NHS Digital Data Release Register - reformatted

NHS Nottingham And Nottinghamshire Ccg

Project 1 — DARS-NIC-362265-C4M6N

Opt outs honoured: Yes - patient objections upheld (Mixture of confidential data flow(s) with support under section 251 NHS Act 2006 and non-confidential data flow(s))

Sensitive: Sensitive

When: 2020/03 — 2020/05.

Repeats: Frequent Adhoc Flow

Legal basis: National Health Service Act 2006 - s251 - 'Control of patient information'.

Categories: Identifiable

Datasets:

  • SUS for Commissioners

Objectives:

INVOICE VALIDATION Invoice validation is part of a process by which providers of care or services get paid for the work they do. Invoices are submitted to the Clinical Commissioning Group (CCG) so the CCG is are able to ensure that the activity claimed for each patient is their responsibility. This is done by processing and analysing Secondary User Services (SUS+) data, which is received into a secure Controlled Environment for Finance (CEfF). The SUS+ data is identifiable at the level of NHS number. The NHS number is only used to confirm the accuracy of backing-data sets (data from providers) and will not be used further. The CCG are advised by the appointed CEfF whether payment for invoices can be made or not. Liaison Financial Services Ltd conduct an independent ad-hoc review on retrospective payments made. Investing resource, skills and experience into deeper reconciliation, this identifies overcharges already paid and recovers savings for the CCG that would otherwise be lost. Invoice Validation will be conducted by: Nottingham Health Informatics Service (Hosted by Sherwood Forest Hospitals NHS Foundation Trust) Liaison Financial Services Ltd NHS Nottingham and Nottinghamshire CCG RISK STRATIFICATION Risk stratification is a tool for identifying and predicting which patients are at high risk (of health deterioration and using multiple services) or are likely to be at high risk and prioritising the management of their care in order to prevent worse outcomes. To conduct risk stratification Secondary User Services (SUS+) data, identifiable at the level of NHS number is linked with Primary Care data (from GPs) and an algorithm is applied to produce risk scores. Risk Stratification provides focus for future demands by enabling commissioners to prepare plans for both individual and groups of vulnerable patients.  Commissioners can then prepare plans for patients who may require high levels of care. Risk Stratification also enables General Practitioners (GPs) to better target intervention in Primary Care. Risk Stratification will be conducted by: NHS Sherwood Forest Hospitals (Hosting the Nottingham Health Informatics Service) and NHS Nottingham and Nottinghamshire CCG

Expected Benefits:

INVOICE VALIDATION The invoice validation process supports the ongoing delivery of patient care across the NHS and the CCG region by: 1. Ensuring that activity is fully financially validated. 2. Ensuring that service providers are accurately paid for the patients treatment. 3. Enabling services to be planned, commissioned, managed, and subjected to financial control. 4. Enabling commissioners to confirm that they are paying appropriately for treatment of patients for whom they are responsible. 5. Fulfilling commissioners duties to fiscal probity and scrutiny. 6. Ensuring full financial accountability for relevant organisations. 7. Ensuring robust commissioning and performance management. 8. Ensuring commissioning objectives do not compromise patient confidentiality. 9. Ensuring the avoidance of misappropriation of public funds. INVOICE VALIDATION – Liaison Financial Services Ltd 1. Financial validation of activity 2. CCG Budget control 3. Assurances over the robustness of internal control mechanisms relating to the payment of invoices and/or suggested improvements 4. Identification and recovery of monies which would otherwise be lost 5. Meeting commissioning objectives without compromising patient confidentiality 6. The avoidance of misappropriation of public funds to ensure the ongoing delivery of patient care 7. Benefit delivered 3-9 months from receiving data, depending on number of claims to investigate and resolve RISK STRATIFICATION Risk stratification promotes improved case management in primary care and will lead to the following benefits being realised: 1. Improved planning by better understanding patient flows through the healthcare system, thus allowing commissioners to design appropriate pathways to improve patient flow and allowing commissioners to identify priorities and identify plans to address these. 2. Improved quality of services through reduced emergency readmissions, especially avoidable emergency admissions. This is achieved through mapping of frequent users of emergency services thus allowing early intervention. 3. Improved access to services by identifying which services may be in demand but have poor access, and from this identify areas where improvement is required. 4. Supports the commissioner to meets its requirement to reduce premature mortality in line with the CCG Outcome Framework by allowing for more targeted intervention in primary care. 5. Better understanding of local population characteristics through analysis of their health and healthcare outcomes All of the above lead to improved patient experience through more effective commissioning of services.

