NHS Digital Data Release Register - reformatted

NHS Bury CCG projects

• DSfC - NHS Bury CCG & Bury Metropolitan Borough Council - Comm
• DSfC - NHS Bury CCG; RS, Comm; IV
• Project 3
• Project 4
• Project 5

825 data files in total were disseminated unsafely (information about files used safely is missing for TRE/"system access" projects).

---

🚩 NHS Bury CCG was sent multiple files from the same dataset, in the same month, both with optouts respected and with optouts ignored. NHS Bury CCG may not have compared the two files, but the identifiers are consistent between datasets, and outside of a good TRE NHS Digital can not know what recipients actually do.

DSfC - NHS Bury CCG & Bury Metropolitan Borough Council - Comm — DARS-NIC-418444-H4X4L

Type of data: information not disclosed for TRE projects

Opt outs honoured: No - data flow is not identifiable, Anonymised - ICO Code Compliant (Does not include the flow of confidential data)

Legal basis: Health and Social Care Act 2012 - s261 - 'Other dissemination of information'

Purposes: No (Clinical Commissioning Group (CCG), Sub ICB Location)

Sensitive: Sensitive

When:DSA runs 2020-12-08 — 2023-12-07 2021.01 — 2021.05.

Access method: One-Off, Frequent Adhoc Flow

Data-controller type: BURY METROPOLITAN BOROUGH COUNCIL, NHS BURY CCG, BURY METROPOLITAN BOROUGH COUNCIL, NHS GREATER MANCHESTER ICB - 00V

Sublicensing allowed: No

Datasets:

1. Acute-Local Provider Flows
2. Ambulance-Local Provider Flows
3. Children and Young People Health
4. Civil Registration - Births
5. Civil Registration - Deaths
6. Community Services Data Set
7. Community-Local Provider Flows
8. Demand for Service-Local Provider Flows
9. Diagnostic Imaging Dataset
10. Diagnostic Services-Local Provider Flows
11. Emergency Care-Local Provider Flows
12. e-Referral Service for Commissioning
13. Experience, Quality and Outcomes-Local Provider Flows
14. Improving Access to Psychological Therapies Data Set
15. Maternity Services Data Set
16. Mental Health and Learning Disabilities Data Set
17. Mental Health Minimum Data Set
18. Mental Health Services Data Set
19. Mental Health-Local Provider Flows
20. National Cancer Waiting Times Monitoring DataSet (CWT)
21. National Diabetes Audit
22. Other Not Elsewhere Classified (NEC)-Local Provider Flows
23. Patient Reported Outcome Measures
24. Personal Demographic Service
25. Population Data-Local Provider Flows
26. Primary Care Services-Local Provider Flows
27. Public Health and Screening Services-Local Provider Flows
28. Summary Hospital-level Mortality Indicator
29. SUS for Commissioners
30. National Cancer Waiting Times Monitoring DataSet (NCWTMDS)
31. Improving Access to Psychological Therapies Data Set_v1.5
32. Adult Social Care
33. Medicines dispensed in Primary Care (NHSBSA data)
34. Civil Registrations of Death
35. Community Services Data Set (CSDS)
36. Diagnostic Imaging Data Set (DID)
37. Improving Access to Psychological Therapies (IAPT) v1.5
38. Mental Health and Learning Disabilities Data Set (MHLDDS)
39. Mental Health Minimum Data Set (MHMDS)
40. Mental Health Services Data Set (MHSDS)
41. Patient Reported Outcome Measures (PROMs)
42. Summary Hospital-level Mortality Indicator (SHMI)

Objectives:

The One Commissioning Organisation (OCO) brings together NHS Bury CCG and Bury Metropolitan Borough Council and provides integrated health and social care commissioning across the borough. The OCO has a single commissioning strategy, integrated governance, decision making and is primarily focused on commissioning for outcomes.

A key enabler for the OCO is to be able to share data, intelligence and analysis. Being able to link data from across the health and care systems (including Adult Social Care data) will provide a much better understanding of the care that the local population is receiving and the interactions that individuals have with different parts of the system. Having access to comprehensive health data will support the programmes and services being designed and delivered across Bury ensuring they are joined up, efficient and delivering a high standard of quality of care, allowing the delivery of person centered care which improves population health outcomes.

Sharing health and care pseudonymised data will allow both the CCG and local authority to plan, commission and monitor services together to improve the support and treatment provided to people through an integrated health and care system.

The CCGs commission services from a range of providers covering a wide array of services. Each of the data flow categories requested supports the commissioned activity of one or more providers.


The following pseudonymised datasets are required to provide intelligence to support commissioning of health and care services:
- Secondary Uses Service (SUS+)
- Local Provider Flows
o Acute
o Ambulance
o Community
o Demand for Service
o Diagnostic Service
o Emergency Care
o Experience, Quality and Outcomes
o Mental Health
o Other Not Elsewhere Classified
o Population Data
o Primary Care Services
o Public Health Screening
- Mental Health Minimum Data Set (MHMDS)
- Mental Health Learning Disability Data Set (MHLDDS)
- Mental Health Services Data Set (MHSDS)
- Maternity Services Data Set (MSDS)
- Improving Access to Psychological Therapy (IAPT)
- Child and Young People Health Service (CYPHS)
- Community Services Data Set (CSDS)
- Diagnostic Imaging Data Set (DIDS)
- National Cancer Waiting Times Monitoring Data Set (CWT)
- Civil Registries Data (CRD) (Births)
- Civil Registries Data (CRD) (Deaths)
- National Diabetes Audit (NDA)
- Patient Reported Outcome Measures (PROMs)
- e-Referral Service (eRS)
- Personal Demographics Service (PDS)
- Summary Hospital-level Mortality Indicator (SHMI)

The pseudonymised data is required to for the following purposes:
• Population health management
• Understanding the inter dependency of care services
• Targeting care more effectively
• Using value as the redesign principle
• to analytically understand patient journeys for pathway and service re-design.
• Data Quality and Validation - allowing data quality checks on the submitted data
• Thoroughly investigating the needs of the population, to ensure the right services are available for individuals
when and where they need them
• Understanding cohorts of residents who are at risk of becoming users of some of the more expensive
services, to better understand and manage those needs
• Monitoring population health and care interactions to understand where people may slip through the net, or
where the provision of care may be being duplicated
• Modelling activity across all data sets to understand how services interact with each other, and to understand
how changes in one service may affect flows through another
• Health Needs Assessment identification of underlying disease prevalence within the local population
• Understanding the whole system offer for the borough across health and social care to support and drive
integration.
• Understand and develop a borough wide asset based approach to prevention, early intervention and holistic
• Long term support based on accurate demand/need modelling.

The pseudonymised data is required to ensure that analysis of health care provision can be completed to support the needs of the health profile of the population within the borough based on the full analysis of multiple pseudonymised datasets.

Processing for commissioning will be conducted by NHS Bury CCG, Bury Metropolitan Borough Council and Arden and Greater East Midlands Commissioning Support Unit.

Expected Benefits:

COMMISSIONING
1. Supporting Quality Innovation Productivity and Prevention (QIPP) to review demand management, integrated care and pathways.
a. Analysis to support full business cases.
b. Develop business models.
c. Monitor In year projects.
2. Supporting Joint Strategic Needs Assessment (JSNA) for specific disease types.
3. Health economic modelling using:
a. Analysis on provider performance against 18 weeks wait targets.
b. Learning from and predicting likely patient pathways for certain conditions, in order to influence early interventions and other treatments for patients.
c. Analysis of outcome measures for differential treatments, accounting for the full patient pathway.
d. Analysis to understand emergency care and linking A&E and Emergency Urgent Care Flows (EUCC).
4. Commissioning cycle support for grouping and re-costing previous activity.
5. Enables monitoring of:
a. OCO outcome indicators.
b. Financial and Non-financial validation of activity.
c. Successful delivery of integrated care within the OCO.
d. Checking frequent or multiple attendances to improve early intervention and avoid admissions.
e. Case management.
f. Care service planning.
g. Commissioning and performance management.
h. List size verification by GP practices.
i. Understanding the care of patients in nursing homes.
6. Feedback to NHS service providers on data quality at an aggregate and individual record level – only on data initially provided by the service providers.
7. Improved planning by better understanding patient flows through the healthcare system, thus allowing commissioners to design appropriate pathways to improve patient flow and allowing commissioners to identify priorities and identify plans to address these.
8. Improved quality of services through reduced emergency readmissions, especially avoidable emergency admissions. This is achieved through mapping of frequent users of emergency services and early intervention of appropriate care.
9. Improved access to services by identifying which services may be in demand but have poor access, and from this identify areas where improvement is required.
10. Potentially reduced premature mortality by more targeted intervention in primary care, which supports the commissioner to meets its requirement to reduce premature mortality in line with the CCG Outcome Framework.
11. Better understanding of the health of and the variations in health outcomes within the population to help understand local population characteristics.
12. Better understanding of contract requirements, contract execution, and required services for management of existing contracts, and to assist with identification and planning of future contracts
13. Insights into patient outcomes, and identification of the possible efficacy of outcomes-based contracting opportunities.
14. Providing greater understanding of the underlying courses and look to commission improved supportive networks, this would be ongoing work which would be continually assessed.
15. Insight to understand the numerous factors that play a role in the outcome for both datasets. The linkage will allow the reporting both prior to, during and after the activity, to provide greater assurance on predictive outcomes and delivery of best practice.
16. Provision of indicators of health problems, and patterns of risk within the commissioning region.
17. Support of benchmarking for evaluating progress in future years

One programme ran by the CCG and Local Authority promotes a model of independent living and support delivered through adult social care and health. The aim of this programme is to support people to stay well and independent in their own homes and communities of choice as well as ensuring high quality support where needed.

