Data flows transition
Data flows transition
This page provides information for health and social care organisations on the current position in relation to legal access to personal confidential data (PCD). A set of related Frequently Asked Questions is available which will be reviewed and updated as this position changes.
Commissioner Access to SUS
Section 251 support for commissioning organisation access to identifiable data in SUS ends at the end of 30 April 2015. A number of organisations obtained approval as part of NHS England's s251 application for this temporary access. These organisations, including CCGs, CSUs and any agents contracted to process data on behalf of such organisations, need to work with their local Registration Agents (RAs) to ensure that business function codes on their smartcards only allow pseudonymised access to SUS from 1 May 2015. There must also be a data sharing agreement in place with the HSCIC to reflect this access.
Where commissioning organisations have achieved Stage 1 ASH accreditation and wish to receive 'weakly pseudonymised' SUS data, they will need to seek this via their choice of Data Services for Commissioners Regional Office (DSCRO) and have the necessary data sharing agreements in place with the HSCIC to facilitate this flow of data. The SUS system does not have the functionality to supply 'weakly pseudonymised' data.
The position with regard to provider access to SUS remains unchanged. Provider organisations may have business functions on their smartcards allowing access to Person Confidential Data (PCD) relating to their own patients. This is also the position for DSCROs, who have a legal basis for use of PCD as part of the HSCIC.
Without a legal basis to access PCD from 1 May 2015, staff from commissioning organisations will therefore, subject to their role, only be allowed to have codes on their smartcards from the following list of business functions which provide pseudonymised data access and nothing else:
B1500: General Access to SUS
B1510: Pseudonymised CDS Extracts
B0162: Aggregate Financial Integrity
B0164: Pseudonymised PbR Extracts
B1813: Pseudonymised PARS (Population Analysis Extracts)
For further details on Business Function codes please refer to the SUS RBAC Assignment Guide under How do I get access to SUS? on the SUS Guidance page.
The HSCIC will be closely monitoring commissioner organisation access to SUS from 1 May 2015. If any organisation is found to be accessing PCD without permission the HSCIC will take appropriate action which may include notifying the Information Commissioner's Office.
If you have any queries please address them to firstname.lastname@example.org with the subject line: "Commissioner Access to SUS".
1 November 2013: Update on NHS England's current s251 support for commissioning data flows
The Secretary of State for Health, after receiving advice from the Confidentiality Advisory Group (CAG), has approved NHS England's application for a continuation of Section 251 support for the transfer of data from the Health and Social Care Information Centre (HSCIC) to commissioning organisation Accredited Safe Havens (CAG 2-03(a)/2013) until 30 April 2015.
The scope of the section 251 support has not changed and only covers specific commissioning data flowing from the HSCIC and its Data Services For Commissioning Regional Offices (DSCROs,) to commissioning organisations who have obtained Stage 1 Accredited Safe Haven (ASH) status.
A list of the data flows can be found in the section 251 guidance note (published May 2013) below.
This section 251 support:
- does not cover the data to flow from providers to Accredited Safe Havens
- does not cover the flow of data from GP surgeries in support of risk stratification
- does not cover invoice checking.
NHS England has made separate submissions to CAG in relation to Invoice Validation and Risk Stratification, the outcome of these will be published here and on NHS England's website as soon as they are known.
We will continue to provide advice and guidance on this issue as it develops.
Accredited Safe Haven Accreditation Process
Updated information about continued access to identifiable data in SUS post 30 June 2013.
Guidance on CAG section 251 support - May 2013
Updated guidance on Clinical Commissioning Group and Commissioning Support Unit access to SUS under Section 251 approval - 26 April 2013
Advisory note and FAQs
Provisional arrangements to allow Clinical Commissioning Groups (CCGs) with in-house data processing capabilities and Commissioning Support Units (CSUs) access to SUS data briefing note, copy of the Confidentiality Advisory Group (CAG) letter and list of specified CCGS)
If you have any comments, questions or feedback on the above materials please email email@example.com quoting 'Data Flows' as the subject title.