SH NCP 2 Summary: Keywords (minimum of 5): (To assist policy search engine) Target Audience: The Trust provides a framework to ensure all data that is recorded by the Trust is accurate and complies to all statutory and recommended Information Governance standards. Data Quality, Systems, Validation, Information, Reporting, anonymisation; pseudonymisation All users of information within the Trust whether that be entering data onto systems or utilising reports Next Review Date: February 2018 Approved and ratified by: Information Governance Group Date of meeting: 11 January 2016 Date issued: Author: Simon Beaumont, Head of Information Sponsor: Lisa Franklin, Director of Information 1
Version Control Change Record Date Author Version Page Reason for Change 6/2/2012 Head of Information 19/2/2012 Head of Information 09/01/2014 Head of Information 17/12/2014 Head of Information 04/01/2016 Head of Information 1.0 n/a Document created 2.0 n/a Updated following comments and ratification by Information Governance Group 3.0 9-10 Inclusion of Trust statement of compliance with anonymisation and pseudonymisation 4.0 All Full review of the policy. 5.0 All Full review of the policy. Reviewers/contributors Name Position Version Reviewed & Date Information Governance Group Approval body February 2012 Lesley Barrington Head of Information Assurance V3 January 2014 Lesley Barrington Membership V3 January 2014 Lisa Franklin Director of Information and Technology V4 December 2014 David Markwick Information Manager V5 January 2016 2
CONTENTS Page 1. Introduction 4 2. Rationale 4 3. Scope 4 4. Core Principles 5 5. Standards and associated Key Performance Indicators 5 6. Responsibilities and accountabilities 8 7. Audit and monitoring 8 8. Data Quality governance structures 9 9. National guidance 10 Addendum Trust procedure for data pseudonymisation and anonymisation 11 Appendices A1 Equality Impact Assessment (EqIA) 13 3
1 Introduction Reliable information is fundamental for the Trust to conduct its business efficiently and effectively. This applies in all areas of activity including: the delivery of care to service users, service management, performance management, corporate governance, internal and external accountability and supports the business planning process and communication. Data quality is a crucial pre-requisite to supply information that is complete, relevant, accurate and timely. 2 Rationale Ever-increasing use of computerised systems provides greater opportunities to store and access large volumes of many types of data but also increases the risk of misinformation if the data from which information is derived is not of good quality. This risk applies to information for the Trust s internal use and to information conveyed in the form of statutory returns to the national databases - Hospital Episode Statistics Commissioning Data Sets (HES - CDS); Community Information Data Set (CIDS); Children and Young People s Health Services Data Set (CYPHS); Mental Health Services Data Set statistics (MHSDS) and Payment By Results (PbR)- via the Secondary Uses Service (SUS). For our information to have value, it is essential that the underlying data is consistent and complies with national standards. NHS Trusts are assessed, judged and sometimes paid on the quality of the data they produce. National statistics, performance indicators and audit assessments depend on good quality data for their accuracy and indeed include data quality amongst their number. Compliance with high Data Quality Assurance standards is an implicit requirement for Foundation Trust status. It is due to all of the above that Data Quality is on the Trust s strategic risk register at the time of publishing this Policy and as such mitigating actions are required to minimise the potential impact to the Trust. This policy provides the framework to mitigate such risks and enable individuals within the Trust to take direct responsibility for any data they record or omit to record. 3 Scope This policy is intended to cover all data that is entered into computerised systems within the Trust and should be read in conjunction with the Trust s Policies concerning paper-based records. It covers primarily data relating to individuals (staff, service-users or third-parties) and the delivery of care but also includes other data that relates to financial management, service management, performance management, corporate governance and communications. Service-user data is held on Electronic Patient Records (EPR) and a range of other clinical information systems owned by the Trust or accessed under SLA with host organisations. The Trust also operates a range of non-clinical information systems that support its business processes. The policy applies to all staff that use, or supply data that is input to those systems. It outlines good practice and identifies the roles and responsibilities of both the Trust and its staff in terms of data quality. 4