The expected benefits from the programme are;

- People are supported to live independently in their own home.
- People’s health and social care needs are prevented from escalating.
- Integrated health and social care services.
- Improved and optimised care worker role with defined career progression opportunities.

Outputs:

Commissioning
1. Commissioner reporting:
a. Summary by provider view - plan & actuals year to date (YTD).
b. Summary by Patient Outcome Data (POD) view - plan & actuals YTD.
c. Summary by provider view - activity & finance variance by POD.
d. Planned care by provider view - activity & finance plan & actuals YTD.
e. Planned care by POD view - activity plan & actuals YTD.
f. Provider reporting.
g. Statutory returns.
h. Statutory returns - monthly activity return.
i. Statutory returns - quarterly activity return.
j. Delayed discharges.
k. Quality & performance referral to treatment reporting.
2. Readmissions analysis.
3. Production of aggregate reports for CCG Business Intelligence.
4. Production of project / programme level dashboards.
5. Monitoring of acute / community / mental health quality matrix.
6. Clinical coding reviews / audits.
7. Budget reporting down to individual GP Practice level.
8. GP Practice level dashboard reports.
9. Comparators of CCG performance with similar CCGs as set out by a specific range of care quality and performance measures detailed activity and cost reports
10. Data Quality and Validation measures allowing data quality checks on the submitted data
11. Contract Management and Modelling
12. Patient/client Stratification, such as:
• Patients at highest risk of admission
• High cost activity uses(top 15%)
• Frail and elderly
• Patients that are currently in hospital
• Patients with most referrals to secondary care
• Patients with most emergency activity
• Patients with most expensive prescriptions
• Patients recently moving from one care setting to another
i. Discharged from hospital
ii. Discharged from community
13. Validation for payment approval, ability to validate that claims are not being made after an individual has died, like Oxygen services.
14. Validation of programs implemented to improve patient pathway e.g. High users unable to validate if the process to help patients find the best support are working or did the patient die.
15. Clinical - understand reasons why patients are dying, what additional support services can be put in to support. 16. Understanding where patient are dying e.g. are patients dying at hospitals due to hospices closing due to Local authorities withdrawing support, or is there a problem at a particular trust.
17. Removal of patients from Risk Stratification reports.
18. Re births provide a one stop shop of information, Births are recorded in multiple sources covering hospital and home births, a chance to overlook activity
19. Whole system usage. The OCO will provide analysis on whole system usage which may include such things as: numbers of admission/readmission's; discharge pathways; behavioural health and social care characteristics; whole system timescales and service/organisation interactions; high utilisers; considered target populations; readmission patterns, reablement uptake and impact; bed utilisation and market impact
20. Projects and Programmes.The OCO undertakes many projects and programmes. Using data provided, the OCO will produce project and programme level dashboards.

Patient / client Stratification:
The OCO will investigate trends in those patients/clients at highest risk. Risk may be defined in relation to the following:
- Admission
- Readmission
- Use of multiple services
- Referrals to secondary care
- High cost services / complex needs
- High cost prescriptions
- Frail and elderly
- Movement between services
- Escalation of services
- Loss of independence and/or isolation

Processing:

PROCESSING CONDITIONS:
Data must only be used for the purposes stipulated within this Data Sharing Agreement. Any additional disclosure / publication will require further approval from NHS Digital.

Data Processors must only act upon specific instructions from the Data Controller.

Data can only be stored at the addresses listed under storage addresses.

All access to data is managed under Role-Based Access Controls. Users can only access data authorised by their role and the tasks that they are required to undertake.

Patient level data will not be linked other than as specifically detailed within this Data Sharing Agreement. Data released will only be shared with those parties listed and will only be used for the purposes laid out in the application/agreement.

NHS Digital reminds all organisations party to this agreement of the need to comply with the Data Sharing Framework Contract requirements, including those regarding the use (and purposes of that use) by “Personnel” (as defined within the Data Sharing Framework Contract ie: employees, agents and contractors of the Data Recipient who may have access to that data)

ONWARD SHARING:
Patient level data will not be shared outside of the Controllers / Processors unless it is for the purpose of Direct Care, where it may be shared only with those health professionals who have a legitimate relationship with the patient and a legitimate reason to access the data.

Aggregated reports only with small number suppression can be shared externally as set out within NHS Digital guidance applicable to each data set.

SEGREGATION:
Where the Data Processor and/or the Data Controller hold both identifiable and pseudonymised data, the data will be held separately so data cannot be linked.

Where the Data Processor and/or the Data Controller hold identifiable data with opt outs applied and identifiable data with opt outs not applied, the data will be held separately so data cannot be linked.

All access to data is auditable by NHS Digital.

DATA MINIMISATION:
Data Minimisation in relation to the data sets listed within the application are listed below. This also includes the purpose on which they would be applied -

For the purpose of Commissioning:
• Patients who are normally registered and/or resident within the NHS Bury CCG or Bury Metropolitan Borough Council region (including historical activity where the patient was previously registered or resident in another commissioner).
and/or
• Patients treated by a provider where NHS Bury CCG is the host/co-ordinating commissioner and/or has the primary responsibility for the provider services in the local health economy – this is only for commissioning and relates to both national and local flows.
and/or
• Activity identified by the provider and recorded as such within national systems (such as SUS+) as for the attention of NHS Bury CCG - this is only for commissioning and relates to both national and local flows.

NHS Midlands and Lancashire Commissioning Support Unit and Greater Manchester Shared Services (hosted by Salford Royal NHS Foundation Trust ) supply IT infrastructure for Arden and GEM Commissioning Support Unit and are therefore listed as data processors. They supply support to the system, but do not access data. Therefore, any access to the data held under this agreement would be considered a breach of the agreement. This includes granting of access to the database[s] containing the data.

Ilkeston Community Hospital (Part of Derbyshire Community Health Services NHS Foundation Trust) and Wrightington, Wigan and Leigh NHS Foundation Trust do not access data held under this agreement as they only supply the building. Therefore, any access to the data held under this agreement would be considered a breach of the agreement. This includes granting of access to the database[s] containing the data.

COMMISSIONING
The Data Services for Commissioners Regional Office (DSCRO) obtains the following data sets:
1. SUS+
2. Local Provider Flows (received directly from providers)
a. Acute
b. Ambulance
c. Community
d. Demand for Service
e. Diagnostic Service
f. Emergency Care
g. Experience, Quality and Outcomes
h. Mental Health
i. Other Not Elsewhere Classified
j. Population Data
k. Primary Care Services
l. Public Health Screening
3. Mental Health Minimum Data Set (MHMDS)
4. Mental Health Learning Disability Data Set (MHLDDS)
5. Mental Health Services Data Set (MHSDS)
6. Maternity Services Data Set (MSDS)
7. Improving Access to Psychological Therapy (IAPT)
8. Child and Young People Health Service (CYPHS)
9. Community Services Data Set (CSDS)
10. Diagnostic Imaging Data Set (DIDS)
11. National Cancer Waiting Times Monitoring Data Set (CWT)
12. Civil Registries Data (CRD) (Births)
13. Civil Registries Data (CRD) (Deaths)
14. National Diabetes Audit (NDA)
15. Patient Reported Outcome Measures (PROMs)
16. e-Referral Service (eRS)
17. Personal Demographics Service (PDS)
18. Summary Hospital-level Mortality Indicator (SHMI)

Data quality management and pseudonymisation is completed within the DSCRO and is then disseminated as follows:

Data processor 1- Arden and Gem CSU

1. Pseudonymised SUS+, Local Provider data, Mental Health data (MHSDS, MHMDS, MHLDDS), Maternity data (MSDS), Improving Access to Psychological Therapies data (IAPT), Child and Young People’s Health data (CYPHS), Community Services Data Set (CSDS), Diagnostic Imaging data (DIDS), National Cancer Waiting Times Monitoring Data Set (CWT), Civil Registries Data (CRD) (Births and Deaths), National Diabetes Audit (NDA), Patient Reported Outcome Measures (PROMs), e-Referral Service (eRS), Personal Demographics Service (PDS) and Summary Hospital-level Mortality Indicator (SHMI) data only is securely transferred from the DSCRO to Arden and Gem CSU.
2. Arden and Gem CSU add derived fields by using existing data, link data and provide analysis to:
a. See patient journeys for pathways or service design, re-design and de-commissioning.
b. Check recorded activity against contracts or invoices and facilitate discussions with providers.
c. Undertake population health management
d. Undertake data quality and validation checks
e. Thoroughly investigate the needs of the population
f. Understand cohorts of residents who are at risk
g. Conduct Health Needs Assessments
3. Allowed linkage is between the data sets contained within point 1.
4. Arden and Gem CSU then pass the processed, pseudonymised and linked data to the CCG and the Council. The CCG and Council may also share the data between themselves
5. Data quality management of Adult Social Care data is completed by Bury Metropolitan Borough Council
6. The Adult Social Care data is pseudonymised at source using a pseudonymisation key provided by the DSCRO (different from the pseudo key used by the DSCRO).
7. This consistently pseudonymised data is securely passed to the CCG using a secure local connection
8. The DSCRO sends a mapping table to the CCG to overwrite the pseudonym in the social care data so it is linkable to the data in point 1
9. The CCG then shares the adult social care data with the local authority. The CCG must not share the data with the local authority unless the pseudonym has been overwritten as per point 8
10. The data controllers are required to keep the pseudonymised data they receive separate from any identifiable data and the pseudonymised data the local authority submits to the CCG, and make no attempt to reidentify the data. Failure to meet these terms will result in a breach of this agreement.
11. Aggregation of required data for CCG management use will be completed by Arden and Gem CSU or the CCG as instructed by the CCG and the Council.
12. Patient level data will not be shared outside of the Data Controllers / Processors, other than with their member GP Practices for each Practices own patients only and will only be shared within the Data Controllers / Processors on a need to know basis, as per the purposes stipulated within the Data Sharing Agreement. External aggregated reports only with small number suppression can be shared as set out within NHS Digital guidance applicable to each data set.

