NHS Digital Data Release Register - reformatted

Care Quality Commission (cqc) projects

912 data files in total were disseminated unsafely (information about files used safely is missing for TRE/"system access" projects).


NHSE UDAL - CQC — DARS-NIC-755472-Y7C7F

Type of data: information not disclosed for TRE projects

Opt outs honoured: Anonymised - ICO Code Compliant (Does not include the flow of confidential data)

Legal basis: Health and Social Care Act 2012 – s261(2)(a)

Purposes: No (Agency/Public Body)

Sensitive: Sensitive, and Non-Sensitive

When:DSA runs 2024-08-23 — 2026-08-22 2024.09 — 2024.09.

Access method: System Access
(System access exclusively means data was not disseminated, but was accessed under supervision on NHS Digital's systems)

Data-controller type: CARE QUALITY COMMISSION (CQC)

Sublicensing allowed: No

Datasets:

  1. Community Services Data Set (CSDS)
  2. Emergency Care Data Set (ECDS)
  3. Hospital Episode Statistics Admitted Patient Care (HES APC)
  4. Hospital Episode Statistics Critical Care (HES Critical Care)
  5. Hospital Episode Statistics Outpatients (HES OP)
  6. Mental Health Services Data Set (MHSDS)

Objectives:

This Data Sharing Agreement (DSA) is to establish and facilitate a collaborative initiative between the Care Quality Commission (CQC) and NHS England to conduct a pilot project.

The primary purpose of this project is to evaluate and test the Unified Data Access Layer ("UDAL") as an effective and efficient system for data sharing between CQC and NHS England.

CQC is requesting data that is critical to its regulatory oversight of health and care providers. CQC’s remit is to make sure health and adult social care services provide people with safe, effective, compassionate, high-quality care and CQC encourages them to improve.

Access to these data help to ensure CQC can make use of its wide set of powers to protect people who use regulated services from harm and the risk of harm, and to ensure they receive health and social care services of an appropriate standard. These powers also hold registered providers and managers to account for failures in how the service is provided. CQC's enforcement policy sets out CQC's approach to taking action where CQC identify poor care, or where registered providers and managers do not meet the standards required in the regulations.

The following NHS England Data will be accessed:

• Community Services Data Set (CSDS)
• Emergency Care Data Set (ECDS)
• Hospital Episode Statistics Admitted Patient Care (HES APC)
• Hospital Episode Statistics Critical Care (HES Critical Care)
• Hospital Episode Statistics Outpatients (HES OP)
• Mental Health Services Data Set (MHSDS)

CQC use these data in the following ways:
- to populate indicators within their Data & Insight Unit products and associated dashboards, to support prioritisation of regulatory activity (including inspections) and to inform judgements about the level of quality in services
- towards CQC's statutory role of monitoring the Mental Health Act and protecting the interests of people whose rights are restricted under the Act;
- in thematic reviews and national reporting; for example, the Annual State of Care report and
- to support the development and implementation of CQC’s remit to assess ICSs and Local Authorities (with respect to health and care responsibilities).

The level of data will be:
• Pseudonymised

Local Patient Identifier is required, it is occasionally necessary to identify to a trust examples of their own patients whose care appears problematical 'Local patient identifier' is used as the Token Person ID is not known to the trust.

The Data will be minimised as follows:
• Limited to data between 2014 and latest available.

The lawful basis for processing personal data under the UK GDPR is:

Article 6(1)(e) - processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

The lawful basis for processing special category data under the UK GDPR is:

Article 9(2)(i) - processing is necessary for reasons of public interest in the area of public health in that CQC’s remit is to make sure that health and adult social care services provide people with safe, effective, compassionate, high-quality care.

As per the Information Commissioner’s Officer (ICO) guidance; if an organisation is relying on Article 9(2)(i), they also need to meet the associated condition in UK law, set out in Part 1 of Schedule 1 of the DPA 2018. For Public health, this condition is met if the processing is necessary for reasons of public interest in the area of public health which for CQCs remit it is.

Microsoft Limited is a processor acting under the instructions of CQC. Microsoft Limited role is limited to cloud storage (Microsoft Azure).

Data will be accessed by:
• Substantive employees of CQC
• Non-substantive employees (Contractors)

Where CQC use non-substantive employees (contractors), CQC include confidentiality clauses within contracts and obliges individuals to complete in-house training on data protection and confidentiality.

Outputs:

Outputs would be indicators to inform CQC assessment, risk, and contextual information for operational staff. Other outputs to include information for State of Care and other statutory reporting.

The outputs will not contain NHS England Data and will only contain aggregated information with small numbers suppressed as appropriate in line with the relevant disclosure rules for the dataset(s) from which the information was derived.

The outputs will be communicated to relevant recipients through the following dissemination channels:
• Public reports

On-going produced outputs include:

- data indicators that align to CQC's assessment framework for that sector
- bringing together information from people who use services, knowledge from CQC’s inspections and data from CQC’s partners
- outputs and reports indicating where the risk to the quality of care provided is greatest
- monitors change over time for each of the measures
- points to services where the quality may be improving

Outputs are produced on an ongoing basis and shared with the specific provider as well as granting access to key arms-length partners; for example, NHS England. This is aggregate information with small numbers suppressed in line with the suppression rules as specified in processing activities.

Processing:

No data will flow to NHS England for the purposes of this Data Sharing Agreement (DSA).

NHS England will share data with CQC via the Unified Data Access Layer (UDAL) data share*. UDAL is a data management system within NHS England that enables patient data to be processed and made available for analytical purposes.

*The data will be shared via the "Data Share" Service. This entails a data provider (NHS England UDAL) and a data consumer (CQCs Enterprise data platform), where the provider (NHS England) is in control of who receives data, when it is updated and how frequently.

The Data will be stored on servers at NHS England (UDAL) and CQC (based in the UK)

CQC stores data on the cloud provided by Microsoft Limited.

The Data will be accessed by authorised personnel via remote access.

CQC must confirm and provide evidence upon audit by NHS England that access via any remote device complies with the data security obligations within this DSA and the Data Sharing Framework Contract.

For remote access:
- Remote access will only be from secure locations situated within the territory of use (as further restricted elsewhere within the DSA if so done) stated within this DSA;
- Access controls granting users the minimum level of access required are in place;
- Remote access is only via secure connections (e.g., VPNs or secure protocols) to protect data;
- Multifactor authentication (MFA) is required for remote access;
- Device security, including up-to-date software and operating systems, antivirus software, and enabled firewalls are utilised for the remote access;
- All remote access is undertaken within the scope of the organisation’s DSPT (or other security arrangements as per this DSA) and complies with the organisation’s remote access policy.

