Some patient confidential data will continue to flow to commissioners until the end of the year while the Confidentiality Advisory Group considers three new Section 251 exemption requests.

In April, the CAG granted NHS England a six-month extension to a s251 exemption, previously held by primary care trusts, to allow some identifiable data sets to flow to the newly created clinical commissioning groups and commissioning support units.

This exemption expired on 31 October. However, a CAG spokesman told EHI that it has been extended, while new applications are considered.

NHS England has submitted additional s251 requests to extend the current arrangements by 12 months. It has also applied for an exemption to cover “additional commissioning purposes”, but has not provided detail of what this would involve.

The CAG spokesman said: "The earlier exemption given to NHS England has been extended, and NHS England has made three further applications, which are under consideration.

"The outcome of these applications will be published in early December in the minutes of the November CAG meeting." The group does not make final decisions itself, but advises the health secretary.

These stop-gap measures are necessary while the NHS adjusts to a new world in which both Dame Fiona Caldicott’s second review of information governance and the government’s response have confirmed that commissioners should not have access to PCD for commissioning purposes. Both say such data should only be used for ‘direct patient care’.

However, commissioners claim they cannot fulfil some vital functions without PCD such as invoice validation and risk stratification. NHS England has been releasing regular information governance bulletins for commissioners struggling with these issues.

Another solution being worked on is the creation of ‘accredited safe havens’. Caldicott2 recommended that ASHs should be established to give commissioners access to weakly pseudonymised data for some commissioning functions. This would involve the use of data containing a single identifier, probably the NHS Number.

However, the latest Health and Social Care Information Centre board minutes reveal that creation of ASHs is a contentious issue, because of the risk of data being easily re-identifed.

The HSCIC is working with the Information Services Commissioning Group IG subgroup to decide whether ASHs should be approved as a solution and the process for accreditation.

"It is clear that there are significant differences of opinion on where an Accredited Safe Haven should be considered as the solution for a data sharing requirement," the board paper concludes.

There are 69 commissioning support units and clinical commissioning groups currently seeking interim ASH accreditation.