As a developing Integrated Care System (ICS) you will already be thinking about the intelligence you will need to ensure the success of your transformation and the stability of your system. Through the development of a system wide Information Strategy, an ICS will have access to transformative intelligence through a coherent vision of ‘one version of the truth’ across the system.
Our work with leading ICSs shows key steps along the journey to a fully integrated system which incorporates real time data and population health management – not only for clinicians, but Operational Managers and system leaders.
In our work with leading ICSs for Direct Patient Care such as Frimley, we are starting by pooling datasets to create integrated system dashboards to monitor system performance and integrated STP programme dashboards. In other areas we have created integrated linked datasets across health and social care that have unlocked the potential of population health analysis (Symphony in Somerset and the North East Hampshire and Farnham vanguard’).
One of the most significant challenges we had to overcome was ensuring that we were compliant with the Information Commissioners Office (ICO) on Data Protection (DPA) and NHS Digitals’ rules on the use of national commissioning data sets. Collectively known as Information Governance (IG) this is often one of the reasons cited for systems being unable to ensure they can use the powerful data and analytics services available on the market to develop the tools needed for ICS success. However SCW has successfully navigated the IG myth busting pathway whilst complying with ICO, DPA and NHS Digital guidance.
It’s complicated (but not impossible).
How SCW can help youSCW set out to break down these barriers and rise to the challenge by combining innovative technical solutions to use anonymising and combining datasets with encryption mechanisms that meet NHS Digitals’ IGuard Board Approval, as well as detailed and well-constructed governance frameworks to support the creation of data platforms which ensured customers met the new compliance standards.
First of all we ensured that NHS Digital and IGuard would accept a technical solution that would integrate the datasets in a way that would provide data that met the standards of anonymisation required by the ICO and prevent the re-identification of an individual record by any one party. Our Data Management Service lead – Thom Counsell – put a significant amount of lateral thinking into this and worked closely with NHS Digital to ensure that the solution met their levels of scrutiny and that patients’ rights to opt out were fully met.
More importantly we ensured there was a robust governance framework in place across the ICS that allowed all contributing parties to scrutinise the flow and use of their data and either be delegated powers to approve data sharing from the participant organisation or make recommendations.
Finally the paperwork was addressed. There is a lot of it, and we provide some clear steps to enable you to manage this area:
- Do a Privacy Impact Assessment (PIA). Under the General Data Protection Regulations (GDPR), which come into being in May 2018, PIAs (or Data Protection Impact Assessments as they will be known), will be mandatory and form a ‘living document’ from which you can assess at any point whether you are meeting your obligations to Patients, Data Controllers and NHS Digital
- Make sure you have the contractual and legal basis for the data flow and that all contracts and local Data Sharing Agreements are up to date and more importantly clear and understandable from a patient’s point of view
- Most importantly ensure Fair Processing Notices are in place at the point of care and are easily accessible and understood by patients. Always be prepared and honour all requests to opt out of data sharing received from patients as well as facilitating access to personal records (Subject Access Requests)
- Be clear about the purpose you want to use this data for:
- Managing individual patient care
- Managing cohorts of patients on an operational day to day basis
And, with both of these it is reasonable to expect to have patient identifiers, such as the NHS number
- Only information anonymised in context can be used for:
- Managing day to day performance of organisations or systems
- Managing and planning for whole systems or large patient cohorts
If you would like any guidance, support or have a question about Strategic Information Governance for STP analytics contact our team by emailing Scwcsu.firstname.lastname@example.org