4 Core Principles In common with other NHS Trusts, the Trust will be required by the Health & Social Care Information Centre and Information Commissioners Office to achieve at least level 2 for Data Quality as set out in the Information Governance Toolkit (with particular reference to requirement 507). The Trust principles and standards outlined are also expected to be achieved for all Trust data. 4.1 The Data Protection Act (1998) requires, amongst other things, that information held on computer systems is accurate and up to date. For further details please refer to Trust policy SH IG 18 DPA, Caldicott & Confidentiality Policy. 4.2 There will be identified individuals within the Trust, including those in the areas of informatics, health records, clinical coding, systems support and the Caldicott Guardian, with particular responsibility for data quality issues in those areas. Their specific responsibility in this respect will be explicitly stated in their job descriptions. 4.3 Responsibilities concerning data quality will be explicitly stated in the job descriptions of all staff involved in the collection or processing of data that is input to relevant information systems. 4.4 Responsibility for the strategic management of data quality in the Trust will lie with the Director of Information & Technology, Chief Clinical Information Officer, Associate Director of Technology and the Head of Information. 4.5 Responsibility for the operational management of data quality will lie with the operational managers of all services to which this policy applies. 4.6 The importance of achieving good data quality will be addressed with all relevant staff as part of the induction process at commencement of their employment. 4.7 All data collection and input processes will have an audit trail that operates continuously. Any training and development issues identified in the course of auditing will be addressed promptly. 4.8 All users will be made aware of their individual and the Trust s corporate responsibility for confidentiality and security of data through the Trust s relevant policies. 5 Standards and associated Key Performance Indicators There are a number of standards and associated Key Performance Indicators that can be used to monitor Data Quality and as such support a high level of compliance. The common standards of good Data Quality are: 5.1 Accuracy The recorded data must be reflective of the event or individual associated with the data. At all times, whether the process be recoding new data or updating existing data, data must be checked to ensure it is accurate. 5
Example 5.2 Valid When updating a patient or service user s demographic data within the Trust s Electronic Patient Records the fields should be checked with the individual to ensure they are correct, this would include verbal communication with the individual and validation against the national spine. Where data is used to report Key Performance Indicators it must be validated and updated on the source system to ensure consistency and maintain integrity of electronic data. Example Rapid Response data for ISD Community Care Teams is recorded on the Trust s Electronic Patient Record. All breaches of the 2 hour response time are validated and should the clinical team identify an error in the underlying data they must update the source system and not rely on manual alteration of the KPI based upon their validation feedback. 5.3 Timely For data to be used as accurate information it must be recorded in a timely manner. Contemporaneous patient information is critical where an Electronic Patient Record acts as the primary clinical record for the patient or service user. Example Having visited a patient or service user the Electronic Patient Record is required to be updated. Should this not happen within the timescales listed below the risk of subsequent clinical interventions occurring without the knowledge of the previous visit being recorded increases. Key Performance Indicators Inpatient records: Recorded within 2 hours Community and Outpatient records: Recorded and outcomed within 2 working days. It is recognised that as the Trust implements an Electronic Patient Record there is a requirement for clinical teams to be able to access this Record real time. Data timeliness standards will be reviewed at such time as mobile working is available to reflect a clinical team s ability to update and record data in a more timely manner. 5.4 Consistency Data items will be populated in an internally consistent fashion. All reference tables and codes will be audited and updated regularly with reference to national and local data sources. 6
Example When recording data that is mandated by national data sets or has nationally determined structures the Trust s systems will reflect these values; Referral Source, Discharge Destination, Primary Diagnosis etc. 5.5 Appropriate Data must be recorded that is appropriate and relevant to the event. If data is not stated as being required within a documented process it should not be recorded and stored by any individual within the Trust. Example It is appropriate to record a patient or service user s Address within an Electronic Patient Record however it is not required, nor appropriate for their door key code or access code to be recorded. 5.6 Completeness Data must be complete in terms of all available fields are populated where the data is known and available to the individual. Example Patient demographic data has a number of mandatory and optional fields. When recording demographic data for a patient or service user all mandatory fields must be recorded, noting there are valid options for when an individual does not wish to provide the Trust with that data, i.e. Ethnicity, Religion. Optional fields must be populated where known. Key Performance Indicators: Mental Health Services Data Set Identifiers: 90% complete Mental Health Services Data Set Outcomes: 50% complete Community Information Data Set Identifiers: 50% complete 5.7 Using documented processes Where data is recorded within the Trust it must be done so using documented and signed off processes that are kept up to date and regularly audited by forums with the authority to highlight improvements and update processes accordingly. Example A set of Standard Operating Procedures are available for all of the Trust s electronic systems. These are designed to ensure data is entered consistently, based upon an agreed definition with standardised processes. 7