The above applies in addition to any condition set out elsewhere within the DSA (e.g. who may carry out processing, and for what purpose).

The Data will not leave the UK at any time.

There will be no attempt to re-identify individuals with the sole exception of trusts using Local Patient Identifier to identify patients whose care appears problematic where strictly necessary.

Data will be stored in a dedicated and separate database ensuring physical separation from identifiable data held by CQC (received via a separate data sharing agreement). The measures in place are established to mitigate the risk of re-identification and ensure compliance with data protection standards.

Suppression methodology:

- Where data is shared with health and care providers, CQC would be sharing their own data with them so there would be no increased risk to confidentiality through the disclosure and the data would be shared under strict controls, with CQC giving a clear direction that the provider should not publish or otherwise onwardly share the data. If, hypothetically, the provider chose to subsequently share/publish the data contrary to CQC’s direction, the individual trust/provider would be making that decision on its own data.

- Where insight reports are subsequently shared with other arms-length bodies, CQC would work with these partners bodies to emphasise they must not be published because of NHS England suppression methodologies.

- For any data shared with care providers or arms-length bodies, CQC will adhere to the following measures to limit identifiability of individuals in the data:

In place of the different NHS England suppression methodologies for HES and MHSDS, CQC will carry out the below process when dealing with publications for circulation internally within CQC or externally with care providers or arms-length bodies partnering CQC:

- Zero allowed, 1-7 suppressed with '*', no rounding of values
- Percentages will be based on raw data; where low number values can be deduced from denominator, percentages will be suppressed.


CQC agreement for HES, MHSDS, MSDS, CSDS and ECDS and associated datasets — DARS-NIC-359603-D2Q6M

Type of data: information not disclosed for TRE projects

Opt outs honoured: No - consent provided by participants of research study, No - NHS Digital are statutorily obliged to provide the data to the CQC, Yes - patient objections upheld, No - Statutory exemption to flow confidential data without consent, Identifiable, Anonymised - ICO Code Compliant, No (Mixed, Does not include the flow of confidential data, Statutory exemption to flow confidential data without consent, , )

Legal basis: Other-Care Quality Commission's statutory powers - 2012 amendment to Section 64 of the Health and Social Care Act 2008, Section 42(4) of the Statistics and Registration Service Act (2007) as amended by section 287 of the Health and Social Care Act (2012), Other-Health and Social Care Act 2012 Schedule 12, Part 9, subsection 11, Health and Social Care Act 2012 - s261(5)(d), Care Quality Commission's statutory powers - 2012 amendment to Section 64 of the Health and Social Care Act 2008, Other-Care Quality Commission's statutory powers as set out in the 2012 amendment to the Section 64 of the Health and Social Care Act 2008., Other-General Data Protection Regulation Article 9 (2) (i) although GDP does not apply to data solely relating to deceased individuals. Dissemination: Health and Social Care Act 2012 - s261(5)(d),

Purposes: No (Agency/Public Body)

Sensitive: Sensitive, and Non Sensitive, and Non-Sensitive

When:DSA runs 2019-06-01 — 2020-05-31 2017.06 — 2024.09.

Access method: Ongoing, One-Off

Data-controller type: CARE QUALITY COMMISSION (CQC)

Sublicensing allowed: No

Datasets:

  1. Hospital Episode Statistics Accident and Emergency
  2. Office for National Statistics Mortality Data (linkable to HES)
  3. Hospital Episode Statistics Outpatients
  4. Hospital Episode Statistics Critical Care
  5. Hospital Episode Statistics Admitted Patient Care
  6. Bridge file: Hospital Episode Statistics to Mortality Data from the Office of National Statistics
  7. Bridge file: Hospital Episode Statistics to Mental Health Minimum Data Set
  8. Mental Health Minimum Data Set
  9. Office for National Statistics Mortality Data
  10. Civil Registration - Deaths
  11. Mental Health Services Data Set
  12. HES:Civil Registration (Deaths) bridge
  13. Civil Registration (Deaths) - Secondary Care Cut
  14. MSDS (Maternity Services Data Set)
  15. Community Services Data Set
  16. Emergency Care Data Set (ECDS)
  17. Mental Health and Learning Disabilities Data Set
  18. HES-ID to MPS-ID HES Accident and Emergency
  19. HES-ID to MPS-ID HES Admitted Patient Care
  20. HES-ID to MPS-ID HES Outpatients
  21. MSDS (Maternity Services Data Set) v1.5
  22. Mental Health Services Data Set (MHSDS) v5.0
  23. Civil Registrations of Death - Secondary Care Cut
  24. Community Services Data Set (CSDS)
  25. Hospital Episode Statistics Accident and Emergency (HES A and E)
  26. Hospital Episode Statistics Admitted Patient Care (HES APC)
  27. Hospital Episode Statistics Critical Care (HES Critical Care)
  28. Hospital Episode Statistics Outpatients (HES OP)
  29. Maternity Services Data Set (MSDS) v1.5
  30. Mental Health and Learning Disabilities Data Set (MHLDDS)
  31. Mental Health Minimum Data Set (MHMDS)
  32. Mental Health Services Data Set (MHSDS)
  33. Civil Registrations of Death

Objectives:

The Care Quality Commission (CQC) is a Non-Departmental Public Body and was established under the Health and Social Care Act 2008. It took on the functions of the Healthcare Commission, the Commission for Social Care Inspection, and the Mental Health Act Commission.

CQC has the function of regulating health and adult social care services in England (provided by the NHS, local authorities, private companies or voluntary organisations), and protecting the rights of people detained under the Mental Health Act.

CQC ensures that health and social care services provide people with safe, effective, compassionate, high-quality care and encourages them to improve.

CQC use these data to populate indicators within their Intelligent Monitoring (and forthcoming) CQC insight tools, which help CQC focus inspections of providers by deciding when, where and what to inspect. These data are also used to construct data packs (and forthcoming evidence tables) which bring together information and analysis for each provider and are used for inspection planning. These data are also used within the applicants Outliers programme to identify when key metrics relating to mortality rates and maternity outcomes reach a level that may warrant further investigation.

In addition, CQC use the information in thematic reviews and national reporting; for example the Annual State of Care report.

It is occasionally necessary to identify to a trust examples of their own patients whose care appears problematical. A single field - local patient identifier - is used as the HESID is not known to the trust. With this exception, no record level data is released to third parties.

CQC uses identifiable data in relation to its code of practice as per the below –
Under the 2008 Act (amended 2012), CQC is responsible for the regulation of:
- treatment, care and support provided by hospitals, GPs dentists, ambulances and mental health services.
- treatment, care and support services for adults in care homes and in people’s own homes (both personal and nursing care).
- services for people whose rights are restricted under the Mental Health Act.