The Encryption key will only be shared by the DSCRO with named individuals in Bury Metropolitan Borough Council (Adult Social Care). This is to enable Adult Social Care data to be pseudonymised at source. The key cannot be used to re-identify data as it only allows for one-way pseudonymisation. Access to the pseudonymised data is provided only to Bury Metropolitan Borough Council and NHS Bury CCG and will only be used for the purposes specified. Re-identification can only occur for GPs who have a legitimate relationship with the patient and only for the purpose of direct care.

---

DSfC - NHS Bury CCG; RS, Comm; IV — DARS-NIC-47174-R9S4W

Type of data: information not disclosed for TRE projects

Opt outs honoured: N, Y, No - data flow is not identifiable, Yes - patient objections upheld, Anonymised - ICO Code Compliant, Identifiable (Section 251, Section 251 NHS Act 2006, Mixture of confidential data flow(s) with support under section 251 NHS Act 2006 and non-confidential data flow(s))

Legal basis: Health and Social Care Act 2012 – s261(1) and s261(2)(b)(ii), Section 251 approval is in place for the flow of identifiable data, National Health Service Act 2006 - s251 - 'Control of patient information'. , Health and Social Care Act 2012 – s261(1) and s261(2)(b)(ii), Health and Social Care Act 2012 – s261(7); National Health Service Act 2006 - s251 - 'Control of patient information'., Health and Social Care Act 2012 – s261(2)(b)(ii)

Purposes: No (Clinical Commissioning Group (CCG), Sub ICB Location)

Sensitive: Sensitive

When:DSA runs 2018-07-28 — 2021-07-27 2018.06 — 2021.05.

Access method: Frequent adhoc flow, Frequent Adhoc Flow, One-Off

Data-controller type: NHS BURY CCG, NHS GREATER MANCHESTER ICB - 00V

Sublicensing allowed: No

Datasets:

1. Acute-Local Provider Flows
2. Ambulance-Local Provider Flows
3. Children and Young People Health
4. Community Services Data Set
5. Community-Local Provider Flows
6. Demand for Service-Local Provider Flows
7. Diagnostic Imaging Dataset
8. Diagnostic Services-Local Provider Flows
9. Emergency Care-Local Provider Flows
10. Experience, Quality and Outcomes-Local Provider Flows
11. Improving Access to Psychological Therapies Data Set
12. Maternity Services Data Set
13. Mental Health and Learning Disabilities Data Set
14. Mental Health Minimum Data Set
15. Mental Health Services Data Set
16. Mental Health-Local Provider Flows
17. National Cancer Waiting Times Monitoring DataSet (CWT)
18. Other Not Elsewhere Classified (NEC)-Local Provider Flows
19. Population Data-Local Provider Flows
20. Primary Care Services-Local Provider Flows
21. Public Health and Screening Services-Local Provider Flows
22. SUS for Commissioners
23. National Cancer Waiting Times Monitoring DataSet (NCWTMDS)
24. Improving Access to Psychological Therapies Data Set_v1.5
25. Community Services Data Set (CSDS)
26. Diagnostic Imaging Data Set (DID)
27. Improving Access to Psychological Therapies (IAPT) v1.5
28. Mental Health and Learning Disabilities Data Set (MHLDDS)
29. Mental Health Minimum Data Set (MHMDS)
30. Mental Health Services Data Set (MHSDS)

Objectives:

Risk Stratification
Risk stratification is a tool for identifying and predicting which patients are at high risk or are likely to be at high risk and prioritising the management of their care in order to prevent worse outcomes.
To conduct risk stratification Secondary User Services (SUS+) data, identifiable at the level of NHS number is linked with Primary Care data (from GPs) and an algorithm is applied to produce risk scores. Risk Stratification provides focus for future demands by enabling commissioners to prepare plans for patients. Commissioners can then prepare plans for patients who may require high levels of care. Risk Stratification also enables General Practitioners (GPs) to better target intervention in Primary Care.
The legal basis for this to occur is under Section 251 of NHS Act 2006 (CAG 7-04(a)).
Risk Stratification will be conducted by Arden and GEM CSU

Commissioning
To use pseudonymised data to provide intelligence to support the commissioning of health services. The data (containing both clinical and financial information) is analysed so that health care provision can be planned to support the needs of the population within the CCG area.
The CCGs commission services from a range of providers covering a wide array of services. Each of the data flow categories requested supports the commissioned activity of one or more providers.
The following pseudonymised datasets are required to provide intelligence to support commissioning of health services:
- Secondary Uses Service (SUS+)
- Local Provider Flows
o Acute
o Ambulance
o Community
o Demand for Service
o Diagnostic Service
o Emergency Care
o Experience, Quality and Outcomes
o Mental Health
o Other Not Elsewhere Classified
o Population Data
o Primary Care Services
o Public Health Screening
- Mental Health Minimum Data Set (MHMDS)
- Mental Health Learning Disability Data Set (MHLDDS)
- Mental Health Services Data Set (MHSDS)
- Maternity Services Data Set (MSDS)
- Improving Access to Psychological Therapy (IAPT)
- Child and Young People Health Service (CYPHS)
- Community Services Data Set (CSDS)
- Diagnostic Imaging Data Set (DIDS)
- National Cancer Waiting Times (CWT)
The pseudonymised data is required to for the following purposes:
§ Population health management:
• Understanding the interdependency of care services
• Targeting care more effectively
• Using value as the redesign principle
§ Data Quality and Validation – allowing data quality checks on the submitted data
§ Thoroughly investigating the needs of the population, to ensure the right services are available for individuals when and where they need them
§ Understanding cohorts of residents who are at risk of becoming users of some of the more expensive services, to better understand and manage those needs
§ Monitoring population health and care interactions to understand where people may slip through the net, or where the provision of care may be being duplicated
§ Modelling activity across all data sets to understand how services interact with each other, and to understand how changes in one service may affect flows through another
§ Service redesign
§ Health Needs Assessment – identification of underlying disease prevalence within the local population
§ Patient stratification and predictive modelling - to identify specific patients at risk of requiring hospital admission and other avoidable factors such as risk of falls, computed using algorithms executed against linked de-identified data, and identification of future service delivery models

The pseudonymised data is required to ensure that analysis of health care provision can be completed to support the needs of the health profile of the population within the CCG area based on the full analysis of multiple pseudonymised datasets.
Processing for commissioning will be conducted by
- Data Processor 1 – Arden and GEM CSU conduct Risk Stratification as instructed by the CCG. The CSU also processes SUS, Local Provider flows, mental health, IAPT, MSDS, CYPHS, CSDS, CWT and DIDS for the purpose of commissioning.
- Data Processor 2 - Greater Manchester Shared Services (GMSS) have taken BI services in house and are now hosted by Oldham CCG. AGEM CSU flow data to a small team within GMSS. Access to the data is restricted to this team who access and manage the data. These BI services were previously provided by North West CSU.
GMSS deliver a range of services including;
- effective use of resources;
- data quality;
- information governance;
- market management;
- provider contract & performance management;

To enable GMSS to support these services a team within the GMSS have controlled access to SUS data at a pseudonymised level. Access to the data is controlled by AGEM CSU using users’ roles to ensure only appropriate users gain access to pseudonymised data. Data can then be used for reporting to support the range of services being offered to CCGs, and CCGs receive aggregate level reports from GMSS. GMSS staff are separate from Oldham CCG staff and accordingly have separate functions and roles.
- Data Processor 3 - Advancing Quality Alliance (AQuA) provide support for a range of quality improvement programmes including the NW Advancing Quality Programme. They will identify cohorts of patients within specific disease groups for further analysis to help drive quality improvements across the region.

- Data Processor 4 - The Academic Health Sciences Network (Utilisation Management Team) receive Pseudonymised SUS data for Greater Manchester patients. They analyse the data to look at processes rather than patients, for example, A&E performance, process times, bed days as well as ‘deep dives’ to support clinical reviews for CCGs.

