Data Flow Mapping NHS South, Central and West CSU · Data Flow Mapping NHS South, Central and West...
Transcript of Data Flow Mapping NHS South, Central and West CSU · Data Flow Mapping NHS South, Central and West...
Data Flow Mapping NHS South, Central and West CSU
NHS BUCKINGHAMSHIRE CLINICAL COMMISSIONING GROUP
Data Flow Mapping; NHS Data Security and Protection Toolkit 2018-19
Last Updated:
BCCG Contact:
Email:
Why Risk Assessment Risk Treatment
Reference number
if applicable
(This is a free text box)
Team/Directorate Who sends the information
(This is a free text box)
Direction of
flow
(This is a drop-
down menu)
Recipient
(This is a free text box)
What data is sent/received
(This is a free text box)
What is the
category of
data
(This is a drop-
down menu)
What level of
protection is applied
to the data
(This is a drop-down
menu)
Data format
(This is a drop-
down menu)
Additional Information
(This is a free text box)
Where is the data stored
(This is a drop-down menu)
How is the data stored
secure?
(This is a drop-down menu
or free text box)
How is access evidenced?
(This is a free text box)
Number of
records per
transfer
(This is a
drop-down
Frequency of transfer
(This is a drop-down menu)
Purpose of Transfer
(This is a free text box)
Method used for transfer
(This is a drop-down menu)
How is the information protected
in transit?
(This is a drop-down menu or free
text box)
Comment
(This is a free text box)
Where is the data
processed/transferred?
(This is a drop-down menu)
What would the IMPACT be if the data
was no longer available?
(This is a drop-down menu)
What is the LIKELIHOOD of the data
no longer being available?
(This is a drop-down menu)
Risk Score
(automatic scoring)
Please provide the mitigation taken on all data flows that score
a Moderate Risk (yellow) to Extreme Risk (Red)
(This is a free text box)
What conditions for processing are you
relying upon?
(This is a drop-down menu)
What additional conditions for processing are
you relying upon where you are processing
special categories of data?
(This is a drop-down menu)
Common Law Duty of Confidence
(This is a drop-down menu)
What agreements are in place for
this data flow
(This is a free text box)
What is the (b) Contract, (c) Legal Obligation or
(e) legislation relied upon
(This is a free text box)
Data Privacy Impact Assessment (DPIA)
version/date. IF THE FLOW EXISTING BEFORE
MAY 2018 THEN A DPIA NOT MANDATORY
Information/Data Sharing Agreement/Protocol
version/date. THIS IS STILL MANDATORY EVEN
IF AN EXISTING FLOW BEFORE MAY 2018
LT01 Long Term Conditions CCG Member GP practices In-flow CCG Long Term Conditions
individual team members
Personal health details and test
results/diagnoses. (e.g. this may
relate to NHS Diabetes Prevention
Programme (NHS DPP), Primary
Care Development Scheme, Live Well
Stay Well NHS health improvement
service for adults )
Special
Categories of
personal data
None - Identifiable Electronic Staff view details only as shown on screen in primary care practices - nothing brought back to CCG
offices (Lori, Kiera, Abi, Angela less so). Primary Care practice staff retain control and are the only
people who access the EMIS system. The purpose is to assist member practices to assist
troubleshooting in relation to record keeping and reporting in relation to projects/services cited (NHS
Diabetes Prevention Programme (NHS DPP), Primary Care Development Scheme, Live Well Stay
Well NHS health improvement service for adults). Identifiable data does not otherwise form part of the
reporting outputs of these projects and so corresponding DPIAs/DSA's for these projects specify all
flows as anonymous.
Specific software solution Password protected network
drive/system
IT Access/User Reports as part of
user audit trail
Less than 5 When required Ensure quality clinical care for
patients
Within software solution Password protected Within UK 1 3 3 None for us as member GP practices are the data controller (e) Performance of a task in the public
interest or the exercise of official
authority
(h) Medical and Health diagnosis, treatment or
management of health or social care systems
and services
1.Contract in Place.
2. Data Sharing Agreement in Place
a) CCGs - NHS Act 2006.
b) GP Practices - NHS England's powers to
commission health care under NHS Act 2006 or
to delegate such powers to CCGs.
Existing before May 2018? DSA Version Date;
Contract Version Date:
LT02 Long Term Conditions CCG Member GP practices In-flow Diabetes Specialist Nurse and
Transformation Support
Officers
Diabetic care evidence into practice
(Gill Dunn)
Special
Categories of
personal data
None - Identifiable Electronic Specific software solution Password protected network
drive/system
IT Access/User Reports as part of
user audit trail
Less than 5 When required Support clinical need and best
practice
Within software solution Password protected Within UK 3 3 9 None for us as member GP practices are the data controller (e) Performance of a task in the public
interest or the exercise of official
authority
(h) Medical and Health diagnosis, treatment or
management of health or social care systems
and services
(a) Consent (implied, explicit,
informed)
1. Data Sharing Agreements with
GP practices.
a) CCGs - NHS Act 2006.
b) GP Practices - NHS England's powers to
commission health care under NHS Act 2006 or
to delegate such powers to CCGs.
Existing before May 2018? DSA Version Date;
LT03 Long Term Conditions CCG member GP practices In-flow CCG Diabetes Specialist Nurse
and Transformation Support
Officers
Diabetic care evidence into practice
(Gill Dunn)
Special
Categories of
personal data
None - Identifiable Electronic Specific software solution Password protected network
drive/system
IT Access/User Reports as part of
user audit trail
Less than 5 When required Support clinical need and best
practice
Within software solution Password protected Within UK 3 3 9 None for us as member GP practices are the data controller (e) Performance of a task in the public
interest or the exercise of official
authority
(h) Medical and Health diagnosis, treatment or
management of health or social care systems
and services
(a) Consent (implied, explicit,
informed)
1. Data Sharing Agreements with
GP practices.
a) CCGs - NHS Act 2006.
b) GP Practices - NHS England's powers to
commission health care under NHS Act 2006 or
to delegate such powers to CCGs.
Existing before May 2018? DSA Version Date;
LT04 Long Term Conditions CCG member GP practices In-flow CCG Diabetes Specialist Nurse
and Transformation Support
Officers
Insulin group initiation work (Gill
Dunn).
Special
Categories of
personal data
None - Identifiable Electronic We are encouraging practice to manage diabetes patients in group sessions - training on blood
sugars. We help practices to do that; working with diabetic specialist nurses and practice nurses to
run these events. Nurse does not actually access EMIS where patient data would be held.
