information and ensure that such access is controlled by secure logins and associated audit trails Each Provider Partner shall have documented policies and procedures to ensure compliance with the national requirements for data protection, information security and confidentiality and be committed to ensuring that any information is shared in accordance with its legal, statutory and common law duties, and, that it meets the requirements of any additional guidance Any Partner that becomes aware of a Security Incident shall immediately inform the Governing Group and all other affected Provider Partners with as many details as known at that time. Any affected Provider Partner (defined as the data controller of the Personal Confidential Data) shall investigate the Security Incident using that Provider Partner's data loss or data breach procedures. Any affected Provider Partner shall update the relevant Provider Partners and Governing Group thereafter, including in respect of the findings of any subsequent investigation report or remedial actions. Method for sharing information 6.17 All data transfers will be in accordance with Secure File Transfer Protocols within the N3 network and/or in accordance with HSCIC Good Practice Guidelines, published at 7. OTHER 7.1 In the designated boxes below please detail any additional obligations which the parties wish to include under this Agreement. Page 9 of 49

11 8. DATA RETENTION 8.1 An initial data upload is extracted and processed for inclusion in the Whole Systems Integrated Care Record. This is retained as a delta feed. Changes to that data are replaced through real time or subsequent data feeds. If a patient chooses to opt out, the informed GP Provider Partner can flag their record for exclusion and the data will be hidden from view for six months (to enable the patient to opt back in if the patient wishes to do so) before being purged altogether. This provides flexibility to reinstate the record quickly if the patient should change their mind and opt back in. If a data controller ceases to participate in the Whole Systems Integrated Care Record that data controller's data is removed at the next extract. 8.2 Data that is generated within the Whole Systems Integrated Care Record, including audit trails, access logs, etc., are retained indefinitely in accordance with the NHS Records Management Code of Practice. 8.3 Each Provider Partner shall ensure that Personal Confidential Data for which it is data controller is retained in accordance with its own data retention policy. 9. SPECIFIC OBLIGATIONS OF THE HOST The Host (or its Sub-contractors) shall: 9.1 Enter into, manage and enforce the provisions of, contracts necessary to deliver the Purposes in accordance with the timetable set out in Appendix 6 (Delivery Timetable). 9.2 Host the software required to use the Whole Systems Integrated Care Record ("the Software"). 9.3 Provide technical support service for the Whole Systems Integrated Care Record, the details of which will be finalised during implementation. 9.4 Provide implementation and set-up assistance for the Whole Systems Integrated Care Record. 9.5 Transfer agreed data from Provider Partners and the HSCIC into the Whole Systems Integrated Care Record, in accordance with Appendix Maintain the Whole Systems Integrated Care Record, including by human intervention where required to ensure data integrity. 9.7 Comply with the obligations imposed on it by this agreement as a data processor, and specifically shall (and shall ensure that any Sub-contractors processing personal data shall): process the personal data only in accordance with instructions from the Provider Partners (each being a data controller for the purposes of this agreement), which may be specific instructions or instructions of a general nature as set out in this agreement or as otherwise notified by the Provider Partners to the Host during the term of this agreement; process the personal data only to the extent, and in such manner, as is necessary for the purposes of this agreement or as is required by law or any regulatory body. For the avoidance of doubt this shall include; (a) addressing data quality issues in the data feeds; Page 10 of 49

12 (b) (c) supporting system developments; de-identifying data for the De-identified Dataset; take reasonable steps to ensure the reliability of any of the Host's personnel who have access to the personal data; implement appropriate technical and organisational measures to protect the personal data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful processing, accidental loss, destruction or damage to the personal data and having regard to the nature of the personal data which is to be protected; obtain prior written consent from the Governing Group before transferring any personal data to any sub-contractors or any other third party; ensure that all the Host's personnel required to access the personal data are informed of the confidential nature of the personal data and are contractually obliged to comply with the obligations set out in this clause 9; ensure that none of the Host's personnel publish, disclose or divulge any of the personal data to any third party unless directed in writing to do so by the Governing Body; notify the Governing Group within five working days if it receives: (a) (b) a request from a data subject to have access to that person's personal data; or a complaint or request relating to the Host's obligations as such under the Data Protection Legislation; provide the Governing Group and any Provider Partner with full cooperation and assistance in relation to any complaint or request made, including by: (a) (b) (c) (d) providing full details of the complaint or request; complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the Governing Group or relevant Provider Partner's reasonable instructions; providing the Governing Group or relevant Provider Partner with any personal data it holds in relation to a data subject (within the timescales reasonably required by the Governing Group or relevant Provider Partner); and providing the Governing Group or relevant Provider Partner with any information reasonably requested by the Governing Group or relevant Provider Partner; permit the Governing Group (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit the Host's data processing activities and comply with all reasonable requests or directions by the Governing Group to enable the Governing Group to verify and/or procure that the Host is in full compliance with its obligations as such under this agreement; provide a written description of the technical and organisational methods employed for processing personal data (within the timescales reasonably Page 11 of 49

13 required by the Governing Group); and not transfer any personal data outside England. 9.8 Not make any further copies of the personal data, except for back-up copies as necessary, and except where de-identified in accordance with clause 9.16 or approved by all Provider Partners. 9.9 Carry out its obligations under this agreement in compliance with Data Protection Legislation Afford shared data the highest appropriate industry standards of storage including ensuring that hardware utilised for the purposes of this agreement is kept in a physically secure environment protected by a fully managed industry standard firewall Use, and ensure that the latest versions of anti-virus definitions and software available from an industry accepted anti-virus software vendor are used to check for, contain the spread of, and minimise the impact of malicious software Maintain and implement a business continuity and disaster recovery plan to the reasonable satisfaction of the Governing Group Arrange for independent audits of the security and resilience of the software and physical and virtual systems, networks and hardware (including the non-technical management and organisational processes necessary to limit the accessibility of the virtual environment) in conjunction with the Governing Group Backup servers to the extent necessary to maintain the service and retain audit trails Ensure that on the expiry or termination of this agreement, the Personal Confidential Data is returned to each Provider Partner, destroyed (in accordance with the then current CESG standard, as to which see or migrated to an alternative software provider and (for the avoidance of doubt) shall ensure that no Personal Confidential Data is retained by any Sub-contractor Produce and keep up-to-date the De-identified Dataset, which shall be a copy of the Whole Systems Integrated Care Record, which is de-identified to the Information Standards Board Standard for Health Data (ISB 1523), published at THE HOST SERVICE CHARGES AND CHARGING ARRANGEMENTS: The CCG Partners shall ensure that the Host is remunerated for its services in accordance with the principles set out in Appendix SUB-CONTRACTING 11.1 The Host may not sub-contract any of its obligations without the prior consent of the Governing Group. The Governing Group may authorise the Host to authorise a third party or third parties (each, "Sub-contractor") to: process Personal Confidential Data on behalf of the Provider Partners; and/or carry out any of the Host's other obligations under this Agreement Any Sub-contractor shall be bound by the same obligations as the Host under this Page 12 of 49