CQC monitor, inspect and regulate services to make sure they meet fundamental standards of quality and safety and it publishes what it finds, including performance ratings to help people choose care.

CQC’s use of identifiable data is subject to our statutory Code of Practice on Confidential Personal Information (the code). The purpose of the code is to provide transparency on our use of information for data subjects and other stakeholders and as a guide for staff on the practices we will follow.

The code is a requirement of the Health & Social Care Act 2008 which itself creates safeguards on our use of information in addition to the requirements of the Data Protection Act 1998 and compliance with other relevant legislation and common law duties (as detailed in the code appendix).

Of particular relevance to this application is the CQC's first ‘principle’ - "governing our use of information." “We will only obtain confidential personal information where it is necessary to do so for the purpose of exercising our functions”. The CQC are satisfied the substance of this agreement meet this requirement.

All use of confidential personal information by CQC is in accordance with the ‘necessity test’ which informs the CQC's decision on obtaining, using or disclosing. This test is the foundation for the code and is designed to ensure the minimum processing is performed.

Of relevance to this application, the CQC ensure that access to the requested identifiable data is limited to the small team of whom it is necessary to process these data to produce non-identifiable outputs for internal CQC use. This is in accordance with the CQC's fourth principle, that "We will use only the minimum necessary confidential personal information. We will use anonymised information wherever possible…”

It is also CQC policy to extend the application of the Code to information relating to the deceased, providing further safeguards to the use of identifying data (Principle 7).

A number of identifiers are required for matching, to permit records for individual patients to be linked consistently both across and within datasets. These identifiers are date of birth (patient/baby/mother), postcode of patient, NHS Number, and local patient identifier.

The local patient identifier is also used where there is a patient whose care appears problematical. In this instance the local patient identifier can be sent to the originating Trust to assist with the investigations.

In addition, the patient’s postcode is used for assigning data to new PCT/LA/CCG boundaries, and for identifying other geography-related data (such as linking with deprivation tables, calculating distances from the address to the Trust, to help monitor for adverse events for people living in care homes).


Addition of LD Census Data:
CQC has a current agreement for access to HES and MHLDDS associated data. It is seeking access to LD Census that is, in many facets, a predecessor dataset to MHLDDS; many items within the LD Census (approx. 3000 records per year) were subsequently incorporated within the MHLDDS.

A key mandate for the LD Census collection (Section 2.5) stipulated that everyone with long-term conditions, including people with mental health problems, will be offered a personalised care plan that reflects their preferences and agreed decisions. CQC will use these data to measure their implementation through one or more indicators relating to care plan provision within learning disability services.

Addition of MHLDDS-ONS linked data:
CQC has a current agreement for access to HES and MHLDDS associated data (including the HES-ONS linked mortality file).

CQC are aware that there exist some community patients who do not have a HES record. In order to ensure that mortality analyses are able to cover fully all patient groups, CQC therefore request access to a MHLDDS-ONS linked data. This dataset would be used for the same objective as HES-ONS data within the current agreement.

Yielded Benefits:

CQC has embedded its new insight programme over the last twelve months. Core data from this data sharing agreement were used in the production of indictors that align to CQC’s key lines of enquiry for a particular sector (eg. hospitals). The indicators have been used to highlight the greatest risks to the quality of care and, through monitoring change over time, have pointed to services where the quality of care may be improving. These data are also used in the regulatory planning meetings (RPMs) as well as in the production of pre-inspection data evidence grids. These have allowed lead inspectors to decide which core services to inspect. The data have provided the groundwork for inspectors to approach identified areas with an appropriate set of questions providing a clear focus during the intensive inspection process. The data used in these products help to derive an ongoing assessment of the quality of core services. Areas of concern are highlighted and remedial action is monitored to follow up improvements. Additionally, areas of good practice are also flagged with the specific aim of using quality benchmarks to raise standards both within and across organisations. Side-by-side with this process, CQC’s outliers programme has continued to monitor and review potential outliers of high mortality and readmission rates. CQC received data from Dr Foster that provided an additional route for identification in addition to our own. Where concerns were identified, these were taken up by the relevant relationship owner in conjunction with appropriate analytical support to understand whether an issue existed and, where this might have been the case, whether the trust were aware of the concern and what remedial action had been put in place. The mortality data are therefore used to provide a fundamental resource in the understanding of the quality of the provision of care and provide a tool to highlight where possible concerns may exist and where further investigation is required. All outputs will only contain results in highly aggregated format and as statistical summaries and measures of association. Small numbers will be suppressed in line with the HES Analysis Guide. Record level information will not be released to any third party.

Expected Benefits:

In the applicant’s monitoring they prioritise the care and welfare of patients. People who use services should experience effective, safe and appropriate care, treatment and support that meets their needs and protects their rights.
CQC uses these data to help determine five core questions about services:
- Are they safe
- Are they effective
- Are they caring
- Are they well-led?
- Are they responsive to people’s needs?

HES, HES-MHLDDS (using the MHLDDS Bridging file) and MHLDDS data are used to determine key performance indicators in the Intelligent Monitoring/CQC insight products. Each indicator is categorised in one of the core domains that, in total, provide a view for both the public and clinicians on the quality of the provision of care. In addition to current indicators, CQC have used HES and MHLDDS data over the course of previous months in running models to determine the shape and content for CQC Insight (successor to Intelligent Monitoring); the driver being to improve the quality of information available in determining a risk-based monitoring approach,

The pre-inspection data packs/evidence tables help the planning and review stages of an inspection that seeks to highlight areas of poor care requiring improvement while also seeking to promote good practice. Each data pack uses the data (HES and/ or MHLDDS as appropriate) both to present an overview of the core business of the trust in terms of activity – helping to determine the specialist requirements of the inspection team - while also including specific metrics (eg. HES re-admissions as descriptive statistics).

HES and HES-ONS data are used in the outliers programme. Outlier events, such as high mortality or readmission rates may be identified either by CQC's own analyses or by those of Dr Foster. For both, CQC gathers all available information - including HES analyses, where appropriate, and advice from experts - and presents this to an internal review panel. This panel decides whether or not CQC investigate. When CQC decide to proceed, the data is shared information with the trust for them to review and comment upon. One of the review actions a trust may carry out is a case note review. On rare occasions the trust is unable to reconcile HES counts with their local systems. In those cases CQC may share a small number of values for the local patient identifier (lopatid) with the trust so they can identify patient notes to review. The mortality panels meet monthly while the maternity panels meet every two months. Where outlier concerns are identified, the subsequent contact and engagement with trusts have led to implementation of improvements in process that have had a positive impact on patient care.

HES, HES-ONS, HES-MHLDDS (using the MHLDDS Bridging file) and MHLDDS are used in analyses for thematic reviews and in the development of new Intelligent Monitoring/CQC insight indicators; for example, in reviewing quality of access to care across different ethnicities.