Specific software solution Password protected network
drive/system
IT Access/User Reports as part of
user audit trail
Less than 5 When required Support clinical need and best
practice
Within software solution Password protected Within UK 3 3 9 None for us as member GP practices are the data controller (e) Performance of a task in the public
interest or the exercise of official
authority
(h) Medical and Health diagnosis, treatment or
management of health or social care systems
and services
(a) Consent (implied, explicit,
informed)
1. Data Sharing Agreements with
GP practices.
a) CCGs - NHS Act 2006.
b) GP Practices - NHS England's powers to
commission health care under NHS Act 2006 or
to delegate such powers to CCGs.
Existing before May 2018? DSA Version Date;
LT05 Long Term Conditions CCG member GP practices In-flow CCG Diabetes Specialist Nurse
and Transformation Support
Officers
Locality Multi-Disciplinary Teams - Special
Categories of
personal data
Anonymous Electronic Meetings chaired by Head of Long Term Conditions to discuss complex patients and their families.
Name excluded from EMIS records, however patient names may then be discussed in verbal
discussions. This is a transformational arrangement with CCG in service development role to support
establishment only - in future the Chair and co-ordinators would be employed by a GP practice.
NHSMail Password protected network
drive/system
IT Access/User Reports as part of
user audit trail
Less than 5 Monthly Support clinical need and best
practice
NHSmail to NHSmail Password protected Within UK 3 3 9 None for us as member GP practices are the data controller (e) Performance of a task in the public
interest or the exercise of official
authority
(h) Medical and Health diagnosis, treatment or
management of health or social care systems
and services
(a) Consent (implied, explicit,
informed)
a) CCGs - NHS Act 2006.
b) GP Practices - NHS England's powers to
commission health care under NHS Act 2006 or
to delegate such powers to CCGs.
UC01 Urgent Care Acute providers:
Buckinghamshire Healthcare
NHS Trust
Milton Keynes University
Hospitals NHS Trust
Oxford University Hospitals
NHS Trust
Luton and Dunstable NHS
Trust
In-flow CCG Urgent Care Team Medically fit for Discharge Lists
Password protected but not
anonymised.
Report is electronic with CCG staff
involved in one or more of the
following supporting measures:
(1) On site daily joint health and social
care medically fit review (before list is
circulated to named users)
(2) Daily system (escalations following
above meeting)
(3) Weekly Friday directors escalation
call (escalations from above and
directors top 20 (see below)
Special
Categories of
personal data
None - Identifiable Electronic Report formats are varied; some include NHS number and DOB and some don't.
(1) On site daily joint health and social care medically fit review (before list is circulated to named
users). Will likely involve discussion of patient named
(2) Daily system (escalations following above meeting) - less likely to involve discussion of patient
names
(3) Weekly Friday directors escalation call (escalations from above and directors top 20 (see below)
Password protected but not anonymised. OUH MK adhoc, routinely from Wexham, medically fit.
Wexham stopped end of March citing GDPR. Since not had list dtoc and EDB have increased.
NHSMail Password protected files IT Access/User Reports as part of
user audit trail
21 to 100 Daily Expedite Discharge/mitigate
against delayed transfers of
care
email within NHS NHSmail [secure] encryption File is password protected Within UK 4 4 16 Daily escalation calls in absence of copies of lists, plus daily
system calls DO WE KNOW THE MEDICAL CONDITION OF
THE PATIENT?
(e) Performance of a task in the public
interest or the exercise of official
authority
a) CCGs - NHS Act 2006.
b) NHS Foundation Trusts: Health & Social Care
(Community Health and Standards) Act 2003.
c) NHS Trusts: National Health Service and
Community Care Act 1990.
DPIA DONE? As per NHS standard commissioning contract in
place.
UC01a Urgent Care Acute provider: Frimley
Health NHS Foundation Trust
In-flow CCG Urgent Care Team Medically fit for Discharge Lists
Password protected but not
anonymised.
Report is electronic with CCG staff
involved in one or more of the
following supporting measures:
(1) On site daily joint health and social
care medically fit review (before list is
circulated to named users)
(2) Daily system (escalations following
above meeting)
(3) Weekly Friday directors escalation
call (escalations from above and
directors top 20 (see below)
Personal data Pseudonymised Electronic Subset of above for Buckinghamshire patients in Frimley only Secure network Restricted Access Folder 21 to 100 Daily Expedite Discharge/mitigate
against delayed transfers of
care
email within NHS NHSmail [secure] encryption File is password protected Within UK 4 4 16 Daily escalation calls in absence of copies of lists, plus daily
system calls DO WE KNOW THE MEDICAL CONDITION OF
THE PATIENT?
(e) Performance of a task in the public
interest or the exercise of official
authority
a) CCGs - NHS Act 2006.
b) NHS Foundation Trusts: Health & Social Care
(Community Health and Standards) Act 2003.
c) NHS Trusts: National Health Service and
Community Care Act 1990.
DPIA DONE? As per NHS standard commissioning contract in
place.
UC02 Urgent Care SCW Commissioning
Support Unit
In-flow CCG Urgent Care Team CSU data – CSU long stay patient
report (strandeds)
Personal data Pseudonymised Electronic Only PAS number identifies the patient NHSMail None SUS data 21 to 100 Monthly Establish if patients are still
admitted patients - discuss with
partners to facilitate discharge
NHSmail to NHSmail NHSmail [secure] encryption Within UK 4 4 16 (e) Performance of a task in the public
interest or the exercise of official
authority
Contract in Place a) CCGs - NHS Act 2006.
b) NHS Foundation Trusts: Health & Social Care
(Community Health and Standards) Act 2003.
c) NHS Trusts: National Health Service and
Community Care Act 1990.
NHS standard contract.
Data Processing Agreements.
UC03 Urgent Care CCG Urgent Care Team Out-flow Acute providers:
Buckinghamshire Healthcare
NHS Trust
Milton Keynes University
Hospitals NHS Trust
Oxford University Hospitals
NHS Trust
Luton and Dunstable NHS Trust
CSU data – CSU long stay patient
report (strandeds)
Personal data Pseudonymised Electronic Urgent Care and Elective - we send a version of the report to providers (with no PID) to cross
reference whether patients are still in the acute trust
NHSMail None SUS data 21 to 100 Monthly Establish if patients are still
admitted patients - discuss with
partners to facilitate discharge -
provider cross reference
NHSmail to NHSmail NHSmail [secure] encryption Within UK 4 4 16 (e) Performance of a task in the public
interest or the exercise of official
authority
a) CCGs - NHS Act 2006.
b) NHS Foundation Trusts: Health & Social Care
(Community Health and Standards) Act 2003.
c) NHS Trusts: National Health Service and
Community Care Act 1990.