14 agreement (including for the avoidance of doubt, the obligation not to sub-contract without prior approval from the Governing Group) With effect from the Commencement Date, the Host is authorised to appoint the following Sub-contractors to process Personal Confidential Data on behalf of the Provider Partners: Concentra Consulting Limited, of Thames House, 18 Park Street, London SE1 9EQ, in relation to data transfers, maintenance of the Whole Systems Integrated Care Record, data quality, data integration, development and enhancements; South East Commissioning Support Unit, of 3rd Floor, 1 Lower Marsh, London, SE1 7NT, in relation to data transfers, maintenance of the Whole Systems Integrated Care Record, data quality, data integration, development and enhancements; Egton Medical Information Systems Limited, of Rawdon House, Yeadon, Leeds LS19 7BY, in relation to the extraction of data from GP systems; and The Phoenix Partnership (Leeds) Limited, of Mill House, Troy Road, Horsforth, LS18 5TN in relation to the extraction of data from GP systems. 12. LIABILITY 12.1 Each Partner shall accept responsibility for its own acts and omissions Nothing in this agreement shall limit liability for death or personal injury resulting from negligence or for fraud. The Host's liability, in its capacity as such, shall be governed by the remainder of this clause 12: 12.3 The Host shall use reasonable endeavours to ensure that each of its subcontractors under this Agreement accepts liability to the Host for any loss that may be incurred by any Partner as a consequence of any act or omission of that subcontractor If a Provider Partner who is a data controller incurs a cost caused by that data controller breaching the Data Protection Legislation, as a result of the Host (or its Sub-contractors) breaching the Host's obligations as a data processor set out in clause 9.7 of this agreement, then the Host's liability shall be unlimited in respect of that cost Subject to clause 12.4, where the Host is entitled to recover an amount in excess of the Relevant Amount from any subcontractor or subcontractors in respect of any claim under this Agreement, then the Host's liability in respect of that claim shall be limited to the amount that the Host is entitled to recover from such subcontractor or subcontractors Subject to clause 12.4, where the Host is not entitled to recover an amount in excess of the Relevant Amount from any subcontractor or subcontractors in respect of a claim under this Agreement, then the Host's liability in respect of that claim shall be limited to the Relevant Amount The Relevant Amount shall be 100, The CCG Partners agree to share equally any financial liability incurred by the Host in its capacity as such under this agreement. 13. THE DE-IDENTIFIED DATASET Page 13 of 49

15 13.1 Partners may access the De-identified Dataset, provided that no Partner shall: Attempt to re-identify any data contained within the De-identified Dataset; Use any data contained within the De-identified Dataset to identify any individual; Use any data contained within the De-identified Dataset to take a decision about any specified individual or individuals; Share data contained within the De-identified Dataset with any third party, apart from a third party engaged by a Partner to act on behalf of that Partner, for the sole purpose of that third party acting on behalf of that Partner, and where that third party is subject to contractual terms no less onerous than those imposed on Partners by this agreement; Link data in the De-identified Dataset with any other dataset containing personal data; or Sell or otherwise exploit for commercial gain or reward any information contained in the De-identified Dataset A CCG Partner may only use or allow any data contained within the De-identified Dataset to be used in connection with that CCG Partners' statutory functions as a commissioner of health care A Partner which is a local authority may only use or allow any data contained within the Deidentified Dataset to be used in connection with that Partner's statutory functions as a provider or commissioner of health and/or social care A Provider Partner (other than a local authority) may only use or allow any data contained within the De-identified Dataset to be used in connection with that Partner's statutory functions as a provider of health and/or social care. 14. GOVERNING GROUP 14.1 There shall be a Governing Group for this Information Sharing Agreement. References in the ISP to the 'Governing Group' shall be taken to be references to the Governing Group set up by this clause The purpose of the Governing Group is to oversee, support and maintain the secure sharing of information under this agreement The Governing Group shall comprise: the Responsible Manager nominated when executing this Agreement by each Provider Partner which is not a GP up to eight individuals chosen by Provider Partners who are GPs. The member practices of each CCG Partner shall between them choose one individual representative. The same individual may be nominated by the members of more than one CCG Partner; and up to eight patient representatives, nominated jointly by the CCG Partners Each Partner (or group of GP practice Partners as the case may be) shall determine how to nominate its representative and the term and other conditions of that nomination Each individual member of the Governing Group shall act in accordance with his or her ethical and professional obligations. [for further consideration by Governing Group (and in particular, patient representative members] Page 14 of 49

16 14.6 The Governing Group shall meet at least every three months or at such other interval as the Governing Group shall determine The Governing Group shall appoint a Chair, and one or more individuals to receive and distribute communications on its behalf, and to deal with urgent matters that arise between scheduled meetings of the Governing Group. The Governing Group may not, however, delegate decision-making responsibility The Governing Group may regulate its own procedures subject to the provisions of this agreement Governing Group decisions shall be taken by consensus. Before any Governing Group decision is taken, those taking the decision shall satisfy themselves that they are authorised to do so (i.e. where relevant at IG lead / Caldicott Guardian /SIRO level) by those they represent If consensus on any decision cannot be reached, and unless the Governing Group decides otherwise, its decisions shall be taken by a simple majority, or where there is no majority the Chair of the group has a casting vote. If the same individual represents members of more than one CCG Partner, that individual shall have one vote for each CCG Partner whose members he represents The Governing Group shall have the following powers and responsibilities: to approve additional Partners joining this agreement; to determine whether a Partner shall cease to be a party to this agreement for a specific period of time or permanently for non-compliance; to determine whether a Partner may derogate from or amend any requirement under this agreement; to monitor and approve the ways in which information is used pursuant to the Purposes set out in this agreement; to maintain an information conduit between the Partners; to maintain a channel of liaison with pan-london information sharing initiatives and relevant NHS and local authority national initiatives; to investigate (or commission the investigation of) breaches of the agreement and require Partners to take remedial actions; to monitor each Partner s compliance with this agreement. The Governing Group may request evidence of compliance with this agreement on written request to any Partner; to approve any proposed amendment to the information sharing arrangements (including for the avoidance of doubt any major system upgrades or changes that could impact the security of the system); to approve common patient and public communication materials and take a proactive role in ensuring effective communication about information sharing under this agreement; and to develop, review and maintain the agreement to ensure that it reflects any legal and statutory obligations and any other related best practice guidance in relation to information governance The Governing Group may approve the following things provided that the requirements of Page 15 of 49

17 clause are met: the use of data for other purposes related to the purposes of this agreement; amendments to this agreement; the appointment of any new Sub-contractor The process that must be followed for approving any of the things listed in clause is: all Partners must be made aware of the proposal (at IG lead / Caldicott Guardian / SIRO level) and given reasonable opportunity to consider, comment upon and object to the proposal. The period for consideration will be two weeks unless the Governing Group decides that it is reasonable to set a longer or shorter period; the Governing Group must consider any comments and/or objections received pursuant to clause Having done so: (a) (b) if the Governing Group is satisfied that the action proposed is lawful and will not materially increase the risk of a breach of the Data Protection Legislation arising from the arrangements provided for in this Agreement, the Governing Group may approve the proposal and it may be implemented immediately; or the Governing Group may decide to re-circulate the same or a revised proposal to all Partners in accordance with clause , then re-consider the proposal in accordance with this clause VARIATION Any Partner that does not agree with an action approved by the Governing Group pursuant to clause (a), may within 20 working days of the Governing Group notifying Partners of the decision, terminate its participation in this agreement immediately by giving written notice to the Governing Group, without any consequent liability to the continuing Partners Notice given pursuant to clause shall be deemed served on the Governing Group provided such notice is delivered to the address of the Partner whose representative is then chair of the Governing Group in accordance with the provisions of clause No variation of this Agreement shall be effective unless: 16. TERMINATION it is in writing and signed by each of the parties; or it has been approved by the Governing Group in accordance with clause This agreement shall commence on the Commencement Date and shall continue until terminated Save where terminating in accordance with clause 14.14, a Partner, which is considering terminating its participation in this agreement shall notify the Governing Group of its intention and reasons, and agrees to liaise with the Governing Group for at least two weeks, before giving notice of termination, to ascertain whether its concerns can be addressed. Having done so, a Partner may terminate its participation in this agreement by giving six (6) months' written notice The Governing Group may decide to terminate this agreement Upon exiting this agreement (whether by leaving, or because the agreement has terminated or expired): Page 16 of 49