Advancing Quality Alliance (AQuA) and the Academic Health Science Network are hosted by Salford Royal NHS Foundation Trust who are the legal entity for both.

Yielded Benefits:

Expected Benefits:

Risk Stratification
Risk stratification promotes improved case management in primary care and will lead to the following benefits being realised:
1. Improved planning by better understanding patient flows through the healthcare system, thus allowing commissioners to design appropriate pathways to improve patient flow and allowing commissioners to identify priorities and identify plans to address these.
2. Improved quality of services through reduced emergency readmissions, especially avoidable emergency admissions. This is achieved through mapping of frequent users of emergency services thus allowing early intervention.
3. Improved access to services by identifying which services may be in demand but have poor access, and from this identify areas where improvement is required.
4. Supports the commissioner to meets its requirement to reduce premature mortality in line with the CCG Outcome Framework by allowing for more targeted intervention in primary care.
5. Better understanding of local population characteristics through analysis of their health and healthcare outcomes
All of the above lead to improved patient experience through more effective commissioning of services.



Commissioning
1. Supporting Quality Innovation Productivity and Prevention (QIPP) to review demand management, integrated care and pathways.
a. Analysis to support full business cases.
b. Develop business models.
c. Monitor In year projects.
2. Supporting Joint Strategic Needs Assessment (JSNA) for specific disease types.
3. Health economic modelling using:
a. Analysis on provider performance against 18 weeks wait targets.
b. Learning from and predicting likely patient pathways for certain conditions, in order to influence early interventions and other treatments for patients.
c. Analysis of outcome measures for differential treatments, accounting for the full patient pathway.
d. Analysis to understand emergency care and linking A&E and Emergency Urgent Care Flows (EUCC).
4. Commissioning cycle support for grouping and re-costing previous activity.
5. Enables monitoring of:
a. CCG outcome indicators.
b. Financial and Non-financial validation of activity.
c. Successful delivery of integrated care within the CCG.
d. Checking frequent or multiple attendances to improve early intervention and avoid admissions.
e. Case management.
f. Care service planning.
g. Commissioning and performance management.
h. List size verification by GP practices.
i. Understanding the care of patients in nursing homes.
6. Feedback to NHS service providers on data quality at an aggregate and individual record level – only on data initially provided by the service providers.
7. Improved planning by better understanding patient flows through the healthcare system, thus allowing commissioners to design appropriate pathways to improve patient flow and allowing commissioners to identify priorities and identify plans to address these.
8. Improved quality of services through reduced emergency readmissions, especially avoidable emergency admissions. This is achieved through mapping of frequent users of emergency services and early intervention of appropriate care.
9. Improved access to services by identifying which services may be in demand but have poor access, and from this identify areas where improvement is required.
10. Potentially reduced premature mortality by more targeted intervention in primary care, which supports the commissioner to meets its requirement to reduce premature mortality in line with the CCG Outcome Framework.
11. Better understanding of the health of and the variations in health outcomes within the population to help understand local population characteristics.
12. Better understanding of contract requirements, contract execution, and required services for management of existing contracts, and to assist with identification and planning of future contracts
13. Insights into patient outcomes, and identification of the possible efficacy of outcomes-based contracting opportunities.

Outputs:

Risk Stratification
1. As part of the risk stratification processing activity detailed above, GPs have access to the risk stratification tool which highlights patients for whom the GP is responsible and have been classed as at risk. The only identifier available to GPs is the NHS numbers of their own patients. Any further identification of the patients will be completed by the GP on their own systems.
2. Output from the risk stratification tool will provide aggregate reporting of number and percentage of population found to be at risk.
3. Record level output will be available for commissioners (of the CCG), pseudonymised at patient level.
4. GP Practices will be able to view the risk scores for individual patients with the ability to display the underlying SUS+ data for the individual patients when it is required for direct care purposes by someone who has a legitimate relationship with the patient.
5. The CCG will be able to target specific patient groups and enable clinicians with the duty of care for the patient to offer appropriate interventions. The CCG will also be able to:
o Stratify populations based on: disease profiles; conditions currently being treated; current service use; pharmacy use and risk of future overall cost
o Plan work for commissioning services and contracts
o Set up capitated budgets
o Identify health determinants of risk of admission to hospital, or other adverse care outcomes.

Commissioning
1. Commissioner reporting:
a. Summary by provider view - plan & actuals year to date (YTD).
b. Summary by Patient Outcome Data (POD) view - plan & actuals YTD.
c. Summary by provider view - activity & finance variance by POD.
d. Planned care by provider view - activity & finance plan & actuals YTD.
e. Planned care by POD view - activity plan & actuals YTD.
f. Provider reporting.
g. Statutory returns.
h. Statutory returns - monthly activity return.
i. Statutory returns - quarterly activity return.
j. Delayed discharges.
k. Quality & performance referral to treatment reporting.
2. Readmissions analysis.
3. Production of aggregate reports for CCG Business Intelligence.
4. Production of project / programme level dashboards.
5. Monitoring of acute / community / mental health quality matrix.
6. Clinical coding reviews / audits.
7. Budget reporting down to individual GP Practice level.
8. GP Practice level dashboard reports include high flyers.
9. Comparators of CCG performance with similar CCGs as set out by a specific range of care quality and performance measures detailed activity and cost reports
10. Data Quality and Validation measures allowing data quality checks on the submitted data
11. Contract Management and Modelling
12. Patient Stratification, such as:
o Patients at highest risk of admission
o Most expensive patients (top 15%)
o Frail and elderly
o Patients that are currently in hospital
o Patients with most referrals to secondary care
o Patients with most emergency activity
o Patients with most expensive prescriptions
o Patients recently moving from one care setting to another
i. Discharged from hospital
ii. Discharged from community

Processing:

Data must only be used as stipulated within this Data Sharing Agreement.

Data Processors must only act upon specific instructions from the Data Controller.

Data can only be stored at the addresses listed under storage addresses.

Patient level data will not be shared outside of the CCG unless it is for the purpose of Direct Care, where it may be shared only with those health professionals who have a legitimate relationship with the patient and a legitimate reason to access the data.
All access to data is managed under Roles-Based Access Controls
No patient level data will be linked other than as specifically detailed within this agreement. Data will only be shared with those parties listed and will only be used for the purposes laid out in the application/agreement. The data to be released from NHS Digital will not be national data, but only that data relating to the specific locality and that data required by the applicant.
NHS Digital reminds all organisations party to this agreement of the need to comply with the Data Sharing Framework Contract requirements, including those regarding the use (and purposes of that use) by “Personnel” (as defined within the Data Sharing Framework Contract ie: employees, agents and contractors of the Data Recipient who may have access to that data)
The DSCRO (part of NHS Digital) will apply Type 2 objections before any identifiable data leaves the DSCRO.
CCGs should work with general practices within their CCG to help them fulfil data controller responsibilities regarding flow of identifiable data into risk stratification tools.

Segregation
Where the Data Processor and/or the Data Controller hold both identifiable and pseudonymised data, the data will be held separately so data cannot be linked.

All access to data is auditable by NHS Digital.

Risk Stratification
(Risk Stratification tool in NHS Bury CCG)
1. Identifiable SUS+ data is obtained from the SUS Repository to the Data Services for Commissioners Regional Office (DSCRO).
2. Data quality management and standardisation of data is completed by the DSCRO and the data identifiable at the level of NHS number is transferred securely to the CCG, who hold the SUS+ data within the secure Data Centre on N3.
3. Identifiable GP Data is securely sent from the GP system to the CCG.
4. SUS+ data is linked to GP data in the risk stratification tool by the data processor.
5. As part of the risk stratification processing activity, GPs have access to the risk stratification tool within the data processor, which highlights patients with whom the GP has a legitimate relationship and have been classed as at risk. The only identifier available to GPs is the NHS numbers of their own patients. Any further identification of the patients will be completed by the GP on their own systems.
6. Once the CCG has completed the processing, access is available through the online system via a secure N3 connection to access the data pseudonymised at patient level.

(Risk Stratification tool in NHS Arden and GEM CSU)
1. Identifiable SUS+ data is obtained from the SUS Repository to the Data Services for Commissioners Regional Office (DSCRO).
2. Data quality management and standardisation of data is completed by the DSCRO and the data identifiable at the level of NHS number is transferred securely to NHS Arden and GEM CSU, who hold the SUS+ data within the secure Data Centre on N3.
3. Identifiable GP Data is securely sent from the GP system to NHS Arden and GEM CSU.
4. SUS+ data is linked to GP data in the risk stratification tool by the data processor.
5. As part of the risk stratification processing activity, GPs have access to the risk stratification tool within the data processor, which highlights patients with whom the GP has a legitimate relationship and have been classed as at risk. The only identifier available to GPs is the NHS numbers of their own patients. Any further identification of the patients will be completed by the GP on their own systems.
6. Once NHS Arden and GEM CSU has completed the processing, the CCG can access the online system via a secure connection to access the data pseudonymised at patient level.