UC04 Urgent Care Acute providers:
Buckinghamshire Healthcare
NHS Trust
Milton Keynes University
Hospitals NHS Trust
Oxford University Hospitals
NHS Trust
Luton and Dunstable NHS
Trust
In-flow CCG Urgent Care Team and
CHC Commissioning Manager
and Adult Social Care
Directors top 20 weekly password but
not anonymised (stranded)
Personal data None - Identifiable Electronic Forename and surname NHSMail Password protected files 21 to 100 Weekly Expedite Discharge/mitigate
against delayed transfers of
care - top 20 longest stay
patients
NHSmail to NHSmail NHSmail [secure] encryption Within UK 4 4 16 (e) Performance of a task in the public
interest or the exercise of official
authority
(a) Consent (implied, explicit,
informed)
NHS standard contract. a) CCGs - NHS Act 2006.
b) NHS Foundation Trusts: Health & Social Care
(Community Health and Standards) Act 2003.
c) NHS Trusts: National Health Service and
Community Care Act 1990.
UC05 Urgent Care CHC Commissioning
Manager
Out-flow Oxford Health Directors top 20 weekly - only those
patients whose delay sits with
Continuing Care team (stranded)
Personal data None - Identifiable Electronic Forename and surname NHSMail Password protected files 21 to 100 Weekly Expedite Discharge/mitigate
against delayed transfers of
care - top 20 longest stay
patients
NHSmail to NHSmail NHSmail [secure] encryption Within UK 4 4 16 (e) Performance of a task in the public
interest or the exercise of official
authority
(a) Consent (implied, explicit,
informed)
NHS standard contract. a) CCGs - NHS Act 2006.
b) NHS Foundation Trusts: Health & Social Care
(Community Health and Standards) Act 2003.
c) NHS Trusts: National Health Service and
Community Care Act 1990.
UC06 Urgent Care Acute providers:
Buckinghamshire Healthcare
NHS Trust
Milton Keynes University
Hospitals NHS Trust
Oxford University Hospitals
NHS Trust
Luton and Dunstable NHS
Trust
In-flow CCG Urgent Care Team and/or
Directors on Call and/or
Locality Business Support
Manager given numbers
related to patients in Aylesbury
localities
Adhoc funding requests via Vicki
Parker from community, or from BHT.
Abi Edwards keeps a copy.
Personal data None - Identifiable Electronic Name, DOB and NHS number NHS shared drive Restricted Access Folder Less than 5 When required (e) Performance of a task in the public
interest or the exercise of official
authority
(a) Consent (implied, explicit,
informed)
NHS standard contract. a) CCGs - NHS Act 2006.
b) NHS Foundation Trusts: Health & Social Care
(Community Health and Standards) Act 2003.
c) NHS Trusts: National Health Service and
Community Care Act 1990.
F01 Finance SCWCSU In-flow Line Managers Expenses claims Personal data None - Identifiable Electronic Cloud storage Password protected network
drive/system
SEL expenses system 21 to 100 Monthly Staff Expenses claim Encrypted secure email
service
Encrypted (approved) Within UK 4 2 8 Manual calculations of expenses if necessary and disaster
recovery plan on CSU systems
(e) Performance of a task in the public
interest or the exercise of official
authority
SLA in place a) CCGs - NHS Act 2006. N/A N/A
F02 Finance Staff members Out-flow SCWCSU Expenses claims Personal data None - Identifiable Electronic Cloud storage Password protected network
drive/system
SEL expenses system 21 to 100 Monthly Staff Expenses claim Encrypted secure email
service
Encrypted (approved) Within UK 4 2 8 Manual calculations of expenses if necessary and disaster
recovery plan on CSU systems
(e) Performance of a task in the public
interest or the exercise of official
authority
SLA in place a) CCGs - NHS Act 2006. N/A N/A
F03 Finance Oracle/IFSE (suppliers send
invoices to SBS who then
upload to Oracle
In-flow CCG Finance Team Invoices for CHC patients on
Broadcare
Personal data Pseudonymised Electronic NHS shared drive None Less than 5 Daily Invoice payment Within software solution Password protected All invoices are viewed through Oracle by approved users Within UK 4 1 #REF! #REF! #REF! #REF! #REF! #REF! #REF!
F04 Finance CCG Finance Team Out-flow Oracle/IFSE through Controlled
Environment for Finance
(CEfF)
Invoices (once validated by
SCWCSU)
Personal data Pseudonymised Electronic NHS shared drive None Less than 5 Daily Invoice payment Within software solution Password protected All invoices are viewed through Oracle by approved users Within UK (e) Performance of a task in the public
interest or the exercise of official
authority
(c) Legal Duty a) CCGs - NHS Act 2006.
b) NHS Trusts: National Health Service and
Community Care Act 1990.
Irrelevent to CCG Comment: Is this not done by CSU for CCG?
No legal basis for CCG to access PID for this
even though this falls within section 251. no PID
F05 Finance SBS (via Oracle) In-flow CCG Finance Team Suppliers information in order to pay
them for commissioned services e.g.
bank account details
Commercial
data
None - Identifiable Electronic Specific software solution - Oracle Specific software solution Password protected network
drive/system
Password protected files 1001 plus Daily Payment of suppliers NHSmail to NHSmail NHSmail [secure] encryption Within UK 4 1 (e) Performance of a task in the public
interest or the exercise of official
authority
(c) Legal Duty a) CCGs - NHS Act 2006.
F06 Finance SCWCSU (Oxford Health
send to the CSU)
In-flow CCG Finance Team Financial forecasts or CHC patients
on Broadcare
Personal data Pseudonymised Electronic Broadcare number only - record level report. These reports sit outside Oracle. NHS shared drive None 1001 plus Monthly Reconciliation between
provider claims for payments
and forecasts
NHSmail to NHSmail NHSmail [secure] encryption Within UK 4 1
F07 Finance CCG Finance Team Out-flow NHS England Transforming care inpatient sitrep and
projections -sent to NHS England:
relating to patients that sit in Spec
Com beds with a view to moving them
into community from low secure beds.
Personal data None - Identifiable Electronic Patient name, NHS number. The request comes from them, we complete, and sent it back. The
programme finishes 31 March 2019 but there may be a further need for reporting after. This relates
to specialist commissioning learning disability beds. Inflow in a blank template. Data to complete the
template comes from integrated commissioning. We complete it instead of them because of funding
flow. Transfer of patients acute to community costs are paid by the CCG. This is an NHS England
requirement to link patients in spec com beds to community repartriation. Transforming care lead
Ruth Kenyon in NHSE is link
NHS shared drive Restricted Access Folder Restricted Access 101 to 1000 Monthly NHSmail to NHSmail NHSmail [secure] encryption Within UK (e) Performance of a task in the public
interest or the exercise of official
authority
(c) Legal Duty Statutory Requirements a) CCGs - NHS Act 2006
b) NHS E - NHS Act 2006
Comment: find the statute under common law.