Thematic reviews provide in-depth analyses of chosen topics to inform CQC staff, clinicians and the public about that service/area of care while also highlighting areas for improvement/best practice; working with inspector colleagues, themed inspections allow CQC to develop recommendations for making improvements in the delivery of care. These recommendations are then incorporated into future inspections to encourage continual improvement. ‘End of Life Care’ and ‘Safety in hospitals’ are examples of thematic data reviews/themed inspections that took place during the period of the current agreement that helped to raise specific questions on the monitoring and provision care in these areas with a focus on future improvement.

Intelligent monitoring (and move to CQC insight) is updated at least once a quarter. Outlier analyses are undertaken on a monthly or bi-monthly basis. Data packs/evidence tables are created on an on-going basis for impending inspections. National reporting is a combination of predominantly annual reports as well as topic-specific reports released on a one off basis.


Addition of LD Census Data:
The pre-inspection data packs/evidence tables help the planning and review stages of an inspection that seeks to highlight areas of poor care requiring improvement while also seeking to promote good practice.

In addition, the data will also be used in the CQC’s remit to investigate serious concerns about the quality of public services. These data will be a vital pillar in both a national system of monitoring registered organisations, and the development and publication of reliable performance indicators.

CQC is tasked with measuring improvement in the health and social care provision. The ability to focus on the difference between the cohort incorporated within multi-year LD Census and the remaining patient population provides a real comparator against changes in healthcare outcome within the wider HES/MHLDDS datasets.

General profiling of users within individual locations of care will help the inspection team in planning the type of inspection and requirements in terms of inspection team members – ensuring appropriate skills-base to carry out optimum inspections. They will also provide the inspection team with pertinent questions about the optimum length of stay for the cohort of users.

The analyses and data packs/evidence tables also assist with the identification of providers operating illegally/ contrary to registration requirements. This will lead to follow up action by the registration team and consideration of enforcement action to counter and remove any illegal provision of care. This ensures vulnerable users are protected from poor provision of care.

Addition of MHLDDS-ONS linked data:
This dataset will be used alongside HES, MHLDDS and HES-ONS in creating the tangible benefits listed above. In particular, it will enable CQC to ensure that no community mental health users (without a HES record) are excluded from linked mortality analyses and, in so doing, help CQC develop a more holistic understanding of quality within a mental health setting.

Outputs:

The on-going outputs produced are:
Risk-based Monitoring (Intelligent Monitoring and CQC insight): outputs are published on the internet as indicators and overall provider ranking. This is aggregate information with small numbers suppressed.

Data and information packs/evidence tables: used by the inspections teams and shared with providers. This is aggregate information with small numbers suppressed. For example, 'Same-day procedure' indicator within HES sets out the proportion of elective admissions where the patient’s primary procedure was on the day of admission and provides high-level information to the inspection team for planning/ review purposes.

Outliers Programme: analysis of certain metrics derived from these data are shared with trusts who have hit a statistical threshold that is regarded as being of concern. A trust receives analysis only of patients admitted at that trust with a comparison to overall national rates. For example, indicators have been generated on ‘Perinatal mortality and neonatal readmissions’ used to monitor the care of new-borns; 'therapeutic endoscopic procedures on biliary tract' raised in response to a Dr Foster alert - investigated death rates for endoscopic procedures.

National Reporting: used to support the creation and population of national reports providing a qualitative review of health and care supported by aggregated information. The nature of these reports varies year on year depending on CQC's topics of interest. This is aggregate information with small numbers suppressed. For example, MHLDDS was used within CQC’s annual ‘Monitoring the Mental Health Act’; the 2014/15 publication appeared in December 2015.

Thematic reviews: used internally to inform CQC's regulatory activities. They provide an in depth review of selected areas of care, for example dementia care. This is aggregate information with small numbers suppressed. A further example being a review of urgent care in which the indicator of ‘death within 30 days of stroke, neck of femur, acute myocardial infarction’ was used from HES. They are shared publicly.

In the monitoring of organisations for ongoing compliance against essential quality and safety standards, CQC uses screening techniques in its Intelligent Monitoring/CQC insight tools, which analyse a wide variety of data sources to highlight possible outlying concerns that trigger actions where concerns are raised. Such screening methods are aided by a more local approach to information gathering and analysis, which is being developed in consultation with appropriate stakeholders. These techniques, currently along with national surveys of patients, help to create a more holistic understanding in informing its work with ongoing compliance, investigations, and thematic reviews.

In addition, the data will also be used in the CQC’s remit to investigate serious concerns about the quality of public services. These data will be a vital pillar in both a national system of monitoring registered organisations, and the development and publication of reliable performance indicators.

Addition of LD Census Data:
Data and information packs/ evidence tables: used by the inspections teams and shared with providers. This is aggregate information with small numbers suppressed. Data packs/ evidence tables contain analyses from a number of different sources and are produced as pre-inspection material designed to aid the planning of inspections at individual CQC locations. Where adverse events may be detected, an internal review of the findings would be required that could either feed into individual data packs/evidence tables or in determining the need to bring inspections forward.
National reports (for example, State of Care Report). High-level analyses with aggregate information with small numbers suppressed.

Addition of MHLDDS-ONS linked data:
This dataset will be used in conjunction with the HES and MHLDDS associated data in producing the list of outputs stipulated above. The data provides a crucial insight into mortality in mental health settings.

Processing:

Atos is CQC’s ICT service provider and was engaged through the IMS3 framework contract, let by the Department of Health.

The identifiable data are loaded into a separate database which is analysed by a small team (currently 6); this is the only team that can access the identifiable data. They analyse the data and provide cuts - anonymised at both record and provider level - for statistical packages for use in the Intelligence Directorate only by identified staff. These staff request the bespoke breakdowns from the analytical team.

Regarding the use of the data, HES, HES-ONS, HES- MHLDDS (using the MHLDDS Bridging file) and MHLDDS data are loaded into statistical packages and their outputs are used for the population of Intelligent Monitoring/CQC insight, individual data packs/ evidence tables, outlier analysis, thematic reviews, and national reporting products to support the objectives above. The outputs have small numbers suppressed in line with the HES Analysis Guide.

CQC presently identify the sources of data and the calculation methodologies for each of the products. In order to publicise more clearly to the public how CQC uses identifiable data, the CQC Board has approved our Information Governance strategy that requires CQC to conduct a review of the information it collects and uses directly/indirectly from the public and how this, in turn, is communicated more widely. This review will build on current moves(for example, review of published leaflets) to be more transparent about how such information features in our regulatory programme.