Commissioning
The Data Services for Commissioners Regional Office (DSCRO) obtains the following data sets:
1. SUS+
2. Local Provider Flows (received directly from providers)
a. Acute
b. Ambulance
c. Community
d. Demand for Service
e. Diagnostic Service
f. Emergency Care
g. Experience, Quality and Outcomes
h. Mental Health
i. Other Not Elsewhere Classified
j. Population Data
k. Primary Care Services
l. Public Health Screening
3. Mental Health Minimum Data Set (MHMDS)
4. Mental Health Learning Disability Data Set (MHLDDS)
5. Mental Health Services Data Set (MHSDS)
6. Maternity Services Data Set (MSDS)
7. Improving Access to Psychological Therapy (IAPT)
8. Child and Young People Health Service (CYPHS)
9. Community Services Data Set (CSDS)
10. Diagnostic Imaging Data Set (DIDS)
11. National Cancer Waiting Times (CWT)
Data quality management and pseudonymisation is completed within the DSCRO and is then disseminated as follows:
Data Processor 1 – Arden and GEM CSU
Pseudonymised SUS+, Local Provider data, Mental Health data (MHSDS, MHMDS, MHLDDS), Maternity data (MSDS), Improving Access to Psychological Therapies data (IAPT), Child and Young People’s Health data (CYPHS), Community Services Data Set (CSDS), National Cancer Waiting Times (CWT) and Diagnostic Imaging data (DIDS) is securely transferred from the DSCRO to Arden and GEM CSU.
1. Arden and GEM CSU add derived fields, link data and provide analysis to:
a. See patient journeys for pathways or service design, re-design and de-commissioning.
b. Check recorded activity against contracts or invoices and facilitate discussions with providers.
c. Undertake population health management
d. Undertake data quality and validation checks
e. Thoroughly investigate the needs of the population
f. Understand cohorts of residents who are at risk
g. Conduct Health Needs Assessments
2. Allowed linkage is between the data sets contained within point 1.
3. Arden and GEM CSU then pass the processed, pseudonymised and linked data to the CCG.
4. Aggregation of required data for CCG management use will be completed by Arden and GEM CSU or the CCG as instructed by the CCG.
5. Patient level data will not be shared outside of the CCG and will only be shared within the CCG on a need to know basis, as per the purposes stipulated within the Data Sharing Agreement. External aggregated reports only with small number suppression can be shared as set out within NHS Digital guidance applicable to each data set.

Data Processor 2 – Greater Manchester Shared Services
Pseudonymised SUS+, Local Provider data, Mental Health data (MHSDS, MHMDS, MHLDDS), Maternity data (MSDS), Improving Access to Psychological Therapies data (IAPT), Child and Young People’s Health data (CYPHS), Community Services Data Set (CSDS), National Cancer Waiting Times (CWT) and Diagnostic Imaging data (DIDS) is securely transferred from the DSCRO to Greater Manchester Shared Services.
6. Greater Manchester Shared Services add derived fields, link data and provide analysis to:
h. See patient journeys for pathways or service design, re-design and de-commissioning.
i. Check recorded activity against contracts or invoices and facilitate discussions with providers.
j. Undertake population health management
k. Undertake data quality and validation checks
l. Thoroughly investigate the needs of the population
m. Understand cohorts of residents who are at risk
n. Conduct Health Needs Assessments
7. Allowed linkage is between the data sets contained within point 1.
8. Greater Manchester Shared Services then pass the processed, pseudonymised and linked data to the CCG.
9. Aggregation of required data for CCG management use will be completed by Greater Manchester Shared Services or the CCG as instructed by the CCG.
10. Patient level data will not be shared outside of the CCG and will only be shared within the CCG on a need to know basis, as per the purposes stipulated within the Data Sharing Agreement. External aggregated reports only with small number suppression can be shared as set out within NHS Digital guidance applicable to each data set.

Data Processor 3 – Salford Royal NHS Foundation Trust
Pseudonymised SUS+, Local Provider data, Mental Health data (MHSDS, MHMDS, MHLDDS), Maternity data (MSDS), Improving Access to Psychological Therapies data (IAPT), Child and Young People’s Health data (CYPHS), Community Services Data Set (CSDS). Diagnostic Imaging data (DIDS) is securely transferred from the DSCRO to Salford Royal NHS Foundation Trust.
11. Salford Royal NHS Foundation Trust add derived fields, link data and provide analysis to:
o. See patient journeys for pathways or service design, re-design and de-commissioning.
p. Check recorded activity against contracts or invoices and facilitate discussions with providers.
q. Undertake population health management
r. Undertake data quality and validation checks
s. Thoroughly investigate the needs of the population
t. Understand cohorts of residents who are at risk
u. Conduct Health Needs Assessments
12. Allowed linkage is between the data sets contained within point 1.
13. Salford Royal NHS Foundation Trust then pass the processed, pseudonymised and linked data to the CCG.
14. Aggregation of required data for CCG management use will be completed by Salford Royal NHS Foundation Trust or the CCG as instructed by the CCG.
15. Patient level data will not be shared outside of the CCG and will only be shared within the CCG on a need to know basis, as per the purposes stipulated within the Data Sharing Agreement. External aggregated reports only with small number suppression can be shared as set out within NHS Digital guidance applicable to each data set.

---

Project 3 — DARS-NIC-120758-L4C3B

Type of data: information not disclosed for TRE projects

Opt outs honoured: No - data flow is not identifiable ()

Legal basis: Health and Social Care Act 2012 – s261(1) and s261(2)(b)(ii)

Purposes: ()

Sensitive: Sensitive

When:2018.10 — 2019.04.

Access method: Frequent Adhoc Flow

Data-controller type:

Sublicensing allowed:

Datasets:

1. Acute-Local Provider Flows
2. Ambulance-Local Provider Flows
3. Community-Local Provider Flows
4. Diagnostic Services-Local Provider Flows
5. Emergency Care-Local Provider Flows

Objectives:

Commissioning
To use pseudonymised data which will be shared between multiple CCGs which will be listed within the Data Sharing Agreement, to provide intelligence to support commissioning of health services. The pseudonymised data is required to ensure that analysis of health care provision can be completed to support the needs of the health profile of the population within the CCG area based on the full analysis of multiple pseudonymised datasets.
The CCGs commission services from a range of providers covering a wide array of services. Each of the data flow categories requested supports the commissioned activity of one or more providers.
The following pseudonymised datasets are required to provide intelligence to support commissioning of health services:
- Local Provider Flows
o Acute
o Ambulance
o Community
o Diagnostic Service
o Emergency Care
The pseudonymised data is required to ensure that analysis of health care provision can be completed to support the needs of the health profile of the population within the CCG area based on the full analysis of multiple pseudonymised datasets.

The following CCGs are able to share record level data between the CCGs to enable collaborative reporting by their respective CCG analysts and Data Processor Analysts (Arden and GEM CSU):
- NHS Bury CCG
- NHS Heywood, Middleton and Rochdale CCG
- NHS Manchester CCG
- NHS Oldham CCG
The CCGs work together on a collaborative basis across to support each other in delivering their commissioning agendas. For example, they wish to carry out contract monitoring, e.g. SUS SLAM reconciliation, for all the four CCGs listed above where they are lead commissioner; or where a CCG provides a contract monitoring service for another CCG. The CCGs request approval (through this DARS amendment) to share the following datasets on a collaborative basis across the four CCGs , to be used for collaborative reporting in any combination of CCGs in the group, or at individual CCG level reporting as required; both by a CCG’s in house BI/Contract Analysts and by their Data Processor Analysts, Arden and GEM CSU:
• Local Provider Flows (for commissioning)

The CCGs may access the pseudonymised data of each CCG for the purpose of commissioning only. The data listed in Annex A of the DSA is the data that the CCGs will be allowed to access.

Expected Benefits:

Commissioning
1. Supporting Quality Innovation Productivity and Prevention (QIPP) to review demand management, integrated care and pathways.
a. Analysis to support full business cases.
b. Develop business models.
c. Monitor In year projects.
2. Supporting Joint Strategic Needs Assessment (JSNA) for specific disease types.
3. Health economic modelling using:
a. Analysis on provider performance against 18 weeks wait targets.
b. Learning from and predicting likely patient pathways for certain conditions, in order to influence early interventions and other treatments for patients.
c. Analysis of outcome measures for differential treatments, accounting for the full patient pathway.
d. Analysis to understand emergency care and linking A&E and Emergency Urgent Care Flows (EUCC).
4. Commissioning cycle support for grouping and re-costing previous activity.
5. Enables monitoring of:
a. CCG outcome indicators.
b. Non-financial validation of activity.
c. Successful delivery of integrated care within the CCG.
d. Checking frequent or multiple attendances to improve early intervention and avoid admissions.
e. Case management.
f. Care service planning.
g. Commissioning and performance management.
h. List size verification by GP practices.
i. Understanding the care of patients in nursing homes.
6. Feedback to NHS service providers on data quality at an aggregate and individual record level – only on data initially provided by the service providers.

Outputs:

Commissioning
1. Commissioner reporting:
a. Summary by provider view - plan & actuals year to date (YTD).
b. Summary by Patient Outcome Data (POD) view - plan & actuals YTD.
c. Summary by provider view - activity & finance variance by POD.
d. Planned care by provider view - activity & finance plan & actuals YTD.
e. Planned care by POD view - activity plan & actuals YTD.
f. Provider reporting.
g. Statutory returns.
h. Statutory returns - monthly activity return.
i. Statutory returns - quarterly activity return.
j. Delayed discharges.
k. Quality & performance referral to treatment reporting.
2. Readmissions analysis.
3. Production of aggregate reports for CCG Business Intelligence.
4. Production of project / programme level dashboards.
5. Monitoring of acute / community / mental health quality matrix.
6. Clinical coding reviews / audits.
7. Budget reporting down to individual GP Practice level.
8. GP Practice level dashboard reports include high flyers.