F08 Finance SCWCSU Human
Resources (CSU has inflow
and outslow with Salisbury
NHS FT as payroll provider)
In-flow CCG Finance Team PAYE/Pensions/Payroll - payroll
reports
Personal data None - Identifiable Electronic Bank account numbers, name, national insurance number (address not held as this sits in ESR) NHS shared drive None Restricted Access 101 to 1000 Monthly Ensure accuracy of payroll and
pension records
NHSmail to NHSmail NHSmail [secure] encryption Within UK 4 1 (b) Performance of a contract to which
a Data Subject is party to
(c) Legal Duty a) CCGs - NHS Act 2006 Comment: What is the statute that allows for this
under Common Law?
F09 Finance NHS Pensions
Agency/SCWCSU
In-flow CCG Finance Team PAYE/Pensions/Payroll (Greenbury
reporting requirement)
Personal data None - Identifiable Electronic This relates to CCG office holders (i.e. senior managers, member GPs) and their pension
entitlements. Other staff can look at pension entitlements through Electornic Staff Record (ESR).
Name, DOB, NI number, membership number, date joined scheme.
NHS shared drive Restricted Access Folder Restricted Access 101 to 1000 Monthly Statutory reporting
requirements on pay and
pensions
NHSmail to NHSmail NHSmail [secure] encryption Within UK 4 1 (b) Performance of a contract to which
a Data Subject is party to
(c) Legal Duty a) CCGs - NHS Act 2006 Comment: What is the statute that allows for this
under Common Law?
F10 Finance CCG Finance Team Out-flow NHS Pensions
Agency/SCWCSU
PAYE/Pensions/Payroll (Greenbury
reporting requirement)
Personal data None - Identifiable Electronic This relates to CCG office holders (i.e. senior managers, member GPs) and their pension
entitlements. Other staff can look at pension entitlements through Electornic Staff Record (ESR).
Name, DOB, NI number, membership number, date joined scheme.
NHS shared drive Restricted Access Folder Restricted Access 101 to 1000 Monthly Statutory reporting
requirements on pay and
pensions
NHSmail to NHSmail NHSmail [secure] encryption Within UK 4 1 (b) Performance of a contract to which
a Data Subject is party to
(c) Legal Duty a) CCGs - NHS Act 2006 Comment: What is the statute that allows for this
under Common Law?
CM01 Community Models of
Care
SCWCSU Business
Intelligence
In-flow CCG Commissioning Team Care Homes Dashboard (origin
Intelligence Point)
Personal data Pseudonymised Electronic NHS shared drive None 1001 plus Monthly Monitoring of non-elective
admissions and ambulance
admissions linked to care home
patients
NHSmail to NHSmail NHSmail [secure] encryption Within UK 4 1 4 (e) Performance of a task in the public
interest or the exercise of official
authority
a) CCGs - NHS Act 2006 Comment: What is the legal basis for the CCG
to share thisdata? Is SUS data involved? DSA in
place?
CM02 Community Models of
Care
SCWCSU Out-flow Buckinghamshire County
Council
Care Homes Dashboard (origin
Intelligence Point)
Personal data Pseudonymised Electronic This is done adhoc when the county council ask for it NHS shared drive None 1001 plus Monthly Monitoring of non-elective
admissions and ambulance
admissions linked to care home
patients
NHSmail to NHSmail NHSmail [secure] encryption Within UK 4 1 4 (e) Performance of a task in the public
interest or the exercise of official
authority
a) CCGs - NHS Act 2006 Comment: What is the legal basis for the CCG
to share thisdata? Is SUS data involved? DSA in
place?
CM03 Community Models of
Care
SCWCSU Business
Intelligence
In-flow CCG Commissioning Team Patients Died in Hospital report Personal data Pseudonymised Electronic NHS shared drive None 101 to 1000 Monthly Monitoring of non-elective
admissions and ambulance
admissions linked to care home
patients
NHSmail to NHSmail NHSmail [secure] encryption Within UK 4 1 4 (e) Performance of a task in the public
interest or the exercise of official
authority
Data Processing agreement in place with CSU.
Also DARs in place with NHSD
CM04 Community Models of
Care
CSU Contracts Team In-flow CCG Commissioning Team End of life contracts tracker Other N/A (commercial
information)
Electronic NHS shared drive None 21 to 100 When required Record of contract
arrangements with end of life
providers
email within NHS NHSmail Within UK 1 1 1 (f) Legitimate Interests (note public
authorities can only rely on this in
exceptional circumstances)CM05 Community Models of
Care
Oxford Health In-flow CCG Commissioning Team CHC Packages of care - high cost
package request
Special
Categories of
personal data
Pseudonymised Electronic Broadcare number NHS shared drive Restricted Access Folder Less than 5 When required Agreement to fund packages of
care
NHSmail to NHSmail Not applicable - must add comment No PID Within UK 1 1 1 (e) Performance of a task in the public
interest or the exercise of official
authority
a) CCGs - NHS Act 2006
b) NHS Trusts: National Health Service and
Community Care Act 1990
NHS standard contract in place.
CM06 Community Models of
Care
CCG Commissioning Out-flow Oxford Health CHC Packages of care - high cost
package request
Special
Categories of
personal data
Pseudonymised Electronic Broadcare number NHS shared drive Restricted Access Folder Less than 5 When required Agreement to fund packages of
care
NHSmail [secure] encryption Not applicable - must add comment No PID Within UK 1 1 1 (e) Performance of a task in the public
interest or the exercise of official
authority
(a) Consent (implied, explicit,
informed)
a) CCGs - NHS Act 2006
b) NHS Trusts: National Health Service and
Community Care Act 1991
NHS standard contract in place.
CM07 Community Models of
Care
Oxford Health In-flow CCG Commissioning Team (for
exceptions panel)
CHC Exceptions panel meetings -
case history and related papers
Special
Categories of
personal data
None - Identifiable Electronic Full details to facilitate complex case review. Password protected files. NHS shared drive Restricted Access Folder Less than 5 When required Agreement to fund packages of
care
NHSmail to NHSmail NHSmail [secure] encryption Within UK 4 2 8 (e) Performance of a task in the public
interest or the exercise of official
authority
(a) Consent (implied, explicit,
informed)
a) CCGs - NHS Act 2006
b) NHS Trusts: National Health Service and
Community Care Act 1992
IG Comment: The panel does not need full PID.
CM08 Community Models of
Care
CCG Commissioning Team
(for exceptions panel)
Out-flow Oxford Health CHC Exceptions panel meetings -
case history and related papers
Special
Categories of
personal data
None - Identifiable Electronic Full details to facilitate complex case review. Password protected files. NHS shared drive Restricted Access Folder Less than 5 When required Agreement to fund packages of
care
NHSmail to NHSmail NHSmail [secure] encryption Within UK 4 2 8 (e) Performance of a task in the public
interest or the exercise of official
authority
(a) Consent (implied, explicit,
informed)
a) CCGs - NHS Act 2006
b) NHS Trusts: National Health Service and
Community Care Act 1993
IG Comment: The panel does not need full PID.