18 an exiting Provider Partner shall cease accessing any Individual Integrated Care Record and/or Case Finding Information immediately and securely return or destroy any shared information in its possession; The Host shall arrange for the cessation of the exiting Provider Partner's access to the Software; and The Host shall ensure that Personal Confidential Data for which the exiting Provider Partner is data controller is removed from the Whole Systems Integrated Care Record at the next extract following the Provider Partner's exit Any former Provider Partner shall have access to audit trails only on the written authority of the Governing Group or as required by law The termination of this Agreement, for whatever reason, shall not affect the accrued rights or obligations of either Party arising out of this Agreement. 17. THIRD PARTIES A person who is not a party to this agreement shall not have any rights under or in connection with it (whether under the Contracts (Rights of Third Parties) Act 1999 or otherwise). 18. NOTICES All notices that are required to be given under this agreement shall be in writing and shall be sent to the address of the Partner set out in the relevant executed Signature Page. 19. INVALIDITY In the event that any provision of this agreement is determined by any court of competent jurisdiction to be invalid, unlawful or unenforceable to any extent, such provision shall, to that extent, be severed from the remainder of this agreement, which shall continue to be valid to the fullest extent permitted by law. 20. ENTIRE AGREEMENT This agreement and its appendices (including the Information Sharing Protocol) constitutes the entire agreement relating to its subject matter and supersedes all previous verbal or written proposals and agreements between the Partners. 21. COUNTERPARTS 21.1 This agreement may be executed in any number of counterparts, each of which shall be regarded as an original, but all of which together shall constitute one agreement binding on all of the parties, notwithstanding that all of the parties are not signatories to the same counterpart The agreement shall not be effective until the Host and at least one other signatory has executed a counterpart Any Partner, which executes a counterpart after the Commencement Date shall be bound by the terms of this agreement from the date of that Partner's signature. 22. GOVERNING LAW AND JURISDICTION 22.1 This Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the law of England The parties irrevocably agree that the courts of England shall have exclusive jurisdiction to settle any dispute or claim that arises out of or in connection with this Agreement or its subject matter or formation (including non-contractual disputes or claims). Page 17 of 49

19 Page 18 of 49

20 APPENDIX 1 GLOSSARY In this Agreement unless the context otherwise requires the following words and expressions shall have the following meanings: "Auditors" "Data Controller" "Commencement Date" "Data Protection Legislation" "De-identified Data" "Direct Care" "Explicit Consent" means the data controller, its auditors, advisors, any regulatory body or other agents; A company, organisation or person who decides what data is collected, the purposes for which it is used and how that data is handled; means 1 October 2014; means the Data Protection Act 1998, the EU Data Protection Directive 95/46/EC, the Regulation of Investigatory Powers Act 2000, the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (SI 2000/2699), the Electronic Communications Data Protection Directive 2002/58/EC, the Privacy and Electronic Communications (EC Directive) Regulations 2003 and all applicable laws and regulations relating to processing of personal data and privacy, including where applicable the guidance and codes of practice issued by the Information Commissioner; means data that has been de-identified to the Information Standards Board Standard for Health Data (ISB 1523), published at means a clinical, social or public health activity concerned with the prevention, investigation and treatment of illness and the alleviation of suffering of individuals. It includes supporting individuals ability to function and improve their participation in life and society. It includes the assurance of safe and high quality care and treatment through local audit, the management of untoward or adverse incidents, person satisfaction including measurement of outcomes undertaken by one or more registered and regulated health or social care professionals and their team with whom the individual has a legitimate relationship for their care; means articulated patient agreement which gives a clear and voluntary indication of preference or choice, usually given orally or in writing and freely given in circumstances where the available options and the consequences have been made clear for the specific details of processing; the data to be processed; and the purpose for processing; "Governing Group" means the group defined in clause 14; "Implied Consent" means patient agreement that has been signalled by behaviour of an informed patient; Page 19 of 49

21 "Indirect Care" "NHS Information Governance Toolkit" "IGT" "Partner(s)" / "Partner Organisation(s)" "Personal Confidential Data" means activities that contribute to the overall provision of services to a population as a whole or a group of patients with a particular condition, but which fall outside the scope of direct care. It covers health services management, preventative medicine, and medical research; means the set of information governance requirements produced by the Department of Health and now hosted by the Health and Social Care Information Centre. It is a tool with which health and social care organisations can assess their compliance with current legislation and national guidance; means the organisation(s) party to this agreement; means personal information about identified or identifiable individuals, which should be kept private or secret. For the purposes of this agreement personal includes the definition of 'Personal Data', but it is adapted to include dead as well as living people. Confidential includes both information given in confidence and that which is owed a duty of confidence and is adapted to include Sensitive Personal Data as defined in this agreement; "Personal Data" has the meaning given to it in the Data Protection Act 1998, namely: data which relate to a living individual who can be identified: (a) (b) from those data; or from those data and other information which is in the possession of, or is likely to come into the possession of, the Data Controller, and includes any expression of opinion about the individual and any indication of the intentions of the Data Controller or any other person in respect of the individual. Typical examples of this type of data could include a Name, Address, Full Postcode, Date-of-Birth, Address, and Telephone Number or a photograph or CCTV image. A unique number such as an employee number or NHS number could be considered as personal data if the organisation holds the identifying data relating to the unique identifier; "Security Incident" "Sensitive Personal Data" means an actual, suspected or threatened unauthorised exposure, access, disclosure, use, communication, deletion, revision, encryption, reproduction or transmission of any component of Personal Data and/or Sensitive Personal Data or unauthorised access or attempted access to any Personal Data and/or Sensitive Personal Data; means Personal Data consisting of information as to - (a) (b) (c) the racial or ethnic origin of the data subject, his political opinions, his religious beliefs or other beliefs of a similar nature, Page 20 of 49

22 (d) (e) (f) (g) (h) whether he is a member of a trade union (within the meaning of the Trade Union and Labour Relations (Consolidation) Act 1992), his physical or mental health or condition, his sexual life, the commission or alleged commission by him of any offence, or any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings, Other capitalised terms have the meanings given in the Information Sharing Protocol unless the context requires otherwise. Page 21 of 49

23 APPENDIX 2 INFORMATION SHARING PROTOCOL This Information Sharing Agreement is subject to the principles, standards and governance set out in the Information Sharing Protocol as attached at this Appendix 2 or any updated version from time to time as made available to the parties or publicly available. NWL_Information_Sh aring_protocol_v1.pdf Page 22 of 49

24 APPENDIX 3 Data to be shared The data held in the Whole Systems Integrated Care Record are supplied as data feeds from various local systems at each organisation providing data. Each feed is translated into one or more viewing screens on the Software portal. The process for data feeds is as follows: The Provider Partner decides what information should be contributed to the record The technical teams of the Provider and the Host / Sub-contractor agree on a detailed specification for each feed The Provider Partner organises or develops the information feed the Sub-contractor deploys the receiver for the message and a viewing screen for the data items Once this technical work has been completed, the specification, the operation of the feed (method and timing) and screen shots of the data to be displayed are combined into a data feed definition document which is used for: o sign-off by the Provider Partner to ensure that the information available to view conforms with the agreement to share o acceptance testing to ensure that the data is imported correctly and the feed is otherwise fit for purpose.] Each Provider Partner will share the information specified in the following data templates. The agreed exclusion codes are also set out below. Data templates and Exclusion codes The data templates are set out in a separate document, entitled "WSIC Information Sharing and Hosting Agreement: Data templates ". This document may not be amended without Governing Group approval. The exclusion codes are as follows: Whole Systems Integrated Care Exclusion Codes 1. Submitting Sensitive or Anonymous Records to SUS Source: HSCIC CDS XML Submission On submission of records of sensitive treatments or conditions, or where a patient has submitted a removal of consent request, personal confidential data items should not flow into SUS via commissioning datasets (CDS). Under these circumstances, providers must anonymise the record by removing the following personal confidential data items from the CDS before sending data to SUS. NHS Number (and/or Patient Name and Address if also present within the record) Local Patient Identifier Date of Birth Page 23 of 49

