What we collect
What we collect
We collect information from the records health and social care providers keep about the care and treatment they give. We collect from a wide range of providers across England ranging from hospitals to general practices.
We can only provide access to identifiable information if it will be used to promote health or support improvements in the delivery of care services in England or the government decides it's an emergency or in the public interest.
The care information we collect is used for purposes such as:
- working out what care services are needed where and when
- planning for health emergencies such as epidemics
- helping to improve medicines and treatments
- finding better ways to prevent illness and treat conditions
- calculating how much general practitioners and other care providers need to be paid
Types of information
HSCIC can provide access to several different types of information:
- identifiable - containing details that identify individuals
- pseudonymised - about individuals but with identifying details (such as name or NHS number) replaced with a unique code
- anonymised - about individuals but with identifying details removed
- aggregated - anonymised information grouped together so that it doesn't identify individuals
For full definitions and details about types of information see the Data Protection Act 1998 and the Information Commissioner's Office publication Anonymisation: managing data protection risk code of practice.
We have different legal responsibilities for different types of information we collect. Some of these rules are set out in the Health and Social Care Act 2012, the Health and Social Care Act 2014 and our Code of Practice on Confidential Information and common law duty of confidence.
- publish anonymised information so that it's freely available to everyone
- follow the rules for identifiable information as set out in the Data Protection Act 1998 and the common law duty of confidence
We only collect or give access to identifiable information if:
- we have people's permission or the law allow us to
- it's used to promote healthcare or support the delivery of care services in England
- the organisation requesting the information has demonstrated to assurance bodies that it will be looked after according to the law and good Information Governance (IG) practice
There are different rules for the organisations that play different roles in collecting and handling identifiable information.
- Data controller - this is any organisation responsible for providing access to, or using, identifiable information. The data controller must keep it safe at all stages, explain to people what it's being used for and are legally accountable.
- Data processor - this is any organisation involved in collecting or processing information. The data processor must follow the data controller's instructions and meet high IG standards.
Data controllers are sometimes also data processors.
We make a number of different types of information collection. Some are regular and others we make a few times or just once. We collect information by using our IT systems to communicate securely with other health and care organisations' systems.
We use some of the information we collect to produce:
- Hospital Episode Statistics (HES) - care and treatment of people in hospital
- Mental Health Minimum Data Set (MHMDS) - care of adults and older people using secondary mental health services
- Patient Reported Outcome Measures (PROMs) - questionnaires for hip replacement, knee replacement, varicose vein and groin hernia
- Diagnostic Imaging Data Set - diagnostic imaging tests, such as x-rays and MRI scans, including waiting times
- Secondary Uses Service (SUS) Payment by Results (PbR) - patient care and treatment to ensure funding goes where services are provided
- Improving Access to Psychological Therapies (IAPT) - access to talking therapies for people with mental health problems