CM09 Community Models of
Care
CCG Commissioning Team In-flow CCG CHC Exceptions Panel
(includes outside bodies)
CHC Exceptions panel meetings -
case history and related papers
Personal data None - Identifiable Electronic Full details to facilitate complex case review. Password protected files. NHS shared drive Restricted Access Folder Less than 5 When required Agreement to fund packages of
care
NHSmail to NHSmail NHSmail [secure] encryption Within UK 4 2 8
CM10 Community Models of
Care
CCG Commissioning Team Out-flow CCG CHC Exceptions Panel
(includes outside bodies)
CHC Exceptions panel meetings -
case history and related papers
Personal data None - Identifiable Electronic Full details to facilitate complex case review. Password protected files. NHS shared drive Restricted Access Folder Less than 5 When required Agreement to fund packages of
care
NHSmail to NHSmail NHSmail [secure] encryption Within UK 4 1 8 (a) Consent (implied, explicit,
informed)
a) CCGs - NHS Act 2006
b) NHS Trusts: National Health Service and
Community Care Act 1990
IG Comment: no legal basis as the CCG does
not undertake CHC function.
CM11 Community Models of
Care
CCG Commissioning Team Out-flow Buckinghamshire County
Council
CHC Exceptions panel meetings -
case history and related papers
Personal data None - Identifiable Electronic Full details to facilitate complex case review. Password protected files. NHS shared drive Restricted Access Folder Less than 5 When required Agreement to fund packages of
care
NHSmail to NHSmail NHSmail [secure] encryption Within UK 4 1 8 (a) Consent (implied, explicit, informed) a) CCGs - NHS Act 2006
b) NHS Trusts: National Health
Service and Community Care Act
1990
IG Comment: no legal basis as the CCG does
not undertake CHC function.
CM12 Community Models of
Care
Relevant provider
Buckinghamshire Healthcare
NHS Trust
Frimley Health NHS Trust
Any other provider relevant
to Buckinghamshire patients
In-flow Named GPs appointed to
clinically review applications
for funding (through MH Virtual
Panel)
Patient notes for purposes of clinical
assessment in advance of mediation
(which may occur if there is a
difference of opinion over tariff
charging arrangements vs level of
clinical care provided)
Personal data None - Identifiable Electronic NHSMail Password protected files Less than 5 When required Agreement to fund packages of
care
NHSmail to NHSmail NHSmail [secure] encryption Within UK 4 1 8 (a) Consent (implied, explicit, informed) a) CCGs - NHS Act 2006
b) NHS Trusts: National Health
Service and Community Care Act
1990
IG Comment: no legal basis as the CCG does
not undertake CHC function.
IC01 Integrated
Commissioning
Buckinghamshire County
Council e.g. social worker
In-flow CCG/BCC Integrated
Commissioning Team
Child and adult MH
treatment/placement approval requests
(including Section 117)
Special
Categories of
personal data
None - Identifiable Electronic Name, DOB and NHS number, current residence/address, potential future address, diagnosis of
need. This relates only to out of area section 117 placement where there may be negotiation of
responsibility for funding (which may be split between area where patient is registered and area
where patient is being treated/resident).
File sharing platform Restricted Access Folder BCC shared drive - CCG
escalations for decision only on
0 to 4 Monthly Funding approval for treatment
packages outside of contracts
Encrypted secure email
service
Encrypted (approved) most communication through buckscc.gov.uk Within UK 3 2 6 Separate letter requests for funding if routine systems were
unavailable. All commissioned providers expected to have
business continuity plans to cover system failure
(e) Performance of a task in the public
interest or the exercise of official
authority
(h) Medical and Health diagnosis, treatment or
management of health or social care systems
and services
(a) Consent (implied, explicit,
informed)
a) CCGs - NHS Act 2006 Individual contract in place
Explicit consent needed under common law.
IC02 Integrated
Commissioning
CCG/BCC Integrated
Commissioning Team
Out-flow Buckinghamshire County
Council e.g. social worker
Child and adult MH
treatment/placement approval requests
(including Section 117)
Special
Categories of
personal data
None - Identifiable Electronic Name, DOB and NHS number, current residence/address, potential future address, diagnosis of
need. This relates only to out of area section 117 placement where there may be negotiation of
responsibility for funding (which may be split between area where pa
File sharing platform Restricted Access Folder BCC shared drive plus CCG
shared drive and CCG escalations
for decision only on email
0 to 4 Monthly Funding approval for tretament
packages outside of contracts
Encrypted secure email
service
Encrypted (approved) most communication through buckscc.gov.uk Within UK 3 2 6 Separate letter requests for funding if routine systems were
unavailable. All commissioned providers expected to have
business continuity plans to cover system failure
(e) Performance of a task in the public
interest or the exercise of official
authority
(h) Medical and Health diagnosis, treatment or
management of health or social care systems
and services
(a) Consent (implied, explicit,
informed)
a) CCGs - NHS Act 2006 Individual contract in place
Explicit consent needed under common law.
IC03 Integrated
Commissioning
A provider (e.g. South
London and Maudsley,
Oxford Health)
In-flow CCG/BCC Integrated
Commissioning Team
Child and adult, mental health, learning
disabilities, autism and physical
disabilities funding
application/approval requests
Special
Categories of
personal data
None - Identifiable Electronic Name, DOB and NHS number, current residence/address, potential future address, diagnosis of
need
File sharing platform Restricted Access Folder BCC shared drive plus CCG
shared drive and CCG escalations
for decision only on email
0 to 4 Monthly Funding approval for treatment
packages outside of contracts
Encrypted secure email
service
Encrypted (approved) most communication through buckscc.gov.uk Within UK 3 2 6 Separate letter requests for funding if routine systems were
unavailable. All commissioned providers expected to have
business continuity plans to cover system failure
(e) Performance of a task in the public
interest or the exercise of official
authority
(h) Medical and Health diagnosis, treatment or
management of health or social care systems
and services
(a) Consent (implied, explicit,
informed)
a) CCGs - NHS Act 2007 Individual contract in place
Explicit consent needed under common law.
IC04 Integrated
Commissioning
CCG/BCC Joint
Commissioning Team
Out-flow A provider (e.g. South London
and Maudsley, Oxford Health)
Child and adult, mental health, learning
disabilities, autism and physical
disabilities funding
application/approval requests
Special
Categories of
personal data
None - Identifiable Electronic Name, DOB and NHS number, current residence/address, potential future address, diagnosis of
need
File sharing platform Restricted Access Folder BCC shared drive plus CCG
shared drive and CCG escalations
for decision only on email
0 to 4 Monthly Funding approval for treatment
packages outside of contracts
Encrypted secure email
service
Encrypted (approved) most communication through buckscc.gov.uk Within UK 3 2 6 Separate letter requests for funding if routine systems were
unavailable. All commissioned providers expected to have
business continuity plans to cover system failure
(e) Performance of a task in the public
interest or the exercise of official
authority
(h) Medical and Health diagnosis, treatment or
management of health or social care systems
and services
(a) Consent (implied, explicit,
informed)
a) CCGs - NHS Act 2008 Individual contract in place
Explicit consent needed under common law.
