NHS England’s director of data and information management, Ming Tang, likens the commissioning board’s efforts to sort through the information governance facing the new NHS to “working through treacle.”

At EHI’s Information for Commissioning event last week, there were repeated complaints that the Health and Social Care Act passed last year had made it far more difficult for commissioners and their support organisations to obtain the information they need to tackle planning and population health issues.

The Act appears to have neglected to pass some key data handling responsibilities from primary care trusts to the complex web of organisations that now have responsibility for commissioning. And the recent Caldicott 2 report has not helped, either.

Tang told the conference that there would be no resolution to these issues soon. She said advice from the newly created Confidentiality Advisory Group was that NHS England needed to be “much stronger” in how it handles data.

Also, that it can only be linked within the Health and Social Care Information Centre, and that there will be a “quintuple lock” on handling, to comply with various pieces of legislation and the new Caldicott demands.

“We’re trying to work through the treacle of what that means and how, operationally, it will work and how we get the right data in the right hands to ensure we can do something with it,” Tang explained.

Yet, at the same time, there is a demand for more information, from the centre as well as locally. NHS England has identified more than 30 streams of data it wants to collect to meet its mandate to hold the health service to account for outcomes.

“Part of the reason why we’re in this information governance face-off at the moment is because we’re starting to collect a lot more data and we have to be more responsible in how we use that data in order to improve patient care,” Tang said.

“Once we decide who can have what we can move collection from activity to events and start designing how we collect data at the point of use.”

The big issue

Section 251 of the NHS Act 2006 allows the health secretary to set aside the common law duty of confidentiality in specific circumstances in which anonymised information is not sufficient and where patient consent is not practicable.

The NHS Information Centre traditionally held this exemption to allow it to send Secondary Uses Service data to primary care trusts for various uses.

These include as risk stratification, which uses analysis of population level data to identify individuals who may, for example, be at high risk of hospital admission, so they can be dealt with by virtual wards and similar services.

When primary care trusts were axed in April, there was no longer a legal basis for the flow of information. NHS England has applied to the CAG for a section 251 exemption.

In April it was granted a three-month extension to use section 251 while the longer-term situation is resolved. It is now awaiting a response from health secretary Jeremy Hunt about whether an application for a 12-month exemption will be granted.

Tang told Information for Commissioning delegates that she expected to hear back from CAG soon. However, it may not be the news that commissioners, their support organisations, and the analysis and consultancy companies trying to sell services to them want to hear.

Tang predicted that NHS England would get a shorter than 12-month exemption and would have to report back on actions, working towards the recommendations of Dame Fiona Caldicott’s second review of information governance in the NHS.

This appears to have complicated matters because, while it generally attempts to shift the NHS in the direction of more information sharing to support patient care, it specifically suggests that anonymised data should generally be sufficient for commissioning, and that where it isn’t only limited patient identifiers should be reattached.

Suppliers questioned Tang about how customers could continue to use their risk stratification tools in the new environment.

“We can’t ask all patients – it’s not practical – so we’re working with the CAG on how we can do that in a controlled way using recommendations in the Caldicott review,” responded Tang. “We probably need some pseudonymisation of data to do that.”

One supplier warned that if services could not be used they would “fade away.” Tang acknowledged the problem, but said no one was talking about “switching off the tap”, rather putting more controls in place.

“Whichever way you look, constraints around IG are going to be there. We have to find a way to be lawful but make it work for clinicians and that’s what we’re trying to work through at the moment.”

Pseudonymise this

Nuffield Trust senior research analyst Ian Blunt says the fundamental question is whether commissioning organisations should have access to the same level of data that PCTs had.

“I have a lot of sympathy for CCGs because they are just sort of waiting for these arrangements to be put in place and trying to draw up contracts in a bit of a void,” he says.

While there are “bits of guidance” around current rules, there is no certainty that these will be the same in a year’s time.

Blunt argues that Caldicott2 is entirely right to say that most commissioning can be done without access to directly identifiable data.

“The big challenge is how to get from where we are now, to the new world where things are set up to use pseudonymised data rather than identifiable.

“That will be a challenging path to negotiate for commissioners trying to run wholly new commissioning bodies at the same time.”

The research community has been using pseudonymised data for some time. However, Blunt admits this may become harder as researchers can currently link two pseudonymised data-sets, but Caldicott2 recommends that this only be done within ‘safe havens’.

He adds that the “devil will be in the detail” of the Caldicott2 response as it has a lot of practical implications for data flows.

“There needs to be an awful lot of thinking about how to make them work sensibly. Clinical commissioning groups tendering for commissioning support unit and information provider support have been put in a very difficult position right now.”

Blunt says some clarity is needed as soon as possible, even if this is only in “holding form” while long-term rules are established.

“It’s certainly surprising that some of this is being sorted out after the fact. They should have gone into 1 April with clear guidance on this sort of thing so CCGs could get enter sensible contracts.”

“An awful lot of effort went into establishing CCGs and their many functions. I wonder how much of a priority some of this information-sharing was when thinking about those or were there more pressing topics to address?”

At the coal face

Tang told her audience last week that Data Management Integration Centres were developed to create scale for commissioning.

“For GPs and CCGs to do in-house processing… my personal view is that there’s going to be pressure on your resources to do that. A CCG’s raison d’etre isn’t to be a business intelligence service, it’s to be a clinical commissioner; so there are drivers in that way of working.”

However, NHS West Suffolk CCG is one of 31 groups nationwide that does not have a DMIC in its area. Head of information development Pippa Mullan explains that this meant that the CCG has had to consider very carefully how it deals with identifiable data feeds from providers that do not submit to SUS.

The CCG previously processed patient identifiable data in-house to do things such as auditing and monitoring patient care delivery, ensuring effective pathways, supporting service re-design and validating invoices.

The section 251 exemption means the group can handle SUS data in the short-term. However, Mullan says Caldicott2 is clear that the HSCIC is the only body with legal cover to process patient-level data and the CCG is therefore looking to contract with a DMIC for data processing services.

Some DMICs are offering a price per head of population for this service, while others are operating on a fixed price model.

NHS West Suffolk hopes to have chosen a DMIC within two months and be operational by October, but still has to go through a detailed specification process to understand which services it is likely to procure.

She says local models of working were agreed without the understanding nationally that this situation was going to occur.

“We weren’t really fully aware of the implications until the early part of this year. As soon as we realised the implications we got working on it,” says Mullan.

She was unsure about the extra costs this would involve, but says there will also be savings in investments so hoped the overall cost impact would not be material.

“We have done a lot of groundwork over the last six weeks and we know it’s only temporary. We are confident there are DMICs that can provide us with the service that we need.”