Outputs:

INVOICE VALIDATION 1. The Controlled Environment for Finance (CEfF) will enable the CCG to challenge invoices and raise discrepancies and disputes. 2. Outputs from the CEfF will enable accurate production of budget reports, which will: a. Assist in addressing poor quality data issues b. Assist in business intelligence 3. Validation of invoices for non-contracted events where a service delivered to a patient by a provider that does not have a written contract with the patient’s responsible commissioner, but does have a written contract with another NHS commissioner/s. 4. Budget control of the CCG. INVOICE VALIDATION – Liaison Financial Services Ltd 1. Validation of Continuing Healthcare related invoices and payments 2. Independent Identification of potential overpayments made by the CCG through invoice validation 3. Liaising with providers with a view to recouping these monies 4. Review is completed for the retrospective period from date of contract with Liaison Financial Services back to 01/04/2013. 5. Reviews take 3-9 months depending on number of claims to investigate and resolve 6. Liaison Financial Services would repeat the exercise 2-3 years later 7. CCGs could request reviews to be done more frequently 8. SUS+ would only be requested each time a review was completed, and could be requested at different times as independent reviews RISK STRATIFICATION 1. As part of the risk stratification processing activity detailed above, GPs have access to the risk stratification tool which highlights patients for whom the GP is responsible and have been classed as at risk. The only identifier available to GPs is the NHS numbers of their own patients. Any further identification of the patients will be completed by the GP on their own systems. 2. GP Practices will be able to view the risk scores for individual patients with the ability to display the underlying SUS+ data for the individual patients when it is required for direct care purposes by someone who has a legitimate relationship with the patient. CCGs will be able to: 3. Target specific vulnerable patient groups and enable clinicians with the duty of care for the patient to offer appropriate interventions. 4. Reduce hospital readmissions and targeting clinical interventions to high risk patients. 5. Identify patients at risk of deterioration and providing effective care. 6. Reduce in the difference in the quality of care between those with the best and worst outcomes. 7. Re-design care to reduce admissions. 8. Set up capitated budgets – budgets based on care provided to the specific population. 9. Identify health determinants of risk of admission to hospital, or other adverse care outcomes. 10. Monitor vulnerable groups of patients including but not limited to frailty, COPD, Diabetes, elderly. 11. Health needs assessments – identifying numbers of patients with specific health conditions or combination of conditions. 12. Classify vulnerable groups based on: disease profiles; conditions currently being treated; current service use; pharmacy use and risk of future overall cost. 13. Production of Theographs – a visual timeline of a patients encounters with hospital providers. 14. Analyse based on specific diseases In addition: - The risk stratification tool will provide aggregate reporting of number and percentage of population found to be at risk. - Record level output (pseudonymised) will be available for commissioners (of the CCG), pseudonymised at patient level. Onward sharing of this data is not permitted.

Processing:

PROCESSING CONDITIONS: Data must only be used for the purposes stipulated within this Data Sharing Agreement. Any additional disclosure / publication will require further approval from NHS Digital. Data Processors must only act upon specific instructions from the Data Controller. Data can only be stored at the addresses listed under storage addresses. All access to data is managed under Role-Based Access Controls. Users can only access data authorised by their role and the tasks that they are required to undertake. Patient level data will not be linked other than as specifically detailed within this Data Sharing Agreement. Data released will only be shared with those parties listed and will only be used for the purposes laid out in the application/agreement. NHS Digital reminds all organisations party to this agreement of the need to comply with the Data Sharing Framework Contract requirements, including those regarding the use (and purposes of that use) by “Personnel” (as defined within the Data Sharing Framework Contract ie: employees, agents and contractors of the Data Recipient who may have access to that data) The DSCRO (part of NHS Digital) will apply National Opt-outs before any identifiable data leaves the DSCRO only for the purpose of Risk Stratification. CCGs should work with general practices within their CCG to help them fulfil data controller responsibilities regarding flow of identifiable data into risk stratification tools. The only identifier available in the data set is the NHS numbers. Any further identification of the patients will only be completed by the patient’s clinician on their own systems for the purpose of direct care with a legitimate relationship. ONWARD SHARING: Patient level data will not be shared outside of the CCG unless it is for the purpose of Direct Care, where it may be shared only with those health professionals who have a legitimate relationship with the patient and a legitimate reason to access the data. Aggregated reports only with small number suppression can be shared externally as set out within NHS Digital guidance applicable to each data set. SEGREGATION: Where the Data Processor and/or the Data Controller hold both identifiable and pseudonymised data, the data will be held separately so data cannot be linked. Where the Data Processor and/or the Data Controller hold identifiable data with opt outs applied and identifiable data with opt outs not applied, the data will be held separately so data cannot be linked. All access to data is auditable by NHS Digital. Data for the purpose of Invoice Validation is kept within the CEfF, and only used by staff properly trained and authorised for the activity. Only CEfF staff are able to access data in the CEfF and only CEfF staff operate the invoice validation process within the CEfF. Data flows directly in to the CEfF from the DSCRO and from the providers – it does not flow through any other processors. DATA MINIMISATION: Data Minimisation in relation to the data sets listed within the application are listed below. This also includes the purpose on which they would be applied - For the purpose of Risk Stratification: • Patients who are normally registered and/or resident within the Nottingham/Nottinghamshire CCG region (including historical activity where the patient was previously registered or resident in another commissioner) For the purpose of Invoice Validation: • Patients who are resident and/or registered within the CCG region. A CCG user will be able to access the provider extracts from the portal for any provider where at least 1 patient for whom they are the registered CCG for that individuals GP practice appears in that setting Although a CCG user may have access to pseudonymised patient information not related to that CCG, users should only process and analyse data for which they have a legitimate relationship (as described within Data Minimisation). Microsoft UK supply IT infrastructure and are therefore listed as a data processor. They supply support to the system, but do not access data. Therefore, any access to the data held under this agreement would be considered a breach of the agreement. This includes granting of access to the database[s] containing the data. INVOICE VALIDATION Data Processor 1 - CCG 1. Identifiable SUS+ Data is obtained from the SUS+ Repository by the Data Services for Commissioners Regional Office (DSCRO). 2. The DSCRO pushes a one-way data flow of SUS+ data into the Controlled Environment for Finance (CEfF) into Nottinghamshire Health Informatics Service (NHIS) (hosted by Sherwood Forest Hospitals NHS Foundation Trust) who land the data. The data is not accessed within NHIS. The data is then passed directly to the Controlled Environment for Finance (CEfF) located within the individual CCG. 3. The CEfF also receive backing data from the provider. 4. The CEfF conduct the following processing activities for invoice validation purposes: a. Validating that the Clinical Commissioning Group are responsible for payment for the care of the individual by using SUS+ and/or provider backing flow data. b. Once the provider backing information is received, it will be checked against national NHS and local commissioning policies, as well as being checked against system access and reports provided by NHS Digital to confirm the payments are: i. In line with Payment by Results tariffs ii. In relation to a patient registered with the CCG, GP or resident within the CCG area. iii. The health care provided should be paid by the CCG in line with CCG guidance. 5. The CCG are notified by the CEfF that the invoice has been validated and can be paid. Any discrepancies or non-validated invoices are investigated and resolved. Data Processor 2 - NHIS 1. Identifiable SUS+ Data is obtained from the SUS+ Repository to the Data Services for Commissioners Regional Office (DSCRO). - 2. The DSCRO pushes a one-way data flow of SUS+ data into the Controlled Environment for Finance (CEfF) in the Nottinghamshire Health Informatics Service (NHIS) (Hosted by NHS Sherwood Forest Hospitals NHS Foundation Trust).  