IC05 Integrated
Commissioning
CCG/BCC Integrated
Commissioning Team
In-flow Named GPs appointed to
clinically review applications
for funding (through MH Virtual
Panel)
Child and adult, mental health, learning
disabilities, autism and physical
disabilities funding
application/approval requests
Special
Categories of
personal data
None - Identifiable Electronic Name, DOB and NHS number, current residence/address, potential future address, diagnosis of
need
File sharing platform Restricted Access Folder BCC shared drive plus CCG
shared drive and CCG escalations
for decision only on email
0 to 4 When required Funding approval for treatment
packages outside of contracts
Encrypted secure email
service
Encrypted (approved) most communication through buckscc.gov.uk Within UK 3 2 6 Separate letter requests for funding if routine systems were
unavailable. All commissioned providers expected to have
business continuity plans to cover system failure
(e) Performance of a task in the public
interest or the exercise of official
authority
(h) Medical and Health diagnosis, treatment or
management of health or social care systems
and services
(a) Consent (implied, explicit,
informed)
a) CCGs - NHS Act 2006.
b) GP Practices - NHS England's powers to
commission health care under NHS Act 2006 or
to delegate such powers to CCGs.IC06 Integrated
Commissioning
CCG/BCC Integrated
Commissioning Team
Out-flow Named GPs appointed to
clinically review applications
for funding (through MH Virtual
Panel)
Child and adult, mental health, learning
disabilities, autism and physical
disabilities funding
application/approval requests
Special
Categories of
personal data
None - Identifiable Electronic Name, DOB and NHS number, current residence/address, potential future address, diagnosis of
need
File sharing platform Restricted Access Folder BCC shared drive plus CCG
shared drive and CCG escalations
for decision only on email
DO THE EMAILS GET DELETED
0 to 4 When required Funding approval for treatment
packages outside of contracts
Encrypted secure email
service
Encrypted (approved) most communication through buckscc.gov.uk Within UK 3 2 6 Separate letter requests for funding if routine systems were
unavailable. All commissioned providers expected to have
business continuity plans to cover system failure
(e) Performance of a task in the public
interest or the exercise of official
authority
(h) Medical and Health diagnosis, treatment or
management of health or social care systems
and services
(a) Consent (implied, explicit,
informed)
a) CCGs - NHS Act 2006.
b) GP Practices - NHS England's powers to
commission health care under NHS Act 2006 or
to delegate such powers to CCGs.
Some of the invoices will relate to schedules. Broadcare generates a care home schedule which
shows all Individual Patient Agreements (i.e. contracts) for all patients with the home, with subsequent
invoives cross referenced to the schedule. The CHC team from Oxford Health send the schedule only
to the homes. We don't obtain a copy. Each schedule has a reference so the invoives cross
reference to the schedule. No identifiers on the invoice, only on the schedule. However there are
circumstances where invoices are not on the schedule, and so may quote initials, IPA number or
Broadcare number. This is likely identifiable without access to the systems to which they relate
(which the CCG does not have). Invoices are sent to SBS and stored there, and we sign off through
Oracle to approve. Scanned PDF invoices may be downloaded adhoc for reconciliation purposes.
SBS should reject any invoice with patient identifiable on, but this may not always be accurate. The
contract with Oracle is held by NHS England. Our Controlled Environment for Finance is within the
SCWCSU
(1) Suppliers send invoices to SBS
(2) SBS scan to Oracle. Containing PID should be rejected
(3) SBS assign invoices to user work flows (in CCGs if run in-house or CSU's
(4) Provider sends backing PID to Controlled Environment for Finance (in SCSCU for us)
(5) SCWCSU validates
26.04.19
01494 586771
Telephone:
Who
Russell Carpenter, Data Protection Officer
Where WhenWhat How Additional InformationLegal Basis of Data Flow
Specialist Nurse: This is so support clinical management of patients - clinical support and education
through virtual clinics and group sessions. Review of patient details to identify clinical needs.
Transformation Support Officers: Reviewing practice process in relation to patient coding e.g.. type 1
rather than type 2 etc. which might involve patient record review, but seen only within the member
practice premises
Page 1 13/06/2019
Data Flow Mapping NHS South, Central and West CSU
NHS BUCKINGHAMSHIRE CLINICAL COMMISSIONING GROUP
Data Flow Mapping; NHS Data Security and Protection Toolkit 2018-19
Last Updated:
BCCG Contact:
Email:
26.04.19
01494 586771
Telephone:
Who
Russell Carpenter, Data Protection Officer
Where WhenWhat How Additional InformationLegal Basis of Data FlowIC07 Integrated
Commissioning
CCG/BCC Integrated
Commissioning Team
In-flow CCG MH Virtual Panel Child and adult, mental health, learning
disabilities, autism and physical
disabilities funding
application/approval requests
Special
Categories of
personal data
None - Identifiable Electronic Name, DOB and NHS number, current residence/address, potential future address, diagnosis of
need
File sharing platform Restricted Access Folder BCC shared drive plus CCG
shared drive and CCG escalations
for decision only on email
0 to 4 When required Funding approval for treatment
packages outside of contracts
Encrypted secure email
service
Encrypted (approved) most communication through buckscc.gov.uk Within UK 3 2 6 Separate letter requests for funding if routine systems were
unavailable. All commissioned providers expected to have
business continuity plans to cover system failure
(e) Performance of a task in the public
interest or the exercise of official
authority
(h) Medical and Health diagnosis, treatment or
management of health or social care systems
and services
(a) Consent (implied, explicit,
informed)
a) CCGs - NHS Act 2006.
IC08 Integrated
Commissioning
CCG/BCC Integrated
Commissioning Team
Out-flow CCG MH Virtual Panel Child and adult, mental health, learning
disabilities, autism and physical
disabilities funding application
/approval requests
Special
Categories of
personal data
None - Identifiable Electronic Name, DOB and NHS number, current residence/address, potential future address, diagnosis of
need
File sharing platform Restricted Access Folder BCC shared drive plus CCG
shared drive and CCG escalations
for decision only on email
0 to 4 When required Funding approval for treatment
packages outside of contracts
Encrypted secure email
service
Encrypted (approved) most communication through buckscc.gov.uk Within UK 3 2 6 Separate letter requests for funding if routine systems were
unavailable. All commissioned providers expected to have
business continuity plans to cover system failure
(e) Performance of a task in the public
interest or the exercise of official
authority
(h) Medical and Health diagnosis, treatment or
management of health or social care systems
and services
(a) Consent (implied, explicit,
informed)
a) CCGs - NHS Act 2006.
