The creation of ‘accredited safe havens’ to allow commissioners to process some patient confidential data is being help up by the wait for the government’s response to Caldicott2.

In her second review of information governance in the NHS, Dame Fiona Caldicott recommended that ASHs should be established to allow commissioners to use weakly pseudonymised data for some commissioning functions.

This would probably involve use of the NHS Number. All commissioning support units and some clinical commissioning groups have expressed an interest in becoming an ASH.

The matter is regarded as urgent by clinical commissioners, who last month wrote to NHS England saying they cannot carry out essential functions such as invoice validation and risk stratification, because of issues around processing PCD.

However, the government’s response to Caldicott2 is not expected until September or October, causing delays to the process.

In April, NHS England was granted a six-month extension to a Section 251 exemption to allow some identifiable data sets to be disclosed by the Health and Social Care Information Centre to CCGs and CSUs working towards ASH status. This expires on 31 October.

An HSCIC spokesperson told EHI: “work has begun to consider ‘safe haven’ accreditation, but we are awaiting the government’s response to Dame [Fiona’s] report in order to fully set out the criteria for this process."

NHS England’s director of data and information management systems Ming Tang told EHI the steps for becoming an ASH have not been finalised.

“We need to get all three parties – NHS England, DH and HSCIC – to agree the end destination in terms of who’s going to be eligible, what are the standards and how to maintain those standards,” she said.

Tang said NHS England may have to go back to the Confidentiality Advisory Group for another Section 251 extension to cover the accreditation process, but this time its requirements would be much more focused.

Primary care trusts had statutory bases for accessing PCD for certain purposes, but under the Health and Social Care Act 2012 commissioning organisations do not.

They must therefore rely on either patient consent or use fully pseudonymised data, unless they can become an ASH.

A letter sent by NHS England’s directory of strategy and intelligence Christine Outram to CCGs this month says the Act “presents real challenges to our day to day activities."

“Given the gravity and urgency of the situation we all face, NHS England has committed to a significant programme of work to try to address the issues and repercussions for commissioners,” the letter says.

NHS England is working to map all the business processes that previously used PCD and is identifying short-term work arounds and long-term solutions to these, while also looking at the financial impact.

The commissioning board has already issued guidance on risk stratification and is putting systems in place to deal with the issue of invoice validation.

NHS England has formed a programme board, chaired by Outram and with representatives from the DH, HSCIC, CSUs and CCGs “to define the operating model for how patient level data services will be provided to commissioners”.

“These data services will meet all relevant information governance safeguards and may be provided by third party data analytical services,” it says.

As reported in EHI last month, there is also an information governance task force that will report to the board. One of its tasks it to publish a regular bulletin on IG issues, with the first published last month