3. The CEfF also receive backing data from the provider. - 4. NHIS (hosted by Sherwood Forest Hospitals NHS Foundation Trust) carry out the following processing activities within the CEfF for invoice validation purposes:  a. Validating that the Clinical Commissioning Group are responsible for payment for the care of the individual by using SUS+ and/or provider backing flow data.  b. Once the provider backing information is received, this will be checked against national NHS and local commissioning policies as well as being checked against system access and reports provided by NHS Digital to confirm the payments are:  i. In line with Payment by Results tariffs  ii. are in relation to a patient registered with a CCG GP or resident within the CCG area.  iii. The health care provided should be paid by the CCG in line with CCG guidance. - 5. The CCG are notified that the invoice has been validated and can be paid. Any discrepancies or non-validated invoices are investigated and resolved between NHIS (hosted by Sherwood Forest Hospitals NHS Foundation Trust) CEfF team and the provider, meaning that no identifiable data needs to be sent to the CCG. The CCG only receives notification to pay and management reporting detailing the total quantum of invoices received pending, processed etc Data Processor 3 - Liaison Financial Services Ltd 1. Identifiable SUS+ Data is obtained from the SUS+ Repository to the Data Services for Commissioners Regional Office (DSCRO). 2. The DSCRO pushes a one-way data flow of SUS+ data into the Controlled Environment for Finance (CEfF) in the Liaison Financial Services Ltd. 3. The CEfF also receive backing data from the provider. 4. Liaison Financial Services Ltd carry out the following processing activities within the CEfF for invoice validation purposes: a. Validating that the Clinical Commissioning Group are responsible for payment for the care of the individual by using SUS+ and/or provider backing flow data. b. Once the provider backing information is received, this will be checked against national NHS and local commissioning policies as well as being checked against system access and reports provided by NHS Digital to confirm the payments are: i. In line with Payment by Results tariffs ii. are in relation to a patient registered with a CCG GP or resident within the CCG area. iii. The health care provided should be paid by the CCG in line with CCG guidance.  5. The CCG are notified that the invoice has been validated and can be paid. Any discrepancies or non-validated invoices are investigated and resolved between Liaison Financial Services Ltd CEfF team and the provider, meaning that no identifiable data needs to be sent to the CCG. The CCG only receives notification to pay and management reporting detailing the total quantum of invoices received pending, processed etc. RISK STRATIFICATION (Risk Stratification tool in CCG) 1. Identifiable SUS+ data is transferred from the SUS Repository to the Data Services for Commissioners Regional Office (DSCRO). 2. Data quality management and standardisation of data is completed by the DSCRO and the data identifiable at the level of NHS number is transferred securely to the CCG, who securely hold the SUS+ data. 3. Identifiable GP Data is securely sent from the GP system to the CCG. 4. SUS+ data is linked to GP data in the risk stratification tool by the data processor. 5. As part of the risk stratification processing activity, GPs have access to the risk stratification tool within the data processor, which highlights patients with whom the GP has a legitimate relationship and have been classed as at risk. The only identifier available to GPs is the NHS numbers of their own patients. Any further identification of the patients will be completed by the GP on their own systems. 6. Once the CCG has completed the processing, access is available within the CCG through the online system via a secure connection to access the data pseudonymised at patient level / aggregate with small number suppression / aggregate without small number suppression / anonymous reports. Data Processor 2 – NHIS 1. Identifiable SUS+ data is transferred from the SUS Repository to the Data Services for Commissioners Regional Office (DSCRO). 2. Data quality management and standardisation of data is completed by the DSCRO and the data identifiable at the level of NHS number is transferred securely to NHIS (hosted by Sherwood Forest Hospitals NHS Foundation Trust), who securely hold the SUS+ data. 3. Identifiable GP Data is securely sent from the GP system to NHIS (hosted by Sherwood Forest Hospitals NHS Foundation Trust) 4. SUS+ data is linked to GP data in the risk stratification tool by the data processor. 5. NHS Nottingham and Nottinghamshire CCG host an electronic information portal with secure role-based access control. As part of the risk stratification processing activity, GPs have access to the risk stratification tool within the data processor, which highlights patients with whom the GP has a legitimate relationship and have been classed as at risk. The only identifier available to GPs is the NHS numbers of their own patients. Any further identification of the patients will be completed by the GP on their own systems. 6. Access by NHIS is only for identification and authentication. NHIS host the risk stratification system that holds SUS data and access is limited to those administrative staff with authorised user accounts and only substantive employees of the organisation. Data stored for risk stratification purposes is stored separately from other data and this cannot be linked to other data. 7. Access by NHS Nottingham and Nottinghamshire CCG, who host the secure electronic information portal, is limited to those administrative staff with authorised user accounts used for identification and authentication. Staff within NHIS do not access this data. 8. Once NHIS (hosted by Sherwood Forest Hospitals NHS Foundation Trust) has completed the processing, the CCG can access the online system via a secure connection to access the data pseudonymised at patient level.