IC09 Integrated
Commissioning
CCG/BCC Integrated
Commissioning Team
In-flow CCG Complex Needs Panel
(only individuals CCG and
BCC integrated commissioning
team)
Child and adult, mental health, learning
disabilities, autism and physical
disabilities funding application
/approval requests (where there are
complex needs)
Special
Categories of
personal data
None - Identifiable Electronic Name, DOB and NHS number, current residence/address, potential future address, diagnosis of
need, sometimes Broadcare number, sometimes sibling information which may identify them as well
File sharing platform Restricted Access Folder BCC shared drive plus CCG
shared drive and CCG escalations
for decision only on email
0 to 4 Monthly Funding approval for treatment
packages outside of contracts
Encrypted secure email
service
Encrypted (approved) most communication through buckscc.gov.uk Within UK 3 2 6 Separate letter requests for funding if routine systems were
unavailable. All commissioned providers expected to have
business continuity plans to cover system failure
(e) Performance of a task in the public
interest or the exercise of official
authority
(h) Medical and Health diagnosis, treatment or
management of health or social care systems
and services
(a) Consent (implied, explicit,
informed)
a) CCGs - NHS Act 2006.
IC10 Integrated
Commissioning
CCG/BCC Integrated
Commissioning Team
Out-flow CCG Complex Needs Panel
(only individuals CCG and
BCC integrated commissioning
team)
Child and adult, mental health, learning
disabilities, autism and physical
disabilities funding application
/approval requests (where there are
complex needs)
Special
Categories of
personal data
None - Identifiable Electronic Name, DOB and NHS number, current residence/address, potential future address, diagnosis of
need, sometimes Broadcare number, sometimes sibling information which may identify them as well
File sharing platform Restricted Access Folder BCC shared drive plus CCG
shared drive and CCG escalations
for decision only on email
0 to 4 Monthly Funding approval for treatment
packages outside of contracts
Encrypted secure email
service
Encrypted (approved) most communication through buckscc.gov.uk Within UK 3 2 6 Separate letter requests for funding if routine systems were
unavailable. All commissioned providers expected to have
business continuity plans to cover system failure
(e) Performance of a task in the public
interest or the exercise of official
authority
(h) Medical and Health diagnosis, treatment or
management of health or social care systems
and services
(a) Consent (implied, explicit,
informed)
a) CCGs - NHS Act 2006.
IC11 Integrated
Commissioning
NHS England In-flow CCG/BCC Integrated
Commissioning Team
National Care & Treatment review
programme (people with learning
disability and/or autism)
Special
Categories of
personal data
None - Identifiable Electronic Name, DOB and NHS number, current residence/address, potential future address, diagnosis of
need, sometimes Broadcare number, sometimes sibling information which may identify them as well
File sharing platform Restricted Access Folder BCC shared drive plus CCG
shared drive and CCG escalations
for decision only on email
0 to 4 When required Funding approval for treatment
packages outside of contracts
Encrypted secure email
service
Encrypted (approved) most communication through buckscc.gov.uk Within UK 3 2 6 Separate letter requests for funding if routine systems were
unavailable. All commissioned providers expected to have
business continuity plans to cover system failure
(e) Performance of a task in the public
interest or the exercise of official
authority
(h) Medical and Health diagnosis, treatment or
management of health or social care systems
and services
(a) Consent (implied, explicit,
informed)
Is there a data sharing/contract in
place as part of the flow?
a) CCGs - NHS Act 2006
b) NHSE - NHS Act 2006
c) Local Authorities;
1. Local Govevern Act 1974
2. Children Act 1999.
3. Children Act 2004
4. Care Act 2014.IC12 Integrated
Commissioning
CCG/BCC Integrated
Commissioning Team
Out-flow NHS England National Care & Treatment review
programme (people with learning
disability and/or autism)
Special
Categories of
personal data
Pseudonymised Electronic Name, DOB and NHS number, current residence/address, potential future address, diagnosis of
need, sometimes Broadcare number, sometimes sibling information which may identify them as well
File sharing platform Restricted Access Folder BCC shared drive plus CCG
shared drive and CCG escalations
for decision only on email
0 to 4 When required Funding approval for treatment
packages outside of contracts
Encrypted secure email
service
Encrypted (approved) most communication through buckscc.gov.uk Within UK 3 2 6 Separate letter requests for funding if routine systems were
unavailable. All commissioned providers expected to have
business continuity plans to cover system failure
(e) Performance of a task in the public
interest or the exercise of official
authority
(h) Medical and Health diagnosis, treatment or
management of health or social care systems
and services
(a) Consent (implied, explicit,
informed)
a) CCGs - NHS Act 2006
b) NHSE - NHS Act 2006
c) Local Authorities;
1. Local Govevern Act 1974
2. Children Act 1999.
3. Children Act 2004
4. Care Act 2014.IC13 Integrated
Commissioning
Providers / other agencies
involved in care delivery /
BCC
In-flow CCG/BCC Integrated
Commissioning Team
Invoices for agreed placements Personal data None - Identifiable Electronic This is for purpose of fraud prevention. The report corresponding to the intervention would be sent by
email and stored on a shared drive. This could include backing data.
Non-NHS storage solution Password protected network
drive/system
Password protected files Less than 5 When required Invoice payment Encrypted secure email
service
Encrypted (approved) most communication through buckscc.gov.uk Within UK 3 2 6 Separate letter requests for funding if routine systems were
unavailable. All commissioned providers expected to have
business continuity plans to cover system failure
(e) Performance of a task in the public
interest or the exercise of official
authority
(c) Legal Duty What legal statute under common
law confidentiality is relied upon?
IC14 Integrated
Commissioning
CCG/BCC Integrated
Commissioning Team
Out-flow Providers / other agencies
involved in care delivery / BCC
Invoices for agreed placements Personal data None - Identifiable Electronic This is for purpose of fraud prevention. The report corresponding to the intervention would be sent by
email and stored on a shared drive. This could include backing data.
Non-NHS storage solution Password protected network
drive/system
Password protected files Less than 5 When required Invoice payment Encrypted secure email
service
Encrypted (approved) most communication through buckscc.gov.uk Within UK 3 2 6 Separate letter requests for funding if routine systems were
unavailable. All commissioned providers expected to have
business continuity plans to cover system failure
(e) Performance of a task in the public
interest or the exercise of official
authority
(c) Legal Duty What legal statute under common
law confidentiality is relied upon?
IC15 Integrated
Commissioning
Providers / other agencies
involved in care delivery /
BCC
In-flow CCG/BCC Integrated
Commissioning Team
Invoices for agreed placements Personal data None - Identifiable Electronic This is for purpose of fraud prevention. The invoice itself with be paid through Oracle. Sometimes the
invoice includes patient name.