Addition of LD Census Data:
As above, the identifiable data will be loaded into a separate database where it will be analysed by a small team (currently 6); this is the only team that can access the identifiable data. They will analyse the data and, where sufficient numbers are present within the data to maintain confidentiality, will provide summary counts only for providers to be included within data packs/ evidence tables (see categories below):
- Data totally suppressed as total below 6
- Data totally suppressed as total below 6 when split by gender
- Data not provided for inclusion in data pack/ evidence table as total below 25 when split by gender (though internal discussions may take place on the results)
- Data suitable for presentation and incorporated within data pack/ evidence table or supporting materials

In order to help to understand the appropriateness of extended lengths of stay for particular conditions, it is necessary to be able to track an individual across more than one LD census. In the absence of a signifier like HES-ID, NHS Number and (where absent) DoB will be used instead. Reference will also be made to the appropriateness of the locations’ registration details (regulated activities). This is not designed to identify the individual but to ascertain an indicator of quality of care at a given location.

The tracking would involve the need to link with the HES/MHLDDS bridging file to understand if records for that individual were present in MHLDDS. Where present, the MHLDDS should confirm the LD Census return. Where no record/appropriate record is present in MHLDDS, CQC would follow the pathway in HES to seek to identify the presence of any adverse event; for example unusual admittance to hospital as referenced in Winterbourne View. Such monitoring of potential adverse events may have a significant effect on detecting and recognising providers of poor and harmful care.

For this purpose, CQC would seek agreement to link the LD Census return with HES/MHLDDS in this way.

Addition of MHLDDS-ONS linked data:
As above, the identifiable data are loaded into a separate database which is analysed by a small team (currently 6); this is the only team that can access the identifiable data. They analyse the data and provide cuts - anonymised at both record and provider level - for statistical packages for use in the Intelligence Directorate only by identified staff. These staff request the bespoke breakdowns from the analytical team.

The MHLDDS-ONS linked data would be processed in line with the HES-ONS linked mortality data set out above.


IPSOS CQC COVID-19 inpatients study — DARS-NIC-390964-G8W3R

Type of data: information not disclosed for TRE projects

Opt outs honoured: No - NHS Digital are statutorily obliged to provide the data to the CQC, Identifiable, No (Statutory exemption to flow confidential data without consent)

Legal basis: Health and Social Care Act 2012 – s261(1) and s261(2)(b)(ii), Health and Social Care Act 2012 – s261(1) and s261(2)(b)(ii); Other-Health and Social Care Act 2008 s64(1), Health and Social Care Act 2012 – s261(2)(b)(ii); Other-Health and Social Care Act 2008 s64(1)

Purposes: No (Agency/Public Body)

Sensitive: Sensitive

When:DSA runs 2020-07-17 — 2021-01-16 2020.07 — 2020.08.

Access method: One-Off

Data-controller type: CARE QUALITY COMMISSION

Sublicensing allowed: No

Datasets:

  1. Hospital Episode Statistics Admitted Patient Care
  2. Demographics
  3. Hospital Episode Statistics Admitted Patient Care (HES APC)

Objectives:

This agreement has been submitted by Ipsos Market and Opinion Research International (MORI) on behalf of the Care Quality Commission (CQC). The NHS Patient Survey Programme collects data on the experiences of patient using NHS services. It enables patients to provide feedback in a structured, statistically robust manner, providing data that can be used for regulation and service improvement. The programme has run since 2002 and uses robust methods which have been tested and developed over time. However, there was no survey running at the peak of the COVID-19 initial outbreak, and CQC considers patient experiences of care from this period to be a valuable tool informing planning and response to any second peak, and also to good quality on-going care.

CQC will publish a national and regional picture of the experiences of patients admitted and diagnosed with COVID-19, compared to those without. This information can be used by the regulator and system partners going into Autumn 2020 as Ipsos MORI and CQC plan for a potential second wave. The data will also inform more targeted work, including providing ICS and STPs directly with data allowing themselves to be benchmarked against peers for patient experience. Data is also going to inform the developing work CQC has started looking at Provider Collaboration during the crisis, with a view to supporting greater integrated response from services. The data, based at ICS/STP level will be essential to ensuring patient voice on experiences of how well services were integrated can be heard.

The research is being carried out to help the Care Quality Commission and system partners understand the experiences of patients who have been admitted to hospital with COVID-19, compared to those admitted for non COVID reasons. Data will be used to inform planning and improvements in care in the event of a second significant wave of COVID-19 related admissions. It will provide information at a national, regional and Integrated Care System (ICS)/ STP level on how safe, effective, caring and responsive care has been. By commissioning rapidly, CQC have an opportunity using existing NHS Patient Survey programme infrastructure to deliver evidence that can be used to inform planning and response of services during any second COVID-19 spike, as well as supporting the on-going care of those continuing to be admitted with COVID-19.

CQC will gain an understanding of people’s experiences of hospital care through the pandemic, which can be disaggregated to consider the views of people from different demographic backgrounds, region or ICS. CQC will have up to date information of the experiences of those with COVID-19 that can inform our regulatory response and support NHS acute trusts and wider integrated care systems. In the event of a second COVID-19 spike, this information can support better care experiences for patients.

The Care Quality Commission believe there are no moral or ethical risks. Similar questionnaires, methods and supporting materials have been used on the NHS Patient Survey Programme for other surveys e.g. the Adult Inpatient Survey. These materials and methods have been reviewed on numerous occasions by the Health Research Authority and the Confidentiality Advisory Group, and received favourable ethical opinion.

The questionnaire will ask about patients' experience of their stay in hospital and based on the current Adult Inpatient Survey, which covers the following areas:
- pre-admissions, admissions and triage
- hospital ward
- doctors and nurses
- care and treatment
- communications
- discharge and support

The research team at CQC and Ipsos MORI are consulting with various stakeholders (within CQC, hospitals and patients) in order to ensure that the questionnaire reflects recent experiences in relation to COVID-19.

Note that there will be no further follow up or contact with these patients as a result of them taking part in this research, their contact details will only be used for the purpose of collecting this information.

USE OF THE DATA
The data will be used to invite patients to complete a questionnaire on their experiences of NHS Hospital Care. This data will be analysed and reported at national, regional and ICS/STP level.

The survey will utilise similar questionnaire, supporting materials and methods as have been used since 2004 as part of the NHS Patient Survey Programme. With five surveys within the Programme, two of which run annually, Ipsos MORI methods and infrastructure have been tested and found workable before.

Ipsos MORI are liaising with colleagues at NHS England and NHS Improvement to ensure questions asked will provide aggregated results that are useful for their needs. The work will support CQC in delivering an annual Statement of Care, and also feeding into forthcoming ‘Provider Collaboration Reviews’ (a rapid review, launching in September, assessing the proficiency of integrated ways of working across ICS / STPs).