6 Responsibilities and accountabilities Within the Trust there are formally documented structures of accountability for Data Quality: 6.1 Every individual that is a registered user of a Trust System is responsible for ensuring the Data Quality of records when using the system. Should individuals knowingly enter data that breaches the previously described Data Quality standards there are disciplinary procedures that can be invoked. 6.2 Line Managers are accountable for ensuring each individual within their Team is complying with Data Quality standards and where errors or breaches in protocol are identified these are addressed and rectified. 6.3 This policy will be reviewed and maintained by the Trust Information Governance Group. 6.4 User Groups for each system are responsible for reviewing Standard Operating Procedures and cascading Data Quality initiatives and Communications. 6.5 The Chief Operating Officer as Senior Information Responsible Officer for the Trust is the accountable Director for Data Quality. 6.6 The Information Department as responsible function for maintaining Organisation Data Service site / location codes. 7 Audit and monitoring Data Quality will be regularly monitored using reporting available via the Trust s Data Warehouse and Tableau visualisations. These reports will include: Validation lists for records that breach Trust Key Performance Indicators Performance reports listing compliance against each of the Data Quality standards It is the responsibility of Line Managers to review Data Quality compliance for their Team. To ensure compliance with national best practice and Information Governance Toolkit standards the Trust will complete the following external audits on a yearly basis: Data Quality audit Clinical Coding audit External audits will be reported to the Trust s Information Governance Group and recommended actions will be recorded on the Trust audit log along with associated action plans. 8
8 Data Quality governance structures The Trust has groups that are formally responsible for the management of data quality risks and identifying appropriate mitigating actions to minimise the potential impact of poor data quality; these include: 8.1 Trust Data Quality Steering Group The Trust Data Quality Steering Group is reportable to the Trust Executive Group; its key responsibilities include: Review data quality across Trust clinical and corporate systems and ensure appropriate processes are in place to mitigate the risk of poor data quality and the impact this has on the ability of the Trust to deliver safe and effective care to our patients and service users. Assure the Service Performance and Transformation Committee that these processes are robust and effective; and reflect changes to Trust electronic systems as major procurements are completed (for example Open RIO). Report on and escalate issues which need to be drawn to the Service Performance and Transformation Committee s attention. Review risks to data quality and agree management actions to mitigate against these risks. Future plan for internal and external events, such as the annual Trust Quality Accounts to ensure data quality risks are identified and management actions taken, ahead of any event being completed. Review Trust national data submissions to ensure any areas of poor data quality are identified and appropriate management actions taken. Keep abreast of national guidance and change control notices to ensure the Trust has robust processes to manage data quality during changes to existing processes or new processes being developed. 8.2 Trust Data Integrity Group The Trust Data Integrity Group is reportable to the Trust Data Quality Steering Group; its key responsibilities include: Ensure a standard naming convention is followed when creating or changing cost centres within the Trust financial ledger. Authorise amendments (additions, changes and disabling) to: Financial data (this will then inform changes to ESR) RiO Ulysees Define and maintain change management processes in terms of: Organisational change Contract variations for staff Review risks for poor trust data integrity and identify actions to mitigate against these risks. Proactively review Trust data structures to ensure any potential data integrity challenges are highlighted by the Group and actions taken to address any inaccuracy. 9
8.3 Performance Management processes In addition to the above groups every clinical and corporate division is expected to have robust performance management processes in place that will ensure data quality is regularly reviewed and actions are taken to correct any errors or weaknesses in existing processes. 9 National guidance The Trust Data Quality policy is in direct response to a number of national standards and guidance notifications that are applicable to the Trust: ISB 0149 ISB 1523 ISB 1572 ISB 1072 ISB 1588 ISB 1069 ISB 1510 ISB 1577 ISB 0103 ISB 1520 ISB 1509 ISB 1078 ISB 0011 ISB 1069 NHS Number Anonymisation Standard for Publishing Health and Social Care Data Sensitive Data Child and Adolescent Mental Health Services Data Set Accident and Emergency Clinical Quality Indicators Children and Young People's Health Services Secondary Uses Data Set Community Information Data Set Diagnostic Imaging Dataset Diagnostics Waiting Times and Activity Data Collection Improving Access to Psychological Therapies Data Set Mental Health Care Clusters Mental Health Clustering Tool Mental Health Minimum Data Set Children and Young People s Health Services Data Set 10