25 Postcode A patient objecting to personal information flowing into SUS, must have their identity verified by the provider in line with the Data Protection Act 1998 and local information governance policy. It may be appropriate for this to be managed by the information governance department where applicable. NHS Number Status Indicator CDS XML validation rejects all records with an NHS Number Status Indicator of 01 (Number present and verified) where NHS Number is not present in the record. Organisations sending anonymised records are therefore advised to populate NHS Number Status Indicator of these records with the value 07 (NHS number not present and trace not required). 2 SUS Processing SUS incorporates pseudonymisation and anonymisation processing of records containing the following sensitive diagnosis and procedure codes: Confidentiality Category 2 (Extremely Sensitive) ICD 10 B20, B200, B201, B202, B203, B204, B205, B206, B207, B208, B209, B21, B210, B211, B212, B213, B214, B215, B216, B217, B218, B219, B22, B220, B221, B222, B223, B224, B225, B226, B227, B228, B229, B23, B230, B231, B232, B233, B234, B235, B236, B237, B238, B239, B241, B242, B243, B244, B245, B246, B247, B248, B249, B24X N46X, N97, N970, N971, N972, N973, N974, N978, N979, N98 O987 Z114, Z206, Z21, Z21X, Z31, Z310, Z311, Z312, Z313, Z314, Z315, Z316, Z318, Z319, Z350, Z717, Z830 OPCS N341, N342, N343, N344, N345, N346 Q131, Q132, Q133, Q134, Q135, Q136, Q137, Q138, Q139, Q211, Q218, Q219, Q382, Q383, Q48, Q481, Q482, Q483, Q484, Q488, Q489, Q561, Q562 U321 X866 Y961, Y962, Y963, Y964, Y965, Y966, Y968, Y969 Confidentiality Category 3 (Sensitive) ICD 10 A50, A500, A501, A502, A503, A504, A505, A506, A507, A508, A509, A51, A510, A511, A512, A513, A514, A515, A516, A517, A518, A519, A52, A520, A521, A522, A523, A524, A525, A526, A527, A528, A529, A53, A530, A531, A532, A533, A534, A535, A536, A537, A538, A539, A54, A540, A541, A542, A543, A544, A545, A546, A547, A548, A549, A551, A552, A553, A554, A555, A556, A557, A558, A559, A55X, A56, A560, A561, A562, A563, A564, A565, A566, A567, A568, A569, A57X, A58X, A59, A60, A600, A601, A609, A63, A630, A631, A632, A633, A634, A635, A636, A637, A638, A639, A641, A642, A643, A644, A645, A646, A647A648, A649, A64X, A65X, A740, A749 B171 Page 24 of 49

26 O981, O982, O983 R762 Z113, Z114, Z202, Z224 Confidentiality Category PbR and SEM data extracted from SUS will include the derived data item Confidentiality Category which is applied as follows. [blank] Not marked as confidential 2 Extremely sensitive. All personal confidential data items will be NULL 3 Sensitive. If personal confidential data is supplied by provider it is pseudonymised by SUS. 4 Other sensitive. All personal confidential data will be set to NULL by SUS. Records where additional SUS processing has been applied can be identified in PbR or SEM using Confidentiality Category of 2, 3 or 4. These records are also assigned an NHS Number Status of 91 which indicates that SUS has anonymised or pseudonymised the data. Records with a Confidentiality Category of 3 will contain pseudonymised values. Users should refer to the SUS PbR Extract Specification for details of the format of pseudonymised values. The following data items will be either anonymised or pseudonymised for these records: NHS Number Local Patient ID ALL VGP fields Name Patient Usual Address Postcode of Usual Address Date of Birth Hospital Spell Number Local CCMDS ID Mothers details (on birth CDS): o Local Patient ID (Mother) o NHS Number (Mother) o Birth Date (Mother) o Patient Usual Address (Mother) o Postcode of Usual Address (Mother) Babies details (for all babies on delivery CDS): o Local Patient ID (Baby) o NHS Number (Baby) Birth Date (Baby) Patient Pathway Identifier UBRN Converted Page 25 of 49

27 Handling of Sensitive Records in SUS PbR The PbR algorithm for spell construction relies on the ability to join records using patient identifiable criteria such as NHS Number or Hospital Provider Spell Number. Where some or all episodes from a multi episode spell are anonymised (i.e. sensitive) the episodes cannot be constructed into spells with either the anonymous or the clear records. APC episodes with sensitive conditions are treated as single episode spells which means that each episode will be assigned its own spell HRG and tariff if they are not excluded from PbR. As with other single episode spells these will appear in both the PbR Spells and Episode extracts and will have the same PbR Spell ID in both. 2. Referral Read codes that may reveal a sensitive condition Source: Although not included in the extraction code sets it may be wise to add them to the sensitive code list for future reference. Read v2 8H4A. 8H4A. 8H4i. 8H580 8H7W. 8HBQ0 8Hh3. 8HHg. 8HHV. 8HHw. 8Hks. 8Hl7. 8Hle. 8HlJ1 8HPA. 8HTa. 8HTB. 8HTc. 8HTD. 8HTf. 8HTj. 8HTR. 8HVP. Referred to venereologist Referred to genito urinary physician Referral to vasectomy special interest general practitioner Referral for female sterilisation Refer to TOP counselling Sexually transmitted infection in-house follow-up Self referral to termination of pregnancy service Referred to social services for adult protection Referral for termination of pregnancy Refer to community sexual health advisor Referral to community vasectomy service Referral to domestic violence advocate Referral to community human immunodeficiency virus nurse specialist Internal practice referral for intrauterine contraceptive device Referral for semen analysis Referral to genitourinary clinic Referral to fertility clinic Referral to psychosexual clinic Referral to family planning clinic Referral to vasectomy clinic Referral to erectile dysfunction clinic Referral to sexually transmitted infections clinic Private referral to venereologist CTV3 Page 26 of 49

28 XaLN1 Referral for vasectomy XaXfi Referral to teenage pregnancy and parenting support service XaXIf Referral to safeguarding children team XaQok Referral to safeguarding adults team XaKbU Referred to social services for adult protection XaXsZ Referral to community vasectomy service XaLKJ Referral to substance misuse service XaNPH Self referral to substance misuse service XaXUk Self referral to termination of pregnancy service XaAcf Referral to genitourinary medicine service XaXqq Referral to domestic abuse agency XaLMe Referral for female sterilisation 8H7W. Refer to TOP counselling XaAdL Referral to family planning service XaJi4 Referral to community drug dependency team XaKUg Referral to community drug and alcohol team XaPwC Referral to child protection service XaX8n Referral to child protection service under section 47 of Children Act 1989 XaOlN Referral to children's respite care XaNbl Referral to domestic violence advocate XaMzM Referral to drugs worker XaIvc Referral to drug abuse counsellor XaAfI Referral to marriage guidance counsellor XaPYJ Referral to vasectomy special interest general practitioner XaAfP Referral to family planning doctor XaYnd Referral to community human immunodeficiency virus nurse specialist XaAgt Referral to contact tracing nurse 8HTB. Referral to fertility clinic 8HTD. Referral to family planning clinic XaJcA Referral to sexually transmitted infections clinic XaJwX Referral to psychosexual clinic XaL47 Referral to erectile dysfunction clinic XaQyI Internal practice referral for intrauterine contraceptive device XaLI1 Referred by drug statutory service XaJQe Referral by criminal justice system XaNPI Referral by youth offending team XaNPO Referral by counselling assessment referral advice and throughcare service XaNPJ Referral by probation service XaNPK Referral by syringe exchange service XaK1y Referral for termination of pregnancy XaLI3 Referred by drug non-statutory service XaMDN Referred by probation service worker XaXnR Referral for semen analysis Page 27 of 49

29 3. Recommendations for prescription exclusions Source: Some prescriptions are only used to treat patients with sensitive conditions or treatments such as artificial fertilisation that are, or might be, excluded from extractions. The presence of such prescriptions in an individual s record indicates that the patient is very likely to have a sensitive condition or treatment history. It is strongly recommended that such prescription items be excluded from extractions. Management of infertility (sub-set of BNF and 6.7.2) Anti-oestrogens Clomifene Gonadotrophins Chorionic gonadotrophin o Choragon o Pregnyl Choriogonadotropin alfa o Ovitrelle Corifollitropin alfa o Elonva Follitropin alfa and beta o Gonal-F o Pergoveris o Puregon o Bravelle Human menopausal gonadotrophins o Merional o Menopur o Fostimon Lutropin alfa o Luveris Induction of abortion (sub-set of BNF 7.1.1) Gemeprost Mifepristone Sexually transmitted diseases The majority of sexually transmitted diseases (STDs) are managed with medicines, mainly antibiotics, used for other indications e.g. azithromycin, fluconazole, metronidazole. WSIC will not extract doses but the number of tablets in an item, or the on-going prescription of an antimicrobial prescription in consecutive months, may be disclosive. Examples include single-dose azithromycin or doxycycline implies chlamydia or gonorrhoea diagnosis tinidazole single dose implies trichomonas vaginalis (STD) or bacterial vaginosis or gingivitis or giardiasis Page 28 of 49