SCOPE
The data requested will be used in order to select a nationally representative sample of adults who have had an inpatient stay during the course of the pandemic. The overall aim of the survey is to complete interviews with 15,400 patients across all Trusts, to allow analysis at STP level. At this stage it is estimated that the response rate to the survey will be around 50%, which means contacting around 30,000 patients. The research will be used to help the Care Quality Commission and system partners to understand the experiences of patients who have been admitted to hospital with COVID-19, and those who have been admitted for non COVID-19 related reasons. Data will be used to inform planning and improvements in care in the event of a second significant wave of COVID-19 related admissions.

For this study, CQC will use data to provide a national, regional and ICS/STP level analysis of patients’ experiences of care that can be used to drive improvements in planning and care delivery. Data will be used to inform a forthcoming review of how well services have worked together across local systems and to provide data to local areas to inform planning for a subsequent significant recurrence of COVID-19.

Aggregated, non-identifiable data will be shared with NHS England NHS Improvement Insight colleagues who are collaborating with questionnaire design, to feed into their patient experience priorities. Question level data will also be shared directly with ICS/STP partners to use for improvement purposes.

A small number of NHS Trusts and patients have been invited to contribute to the questionnaire design phase.

The research aims to contact a representative sample of patients who have had an inpatient stay (of one night or longer) over the period of the pandemic in an acute and specialist NHS hospital. This will include patients who have been affected by COVID-19 – either admitted with COVID-19 or diagnosed during their stay – and non-COVID-19 patients. All must have been subsequently discharged. the exact dates of the extraction will depend on the data available from the HES APC data set, but at this point discharge figures will be available for April and May 2020.

A number of exclusions will apply, including deceased patients, children or young people aged 16 or under, day cases, private patients, those without a UK addresses or with an unusable address, records flagged as FP69, sensitive or invalid records, test records, patients known to have requested their details are not used for any purpose other than their clinical care, duplicates. Obstetric and maternity service users, patients admitted for planned termination of pregnancies and psychiatry patients should also be excluded as the experiences of these patients are being captured under other specific questionnaires.

To conduct the survey Ipsos MORI needs a sample of inpatients aged 16+ in England discharged between April and May 2020, made up of patients admitted with COVID-19 or diagnosed with COVID-19 during their stay, and non-COVID-19 patients. The sample is expected to be drawn from the HES Admitted Patient Care (HES APC) data set. As explained in the Processing Activities, Ipsos MORI is first requesting pseudonymised records of the whole eligible population, from which Ipsos MORI will draw a sample. Names and contact details will be required only for the sample drawn.

Patients will be invited to take part in the survey online or by telephone, and will be notified of the survey through an advance letter, followed by a series of reminders (letter and SMS), and ultimately a telephone call (if they have a number available on the sample). The contact strategy for the survey aims to encourage patients to take part online first (cheaper and less intrusive) but then goes on to offer telephone completion (to be more inclusive for those who cannot or are not able to take part online). Best practice in research suggests that contact with patients should be legitimised by an initial mailing letter, clearly setting out the survey purpose and aims, including transparent information about how the data will be used in line with GDPR requirements. This will then be followed with a reminder strategy that builds on the original messaging and motivations using a range of means of contact. All patients will have had at least 2 contacts prior to receiving a telephone call (and up to 4 if they have a mobile number).

Only certain fields from HES APC will be needed at each stage (See Processing Activities). The two-stage process (provision of pseudonymised whole population records followed by the names and contact details for the sample drawn) is necessary so that Ipsos MORI can review the population profile, and advise CQC about the most appropriate sample design. It will also minimise the burden on NHS Digital as it will allow Ipsos MORI to draw the sample from pseudonymised records.

In terms of geographical spread, the data requested should cover the whole of England, in line with CQC’s remit, and because analysis is needed at STP level.

There are no viable alternative and less intrusive ways of collecting reliable feedback from Covid and non Covid inpatients about their stay in hospital during the pandemic – an opt in approach would not generate statistically robust data in a timely manner and would not be affordable. The 2020 adult inpatient survey fieldwork will take place in January/February 2021 which will be too late to capture inpatient's experiences during the pandemic while it is still fresh in their mind. Capturing inpatients’ experience during the pandemic is essential to plan for a potential second wave.

DATA CONTROLLERS AND DATA PROCESSORS
The Data Controller for this project is CQC and the Data Processor is Ipsos MORI. Two approved suppliers from Ipsos MORI will also be involved:
1. Formara, which will send out invitation letters to patients so they can take part in the survey, and
2. Text Local, which will send SMS with a unique link to the online survey to each patient with a mobile number.

The data they will have access to are listed in Processing Activities.

LEGAL BASIS
The lawful basis for processing is Article 6(1) (e) - “processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”.
CQC͛s remit is to make sure health and social care services provide people with safe, effective, compassionate, high-quality care and CQC encourages them to improve. It does that through effective monitoring and inspection activity underpinned by an Intelligence insight programme that draws together risk and bench marking metrics. For this study, CQC will use data to provide a national, regional and ICS / STP level analysis of patients’ experiences of care that can be used to drive improvements in planning and care delivery. Data will be used to inform a forthcoming review of how well services have worked together across local systems and to provide data to local areas to inform planning for a subsequent significant recurrence of COVID-19.

The survey will involve processing special category data in relation to the health and ethnicity of individuals taking part. The results will be used for processing relevant information to support the current efforts of the Care Quality Commission to support the NHS and other system partners in their response to the ongoing COVID-19 pandemic.

Processing of special category data will not rely upon point (g) of Article 9(2) of the GDPR for a lawful basis.
Processing will rely upon item (i) of Article 9(2) as the purpose of the survey is to inform planning and improvements in care in the event of a second significant wave of COVID-19 related admissions, so as to improve the effectiveness and efficiency with which care is provided and to protect public health.
Personal data processed for the purposes of the study, including special category personal data, will be subject to the provisions of CQC's function under section 48 of the Health and Social Care Act 2008 that permits CQC to conduct any special review or investigation into the provision of NHS care, the commissioning of NHS care, or into the provision of care or services or the exercise of functions by bodies or persons generally or by particular bodies and persons. Care Quality Commission’s (CQC) statutory powers under section 64 (part 1) of the Health and Social Care Act 2008 allow CQC to require information from all registered providers as well as key organisations in the oversight of health and social care; for example, local authorities and NHS Digital (Health and Social Care Information Centre). These powers are constrained by the application of CQC’s Code of Practice for Confidential Personal Information that requires all consideration of the use of (potentially) identifiable data to meet the necessity test.