Processing:

Data must only be used as stipulated within this Data Sharing Agreement.

Data Processors must only act upon specific instructions from the Data Controller.

Data can only be stored at the addresses listed under storage addresses.

The Data Controller and any Data Processor will only have access to records of patients of residence and registration within the CCG.

Patient level data will not be shared outside of the CCG unless otherwise stipulated within this agreement or it is for the purpose of Direct Care, where it may be shared only with those health professionals who have a legitimate relationship with the patient and a legitimate reason to access the data.

No patient level data will be linked other than as specifically detailed within this agreement. Data will only be shared with those parties listed and will only be used for the purposes laid out in the application/agreement. The data to be released from NHS Digital will not be national data, but only that data relating to the specific locality of interest of the applicant.
NHS Digital reminds all organisations party to this agreement of the need to comply with the Data Sharing Framework Contract requirements, including those regarding the use (and purposes of that use) by “Personnel” (as defined within the Data Sharing Framework Contract ie: employees, agents and contractors of the Data Recipient who may have access to that data)

Segregation
Where the Data Processor and/or the Data Controller hold both identifiable and pseudonymised data, the data will be held separately so data cannot be linked.
All access to data is audited

Commissioning
The Data Services for Commissioners Regional Office (DSCRO) obtains the following data sets:
1. Local Provider Flows (received directly from providers)
o Acute
o Ambulance
o Community
o Diagnostic Service
o Emergency Care
Data quality management and pseudonymisation is completed within the DSCRO and is then disseminated as follows:
Data Processor 1 – Arden and Greater East Midlands Commissioning Support Unit
1) Pseudonymised Local Provider data only are securely transferred from the DSCRO to Arden and Greater East Midlands Commissioning Support Unit.
2) Arden and Greater East Midlands Commissioning Support Unit add derived fields, link data and provide analysis.
3) Allowed linkage is between the data sets contained within point 1.
4) Arden and Greater East Midlands Commissioning Support Unit then pass the processed, pseudonymised and linked data to each CCG. The CCG analyse the data to see patient journeys for pathways or service design, re-design and de-commissioning.
5) Aggregation of required data for CCG management use will be completed by Arden and Greater East Midlands Commissioning Support Unit or the CCG as instructed by the CCG.
6) Patient level data will not be shared outside of the CCG and will only be shared within the CCG on a need to know basis, as per the purposes stipulated within the Data Sharing Agreement. External aggregated reports only with small number suppression can be shared.

---

Project 4 — NIC-120758-L4C3B

Type of data: information not disclosed for TRE projects

Opt outs honoured: N ()

Legal basis: Health and Social Care Act 2012

Purposes: ()

Sensitive: Sensitive

When:2018.03 — 2018.05.

Access method: Ongoing

Data-controller type:

Sublicensing allowed:

Datasets:

1. Emergency Care-Local Provider Flows
2. Diagnostic Services-Local Provider Flows
3. Community-Local Provider Flows
4. Ambulance-Local Provider Flows
5. Acute-Local Provider Flows

Objectives:

Commissioning
To use pseudonymised data which will be shared between multiple CCGs which will be listed within the Data Sharing Agreement, to provide intelligence to support commissioning of health services. The pseudonymised data is required to ensure that analysis of health care provision can be completed to support the needs of the health profile of the population within the CCG area based on the full analysis of multiple pseudonymised datasets.
The CCGs commission services from a range of providers covering a wide array of services. Each of the data flow categories requested supports the commissioned activity of one or more providers.
The following pseudonymised datasets are required to provide intelligence to support commissioning of health services:
- Local Provider Flows
o Acute
o Ambulance
o Community
o Diagnostic Service
o Emergency Care
The pseudonymised data is required to ensure that analysis of health care provision can be completed to support the needs of the health profile of the population within the CCG area based on the full analysis of multiple pseudonymised datasets.

The following CCGs are able to share record level data between the CCGs to enable collaborative reporting by their respective CCG analysts and Data Processor Analysts (Arden and GEM CSU):
- NHS Bury CCG
- NHS Heywood, Middleton and Rochdale CCG
- NHS Manchester CCG
- NHS Oldham CCG
The CCGs work together on a collaborative basis across to support each other in delivering their commissioning agendas. For example, they wish to carry out contract monitoring, e.g. SUS SLAM reconciliation, for all the four CCGs listed above where they are lead commissioner; or where a CCG provides a contract monitoring service for another CCG. The CCGs request approval (through this DARS amendment) to share the following datasets on a collaborative basis across the four CCGs , to be used for collaborative reporting in any combination of CCGs in the group, or at individual CCG level reporting as required; both by a CCG’s in house BI/Contract Analysts and by their Data Processor Analysts, Arden and GEM CSU:
• Local Provider Flows (for commissioning)

The CCGs may access the pseudonymised data of each CCG for the purpose of commissioning only. The data listed in Annex A of the DSA is the data that the CCGs will be allowed to access.

Expected Benefits:

Commissioning
1. Supporting Quality Innovation Productivity and Prevention (QIPP) to review demand management, integrated care and pathways.
a. Analysis to support full business cases.
b. Develop business models.
c. Monitor In year projects.
2. Supporting Joint Strategic Needs Assessment (JSNA) for specific disease types.
3. Health economic modelling using:
a. Analysis on provider performance against 18 weeks wait targets.
b. Learning from and predicting likely patient pathways for certain conditions, in order to influence early interventions and other treatments for patients.
c. Analysis of outcome measures for differential treatments, accounting for the full patient pathway.
d. Analysis to understand emergency care and linking A&E and Emergency Urgent Care Flows (EUCC).
4. Commissioning cycle support for grouping and re-costing previous activity.
5. Enables monitoring of:
a. CCG outcome indicators.
b. Non-financial validation of activity.
c. Successful delivery of integrated care within the CCG.
d. Checking frequent or multiple attendances to improve early intervention and avoid admissions.
e. Case management.
f. Care service planning.
g. Commissioning and performance management.
h. List size verification by GP practices.
i. Understanding the care of patients in nursing homes.
6. Feedback to NHS service providers on data quality at an aggregate and individual record level – only on data initially provided by the service providers.

Outputs:

Commissioning
1. Commissioner reporting:
a. Summary by provider view - plan & actuals year to date (YTD).
b. Summary by Patient Outcome Data (POD) view - plan & actuals YTD.
c. Summary by provider view - activity & finance variance by POD.
d. Planned care by provider view - activity & finance plan & actuals YTD.
e. Planned care by POD view - activity plan & actuals YTD.
f. Provider reporting.
g. Statutory returns.
h. Statutory returns - monthly activity return.
i. Statutory returns - quarterly activity return.
j. Delayed discharges.
k. Quality & performance referral to treatment reporting.
2. Readmissions analysis.
3. Production of aggregate reports for CCG Business Intelligence.
4. Production of project / programme level dashboards.
5. Monitoring of acute / community / mental health quality matrix.
6. Clinical coding reviews / audits.
7. Budget reporting down to individual GP Practice level.
8. GP Practice level dashboard reports include high flyers.

Processing:

Data must only be used as stipulated within this Data Sharing Agreement.

Data Processors must only act upon specific instructions from the Data Controller.

Data can only be stored at the addresses listed under storage addresses.

The Data Controller and any Data Processor will only have access to records of patients of residence and registration within the CCG.

Patient level data will not be shared outside of the CCG unless otherwise stipulated within this agreement or it is for the purpose of Direct Care, where it may be shared only with those health professionals who have a legitimate relationship with the patient and a legitimate reason to access the data.

No patient level data will be linked other than as specifically detailed within this agreement. Data will only be shared with those parties listed and will only be used for the purposes laid out in the application/agreement. The data to be released from NHS Digital will not be national data, but only that data relating to the specific locality of interest of the applicant.
NHS Digital reminds all organisations party to this agreement of the need to comply with the Data Sharing Framework Contract requirements, including those regarding the use (and purposes of that use) by “Personnel” (as defined within the Data Sharing Framework Contract ie: employees, agents and contractors of the Data Recipient who may have access to that data)

Segregation
Where the Data Processor and/or the Data Controller hold both identifiable and pseudonymised data, the data will be held separately so data cannot be linked.
All access to data is audited

Commissioning
The Data Services for Commissioners Regional Office (DSCRO) obtains the following data sets:
1. Local Provider Flows (received directly from providers)
o Acute
o Ambulance
o Community
o Diagnostic Service
o Emergency Care
Data quality management and pseudonymisation is completed within the DSCRO and is then disseminated as follows:
Data Processor 1 – Arden and Greater East Midlands Commissioning Support Unit
1) Pseudonymised Local Provider data only are securely transferred from the DSCRO to Arden and Greater East Midlands Commissioning Support Unit.
2) Arden and Greater East Midlands Commissioning Support Unit add derived fields, link data and provide analysis.
3) Allowed linkage is between the data sets contained within point 1.
4) Arden and Greater East Midlands Commissioning Support Unit then pass the processed, pseudonymised and linked data to each CCG. The CCG analyse the data to see patient journeys for pathways or service design, re-design and de-commissioning.
5) Aggregation of required data for CCG management use will be completed by Arden and Greater East Midlands Commissioning Support Unit or the CCG as instructed by the CCG.
6) Patient level data will not be shared outside of the CCG and will only be shared within the CCG on a need to know basis, as per the purposes stipulated within the Data Sharing Agreement. External aggregated reports only with small number suppression can be shared.