Addendum 1: Trust procedure for data pseudonymisation and anonymisation Southern Health NHS Foundation Trust recognises the guidance published by Connecting for Health (now the Health and Social Care Information Centre), through the IG Toolkit, in relation to data pseudonymisation, in particular referencing: The key principle is to ensure, as far as is practicable, that individual service users cannot be identified from data that are used to support purposes other than their direct care or to quality assure the care provided. Where this is not practicable data should flow through business processes that minimise the risk to data. In many circumstances this requires data to be received by a part of the organisation designated as a safe haven where it can be processed securely and only used in an identifiable form for specific authorised procedures within the safe haven boundary. Onward disclosure should be limited to pseudonymised or anonymised data. Effective pseudonymisation and/or anonymisation processes depend upon robust information governance and effectively trained staff who understand the importance of data protection and confidentiality. Where there are weaknesses in an organisation s information governance its pseudonymisation and anonymisation processes are unlikely to be effective. It is not therefore possible to progress to higher attainment levels against this requirement where requirements relating to information governance management, confidentiality and data protection assurance and information security assurance are not met. In addition the Information Standards Board (now the Standardisation Committee for Care Information) have also published standards for anonymising data for the publishing of health and social care data (ISB 1523). This addendum to the Trust Data Quality policy outlines the Trust s approach to ensuring compliance with pseudonymisation and anonymisation guidance. When is patient identifiable data made available to staff within the Trust? Patient identifiable data is only made available to staff with a justified (or legitimate) reason for viewing the data, both in terms of being responsible for the clinical care of a patient and being employed within a clinical role or a role that directly supports clinicians to deliver patient care. Should patient level data be required to be reported but not for the purpose of direct clinical care any patient identifiable data will be removed from the report and replaced with a non patient identifiable field that remains unique to each patient but cannot be translated to identify a patient without appropriate authorisation and access to restricted electronic patient record systems. How is patient identifiable data shared securely within the Trust? When patient identifiable data is justified to be shared it is done so via either: Email from an NHS Mail account directly to a recipient s NHS Mail Through the Trust Data Warehouse. This is a secure sharepoint site that is restricted in access to named individuals with log ins to the site that are password protected and linked to an individual s network log in. All of these safeguards ensure only the appropriate individuals (in terms of being a clinical role and geographical responsibility for the care of the patient) have access to patient identifiable data through the Data Warehouse. 11
When patient data is shared for non clinical purposes how is it pseudonymised? Should patient level data be required to be shared for non clinical purposes, such as data quality validation or pathway analysis, all patient identifiable data is removed and replaced with the patient system number from the system of which the data was obtained from. This identifier alone is not able to be translated to patient identifiable data unless the individual viewing the data has access to the electronic patient system (which is restricted through smart card access). As such the patient system number is the equivalent to a local pseudonymised number, unique to the patient but not able to be used to identify a patient without further access to restricted systems. Should an extended pseudonymised number be required the Trust Data Warehouse has local patient identifiers that are assigned within the Data Warehouse and are not linked to any source system. This number can be utilised to ensure only the Trust Information Safe haven can decrypt the patient identified and translate it back into patient identifiable information. Who completes the pseudonymisation process? The Trust has a designed Information Safe haven (please see separate Information Safe haven procedure document - SH IG 27). This team consists of corporate support staff responsible for analysing the reporting data in addition to supporting the maintenance and development of Trust systems. Should pseudonymised data be required to be shared internally or externally it will only be done so through the Trust Information Safe haven. How is data anonymised? When data is not required to be identified as unique patients and is used for non clinical purposes the data set or report will remove any patient identifier, pseudonymised or identifiable resulting in the data being able to be used for the requested purpose but in no way being identifiable to a patient, regardless of if the individual receiving the data has access to the electronic patient record system. 12
