Data flows transition
Data flows transition
This page provides information for health and social care organisations on the current position in relation to legal access to personal confidential data (PCD). A set of related Frequently Asked Questions is available which will be reviewed and updated as this position changes.
Commissioner access to SUS (Secondary Uses Service)
Arrangements for commissioners accessing data from SUS were amended as of 1 November 2014, with the default position for all commissioner organisations now being to view data only in pseudonymised form. This is independent of whether that data is retrieved via smartcard access to the SUS system, or delivered via a Data Services for Commissioners Regional Office (DSCRO).
Furthermore, a relevant Data Sharing Agreement (DSA) is required to be in place with the HSCIC for any SUS data access.
Commissioner organisations must work with local Registration Agents (RAs) to ensure that the business function codes on smartcards grant access to only pseudonymised data within SUS, using the following Business Function codes subject to their role:
B1500: General Access to SUS
B1510: Pseudonymised CDS Extracts
B0162: Aggregate Financial Integrity
B0164: Pseudonymised PbR Extracts
B1813: Pseudonymised PARS (Population Analysis Extracts)
Single identifier data
Until 30 April 2016, a Stage 1 Accredited Safe Haven (ASH) commissioner organisation is still allowed to receive SUS data containing a single identifiable data item (NHS Number or Postcode) for data linkage purposes under Section 251. This can be arranged via their chosen DSCRO and must be done with the necessary DSA in place with the HSCIC.
The HSCIC closely monitors commissioner organisation access to SUS and will take appropriate action in relation to any organisation found to be accessing identifiable data without the relevant permission and DSA in place. This may include notifying the Information Commissioner's Office.
Provider access to SUS
Provider access to SUS remains unchanged. A provider organisation may have relevant business function codes assigned to smartcards that allow access to Person Confidential Data (PCD) relating to their own patients. This is also the position for DSCROs, who have a legal basis for use of PCD as part of the HSCIC.
For further assistance please see the How do I get access to SUS? Section of the SUS Guidance page.
If you have any specific questions regarding Commissioner access to SUS, please contact firstname.lastname@example.org.
Update on NHS England's current s251 support for commissioning
The Secretary of State for Health, after receiving advice from the Confidentiality Advisory Group (CAG), has approved NHS England's application for a continuation of Section 251 support for the transfer of data from the Health and Social Care Information Centre (HSCIC) to commissioning organisation Accredited Safe Havens (CAG 2-03(a)/2013) until 30 April 2016.
The scope of the section 251 support has not changed and only covers specific commissioning data flowing from the HSCIC and its Data Services For Commissioning Regional Offices (DSCROs,) to commissioning organisations who have obtained Stage 1 Accredited Safe Haven (ASH) status.
This section 251 support:
- does not cover the data to flow from providers to Accredited Safe Havens
- does not cover the flow of data from GP surgeries in support of risk stratification
- does not cover invoice checking.
An extension which runs until 30 April 2016 has been granted for applications:
- CAG 7-04(a)/2013 for risk stratification
- CAG 7-07(b)/2013 - invoice validation within Clinical Commissioning Groups (CCGs) controlled environment for finance
- CAG 7-07(c)/2013 - invoice validation within NHS England within the Commissioning Support Units (CSUs) controlled environment for finance on behalf of CCGs