NHS England has submitted three Section 251 exemption requests to allow some patient confidential data to continue to flow to commissioners for another year.

Just last week, the government’s response to Dame Fiona Caldicott’s second review of information governance confirmed that commissioners should not have access to PCD for commissioning purposes. Rather, it should only be used for ‘direct patient care’.

However, commissioners claim they cannot fulfil some vital functions without PCD and NHS England needs time to come up with solutions to make the new rules work.

In April, the Confidentiality Advisory Group granted NHS England a six-month extension to a s251 exemption, previously held by primary care trusts, to allow some identifiable data sets to continue to flow to the newly created clinical commissioning groups and commissioning support units.

The exemption expires on 31 October.

NHS England confirmed to EHI that is has provisionally submitted an application to the CAG to extend this by 12 months. It has also applied for an exemption to cover “additional commissioning purposes”, but has not provided detail of what this would involve.

The third application is to support a clinical audit of Winterbourne View Hospital.

They will be considered at the group’s next meeting on 3-4 October.

The original exemption was to cover those organisations applying for ‘accredited safe haven’ status with the Health and Social Care Information Centre.

In her second review of information governance, Dame Fiona Caldicott recommended that ASHs should be established to give commissioners access to weakly pseudonymised data for some commissioning functions. This would probably involve use of the NHS Number.

However, a Department of Health response to Caldicott2, issued last week, does not directly endorse this solution. Instead it says that an information governance sub-group of the Informatics Services Commissioning Group will consider the creation of ASHs.

Despite this, the ASH process appears to be moving ahead. The HSCIC’s latest board papers says all CSUs have lodged their request to become an ASH and achieved Information Governance Toolkit level 2.

“The outstanding activity for the CSUs is to complete the data sharing contract and data sharing agreements as stipulated in the s251 approved by CAG,” the chief executive’s report says.

“Some CCGs, those which are not aligned with CSUs, have similarly commenced, but not completed the ASH registration process.”

Read more about the DH’s response to Caldicott2 in Insight.