30 metronidazole single dose implies trichomonas vaginalis (STD) or bacterial vaginosis prolonged antifungal treatment implies HIV diagnosis is likely Anogenital warts (sub-set of BNF 13.7) Imiquimod (Aldara) [Note: Also used for actinic keratosis and basal cell carcinoma, but in a younger patient would indicate anogenital warts Podophyllotoxin (Warticon, Condyline) Genital Herpes treatments (BNF ) Famciclovir (Famvir) 500mg appears to be only applicable to HIV when prescribed as a maintenance course of 500mg twice a day Valaclovir (Valtrex) 500mg appears to be only applicable to HIV when prescribed as a maintenance course of 500mg twice a day (BNF ) Acyclovir (Zovirax) cream 10g (larger size) is usually prescribed only for genital herpes Cytomegalovirus maintenance treatment in HIV (BNF ) Valganciclovir o Valcyte Hepatitis B treatments (BNF ) Adefovir dipivoxil o Hepsera Entecavir o Baraclude Telbivudine o Sebivo Hepatitis C treatments (BNF ) Boceprivir o Victrelis Telaprevir o Incivo Respiratory syncytial virus treatments (BNF 5.3.5) Other than bronchiolitis in children, Ribavarin (Copegus, Rebetol) appears to be used only for Hepatitis C which is rare in childhood. Human immunodeficiency virus (HIV) treatment (BNF 5.3.1, and others) These drugs are unlikely to be initiated by Primary Care but may be prescribed under shared-care arrangements and will be diagnostic so should be on the exclusion list. (If they are excluded but not prescribed, there is no problem, but if they are included and present then there is a problem.) Antiretrovirals for HIV Abacavir Ziagen Kivexa Page 29 of 49

31 Didanosine Emtricitabine Lamivudine Stavudine Tenofivir disoproxil Zidovudine Atazanivir Darunavir Fosamprenavir Indinavir Lopinavir with ritonavir Ritonavir Saquinavir Tipranavir Efavirenz Etravirine Neviparine Rilpivarine Enfuvirtide Maraviroc Raltegravir Trizivir Videx Emtriva Epivir Zeffix Zerit Viread Truvada Atripla Eviplera Retrovir Combivir Reyataz Prezista Telzir Crixivan Kaletra Norvir Invirase Aptivus Sustiva Intelence Viramune Edurant Fuzeon Celsentri Isentress This applies not only to anti-retrovirals, but also to treatment for HIV associated infections: Pneumocystis co-trimoxazole o Septrin Atovaquone o Wellvone concurrent dapsone and trimethoprim Fungal infections in HIV - some antifungals are used mainly in HIV patients: posaconazole o Noxafil voriconazole o Vfend o Others are used long term as maintenance courses Page 30 of 49

32 Contraceptives (BNF 7.3) These drugs give evidence of sexual orientation and activity, though they are not always used only for contraceptive purposes. We have excluded the Read V2 code 1P7.. Observations relating to sexuality and sexual activity Long list of drugs which should all be excluded following the logic of the choice of codes in the exclusion lists. Some are used for other purposes such as menorrhagia or acne vulgaris only or for contraception at the same time. Erectile Dysfunction (BNF 7.4.5) Although impotence is not in the sensitive list, it has been raised as a sensitive diagnosis by the press. Specific treatments should be on the exclusion list. Alprostadil (parenteral) o Caverject o Viridal Duo Phosphodiesterase type-5 inhibitors (also used but rarely for pulmonary hypertension) Sildenafil o Nipatra o Viagra o Revatio Tadalafil (and recently after prostatectomy) o Cialis Vardenafil o Levitra The following drugs have appeared in lists of drugs that disclose sensitive conditions but they are not used for sexually transmitted diseases. Vaginal and vulval infections (BNF 7.2.2) These drugs are used for bacterial vaginosis and candida that are not sexually transmitted diseases Clotrimazole cream, pessaries o Canesten Gyno-Daktarin cream (miconazole) Gyno-Pevaryl cream and pessary (econazole) Gynoxin cream, vaginal capsule (fenticonazole) Nizoral cream (ketoconazole) Balance Activ Rx vaginal gel Dalacin cream (clindamycin) Relactagel vaginal gel Zidoval vaginal gel 4. Speciality Codes Page 31 of 49

33 Source: A unique code identifying each MAIN SPECIALTY designated by Royal Colleges. This is the same as the NHS OCCUPATION CODES describing specialties. Specialties are divisions of clinical work which may be defined by body systems (dermatology), age (paediatrics), clinical technology (nuclear medicine), clinical function (rheumatology), group of diseases (oncology) or combinations of these factors. Only Specialty titles recognised by the Royal Colleges and Faculties should be used. This list is maintained by the General and Specialist Medical Practice (Education, Training and Qualifications) Order 2003 and European Primary and Specialist Dental Qualifications Regulations National Codes: Code Main Specialty Title Surgical Specialties 100 GENERAL SURGERY 101 UROLOGY 110 TRAUMA & ORTHOPAEDICS 120 ENT 130 OPHTHALMOLOGY 140 ORAL SURGERY 141 RESTORATIVE DENTISTRY 142 PAEDIATRIC DENTISTRY 143 ORTHODONTICS 145 ORAL & MAXILLO FACIAL SURGERY 146 ENDODONTICS 147 PERIODONTICS 148 PROSTHODONTICS 149 SURGICAL DENTISTRY 150 NEUROSURGERY 160 PLASTIC SURGERY 170 CARDIOTHORACIC SURGERY 171 PAEDIATRIC SURGERY 180 ACCIDENT & EMERGENCY 191 PAIN MANAGEMENT (Retired 1 April 2004) Medical Specialties 190 ANAESTHETICS 192 CRITICAL CARE MEDICINE 300 GENERAL MEDICINE 301 GASTROENTEROLOGY Page 32 of 49

34 302 ENDOCRINOLOGY 303 CLINICAL HAEMATOLOGY 304 CLINICAL PHYSIOLOGY 305 CLINICAL PHARMACOLOGY 310 AUDIOLOGICAL MEDICINE 311 CLINICAL GENETICS * 312 CLINICAL CYTOGENETICS and MOLECULAR GENETICS (Retired 1 April 2010) 313 CLINICAL IMMUNOLOGY and ALLERGY 314 REHABILITATION 315 PALLIATIVE MEDICINE 320 CARDIOLOGY 321 PAEDIATRIC CARDIOLOGY 325 SPORT AND EXERCISE MEDICINE 326 ACUTE INTERNAL MEDICINE 330 DERMATOLOGY 340 RESPIRATORY MEDICINE (also known as thoracic medicine) 350 INFECTIOUS DISEASES 352 TROPICAL MEDICINE 360 GENITOURINARY MEDICINE 361 NEPHROLOGY 370 MEDICAL ONCOLOGY 371 NUCLEAR MEDICINE 400 NEUROLOGY 401 CLINICAL NEURO-PHYSIOLOGY 410 RHEUMATOLOGY 420 PAEDIATRICS 421 PAEDIATRIC NEUROLOGY 430 GERIATRIC MEDICINE 450 DENTAL MEDICINE SPECIALTIES 451 SPECIAL CARE DENTISTRY 460 MEDICAL OPHTHALMOLOGY 500 OBSTETRICS and GYNAECOLOGY 501 OBSTETRICS 502 GYNAECOLOGY 504 COMMUNITY SEXUAL AND REPRODUCTIVE HEALTH 510 ANTENATAL CLINIC (Retired 1 April 2004) 520 POSTNATAL CLINIC (Retired 1 April 2004) 560 MIDWIFE EPISODE 600 GENERAL MEDICAL PRACTICE Page 33 of 49

