Updated quarterly register of data releases published by HSCIC
2 July 2014: The Health and Social Care Information Centre (HSCIC) today publishes the latest quarterly edition of its register of approved data releases, which details releases made between 1 January 2014 and 31 March 2014.
The register lists each organisation, the type of data released, the legal basis for release and the purpose for which the data was provided.
Also included in this edition of the register are the NHS Information Centre (NHS IC) approved data releases where data has subsequently been released by the HSCIC, as highlighted in the Partridge review.
Today's register also includes information about non-clinical data releases made by the National Back Office (NBO). These relate to requests made from organisations such as the police about individuals whom they are trying to trace for law enforcement purposes. The NBO releases information about the geographical area where someone is registered with a GP, along with their name and date of birth. These releases are only made when appropriate legal criteria are met.
The register is part of an ongoing commitment to transparency with the public about who gains access to medical data and for what purposes. It follows the publication of the Partridge review of data releases from the NHS IC on June 17. Public trust in the processes and approvals for handling medical information depends on continuing to improve the openness and rigour of HSCIC activities.
Today's register lists 483 data releases made between January 1 2014 and March 31 2014 under data sharing agreements with the HSCIC. They include:
- 17 releases of pseudonymised data and 15 releases of identifiable data and 16 of anonymised data.
- 32 releases relating to health and social care organisations (such as NHS trusts) and bodies such as universities and charities, and 16 to private sector organisations.
The register also includes releases of data which were approved by the NHS Information Centre (NHS IC) before the HSCIC came into being on 1 April 2013, but which have subsequently had data released by the HSCIC. In total 3323 data releases relating to 131 organisations fall into this category. They include:
- 24 releases of pseudonymised data and 308 releases of identifiable data
- 127 health and social care organisations (such as NHS Trusts) and bodies such as universities and charities, and four private sector organisations
It also includes details of releases of non-clinical information made by the National Back Office for law enforcement and includes:
- 2073 releases made from the National Back Office between April 2013 and December 2013. This includes 313 releases to police forces, 1531 to the Home Office and 229 to the National Crime Agency
- 685 releases made from the National Back Office between January 2014 and March 2014. This includes 178 releases to police forces, 413 to the Home Office and 94 to the National Crime Agency
Andy Williams, recently appointed Chief Executive of the HSCIC said:
"High quality national information about health and social care has the power to do enormous good, and is essential to the smooth running of the NHS and our social care systems. We are extremely mindful of the responsibility we carry to maintain patient privacy and ensure there are no surprises for people about how their information is being used.
"This register is part of our ongoing commitment to provide accessible information to patients and the public so they can be confident they know about how and when their information is shared."
The register and further information about what it contains is at:
Notes to editors
- The Health and Social Care Information Centre (HSCIC) was established on April 1 2013 as an Executive Non Departmental Public Body (ENDPB). It is England's trusted data source, delivering high quality information and IT systems to drive better patient services, care and outcomes. Its work includes publishing more than 220 statistical publications annually; providing a range of specialist data services; managing informatics projects and programmes and developing and assuring national systems against appropriate contractual, clinical safety and information standards.
- The NHS Information Centre (NHS IC) was established in 2005. In March 2012 it reverted to its legal, statutory name, The Health and Social Care Information Centre (HSCIC), to reflect its broader social care responsibilities. It ceased to exist on April 1 2013.
- There are more rows on the registers than there are data releases stated. This is because some recipients received data from more than one dataset under one data Sharing Agreement. For transparency these are listed separately.
- The NBO's primary task is to ensure that demographic information on the Personal Demographics Service is accurate so that the NHS can use it for providing care.
It also provides strictly circumscribed non-clinical information to assist with the tracing of individuals for the purposes of law enforcement where certain criteria are met, including where the exemption under section 29(3) of the Data Protection Act applies or where it is compelled to do so by a court order.
There is a well-defined protocol for such requests and if a request is approved, the requesting organisation generally only receive the name and date of birth under which the individual is currently (or has previously been) registered with a GP and the area in which the GP is located - but not the details of the individual GP surgery. The area is now known as the NHAIS Agency.
In rare cases demographic details may be given, such as that an individual has died, but not clinical information. Courts may also request and receive information such as an address and/or details of an individual's GP.
- Pseudonymised data is also sometimes referred to as "de-identified for limited disclosure or access". This is data from which details that would be classed as identifying individuals have been removed, such as NHS number or full postcode and full date of birth. We would never make this type of information publically available because there is still a risk that individuals could be re-identified. There are however particular purposes for which this information is required and it is therefore released under strict controls to approved organisations for approved purposes, and there must be a data agreement in place, which outlines the purpose to which the recipient can put the data and restricts how they store, share, use and eventually destroy the data. Any recipient found to misuse the information would be in breach of this agreement and could also be contravening the Data Protection Act.
- Identifiable data is also sometimes called "personal" or "personal confidential" data. This is data which identifies the patient and is only shared in the following circumstances:
- When patients have clearly said that we can do it (i.e. when patients have given their explicit consent). In these instances the request can be considered by the HSCIC's Data Linkage and Extract team; they may seek further advice from DAAG on the consent, if required.
- Where we have to do it by law (for example, in a public health emergency such as an epidemic).
- Where there is a statutory basis for sharing; where this is the case the statute under which data was shared is made clear in the register. The most common statutory basis for sharing of identifiable information in the register is under Regulation 5 of the Health Service (Control of Patient Information) Regulations 2002 (anecdotally known as 'section 251 support').
7. For media enquiries please contactor 0300 303 3888.