Skip Navigation
Search site
The national provider of information, data and IT systems for health and social care

Data flows transition

This page provides information for health and social care organisations on the current position in relation to legal access to personal confidential data (PCD). A set of related Frequently Asked Questions is available which will be reviewed and updated as this position changes.

Commissioner Access to SUS

Section 251 support for commissioning organisation access to identifiable data in SUS ends at the end of 30 April 2016.  A number of organisations obtained approval as part of NHS England's s251 application for this temporary access. These organisations, including CCGs, CSUs and any agents contracted to process data on behalf of such organisations, need to work with their local Registration Agents (RAs) to ensure that business function codes on their smartcards only allow pseudonymised access to SUS from 1 May 2015. There must also be a data sharing agreement in place with the HSCIC to reflect this access.

Where commissioning organisations have achieved Stage 1 ASH accreditation and wish to receive 'weakly pseudonymised' SUS data, they will need to seek this via their choice of Data Services for Commissioners Regional Office (DSCRO) and have the necessary data sharing agreements in place with the HSCIC to facilitate this flow of data. The SUS system does not have the functionality to supply 'weakly pseudonymised' data.

The position with regard to provider access to SUS remains unchanged.  Provider organisations may have business functions on their smartcards allowing access to Person Confidential Data (PCD) relating to their own patients. This is also the position for DSCROs, who have a legal basis for use of PCD as part of the HSCIC.

Without a legal basis to access PCD from 1 May 2015, staff from commissioning organisations will therefore, subject to their role, only be allowed to have codes on their smartcards from the following list of business functions which provide pseudonymised data access and nothing else:

B1500:             General Access to SUS

B1510:             Pseudonymised CDS Extracts

B0162:             Aggregate Financial Integrity

B0164:             Pseudonymised PbR Extracts

B1813:             Pseudonymised PARS (Population Analysis Extracts)

For further details on Business Function codes please refer to the SUS RBAC Assignment Guide under How do I get access to SUS? on the SUS Guidance page.

The HSCIC will be closely monitoring commissioner organisation access to SUS from 1 May 2015.  If any organisation is found to be accessing PCD without permission the HSCIC will take appropriate action which may include notifying the Information Commissioner's Office.

If you have any queries please address them to with the subject line: "Commissioner Access to SUS".

1 November 2013: Update on NHS England's current s251 support for commissioning data flows

The Secretary of State for Health, after receiving advice from the Confidentiality Advisory Group (CAG), has approved NHS England's application for a continuation of Section 251 support for the transfer of data from the Health and Social Care Information Centre (HSCIC) to commissioning organisation Accredited Safe Havens (CAG 2-03(a)/2013) until 30 April 2015.

The scope of the section 251 support has not changed and only covers specific commissioning data flowing from the HSCIC and its Data Services For Commissioning Regional Offices (DSCROs,) to commissioning organisations who have obtained Stage 1 Accredited Safe Haven (ASH) status.

A list of the data flows can be found in the section 251 guidance note (published May 2013) below.

Register of Stage One Accredited Safe Havens.

This section 251 support:

  • does not cover the data to flow from providers to Accredited Safe Havens
  • does not cover the flow of data from GP surgeries in support of risk stratification
  • does not cover invoice checking.

NHS England has made separate submissions to CAG in relation to Invoice Validation and Risk Stratification, the outcome of these will be published here and on NHS England's website as soon as they are known.

We will continue to provide advice and guidance on this issue as it develops.

pdf icon CAG 2-03(a)/2013 NHS England approval advice outcome letter - October 2013 update [193kb]

Accredited Safe Haven Accreditation Process

pdf icon Accredited Safe Haven Accreditation Process Stage 1, June 2013 [141kb]

Register of Stage One Accredited Safe Havens.

Updated information about continued access to identifiable data in SUS post 30 June 2013.

pdf icon Access to Identifiable Data in SUS post June 2013 [5kb]

Guidance on CAG section 251 support - May 2013

pdf icon Section 251 guidance note [136kb] 

pdf icon CAG 2-03(a)/2013 NHS England approval advice outcome letter [147kb]

Updated guidance on Clinical Commissioning Group and Commissioning Support Unit access to SUS under Section 251 approval - 26 April 2013

pdf icon Registration Authority Letter 260413 [118kb]

pdf icon SUS User Letter 260413 [83kb]

pdf icon Organisations with Approval to Access PCD in SUS 090513 [17kb] 

Advisory note and FAQs

pdf icon Public Health Access to Data advisory note April 13 [159kb]

pdf icon Information Governance for Commissioning advisory note April 13 [256kb] 

Provisional arrangements to allow Clinical Commissioning Groups (CCGs) with in-house data processing capabilities and Commissioning Support Units (CSUs) access to SUS data briefing note, copy of the Confidentiality Advisory Group (CAG) letter and list of specified CCGS)

pdf icon Access to SUS data flows for CSUs and CCGs April 13 [157kb]

pdf icon PIAG 2-05 (b) 2007 Amendment approval letter [150kb] 

pdf icon List Of specified CCGs [87kb]

If you have any comments, questions or feedback on the above materials please email quoting 'Data Flows' as the subject title.

Close iCM Form