35 601 GENERAL DENTAL PRACTICE 610 MATERNITY FUNCTION (Retired 1 April 2004) 620 OTHER THAN MATERNITY (Retired 1 April 2004) Psychiatry 700 LEARNING DISABILITY 710 ADULT MENTAL ILLNESS 711 CHILD and ADOLESCENT PSYCHIATRY 712 FORENSIC PSYCHIATRY 713 PSYCHOTHERAPY 715 OLD AGE PSYCHIATRY Radiology 800 CLINICAL ONCOLOGY (previously RADIOTHERAPY) 810 RADIOLOGY Pathology 820 GENERAL PATHOLOGY 821 BLOOD TRANSFUSION 822 CHEMICAL PATHOLOGY 823 HAEMATOLOGY 824 HISTOPATHOLOGY 830 IMMUNOPATHOLOGY 831 MEDICAL MICROBIOLOGY AND VIROLOGY 832 NEUROPATHOLOGY (Retired 1 April 2004) 833 MEDICAL MICROBIOLOGY (also known as MICROBIOLOGY AND BACTERIOLOGY) 834 MEDICAL VIROLOGY Other 900 COMMUNITY MEDICINE 901 OCCUPATIONAL MEDICINE 902 COMMUNITY HEALTH SERVICES DENTAL 903 PUBLIC HEALTH MEDICINE 904 PUBLIC HEALTH DENTAL 950 NURSING EPISODE 960 ALLIED HEALTH PROFESSIONAL EPISODE 990 JOINT CONSULTANT CLINICS (Retired 1 April 2004) Page 34 of 49

36 5. GP Systems Exclusion Codes Source: Concentra (WSIC) and CWHHE SystmOne Team, and EMIS Read co+a3:d11 4de 93C1. CTV3 Code 5. GP Systems Exclusion Codes Source: Concentra (WSIC), Description Group XaKRw Refused consent for upload to local shared electronic record Consent refused codes 93C3. Refused consent for upload to national XaKRy shared electronic Consent refused codes 9M1.. XaJrC Informed dissent for national audit Consent refused codes 9R1.. XE2Np Confidential patient data Consent refused codes 9R11. 9R11. Conf data - patient not to see Consent refused codes 9R12. 9R12. Conf data - not to be reported Consent refused codes 9R13. 9R13. Conf data - staff not to see Consent refused codes 9R14. 9R14. Conf data - paramedics not see Consent refused codes 9R15. 9R15. Conf data - other Dr not see Consent refused codes 9R1Z. 9R1Z. Confidential data NOS Consent refused codes 9Nd1. XaKII No consent for electronic record sharing Consent refused codes 9Nd9. Declined consent for Primary Care Trust XaN25 to review patient record Consent refused codes 9NdH. Declined consent to share patient data XaNwT with specified third party Consent refused codes 9NdJ. Consent withdrawn to share patient XaNwU data with specified third party Consent refused codes 9Oh8. XaJDs Personal risk assessment declined Consent refused codes 9Oh5. Multi-professional risk assessment XaJDp declined Consent refused codes ZV26% TBC [V]Infertility management IVF treatment 8C8% 8C8.. Treatment for infertility IVF treatment 7E0A% Introduction of gamete into uterine 7E0Az cavity IVF treatment 7E1F2 Endoscopic intrafallopian transfer of 7E1F2 gamete IVF treatment 1.33 Marital status {not all daughter codes TBC apply} Marital Status 9U% 9U... Complaints about care Complaints 13N5. XE0pl HIV risk lifestyle HIV & Aids XE0pl 13N5 HIV risk lifestyle HIV & Aids TBC 13N5-1 AIDS risk lifestyle HIV & Aids Ub0oM 13N5-2 Multiple sexual partners HIV & Aids 43C% TBC HTLV-3 antibody test HIV & Aids 43WK. XaFuM Human immunodeficiency virus HIV & Aids Page 35 of 49

37 antibody level 43d5. XaFuN HIV antibody/antigen (Duo) HIV & Aids 43h2. XaFuK HIV 1 PCR HIV & Aids 43W7. XaEQb HIV1 antibody level HIV & Aids 43W8. XaEME HIV2 antibody level HIV & Aids 4J34. XaFuL HIV viral load HIV & Aids 62b.. XaIOI Antenatal HIV screening HIV & Aids 65P8. 65P8. AIDS contact HIV & Aids 65QA. 65QA. AIDS carrier HIV & Aids 65VE. 65VE. Notification of AIDS HIV & Aids 67I2. XaEFk Advice about HIV prevention HIV & Aids AIDS (HTLV-III) screening HIV & Aids AIDS (HTLV-III) screening HIV & Aids HIV screening HIV & Aids 8CAE. 8CAE. Patient advised about the risks of HIV HIV & Aids A788% XE0RX Acquired immune deficiency syndrome HIV & Aids A789% A789. Human immunodef virus resulting in other disease HIV & Aids AyuC4 AyuC4 [X]Hiv disease resulting in other infectious and parasitic diseases HIV & Aids Eu024 X003P [X]Dementia in human immunodef virus [HIV] disease HIV & Aids R109. R109. [D]Laboratory evidence of human immunodeficiency virus [HIV] HIV & Aids ZV018 ZV018 [V]Human immunodeficiency virus negative HIV & Aids ZV019 ZV019 [V]Contact with and exposure to human immunodeficiency virus HIV & Aids ZV01A ZV01A [V]Asymptomatic human immunodeficiency virus infection status HIV & Aids ZV19B ZV19B [V]Family history of human immunodeficiency virus [HIV] disease HIV & Aids ZV6D4 ZV6D4 [V]Human immunodeficiency virus counselling HIV & Aids ZV737 ZV737 [V]Special screening examination for human immunodeficiency virus HIV & Aids 13H9. XE0pD Imprisonment record Convictions & Imprisonments XE0pD 13H9 Imprisonment record Convictions & Imprisonments XE0pD 13H9-1 Prison record Convictions & Imprisonments Xa0re 13H9-2 Released from prison Convictions & Imprisonments 13HQ. XE0pK In prison Convictions & Imprisonments TBC 13HQ In prison Convictions & Imprisonments XE0pK 13HQ-1 Arrested in police custody Convictions & Imprisonments TBC 13HQ-2 Prison sentence Convictions & Imprisonments 13I71 13I71 Husband in prison Convictions & Imprisonments Page 36 of 49

38 Prison medical examination Convictions & Imprisonments T776. T776. Place of occurrence of accident or poisoning, prison Convictions & Imprisonments ZV4J4 ZV4J4 [V]Conviction in civil and criminal proceedings without imprisonment Convictions & Imprisonments ZV4J5 ZV4J5 [V]Problems related to release from prison Convictions & Imprisonments ZV625 TBC [V]Imprisonment Convictions & Imprisonments ZV625 ZV625 [V]Legal problems Convictions & Imprisonments TBC ZV625-1 [V]Imprisonment Convictions & Imprisonments ZV625 ZV625-2 [V]Litigation Convictions & Imprisonments TBC ZV625-3 [V]Prosecution Convictions & Imprisonments 1415 XE2td H/O: venereal disease Sexual transmitted diseases XE2td 1415 H/O: venereal disease Sexual transmitted diseases XaXJx H/O: sexually trans. disease Sexual transmitted diseases 43U% TBC Chlamydia antigen test Sexual transmitted diseases A9% XE0Rh Syphilis and other venereal diseases Sexual transmitted diseases A780. A780. Molluscum cantagiosum Sexual transmitted diseases A780 A780. Molluscum contagiosum Sexual transmitted diseases A7800 XaFn6 Molluscum contagiosum with eyelid involvement Sexual transmitted diseases A78A. A78A. Chlamydial infection Sexual transmitted diseases A78A3 A78A3 Chlamydial infection of pelviperitoneum and other genitourinary organs Sexual transmitted diseases A78AW Ayu62 Chlamydial infection, unspecified Sexual transmitted diseases A78AX Ayu4K Chlamydial infection of genitourinary tract, unspecified Sexual transmitted diseases A78A A78A. Chlamydial infection Sexual transmitted diseases A78A0 A78A0 Chlamydial infection of lower genitourinary tract Sexual transmitted diseases A78A1 X00mP Chlamydial infection of pharynx Sexual transmitted diseases A78A2 A78A2 Chlamydial infection of anus and rectum Sexual transmitted diseases A78A3 A78A3 Chlamydial inf of pelviperitoneum oth genitourinary organs Sexual transmitted diseases A78A4 X00Zq Chlamydial conjunctivitis Sexual transmitted diseases A78AW Ayu62 Chlamydial infection, unspecified Sexual transmitted diseases A78AX Ayu4K Chlamydial infection of genitourinary tract, unspecified Sexual transmitted diseases 65P7. XE1Sq Venereal disease contact Sexual transmitted diseases 65P7 XE1Sq Venereal disease contact Sexual transmitted diseases 65P7-1 Xa0Qw Gonorrhoea contact Sexual transmitted diseases 65P7-2 Xa0Qx Syphilis contact Sexual transmitted diseases 65P7-3 XE1Sq VD - venereal disease contact Sexual transmitted diseases 65Q9. 65Q9. Venereal disease carrier NOS Sexual transmitted diseases 65Q9 65Q9. Venereal disease carrier NOS Sexual transmitted diseases Page 37 of 49

