Health and Social Care Information Centre publishes register of data releases
April 03, 2014
Today the Health and Social Care Information Centre (HSCIC) publishes a register of approved data releases as part of its drive towards greater transparency and building public trust.
It covers data releases approved by the HSCIC from the point it was established (April 1 2013) to December 31 2013. This includes agreements originally approved by the predecessor organisation (the NHS Information Centre), but renewed between 1 April and 31 December last year.
Publication of the register follows a commitment by the HSCIC board to ensure details of all approved data releases are published, and as such the register will now be updated on a quarterly basis.
Last month the board also announced a separate review of data releases, which will cover those approved by the predecessor organisation prior to April 20133. This review is currently underway and will made available to the HSCIC board at the end of April 2014, to be discussed at its meeting on 15 May 2014, prior to a publication at the end of May 20144.
By law the HSCIC is obliged to disseminate the data it collects in order to help drive improvements to the health and social care system, while safeguarding patient confidentiality5. The majority of these data are published in aggregated and anonymised form, which supports the Open Data initiative and the drive for transparency. The HSCIC itself uses these data to publish more than 200 public reports on health and social care and these reports are downloaded and viewed on our website thousands of times a year.
Health and social care data collected and disseminated by the HSCIC are used for a variety of purposes including ensuring people who plan services understand the types of illness people have; the treatments they need and the effectiveness of treatments; helping to understand and predict health trends; and research into the effectiveness of existing and new medicines and treatments.
Where data that we release are not fully anonymised and there is a legal basis to share outside of the HSCIC, there must be a clear data agreement with the organisation receiving the data to say what they can and cannot do with that information.
Today's register lists each organisation, the type of data released, the legal basis for release and the purpose for which the data were provided. In total 459 data releases relating to 160 organisations are listed and include:
- 347 releases of pseudonymised data6 and 75 releases of identifiable data7, all with an appropriate legal basis for sharing in place
- 104 health and social care organisations (such as NHS trusts) and bodies such as universities and charities, and 56 private sector organisations which provide services to the healthcare system.
Whilst, as detailed in the register, all releases have an appropriate legal basis in place under the current legal framework, the HSCIC welcomes the Government's intention to further strengthen legislation around how data are shared.
In light of this intention the HSCIC is currently reviewing its data sharing procedures and processes, including applications for new or renewed data agreements.
A proposed amendment to the Care Bill which is currently before Parliament is for the Confidentiality Advisory Group (CAG) to advise the HSCIC on data releases. The HSCIC welcomes this proposal and has identified a number of areas of the register where it will seek guidance from CAG and any other such bodies established by Parliament, including on the use of data by commercial organisations.
HSCIC Chair Kingsley Manning said: "By placing this register before the public the HSCIC is taking an important step towards the full transparency needed to help the public gain confidence in the services we provide.
"We are absolutely committed to encouraging scrutiny of our work and we welcome feedback on today's register, which is important towards informing the structure and clarity of future publications and indeed to the organisation as it develops
"This is about ensuring citizens and patients are clear about how data are used to improve the health and social care received by them directly and by communities as a whole."
The register and further information about what it contains is at:
Notes to editors
1. The Health and Social Care Information Centre (HSCIC) was established on April 1 2013 as an Executive Non Departmental Public Body (ENDPB). It is England's trusted data source, delivering high quality information and IT systems to drive better patient services, care and outcomes. Its work includes publishing more than 220 statistical publications annually; providing a range of specialist data services; managing informatics projects and programmes and developing and assuring national systems against appropriate contractual, clinical safety and information standards.
2. Any organisation applying for data must sign up to a legally binding data sharing agreement, which includes specific conditions around the reuse of data. This contract sets out how any information received from HSCIC must be handled and sets out the standards for processing. The agreement sets specific standards in relation to each information request received such as what it can and cannot be used for (its purpose), security requirements detailing how it is stored, restrictions on linking the data and on onward sharing or publication and its eventual deletion.
3 The full HSCIC announcement made on March 06 2014 can be found at:
4. Sir Nick Partridge, a Non-Executive Director on the HSCIC Board and former Chief Executive of the Terence Higgins Trust is conducting the review of the data releases made by the HSCIC's predecessor organisation, the NHS Information Centre. Price Waterhouse Coopers has been commissioned to review all data releases made by the NHS Information Centre between 2005 and 31 March 2013. The review will examine the arrangements that were in place for the release of data, and will provide insight and key observations that will allow the HSCIC to learn from its predecessor's experience and ensure the HSCIC's processes are as robust, open and transparent as possible. The review will be made available to the HSCIC Board at the end of April 2014, to be discussed at its meeting on 15 May 2014, prior to a publication at the end of May 2014.
5. Sections 260 and 261 of the Health and Social Care Act 2012 place a duty on the HSCIC to publish and disseminate the information we obtain in complying with a direction under section 254 or a request under section 255.
6. Pseudonymised data is also sometimes referred to as "de-identified for limited disclosure or access". This is data from which details that would be classed as identifying individuals has been removed, such as NHS number or full postcode and full date of birth. We would never make this type of information publically available because there is still a risk that individuals could be re-identified. There are however particular purposes for which this information is required and it is therefore released under strict controls to approved organisations for approved purposes, and there must be a data agreement in place. which outlines the purpose to the recipient can put the data and restricts how they store, share, use and eventually destroy the data. Any recipient found to misuse the information would be in breach of this agreement and could also be contravening the Data Protection Act.
7. Identifiable data is also sometimes called "personal" or "personal confidential" data. This is data which identifies the patient and is only shared in the following circumstances:
- When patients have clearly said that we can do it (i.e. when patients have given their explicit consent). In these instances the request can be considered by the HSCIC's Data Linkage and Extract team; they may seek further advice from DAAG on the consent, if required.
- Where we have to do it by law (for example, in a public health emergency such as an epidemic).
- Where there is a statutory basis for sharing; where this is the case the statute under which data was shared is made clear in the register. The most common statutory basis for sharing of identifiable information in the register is under Regulation 5 of the Health Service (Control of Patient Information) Regulations 2002 (anecdotally known as 'section 251 support').