NHS Digital Data Release Register - reformatted

NHS East Sussex Ccg

Project 1 — DARS-NIC-362240-M2L1B

Opt outs honoured: Yes - patient objections upheld (Section 251 NHS Act 2006)

Sensitive: Sensitive

When: 2020/04 — 2020/07.

Repeats: Frequent Adhoc Flow

Legal basis: National Health Service Act 2006 - s251 - 'Control of patient information'.

Categories: Identifiable

Datasets:

  • SUS for Commissioners

Objectives:

Invoice Validation Invoice validation is part of a process by which providers of care or services get paid for the work they do. Invoices are submitted to the Clinical Commissioning Group (CCG) so they are able to ensure that the activity claimed for each patient is their responsibility. This is done by processing and analysing Secondary User Services (SUS+) data, which is received into a secure Controlled Environment for Finance (CEfF). The SUS+ data is identifiable at the level of NHS number. The NHS number is only used to confirm the accuracy of backing-data sets and will not be used further. The CCG are advised by the CEfF whether payment for invoices can be made or not. Invoice Validation will be conducted by South Central and West Commissioning Support Unit Risk Stratification Risk stratification is a tool for identifying and predicting which patients are at high risk or are likely to be at high risk and prioritising the management of their care in order to prevent worse outcomes. To conduct risk stratification Secondary User Services (SUS+) data, identifiable at the level of NHS number is linked with Primary Care data (from GPs) and an algorithm is applied to produce risk scores. Risk Stratification provides focus for future demands by enabling commissioners to prepare plans for patients. Commissioners can then prepare plans for patients who may require high levels of care. Risk Stratification also enables General Practitioners (GPs) to better target intervention in Primary Care. Risk Stratification will be conducted by South Central and West Commissioning Support Unit

Expected Benefits:

Invoice Validation The invoice validation process supports the ongoing delivery of patient care across the NHS and the CCG region by: 1. Ensuring that activity is fully financially validated. 2. Ensuring that service providers are accurately paid for the patients treatment. 3. Enabling services to be planned, commissioned, managed, and subjected to financial control. 4. Enabling commissioners to confirm that they are paying appropriately for treatment of patients for whom they are responsible. 5. Fulfilling commissioners duties to fiscal probity and scrutiny. 6. Ensuring full financial accountability for relevant organisations. 7. Ensuring robust commissioning and performance management. 8. Ensuring commissioning objectives do not compromise patient confidentiality. 9. Ensuring the avoidance of misappropriation of public funds. Risk Stratification Risk stratification promotes improved case management in primary care and will lead to the following benefits being realised: 1. Improved planning by better understanding patient flows through the healthcare system, thus allowing commissioners to design appropriate pathways to improve patient flow and allowing commissioners to identify priorities and identify plans to address these. 2. Improved quality of services through reduced emergency readmissions, especially avoidable emergency admissions. This is achieved through mapping of frequent users of emergency services and early intervention of appropriate care. 3. Improved access to services by identifying which services may be in demand but have poor access, and from this identify areas where improvement is required. 4. Potentially reduced premature mortality by more targeted intervention in primary care, which supports the commissioner to meets its requirement to reduce premature mortality in line with the CCG Outcome Framework. 5. Better understanding of the health of and the variations in health outcomes within the population to help understand local population characteristics. All of the above lead to improved patient experience through more effective commissioning of services.

Outputs:

INVOICE VALIDATION 1. The Controlled Environment for Finance (CEfF) will enable the CCG to challenge invoices and raise discrepancies and disputes. 2. Outputs from the CEfF will enable accurate production of budget reports, which will: a. Assist in addressing poor quality data issues b. Assist in business intelligence 3. Validation of invoices for non-contracted events where a service delivered to a patient by a provider that does not have a written contract with the patient’s responsible commissioner, but does have a written contract with another NHS commissioner/s. 4. Budget control of the CCG. RISK STRATIFICATION 1. As part of the risk stratification processing activity detailed above, GPs have access to the risk stratification tool which highlights patients for whom the GP is responsible and have been classed as at risk. The only identifier available to GPs is the NHS numbers of their own patients. Any further identification of the patients will be completed by the GP on their own systems. 2. GP Practices will be able to view the risk scores for individual patients with the ability to display the underlying SUS+ data for the individual patients when it is required for direct care purposes by someone who has a legitimate relationship with the patient. CCGs will be able to: 3. Target specific vulnerable patient groups and enable clinicians with the duty of care for the patient to offer appropriate interventions. 4. Reduce hospital readmissions and targeting clinical interventions to high risk patients. 5. Identify patients at risk of deterioration and providing effective care. 6. Reduce in the difference in the quality of care between those with the best and worst outcomes. 7. Re-design care to reduce admissions. 8. Set up capitated budgets – budgets based on care provided to the specific population. 9. Identify health determinants of risk of admission to hospital, or other adverse care outcomes. 10. Monitor vulnerable groups of patients including but not limited to frailty, COPD, Diabetes, elderly. 11. Health needs assessments – identifying numbers of patients with specific health conditions or combination of conditions. 12. Classify vulnerable groups based on: disease profiles; conditions currently being treated; current service use; pharmacy use and risk of future overall cost. 13. Production of Theographs – a visual timeline of a patients encounters with hospital providers. 14. Analyse based on specific diseases In addition: - The risk stratification tool will provide aggregate reporting of number and percentage of population found to be at risk. - Record level output (pseudonymised) will be available for commissioners (of the CCG), pseudonymised at patient level. Onward sharing of this data is not permitted.

Processing:

Data must only be used for the purposes stipulated within this Data Sharing Agreement. Any additional disclosure / publication will require further approval from NHS Digital. Data Processors must only act upon specific instructions from the Data Controller. Data can only be stored at the addresses listed under storage addresses. All access to data is managed under Role-Based Access Controls. Users can only access data authorised by their role and the tasks that they are required to undertake. Patient level data will not be linked other than as specifically detailed within this Data Sharing Agreement. Data released will only be shared with those parties listed and will only be used for the purposes laid out in the application/agreement. NHS Digital reminds all organisations party to this agreement of the need to comply with the Data Sharing Framework Contract requirements, including those regarding the use (and purposes of that use) by “Personnel” (as defined within the Data Sharing Framework Contract ie: employees, agents and contractors of the Data Recipient who may have access to that data) The DSCRO (part of NHS Digital) will apply National Opt-outs before any identifiable data leaves the DSCRO only for the purpose of Risk Stratification. CCGs should work with general practices within their CCG to help them fulfil data controller responsibilities regarding flow of identifiable data into risk stratification tools. The only identifier available in the data set is the NHS numbers. Any further identification of the patients will only be completed by the patient’s clinician on their own systems for the purpose of direct care with a legitimate relationship. ONWARD SHARING: Patient level data will not be shared outside of the CCG unless it is for the purpose of Direct Care, where it may be shared only with those health professionals who have a legitimate relationship with the patient and a legitimate reason to access the data. Aggregated reports only with small number suppression can be shared externally as set out within NHS Digital guidance applicable to each data set. SEGREGATION: Where the Data Processor and/or the Data Controller hold both identifiable and pseudonymised data, the data will be held separately so data cannot be linked. Where the Data Processor and/or the Data Controller hold identifiable data with opt outs applied and identifiable data with opt outs not applied, the data will be held separately so data cannot be linked. All access to data is auditable by NHS Digital. Data for the purpose of Invoice Validation is kept within the CEfF, and only used by staff properly trained and authorised for the activity. Only CEfF staff are able to access data in the CEfF and only CEfF staff operate the invoice validation process within the CEfF. Data flows directly in to the CEfF from the DSCRO and from the providers – it does not flow through any other processors. Data Minimisation Data Minimisation in relation to the data sets listed within section 3 are listed below. This also includes the purpose on which they would be applied - For the purpose of Risk Stratification: • Patients who are normally registered and/or resident within NHS East Sussex CCG (including historical activity where the patient was previously registered or resident in another commissioner). This includes data that was previously under a different organisation name but has now merged into this CCG. For the purpose of Invoice Validation: • CCG of residence and/or registration. This includes data that was previously under a different organisation name but has now merged into this CCG. For clarity, any access by University Hospital Bristol NHS Foundation Trust to data held under this agreement would be considered a breach of the agreement. This includes granting of access to the database[s] containing the data. Identifiable data will only be disclosed: 1) where the requesting Data Controller’s Caldicott Guardian/Senior Approving Officer has approved the disclosure 2) where the DSCRO Information Risk Owner has approved the disclosure 3) to requestor/recipients specified by the Data Controller 4) to recipients that have a legitimate relationship with the individuals identified by the data, e.g. clinician 5) using mechanisms and routes that are secure and have an appropriate legal basis for holding identifiable data 6) where there is a legal basis and it is covered by a Data Sharing Agreement that justifies its use or the data subject has consented or where there is a separate legal basis for making the dataset identifiable enabling the re-identification to take place 7) whilst continuing to respect the data subject’s preferences for data sharing In order for identifiable data to be disclosed, all seven requirements must be met. Where identifiable data for the same dataset to the same organisation is released by NHS Digital (via a DSCRO), relevant controls must be in place locally by the recipient organisation to ensure that identifiable data is stored separately, under strict access control provisions, from its original anonymised in accordance with the ICOACoP form and used only for the specific purpose stipulated in this agreement. There must be no efforts made by the recipient organisation to link these datasets. Local Identifiers: If a Data Controller organisation (or the Data Processor working on their behalf): a. only receives a DSCRO disseminated identifiable (NHS Number) flow, then it can receive clear local identifiers. b. receives and pseudonymised flow, then clear local identifiers can be included and used only for the purpose outlined within the Data Sharing Agreement c. receives both DSCRO disseminated identifiable and pseudonymised flows, the identifiable flow must have the local identifiers pseudonymised or removed. Invoice Validation 1. Identifiable SUS+ Data is obtained from the SUS+ Repository to the Data Services for Commissioners Regional Office (DSCRO). 2. The DSCRO pushes a one-way data flow of SUS+ data into the Controlled Environment for Finance (CEfF) in the South, Central and West Commissioning Support Unit 3. The CSU carry out the following processing activities within the CEfF for invoice validation purposes: a. Validating that the Clinical Commissioning Group is responsible for payment for the care of the individual by using SUS+ and/or backing flow data. b. Once the backing information is received, this will be checked against national NHS and local commissioning policies as well as being checked against system access and reports provided by NHS Digital to confirm the payments are: i. In line with Payment by Results tariffs ii. are in relation to a patient registered with a CCG GP or resident within the CCG area. iii. The health care provided should be paid by the CCG in line with CCG guidance.  4. The CCG are notified that the invoice has been validated and can be paid. Any discrepancies or non-validated invoices are investigated and resolved between South, Central and West Commissioning Support Unit CEfF team and the provider meaning that no identifiable data needs to be sent to the CCG. The CCG only receives notification to pay and management reporting detailing the total quantum of invoices received pending, processed etc. Risk Stratification 1. Identifiable SUS+ data is obtained from the SUS Repository to the Data Services for Commissioners Regional Office (DSCRO). 2. Data quality management and standardisation of data is completed by the DSCRO and the data identifiable at the level of NHS number is transferred securely to South, Central and West Commissioning Support Unit, who hold the SUS+ data within the secure Data Centre on N3. 3. Identifiable GP Data is securely sent from the GP system to South, Central and West Commissioning Support Unit. 4. SUS+ data is linked to GP data in the risk stratification tool by the data processor. 5. As part of the risk stratification processing activity, GPs have access to the risk stratification tool within the data processor, which highlights patients with whom the GP has a legitimate relationship and have been classed as at risk. The only identifier available to GPs is the NHS numbers of their own patients. Any further identification of the patients will be completed by the GP on their own systems. 6. Once South, Central and West Commissioning Support Unit has completed the processing, the CCG can access the online system via a secure connection to access the data pseudonymised at patient level.