39 65Q9-1 65Q9. VD carrier NOS Sexual transmitted diseases 6832 ZV745 Venereal disease screening Sexual transmitted diseases ZV745 VD- venereal disease screening Sexual transmitted diseases A7812 XE0RT Genital warts Sexual transmitted diseases A7812 XE0RT Genital warts Sexual transmitted diseases A X20Yh Condylomata acuminatum Sexual transmitted diseases A X70Nf Penile warts Sexual transmitted diseases A X70LZ Venereal warts Sexual transmitted diseases L172% L1720 Other maternal venereal diseases during pregnancy, childbirth and the puerperium Sexual transmitted diseases ZV016 ZV016 [V]Contact with or exposure to venereal disease Sexual transmitted diseases ZV016 ZV016 [V]Contact with or exposure to venereal disease Sexual transmitted diseases ZV016-1 XE1Sq [V]VD - venereal disease contact Sexual transmitted diseases ZV028 ZV028 [V]Other venereal disease carrier Sexual transmitted diseases ZV745 ZV745 [V]Screening for venereal disease Sexual transmitted diseases ZV745 ZV745 [V]Screening for venereal disease Sexual transmitted diseases ZV745-1 ZV745 [V]Screening for venereal disease (VD) Sexual transmitted diseases EGTON3 TBC Chlamydia infection Sexual transmitted diseases XaXJw TBC Chlamydia infection Sexual transmitted diseases 14X.. History of abuse XaEFq 14X History of abuse TBC 14X0 History of physical abuse XaEFr 14X1 History of sexual abuse XaEFs 14X2 History of emotional abuse XaEFq 14X3 History of domestic violence XaHhe 1J3.. Suspected child abuse 1J3.. SN551 Child maltreatment syndrome SN55. SN55 Child maltreatment syndrome XE1ow SN550 Emotional maltreatment of child SN550 SN550-1 Emotional deprivation of child Xa0pA SN550-2 Emotional abuse of child XE1ou SN551 SN551 Nutritional maltreatment of child Page 38 of 49

40 SN571 TL7.. TLx4. SN551 SN551 SN552 XE1ov TBC XE2ss X70xu X70xt SN554 SN55. XE1ow X70xs TBC X70xx SN571 TL7.. TL7.. TBC TL70. TL7.. TBC TBC TLx4. TLx40 SN551-1 Nutritional deprivation of child SN551-2 Malnutrition in child maltreatment syndrome SN552 Non-accidental injury to child SN552-1 NAI - non-accidental injury to child SN552-2 Physical injury to child SN553 Battered baby or child syndrome NOS SN553-1 Battered baby syndrome NOS SN553-2 Battered child syndrome NOS SN554 Multiple deprivation of child SN555 Physical abuse of child SN55z Child maltreatment syndrome NOS SN55z-1 Child abuse NEC SN55z-2 Child deprivation syndrome SN55z-3 Neglect affecting child NEC Sexual abuse Child battering and other maltreatment TL7 Child battering and other maltreatment TL7-99 Assault: child battering TL70 Child battering or other maltreatment by parent TL7y Child battering or other maltreatment by other spec person TL7z Child battering or other maltreatment by person NOS Assault by criminal neglect TLx4 Assault by criminal neglect TLx40 Abandonment of child with intent to injure or kill Page 39 of 49

41 ZV19C ZV19D ZV19E ZV19F ZV19G ZV19H ZV19J ZV19K ZV4F9 ZV4F9 ZV4G4 ZV4G5 ZV612 TLx4. TLx4z XaD42 XaD43 XaD44 XaD45 XaD46 XaD47 XaD48 XaD49 ZV4F9 ZV4F9 ZV4G4 ZV4G5 TBC ZV612 ZV612 TLx41 Abandonment of infant with intent to injure or kill TLx4z Abandonment of helpless person NOS [V]Family history of physical abuse to sibling [V]Family history of physical abuse to sibling by family member [V]Family history of sexual abuse to sibling [V]Family history of sexual abuse to sibling by family member [V]Family history of mental abuse to sibling [V]Family history of mental abuse to sibling by family member [V]Family history of sibling abuse NOS [V]Family history of sibling abuse by family member NOS [V]Problems related to alleged sexual of abuse child by person outside primary support group [V]Problems related to alleged sex abuse child by person within primary support group [V]Problems related to alleged physical abuse of child [V]Child abuse ZV612 [V]Child abuse ZV612-1 [V]Child battering Page 40 of 49

42 APPENDIX 4 INFORMATION GOVERNANCE TOOLKIT REQUIREMENTS Overview The Information Governance Toolkit (IGT) is a self-assessment tool used across the NHS and by independent organisations providing patient services to the NHS. The IGT is submitted annually and includes a range of requirements in which all organisations are required to maintain level 2 (of a maximum 3). The agreement requires all organisations who are signatories, to maintain standards regarding the security of information and the management of staff and third party access to that information. Key IGT areas (expanded on below) are: Requirement 110 (GPs 116) Contractors or sub-contractors are held in contract to Information Governance requirements Requirement 111 (GPs 116) All employee contracts include confidentiality clauses Requirement 112 (GPs 117) All staff are appropriately trained in Information Governance By binding these requirements in agreement, each signatory organisation can gain the assurance they are required to have in law that partners and other organisations with access to the information provided to the Whole Systems Integrated Care Record are bound by the same conditions as themselves. List of Specific Requirements Information Governance Clauses in Contracts with Third Party Suppliers 1. All contracts should be reviewed for IG compliance and should include as a minimum the following areas: a. A clause stating that the contractor will only act on instruction from the organisation in processing the data b. A clause identifying the organisation as the Data Controller c. Requirements that staff are screened prior to working with the data d. Requirements that staff are regularly trained in information security and governance e. A clause ensuring that security issues or compromised security (incidents) which may affect the data are reported immediately f. Assistance with Subject Access Requests where necessary g. Assistance with Freedom of Information Act and Environmental Information Regulations enquiries as necessary h. A clause requiring all employees of the sub-contractor to be bound by confidentiality during and after employment 2. Each organisation should be prepared to share evidence, on request, of review and maintenance of such contracts as necessary, for example annual reports or contract checklists signed off by the Senior Information Risk Owner or IG Lead of the organisation For a more comprehensive list the signatory organisation may wish to refer to Appendix 6 of the 2012 Information Governance Review. Page 41 of 49