Expected Benefits:

Ipsos MORI plan to run a rapid, yet robust survey of the experiences of people admitted to hospital with COVID-19 during the peak of the pandemic. Ipsos MORI have expanded the scope of this work to include non COVID-19 admissions to allow comparisons between the two distinct cohorts. This survey will provide statistically robust results at a national, regional and Integrated Care System (ICS)/ STP level on how safe, effective, caring and responsive care has been.

By commissioning rapidly, Ipsos MORI have an opportunity using existing NHS Patient Survey Programme infrastructure to deliver evidence that can be used to inform planning and response of services during any second COVID-19 spike, as well as supporting the on-going care of those continuing to be admitted with COVID-19.

CQC will gain an understanding of people’s experiences of hospital care through the pandemic, which can be disaggregated to consider the views of people from different demographic backgrounds, region or ICS. This information will be shared with organisations across the healthcare system to facilitate and feed into their own local improvement work. The NHS Patient Survey Programme has significant experience of sharing actionable patient experience data to draw upon.

CQC will have up to date information of the experiences of those with COVID-19 that can inform our regulatory response and support NHS acute trusts and wider integrated care systems. In the event of a second COVID-19 spike, this information can support better care experiences for patients.

This survey will be the first of its kind, and is a unique opportunity to provide valuable, robust, comparable data to the healthcare system during this ongoing public health crisis. The data gathered will serve the public interest as it will be shared with system partners to inform their planning and response of services during any second COVID-19 spike, as well as supporting the ongoing care of those continuing to be admitted with COVID-19. Ipsos MORI have developed a methodology which will allow them to report robust findings at pace, with their aim being to publish results in September 2020. The success of this survey is dependent on being able to draw a representative centralised sample, as it would not be feasible to have samples drawn locally within the timescales they are working to.

The end product from this survey will be a set of aggregate statistical data that does not contain patient identifiable information. This statistical data set will be used to produce a national report on the experiences of people admitted to hospital with COVID-19 as well as filtered tables which detail results for each individual NHS region and ICS/STP. These results will be shared and presented to partner organisations across the Healthcare system to inform their ongoing care of those continuing to be admitted with COVID-19.


Ipsos MORI will be sharing the statistical outputs from this work as soon as sufficient quality assurance has been conducted. The final outputs will not contain any patient identifiable information, only aggregate scores with small number suppressed in line with the HES Analysis guide. Reports will be published on the CQC website and issued directly to ICS/STPs. Findings will also be shared with partners from across the healthcare system to raise awareness of the available data and encourage secondary use.

The outputs will be used to (1) compare experiences of COVID-19 inpatient experiences across region and STP/ICS – presenting an opportunity to learn from areas of best practice, (2) inform planning and response of services during any second COVID-19 spike, as well as supporting the ongoing care of those continuing to be admitted with COVID-19.

The overall aim of the survey is to complete interviews with 15,400 patients across all Trusts, to allow analysis at STP level. At this stage it is estimated that the response rate to the survey will be around 50%, which means contacting around 30,000 patients. This is a potential measure of the burden of the survey for participants (average length of around 15 minutes to complete). However, the benefits in terms of future number of patients and potential cost/efficiency savings will be measurable in relation to improvements to care that can be implemented in response to a potential second wave of the virus.

There will be multiple expected benefits from this work, CQC will benefit as the data will be used in Ipsos MORI's regulatory response and support NHS acute trusts and wider integrated care systems.
Third party beneficiaries include partners across the healthcare system and the general public who will use hospital inpatient services in the future.

Engagement with results can be measured through social media, interactions with the website and broader media activity.

Ipsos MORI expect benefits to be achieved during Autumn 2020 as soon as results are disseminated across CQC and with partner organisations. They will help to inform panning for future COVID-19 resurgence.

Outputs:

At the end of fieldwork data will be weighted to ensure it is representative of the profile of patients who were admitted as inpatients within the given time-frame. Ipsos MORI will then provide data tables and a clean SPSS file to CQC. The tables are expected to contain key cross-breaks such as COVID-19 patients vs non-COVID-19 patients, age band, gender, region, length of admission, etc. Filtered, regional or STP tables will also be provided.

On the tables, cells with fewer than 8 cases will be aggregated to ensure no respondent can be identified, as per the HES Analysis Guide. The data tables and SPSS file will not contain any identifiable information but in the SPSS file it might be able to identify a survey respondent by combining some variables in small STPs. For that reason access to the SPSS file within CQC will be restricted to named members of staff and anyone accessing it will be required to sign a data sharing agreement.

The data tables will be supported by a short technical note on how the survey was conducted along with information around response rates.

PowerPoint reports may also be provided, at national and STP levels. STP levels reports would be automated and ready to be used by STPs.

Ipsos MORI will provide the above outputs to CQC in September 2020.

A report setting out results comparing the experiences of care for COVID-19 and non COVID-19 patients will be produced, showing results for national and regional level care. Data tables will be produced to provide results to ICS/STPs to use for local planning and improvement purposes.

Results will inform content of the CQC Annual State of Care Report, which is being expanded to include a focus on the impact of the pandemic in 2020. Results will also be used to contribute to findings from Provider Collaboration Reviews taking place during September 2020. Further engagement activities are currently being discussed with Engagement colleagues.

Ipsos MORI will be sharing the statistical outputs from this work as soon as sufficient quality assurance has been conducted. The final outputs will not contain any patient identifiable information, only aggregate scores and suppression applied as per the HES Analysis guide. Results will be published on the CQC website. This will be supported by email correspondence with partners from across the healthcare system to raise awareness of the available data and encourage secondary use.

The end product from this survey will be a set of aggregate statistical data that does not contain patient identifiable information. This statistical data set will be used to produce a national report on the experiences of people admitted to hospital with COVID-19 as well as filtered tables which detail results for each individual NHS region and ICS/STP. These results will be shared and presented to partner organisations across the Healthcare system to inform their ongoing care of those continuing to be admitted with COVID-19.

The outputs will be used to:
(1) compare experiences of COVID-19 inpatient experiences across region and STP/ICS – presenting an opportunity to learn from areas of best practice,
(2) inform planning and response of services during any second COVID-19 spike, as well as supporting the ongoing care of those continuing to be admitted with COVID-19.

Once results have been sufficiently quality assured they will be uploaded to the CQC website. Ipsos MORI will be supported in communicating the results by our CQC Engagement Team. Activities are likely to include engagement with media and partner organisations across the healthcare system to raise awareness of the available data and encourage secondary use.

The target date for sharing of reporting outputs is September 2020.

Processing:

Data requested will be in two stages:
1. one drop of pseudonymised record level HES APC data for all individuals 16 years and over who have been admitted to acute and specialist NHS hospitals (and subsequently discharged). They must have had at least one overnight stay during the time-frame of 1st April 2020 to end of May 2020. This will be linked to demographic data for application of exclusion criterion to HES APC data prior to dissemination.