---

Project 5 — NIC-47174-R9S4W

Type of data: information not disclosed for TRE projects

Opt outs honoured: N, Y ()

Legal basis: Health and Social Care Act 2012, Section 251 approval is in place for the flow of identifiable data

Purposes: ()

Sensitive: Sensitive

When:2017.06 — 2017.05.

Access method: Ongoing

Data-controller type:

Sublicensing allowed:

Datasets:

1. Children and Young People's Health Services Data Set
2. Improving Access to Psychological Therapies Data Set
3. Local Provider Data - Acute
4. Local Provider Data - Ambulance
5. Local Provider Data - Community
6. Local Provider Data - Demand for Service
7. Local Provider Data - Diagnostic Services
8. Local Provider Data - Emergency Care
9. Local Provider Data - Experience Quality and Outcomes
10. Local Provider Data - Mental Health
11. Local Provider Data - Other not elsewhere classified
12. Local Provider Data - Population Data
13. Local Provider Data - Public Health & Screening services
14. Mental Health and Learning Disabilities Data Set
15. Mental Health Minimum Data Set
16. Mental Health Services Data Set
17. SUS Accident & Emergency data
18. SUS Admitted Patient Care data
19. SUS Outpatient data
20. Maternity Services Dataset
21. SUS data (Accident & Emergency, Admitted Patient Care & Outpatient)
22. SUS for Commissioners
23. Public Health and Screening Services-Local Provider Flows
24. Primary Care Services-Local Provider Flows
25. Population Data-Local Provider Flows
26. Other Not Elsewhere Classified (NEC)-Local Provider Flows
27. Mental Health-Local Provider Flows
28. Maternity Services Data Set
29. Experience, Quality and Outcomes-Local Provider Flows
30. Emergency Care-Local Provider Flows
31. Diagnostic Services-Local Provider Flows
32. Diagnostic Imaging Dataset
33. Demand for Service-Local Provider Flows
34. Community-Local Provider Flows
35. Children and Young People Health
36. Ambulance-Local Provider Flows
37. Acute-Local Provider Flows
38. SUS (Accident & Emergency, Inpatient and Outpatient data)
39. Local Provider Data - Acute, Ambulance, Community, Demand for Service, Diagnostic Services, Emergency Care, Experience Quality and Outcomes, Mental Health, Other not elsewhere classified, Population Data, Primary Care

Objectives:

Risk Stratification
To use SUS data identifiable at the level of NHS number according to S.251 CAG 7-04(a) (and Primary Care Data) for the purpose of Risk Stratification. Risk Stratification provides a forecast of future demand by identifying high risk patients. This enables commissioners to initiate proactive management plans for patients that are potentially high service users. Risk Stratification enables GPs to better target intervention in Primary Care

Pseudonymised – SUS and Local Flows
To use pseudonymised data to provide intelligence to support commissioning of health services. The pseudonymised data is required to ensure that analysis of health care provision can be completed to support the needs of the health profile of the population within the CCG area based on the full analysis of multiple pseudonymised datasets.
The CCGs commission services from a range of providers covering a wide array of services. Each of the data flow categories requested supports the commissioned activity of one or more providers.

Pseudonymised – Mental Health, Maternity, IAPT, CYPHS and DIDS
To use pseudonymised data for the following datasets to provide intelligence to support commissioning of health services :
- Mental Health Minimum Data Set (MHMDS)
- Mental Health Learning Disability Data Set (MHLDDS)
- Mental Health Services Data Set (MHSDS)
- Maternity Services Data Set (MSDS)
- Improving Access to Psychological Therapy (IAPT)
- Child and Young People Health Service (CYPHS)
- Diagnostic Imaging Data Set (DIDS)
The pseudonymised data is required to ensure that analysis of health care provision can be completed to support the needs of the health profile of the population within the CCG area based on the full analysis of multiple pseudonymised datasets.


No record level data will be linked other than as specifically detailed within this application/agreement. Data will only be shared with those parties listed and will only be used for the purposes laid out in the application/agreement. The data to be released from the HSCIC will not be national data, but only that data relating to the specific locality of interest of the applicant.

Expected Benefits:

Risk Stratification
Risk stratification promotes improved case management in primary care and will lead to the following benefits being realised:
1. Improved planning by better understanding patient flows through the healthcare system, thus allowing commissioners to design appropriate pathways to improve patient flow and allowing commissioners to identify priorities and identify plans to address these.
2. Improved quality of services through reduced emergency readmissions, especially avoidable emergency admissions. This is achieved through mapping of frequent users of emergency services and early intervention of appropriate care.
3. Improved access to services by identifying which services may be in demand but have poor access, and from this identify areas where improvement is required.
4. Potentially reduced premature mortality by more targeted intervention in primary care, which supports the commissioner to meets its requirement to reduce premature mortality in line with the CCG Outcome Framework.
5. Better understanding of the health of and the variations in health outcomes within the population to help understand local population characteristics.
All of the above lead to improved patient experience through more effective commissioning of services.

Pseudonymised – SUS and Local Flows
1. Supporting Quality Innovation Productivity and Prevention (QIPP) to review demand management, integrated care and pathways.
a. Analysis to support full business cases.
b. Develop business models.
c. Monitor In year projects.
2. Supporting Joint Strategic Needs Assessment (JSNA) for specific disease types.
3. Health economic modelling using:
a. Analysis on provider performance against 18 weeks wait targets.
b. Learning from and predicting likely patient pathways for certain conditions, in order to influence early interventions and other treatments for patients.
c. Analysis of outcome measures for differential treatments, accounting for the full patient pathway.
d. Analysis to understand emergency care and linking A&E and Emergency Urgent Care Flows (EUCC).
4. Commissioning cycle support for grouping and re-costing previous activity.
5. Enables monitoring of:
a. CCG outcome indicators.
b. Non-financial validation of activity.
c. Successful delivery of integrated care within the CCG.
d. Checking frequent or multiple attendances to improve early intervention and avoid admissions.
e. Case management.
f. Care service planning.
g. Commissioning and performance management.
h. List size verification by GP practices.
i. Understanding the care of patients in nursing homes.
6. Feedback to NHS service providers on data quality at an aggregate and individual record level – only on data initially provided by the service providers.

Pseudonymised – Mental Health, Maternity, IAPT, CYPHS and DIDS
1. Supporting Quality Innovation Productivity and Prevention (QIPP) to review demand management, Integrated care and pathways.
a. Analysis to support full business cases.
b. Develop business models.
c. Monitor In year projects.
2. Supporting Joint Strategic Needs Assessment (JSNA) for specific disease types.
3. Health economic modelling using:
a. Analysis on provider performance against 18 weeks wait targets.
b. Learning from and predicting likely patient pathways for certain conditions, in order to influence early interventions and other treatments for patients.
c. Analysis of outcome measures for differential treatments, accounting for the full patient pathway.
d. Analysis to understand emergency care and linking A&E and Emergency Urgent Care Flows (EUCC).
4. Commissioning cycle support for grouping and re-costing previous activity.
5. Enables monitoring of:
a. CCG outcome indicators.
b. Non-financial validation of activity.
c. Successful delivery of integrated care within the CCG.
d. Checking frequent or multiple attendances to improve early intervention and avoid admissions.
e. Case management.
f. Care service planning.
g. Commissioning and performance management.
h. List size verification by GP practices.
i. Understanding the care of patients in nursing homes.
6. Feedback to NHS service providers on data quality at an aggregate and individual record level – only on data initially provided by the service providers.

Outputs:

Risk Stratification
1. 1) As part of the risk stratification processing activity detailed above, GPs have access to the risk stratification tool which highlights patients for whom the GP is responsible and have been classed as at risk. The risk stratification presents pseudonymised data to the GPs. GPs are able to re-identify information only for their own patients for the purpose of direct care.
2. Output from the risk stratification tool will provide aggregate reporting of number and percentage of population found to be at risk.
3. Record level output will be available for commissioners pseudonymised at patient level and aggregated reports.
Pseudonymised – SUS and Local Flows
1. Commissioner reporting:
a. Summary by provider view - plan & actuals year to date (YTD).
b. Summary by Patient Outcome Data (POD) view - plan & actuals YTD.
c. Summary by provider view - activity & finance variance by POD.
d. Planned care by provider view - activity & finance plan & actuals YTD.
e. Planned care by POD view - activity plan & actuals YTD.
f. Provider reporting.
g. Statutory returns.
h. Statutory returns - monthly activity return.
i. Statutory returns - quarterly activity return.
j. Delayed discharges.
k. Quality & performance referral to treatment reporting.
2. Readmissions analysis.
3. Production of aggregate reports for CCG Business Intelligence.
4. Production of project / programme level dashboards.
5. Monitoring of acute / community / mental health quality matrix.
6. Clinical coding reviews / audits.
7. Budget reporting down to individual GP Practice level.
8. GP Practice level dashboard reports include high flyers.