43 Similarly, organisations may which to familiarise themselves with the statutory requirement contained in the Data Protection Act 1998, Schedule 1, Part II, Paragraphs which requires that sub-contractors are bound by contract. The clauses state as follows and can be found here Information Governance Clauses in Contracts with Employees and Sub-Contractors 1. All employees should be vetted in accordance with NHS policy should they have access to Patient Data 2. All employment contracts and/or contracts with sub-contracts should contain a standard confidentiality clause including the expectation that confidentiality extends post-employment 3. All employment contracts and/or contracts with sub-contractors should contain penalty clauses for non-compliance 4. All organisations should have appropriate leavers and joiners processes for ensuring access to data does not continue post-employment 5. All visitors, those on secondment, students, volunteers or anyone given access to patient data, where not an employee or sub-contractor, should be required as a minimum to sign an appropriate confidentiality agreement 6. Each organisation should be able to provide evidence of procedures, template clauses, or signed confidentiality agreements as required by other organisations who are signatory to the agreement Example clauses from the IGT can be found here Information Governance Training 1. All staff or contractors should be subject to induction and annual training on Information Governance requirements, which will as a minimum include the information contained in the Introduction to Information Governance online training contained in the IG Training Tool at 2. Those contractors staff who are working in an organisation for one month or more should be subject to the same training 3. For staff with specific roles (Information Asset Owner/Administrator, Data Protection Officer, Caldicott Guardian, Information Governance Lead) further detailed training should be provided 4. Each organisation should be able to provide evidence of annual staff and contractor/volunteer training (and re-training following a breach). Page 42 of 49

44 APPENDIX 5 BRENT CCG AS HOST: SERVICE CHARGES The service charges for the Host at time of writing are to be finalised. Broadly service charges will be considered as two phases: 1) Set-up and mobilisation 2) Business as Usual Indicative resourcing requirement for the Host to fulfil its responsibilities as host will require: Service charges for Phase 1 (indicative): 44, Funding will be met by NWL Strategy & Transformation team. Service charges for Phase 2: Will form a part of the discussions with CSS Business Intelligence service. Page 43 of 49

45 APPENDIX 6 DELIVERY TIMETABLE 1. Further to its obligations under clause 9.1, the Host shall use reasonable endeavours to ensure that: a. The Care Planning Purpose will start to be met within 9 months of the Commencement Date; b. The Case Finding Purpose will start to be met within 6 months of the Commencement Date; c. The Data Maintenance Purpose will start to be met within 1 month of the Commencement Date; and d. The De-identification Purpose will start to be met within 1 month of the Commencement Date. 2. Notwithstanding paragraphs 1(a) and 1(b) above, for patients registered with GP Provider Partners in the area of Hammersmith and Fulham CCG, the requirement shall be for the Care Planning Purpose to start to be met within 12 months of the Commencement Date, and for the Case Finding Purpose to start to be met within 9 months of the Commencement Date. 3. All parties are committed to the replacement of Concentra as the subcontracted provider of software and services with Hitachi, and will use reasonable endeavours to achieve completion by July Page 44 of 49

46 APPENDIX 7 Supporting information governance framework for Whole Systems Integrated Care Record and WSIC Data warehouse Page 45 of 49

47 APPENDIX 8 GP SIGNATORIES CCG Name Signature Date Hillingdon ABBOTSBURY GARDENS - Dr Joseph Dr Peter Joseph Hillingdon ACRE SURGERY - Dr Thakrar --> Dr S Patel Dr S Patel Hillingdon ACREFIELD SURGERY - Dr Thakrar --> Dr S Patel Dr S Patel Hillingdon BEDWELL MEDICAL PRACTICE - Dr Kanthan Dr P R Kantha Hillingdon BELMONT MEDICAL CENTRE - Dr Garsin Mrs Zoe Taylor Hillingdon CAREPOINT PRACTICE - Dr Tony Stern Heather Ellis Hillingdon DEVONSHIRE LODGE PRACTICE - Dr Martin Hall Dr Jonathan Brewston Hillingdon EASTBURY SURGERY - Dr Goodwin --> Dr Shanmugarajah Dr Kuldhir Johal Hillingdon GLENDALE HOUSE SURGERY - Dr Campbell --> Dr Nanavati Jenny Cook Hillingdon HAYES MEDICAL CENTRE - Dr CB Patel --> Dr Verma Dr CB Patel Hillingdon HILLINGDON HEALTH CENTRE - Dr Davies --> Dr Atul Mehta Liz Francis Hillingdon KINCORA - Dr Goud Asheem Kumar Marld Hillingdon KING EDWARDS AND SWAKELEYS MEDICAL CENTRE - Dr Mahendra Dr Mashru Mahru Hillingdon KINGSWAY SURGERY - Dr Dodhy Dr Dodhy Hillingdon LADYGATE LANE - Dr Karim Dr Zahra Karim Hillingdon OXFORD DRIVE MEDICAL CENTRE - Dr Aurora Dr Aururo Hillingdon SOUTHCOTE CLINIC - Dr O'Driscoll Helen Green Hillingdon ST MARTINS MEDICAL CENTRE - Dr Anil Raj Dr Anil Raj Hillingdon THE CEDAR BROOK PRACTICE - Dr Thomas --> Dr Thurlow Satar Kahlon Hillingdon THE CEDARS MEDICAL CENTRE - Dr Kosciesza Dr Ritu Prasad Hillingdon THE MEDICAL CENTRE, THE GREEN - Dr Sahota Dr Pinkinder Sahote Hillingdon THE MOUNTWOOD SURGERY - Dr Goodman Dr Ian Goodman Hillingdon THE OAKLAND MEDICAL CENTRE - Dr Johal Elaine Sheppard Hillingdon THE PARKVIEW SURGERY - Dr Ajay Mehta Wissam Darouiche Hillingdon THE PINE MEDICAL CENTRE - Dr Gudi --> Dr Akin- Michael Akin-Taylor Taylor Hillingdon TOWNFIELD DOCTORS SURGERY - Dr Saleh Marie Franklin Hillingdon WALLASEY MEDICAL CENTRE - Dr KP Patel Grishma Shah Hillingdon WALNUT WAY - Dr Siddiqui Dr MMR Siddiqui Hillingdon WOOD LANE MEDICAL CENTRE - Dr Shapiro Dr Shapiro Hillingdon YEADING COURT SURGERY - Dr Reddy Dr TD Raju Hillingdon YIEWSLEY HIGH STREET PRACTICE - Dr Dhanani Sarger Dhanan Brent THE STONEBRIDGE PRACTICE Susan Okaikoi Central London BELGRAVIA SURGERY Dr David Parry Central London CONNAUGHT SQUARE PRACTICE Dr E laudato Central COVENT GARDEN MEDICAL CENTRE Dr Kandiah Page 46 of 49

48 London Pathmananthan Central London DR MAHER SHAKARCHI'S PRACTICE Dr Shakarchi Central London IMPERIAL COLLEGE HEALTH CENTRE Mark Daniels Central Mrs Denise London KINGS COLLEGE HEALTH CENTRE Johnson Central London LANARK MEDICAL CENTRE Dr Y El-Gazzar Central London LISSON GROVE HEALTH CENTRE Dr Henry Mintz Niamh McLaughuan Central London MILLBANK MEDICAL CENTRE Central London PADDINGTON GREEN HEALTH CENTRE Dr Navine Pursseu Central London SOHO CENTRE FOR HEALTH AND CARE Dr Chris Bark Central London SOHO SQUARE GENERAL PRACTICE Dr A Tahir Central London ST JOHNS WOOD MEDICAL PRACTICE Stephen Charkin Central London THE RANDOLPH SURGERY Dr Juliet Glover Central London THIRD FLOOR LANARK ROAD MEDICAL CENTRE Dr Laila Abouzekry Central London WELLINGTON HEALTH CENTRE Dr Saral Amand Central London WESTMINSTER AND PIMLICO HEALTH CENTRE Joanna Fox Central London WOODFIELD ROAD MEDICAL CENTRE Dr S Honey West London BARLBY ROAD SURGERY Dr Aumran Tahir West London KINGS ROAD MEDICAL CENTRE Dr Aumran Tahir West London KNIGHTSBRIDGE MEDICAL CENTRE Dr Mark Sweeney West London LANCASTER GATE MEDICAL CENTRE Soraya Meer Page 47 of 49

49 APPENDIX 9 Provider Partners Page 48 of 49

50 Page 49 of 49