Data will include (Study ID), Gender, Age bands (16-19 years old at date of extraction, then 5 year bands from 20 years old onwards at date of extract), trust code (at discharge), admission and discharge dates, and COVID-19 diagnosis (admitted with COVID-19, COVID-19 diagnosis during stay, other).

This pseudonymised data set is required so that Ipsos MORI can look at the population profile and advise CQC about the most suitable sampling approach for the survey.

2. An identifiable record level drop of linked Demographics and HES APC data (patients full name, address including postcode, telephone number -landline and mobile, month and year of birth, and site code at discharge) based on a list of study IDs provided by Ipsos MORI.

This identifiable data set is required to enable people to be invited to take part in the research.

METHOD:
1. Ipsos MORI will first request NHS Digital to create pseudonymised records using HES APC data of all inpatients aged 16 years old and over who have been admitted to acute and specialist NHS hospitals (and subsequently discharged). They must have had at least one overnight stay during the time-frame of 1st April 2020 to end of May 2020.

2. NHS Digital will add a Study ID to pseudonymise the data set and include Gender, Age bands (16-19 years old at date of extraction, then 5 year bands from 20 years old onwards at date of extract), trust code (at discharge), admission and discharge dates, and COVID-19 diagnosis (admitted with COVID-19, COVID-19 diagnosis during stay, other).

Exclusions criteria will apply:
• deceased patients
• children or young persons aged under 16 years at the time of sampling
• obstetrics/maternity service users, including spontaneous miscarriages
• patients admitted for planned termination of pregnancy
• psychiatry patients
• day cases
• private patients (non-NHS)
• patients without a UK postal address or patients whose address was unusable because it was incomplete

3. NHS Digital will send the resultant pseudonymised data to Ipsos MORI via NHS Digital's Secure File Transfer Service (SEFT).

4. Ipsos MORI will then draw a sample of records from that pseudonymised data sets based on the sampling approach agreed with CQC. Ipsos MORI will send the pseudo-Study-IDs back to NHS Digital via NHS Digital's Secure File Transfer Service (SEFT).

4. NHS Digital will take Pseudo Study-IDs and append patients full name, address including postcode, telephone number (landline and mobile), month and year of birth, and site code at discharge. NHS Digital will disseminate the identifiable data back to Ipsos MORI via NHS Digital's Secure File Transfer Service (SEFT).

CQC will not have access to any identifiable data at any point during the survey, unless a disclosure of harm or a safeguarding issue is raised by a patient during an interview. Depending on the disclosure made, it may have to be escalated to CQC – patients would be made aware of this and if possible and appropriate their consent for the disclosure would be sought. The advice of Ipsos MORI disclosure board would be sought prior to any disclosure being made.

Ipsos MORI will then remove incomplete addresses from the sample and prepare a final master sample file. This will include the data fields first provided by NHS Digital (the identifiable and non-identifiable data will be linked at that stage, by the Ipsos MORI project team). Trust codes at point of discharge will be used to append STPs to each record – the data mapping STPs with trust codes is publicly available. All samples files with identifiable data will be saved encrypted and password protected, on a segregated part of Ipsos MORI server, with access given to the project team only. All project team members are permanent members staff employed by Ipsos MORI. They are required to abide to Ipsos MORI policies on information security, data protection and physical security (attached) and have received training on these. Ipsos MORI will process and store the data sets provided by NHS Digital in line with these policies.

Specific sample files will be prepared for internal and external suppliers for the purpose of conducting the survey, which will contain only the relevant fields needed for the task:
• The sample for the online team will only include unique identifiers created by Ipsos MORI. The online team at Ipsos MORI will append unique links to the online survey for the SMS survey invitation and unique log in details (username and password) for the printed survey invitation.
• The sample for the printing supplier, Formara, will only include a unique identifier (created by Ipsos MORI), title, name, address, and unique log in details to the online survey. Formara will print and send out the survey invitations and the reminders a few days later. The letter will invite people to complete the survey online or over the phone, and will be sent by Whistl.
• The sample for the SMS supplier, Textlocal, will only include unique identifiers (created by Ipsos MORI), mobile numbers (for patients that have one), the site name at discharge (to be inserted in the text message), and a unique link to the online survey. Textlocal will use these to send survey invitation (and reminders) by text message with a link to the survey, and these will be sent about at the same time as the printed letters.
• Ipsos MORI will provide a reminder sample to Formara and Textlocal a few later, excluding patients who have already taken part in the survey or have opted out. The samples provided to these suppliers will contain the same fields as before.

The sample for Ipsos MORI telephone centre will only include the information needed to call patients to invite them to take part in the survey and to monitor the fieldwork (e.g. check number of interviews achieved in each STP with COVID-19 vs non-COVID-19 patients). It will only include patients who have not taken part online by a certain date, or who have requested a telephone interview. Telephone interviewers will only see the information they need to conduct the interviews, i.e. the names and phone numbers of the people they are calling.

Formara - Printing of all letters and outer envelopes. Enclosing of all packs. Delivery of packs to Whistl for dispatch.
Whistl - Collect questionnaire packs from Formara. Dispatch all questionnaire packs to Royal Mail via downstream access.
Textlocal - Textlocal Sending text messages to selected participants.

Formara, Whistl and Text Local are both approved Ipsos MORI suppliers (subcontractors) which means that they are also certified to ISO 9001 and ISO 27001 and an Article 28 compliant data sharing agreements are in place. They are not considered Data Processors in this application as they each have a Data Sharing agreement with Ipsos MORI and CQC for the services performed.

Once the fieldwork is complete, the survey data will be weighted and analysed by Ipsos MORI and some of the sample information will be linked to the survey responses for that purpose (STP, trust code, gender, age bands, COVID-19 patient vs non-COVID-19 patient).

Personal identifiable data (e.g. name and contact details) will be securely deleted from Ipsos MORI systems within a month of project completion. Only aggregated date with small number suppression applied as per the HES Analysis Guide will be kept after that date.

HES DISCLOSURE CONTROL / SMALL NUMBER SUPPRESSION
In order to protect patient confidentiality, when presenting results calculated from HES record level data, outputs will contain only aggregate level data with small numbers suppressed in line with HES Analysis Guide. When publishing HES data, you must make sure that:
· cell values from 1 to 7 are suppressed at a local level to prevent possible identification of individuals from small counts within the table.
· Zeros (0) do not need to be suppressed.
· All other counts will be rounded to the nearest 5.
Data will not be made available to any third parties other than those specified except in the form of aggregated outputs with small numbers suppressed in line with the HES Analysis Guide.