Pseudonymised – Mental Health, Maternity, IAPT, CYPHS and DIDS
1. Commissioner reporting:
a. Summary by provider view - plan & actuals year to date (YTD).
b. Summary by Patient Outcome Data (POD) view - plan & actuals YTD.
c. Summary by provider view - activity & finance variance by POD.
d. Planned care by provider view - activity & finance plan & actuals YTD.
e. Planned care by POD view - activity plan & actuals YTD.
f. Provider reporting.
g. Statutory returns.
h. Statutory returns - monthly activity return.
i. Statutory returns - quarterly activity return.
j. Delayed discharges.
k. Quality & performance referral to treatment reporting.
2. Readmissions analysis.
3. Production of aggregate reports for CCG Business Intelligence.
4. Production of project / programme level dashboards.
5. Monitoring of mental health quality matrix.
6. Clinical coding reviews / audits.
7. Budget reporting down to individual GP Practice level.
8. GP Practice level dashboard reports include high flyers.

Processing:

Prior to the release of identifiable data by North West DSCRO, Type 2 objections will be applied and the relevant patient’s data redacted.

Risk Stratification
1. SUS Data is sent from the SUS Repository to North West Data Services for Commissioners Regional Office (DSCRO) to the data processor.
2. SUS data identifiable at the level of NHS number regarding hospital admissions, A&E attendances and outpatient attendances is delivered securely from North West DSCRO to the data processor.
3. Data quality management and standardisation of data is completed by North West DSCRO and the data identifiable at the level of NHS number is transferred securely to Arden & GEM CSU, who hold the SUS data within the secure Data Centre on N3.
4. Identifiable GP Data is securely sent from the GP system to Arden & GEM CSU.
5. SUS data is linked to GP data in the risk stratification tool by the data processor.
6. Arden & GEM CSU who hosts the risk stratification system that holds SUS data is limited to those administrative staff with authorised user accounts used for identification and authentication.
7. Once Arden & GEM CSU has completed the processing, the data is passed to the CCG in pseudonymised form at patient level and as aggregated reports.

Pseudonymised – SUS and Local Flows
Data Processor 2 – GMSS (via DP1):
1. North West Data Services for Commissioners Regional Office (DSCRO) receives a flow of SUS identifiable data for the CCG from the SUS Repository. North West DSCRO also receives identifiable local provider data for the CCG directly from Providers.
2. Data quality management and pseudonymisation of data is completed by North West DSCRO and the pseudonymised data is then passed securely to Arden & GEM CSU for the addition of derived fields, linkage of data sets and analysis.
3. Arden & GEM CSU then passes the pseudonymised data securely to the Greater Manchester Shared Services (GMSS).
4. GMSS analyse the data to see patient journeys for pathway or service design, re-design and de-commissioning.
5. GMSS then pass the processed pseudonymised data to the CCG
6. Patient level data will not be shared outside of the CCG and will only be shared within the CCG on a need to know basis, as per the purposes stipulated within the Data Sharing Agreement. External aggregated reports only with small number suppression in line with the HES analysis guide.
Data Processor 4 – AQuA (via DP1):
1. North West Data Services for Commissioners Regional Office (DSCRO) receives a flow of SUS identifiable data for the CCG from the SUS Repository. North West DSCRO also receives identifiable local provider data for the CCG directly from Providers.
2. Data quality management and pseudonymisation of data is completed by North West DSCRO and the pseudonymised data is then passed securely to Arden & GEM CSU for the addition of derived fields, linkage of data sets and analysis.
3. Arden & GEM CSU then passes the pseudonymised data securely to AQuA to provide support for a range of quality improvement programmes including the NW Advancing Quality Programme. AQuA identifies cohorts of patients within specific disease groups for further analysis to help drive quality improvements across the region.
4. AQuA produces aggregate reports only with small number suppression in line with the HES analysis guide. Only aggregate reports are sent to the CCG.

Data Processor 5 – Academic Health Sciences Network (Utilisation Management Team) (SUS Only) (via DP1)::
1. North West Data Services for Commissioners Regional Office (DSCRO) receives a flow of SUS identifiable data for the CCG from the SUS Repository.
2. Data quality management and pseudonymisation of data is completed by North West DSCRO and the pseudonymised data is then passed securely to Arden & GEM CSU for the addition of derived fields, linkage of data and analysis.
3. Arden & GEM CSU then passes the pseudonymised data securely to the Academic Health Service (Utilisation Management Team) (AHSN UMT)
4. The AHSN UMT receive pseudonymised SUS data for Greater Manchester patients. They analyse the data to look at processes rather than patients, for example, A&E performance, process times, bed days as well as ‘deep dives’ to support clinical reviews for CCGs.
5. AHSN UMT produces aggregate reports only with small number suppression in line with the HES analysis guide. Only aggregate reports are sent to the CCG.
NHS Bury CCG, NHS Heywood, Middleton and Rochdale CCG, NHS North Manchester CCG and NHS Oldham CCG have a collaborative information sharing agreement in place to share pseudonymised SLAM and SLAM Backup data between these CCGs only. SLAM data is included under Local Flows and is available under the Health and Social Care Act 2012.
Pseudonymised – Mental Health and IAPT
Data Processor 1 – Arden & GEM CSU
1. North West Data Services for Commissioners Regional Office (DSCRO) receives a flow of data identifiable at the level of NHS number for Mental Health (MHSDS, MHMDS, MHLDDS) and MSDS. North West DSCRO also receive a flow of pseudonymised patient level data for each CCG for Improving Access to Psychological Therapies (IAPT), Child and Young People’s Health (CYPHS) and Diagnostic Imaging (DIDS) for commissioning purposes
1. Data quality management and pseudonymisation of data is completed by North West DSCRO and the pseudonymised data is then passed securely to Arden & GEM CSU for the addition of derived fields, linkage of data sets and analysis.
2. Arden & GEM CSU then pass the processed, pseudonymised and linked data to the CCG who analyse the data to see patient journeys for pathways or service design, re-design and de-commissioning.
3. The CCG analyses the data to see patient journeys for pathway or service design, re-design and de-commissioning
4. Aggregation of required data for CCG management use can be completed by the CSU or the CCG
5. Patient level data will not be shared outside of the CCG and will only be shared within the CCG on a need to know basis, as per the purposes stipulated within the Data Sharing Agreement. External aggregated reports only with small number suppression in line with the HES analysis guide.
Data Processor 2 – GMSS (via DP1):
Greater Manchester Shared Services (GMSS) have taken BI services in house and are now hosted by Oldham CCG. AGEM CSU flow data to a small team within GMSS. Access to the data is restricted to this team who access and manage the data. These BI services were previously provided by North West CSU.

GMSS deliver a range of services including;
• effective use of resources;
• data quality;
• information governance;
• market management;
• provider contract & performance management;

To enable GMSS to support these services a team within the GMSS have controlled access to SUS data at a pseudonymised level. Access to the data is controlled by AGEM CSU using users’ roles to ensure only appropriate users gain access to pseudonymised data. Data can then be used for reporting to support the range of services being offered to CCGs, and CCGs receive aggregate level reports from GMSS. GMSS staff are separate from Oldham CCG staff and accordingly have separate functions and roles.
1. North West Data Services for Commissioners Regional Office (DSCRO) receives a flow of data identifiable at the level of NHS number for Mental Health (MHSDS, MHMDS, MHLDDS) North West DSCRO also receive a flow of pseudonymised patient level data for each CCG for Improving Access to Psychological Therapies (IAPT) for commissioning purposes
2. The pseudonymised data is securely transferred from North West DSCRO to Arden & GEM CSU for the addition of derived fields, linkage of data sets and analysis.
3. Arden & GEM CSU then pass the processed, pseudonymised and linked data to the Greater Manchester Shared Services (GMSS)
4. GMSS analyse and conduct the BI function and then send the Pseudonymised data to the CCG.
5. Patient level data will not be shared outside of the CCG and will only be shared within the CCG on a need to know basis, as per the purposes stipulated within the Data Sharing Agreement. External aggregated reports only with small number suppression.
Data Processor 4 - Advancing Quality Alliance (AQuA) (via DP1):
1. North West Data Services for Commissioners Regional Office (DSCRO) receives a flow of data identifiable at the level of NHS number for Mental Health (MHSDS, MHMDS, MHLDDS).
2. Data quality management and pseudonymisation of data is completed by North West DSCRO and the pseudonymised data is then passed securely to Arden & GEM CSU for the addition of derived fields, linkage of data sets and analysis.
3. Arden & GEM CSU then passes the pseudonymised data securely to Advancing Quality Alliance (AQuA).
4. AQuA receives pseudonymised SUS data for Greater Manchester patients. They analyse the data to look at processes rather than patients, for example, A&E performance, process times, bed days as well as ‘deep dives’ to support clinical reviews for CCGs.
5. AQuA produces aggregate reports only with small number suppression in line with the HES analysis guide. Only aggregate reports are sent to the CCG.

---