APPENDIX 1 Southern Health NHS Foundation Trust Equality Impact Assessment / Equality Analysis Screening Tool Equality Impact Assessment (or Equality Analysis ) is a process of systematically analysing a new or existing policy/practice or service to identify what impact or likely impact it will have on different groups within the community For guidance and support in completing this form please contact a member of the Equality and Diversity team on 01256 376358 Name of policy/service/project/plan: Policy Number: SH NCP 2 Department: Lead officer for assessment: Information Head of Information Date Assessment Carried Out: January 2016 1. Identify the aims of the policy and how it is implemented. Key questions Briefly describe purpose of the policy including How the policy is delivered and by whom Intended outcomes Provide brief details of the scope of the policy being reviewed, for example: Is it a new service/policy or review of an existing one? Is it a national requirement? Answers / Notes The policy is aimed at providing Trust employee s with a clear understanding of data quality requirements and processes in place to manage the risk of poor data quality The policy is an existing policy that has been reviewed in line with the timelines for review of Trust policies. 13
APPENDIX 1 Southern Health NHS Foundation Trust Equality Impact Assessment / Equality Analysis Screening Tool 2. Consideration of available data, research and information Monitoring data and other information involves using equality information, and the results of engagement with protected groups and others, to understand the actual effect or the potential effect of your functions, policies or decisions. It can help you to identify practical steps to tackle any negative effects or discrimination, to advance equality and to foster good relations. Please consider the availability of the following as potential sources: Demographic data and other statistics, including census findings Recent research findings (local and national) Results from consultation or engagement you have undertaken Service user monitoring data Information from relevant groups or agencies, for example trade unions and voluntary/community organisations Analysis of records of enquiries about your service, or complaints or compliments about them Recommendations of external inspections or audit reports Key questions 2.1 What is the equalities profile of the team delivering the service/policy? Data, research and information that you can refer to The equality profile of the Information and Systems Teams shows staff are from a range of ethnic origins, with the majority of ages ranging from 20 s to 60 s. 2.2 What equalities training have staff received? All staff within the Information and Systems Departments have received the mandatory training as part of induction and ongoing yearly refresher courses. 2.3 What is the equalities profile of service users? The users of this policy are all staff members within the Trust that use data and as such the equality profile can be referenced through Trust documentation. 2.4 What other data do you have in terms of service users or staff? (e.g results of customer satisfaction surveys, consultation findings). Are there any gaps? Not applicable 2.5 What engagement or consultation has been undertaken as Consultation with 14
APPENDIX 1 Southern Health NHS Foundation Trust Equality Impact Assessment / Equality Analysis Screening Tool part of this EIA and with whom? Information Governance What were the results? Group and feedback led to 2.6 If you are planning to undertake any consultation in the future regarding this service or policy, how will you include equalities considerations within this? amendment of the policy Not applicable In the table below, please describe how the proposals will have a positive impact on service users or staff. Please also record any potential negative impact on equality of opportunity for the target: In the case of negative impact, please indicate any measures planned to mitigate against this. 15
APPENDIX 1 Southern Health NHS Foundation Trust Equality Impact Assessment / Equality Analysis Screening Tool Age Positive impact (including examples of what the policy/service has done to promote equality) Through promotion of complete and accurate data the Trust will be able to analyse the diversity of its patient s, staff and constituents. Negative Impact Action Plan to address negative impact Actions to overcome problem/barrier Resources required Responsibility Target date Disability Gender Reassignment Marriage and Civil Partnership Pregnancy and Maternity Specific elements of equality and diversity such as age, disability status etc are specifically referred to within national data sets that are applicable to this Policy. Please see above Please see above Please see above Please see above 16
APPENDIX 1 Race Religion or Belief Sex Sexual Orientation Please see above Please see above Please see above Please see above Southern Health NHS Foundation Trust Equality Impact Assessment / Equality Analysis Screening Tool 17
Policy Implementation Plan List in the table below level of engagement / consultation with target groups: Target Group Engagement/Consultation carried out Service Users & Carers No Not applicable Staff Yes Policy has been consulted on through the Information Governance Group which has representation from all clinical and corporate directorates. General Public Yes Not applicable PCT Commissioners Local Authorities Yes No Commissioners are aware of the requirement for a Data Quality Policy within the Trust as all data provided to Commissioners has to be robust and accurate. Data Quality is referred to within the Data Quality Improvement Plan with Commissioners and the provides the underlying framework for this. Not applicable Voluntary Organisations No Not applicable Other Stakeholders No Not applicable Sign Off and Publishing Once you have completed this form, it needs to be approved by your Divisional Director or their nominated officer. Following this sign off, send a copy to the Equality and Diversity Team who will publish it on the Trust website. Keep a copy for your own records. Name: Simon Beaumont Designation: Head of Information Signature: Date: January 2015 18