Specific software solution Password protected network
drive/system
Password protected files Less than 5 When required Invoice payment Encrypted secure email
service
Password protected Within UK 3 2 6 Separate letter requests for funding if routine systems were
unavailable. All commissioned providers expected to have
business continuity plans to cover system failure
(e) Performance of a task in the public
interest or the exercise of official
authority
(c) Legal Duty What legal statute under common
law confidentiality is relied upon?
IC16 Integrated
Commissioning
CCG/BCC Integrated
Commissioning Team
Out-flow Providers / other agencies
involved in care delivery / BCC
Invoices for agreed placements Personal data None - Identifiable Electronic This is for purpose of fraud prevention. Specific software solution Password protected network
drive/system
Password protected files Less than 5 When required Invoice payment Encrypted secure email
service
Password protected Within UK 3 2 6 Separate letter requests for funding if routine systems were
unavailable. All commissioned providers expected to have
business continuity plans to cover system failure
(e) Performance of a task in the public
interest or the exercise of official
authority
(c) Legal Duty What legal statute under common
law confidentiality is relied upon?
IC17 Integrated
Commissioning
Providers (e.g. South
London and Maudsley NHS
trust)
In-flow CCG/BCC Integrated
Commissioning Team
Care Programme Approach (CPA) -
records of discussions in relation to
treatment packages
Personal data None - Identifiable Electronic provider may send: (1) a report to show patient progress against the package funded by the CCG (2)
requests for one to one care with request for CCG to fund
Non-NHS storage solution Restricted Access Folder Less than 5 When required Package evaluation Non-secure email Not applicable - must add comment We have little control when providers don’t use secure
means to send this data
Within UK 4 2 8 Funding requests likely to be re-submitted by providers by post
if not electronically
IC18 Integrated
Commissioning
Providers In-flow BCC Integrated
Commissioning Team
Invoices for out of county Looked
After Children assessments
Personal data None - Identifiable Electronic Stored on Oracle as the finance system Specific software solution Password protected network
drive/system
Less than 5 When required payment for out of area Looked
After Children assessments
Within software solution Password protected Within UK 3 1 3 (c) Controller has a legal obligation (f) Legal claims, (c) Legal Duty n/a statutory guidance statutory guidance statutory guidance
PM01 PMO SCWCSU (originating from
NHS Digital)
In-flow CCG staff (named Intelligence
Point users plus to all staff
through shared folder access)
Care Homes Report (through
Intelligence Point)
Personal data Pseudonymised Electronic Specific software solution Password protected network
drive/system
Intelligence Point 1001 plus Monthly Within software solution Password protected Within UK 2 2 4
PM02 PMO SCWCSU (originating from
NHS Digital)
In-flow CCG staff (named Intelligence
Point users plus to all staff
through shared folder access)
Urgent Care Dashboard (through
Intelligence Point)
Personal data Pseudonymised Electronic Specific software solution Password protected network
drive/system
Intelligence Point 1001 plus Monthly Within software solution Password protected Within UK 2 2 4
PM03 PMO SCWCSU (originating from
NHS Digital)
In-flow CCG staff (named Intelligence
Point users plus to all staff
through shared folder access)
Paediatric Dashboard (through
Intelligence Point)
Personal data Pseudonymised Electronic Specific software solution Password protected network
drive/system
Intelligence Point 1001 plus Monthly Within software solution Password protected Within UK 2 2 4
PM04 PMO SCWCSU (originating from
NHS Digital)
In-flow CCG staff (named Intelligence
Point users plus to all staff
through shared folder access)
Over 75 Admissions Report (through
Intelligence Point)
Personal data Pseudonymised Electronic Specific software solution Password protected network
drive/system
Intelligence Point 1001 plus Monthly Within software solution Password protected Within UK 2 2 4
PM05 PMO SCWCSU (originating from
NHS Digital)
In-flow CCG staff (named Intelligence
Point users plus to all staff
through shared folder access)
Falls Age 65+ vs Bucks Reg Pop
(through Intelligence Point)
Personal data Pseudonymised Electronic Specific software solution Password protected network
drive/system
Intelligence Point 1001 plus Monthly Within software solution Password protected Within UK 2 2 4
PM06 PMO SCWCSU (originating from
NHS Digital)
In-flow CCG staff (named Intelligence
Point users plus to all staff
through shared folder access)
QIPP Monthly Report (through
Intelligence Point)
Personal data Pseudonymised Electronic Specific software solution Password protected network
drive/system
Intelligence Point 1001 plus Monthly Within software solution Password protected Within UK 2 2 4
PM07 PMO SCWCSU (originating from
NHS Digital)
In-flow CCG staff (named Intelligence
Point users plus to all staff
through shared folder access)
Excess Bed Days report (through Intelligence Point)Personal data Pseudonymised Electronic Specific software solution Password protected network
drive/system
Intelligence Point 1001 plus Monthly Within software solution Password protected Within UK 2 2 4
PM08 PMO SCWCSU (originating from
NHS Digital)
In-flow CCG staff (named Intelligence
Point users plus to all staff
through shared folder access)
End of Life Report (through
Intelligence Point)
Personal data Pseudonymised Electronic Specific software solution Password protected network
drive/system
Intelligence Point 101 to 1000 Monthly Within software solution Password protected Within UK 2 2 4
PM09 PMO SCWCSU (originating from
NHS Digital)
In-flow CCG staff (named Intelligence
Point users plus to all staff
through shared folder access)
ICS Dashboard Bucks CCG level
(through Intelligence Point)
Personal data Pseudonymised Electronic Specific software solution Password protected network
drive/system
Intelligence Point 1001 plus Monthly Within software solution Password protected Within UK 2 2 4
PM10 PMO SCWCSU (originating from
NHS Digital)
In-flow CCG staff (named Intelligence
Point users plus to all staff
through shared folder access)
ICS Dashboard for Each Locality (7
reporst one for each locality) (through
Intelligence Point)
Personal data Pseudonymised Electronic Specific software solution Password protected network
drive/system
Intelligence Point 1001 plus Monthly Within software solution Password protected Within UK 2 2 4
PM11 PMO SCWCSU (originating from
NHS Digital)
In-flow CCG staff (named Intelligence
Point users plus to all staff
through shared folder access)
GP Referrals Dashboard (through
Intelligence Point)
Personal data Pseudonymised Electronic SLAM/Referral files Specific software solution Password protected network
drive/system
Intelligence Point 1001 plus Monthly Within software solution Password protected Within UK 2 2 4
PM12 PMO SCWCSU (SUS originating
from NHS Digital, primary
care data originating from
pratices as data controllers
via SCWCSU)
In-flow CCG staff (named users of IPA
tool only)
Risk stratification and population
health management
Personal data Anonymous Electronic Specific software solution Password protected Insight Population Analytics
(commissioned by CCG)
1001 plus Monthly Population Health management Within software solution Password protected Within UK (Bristol) 3 2 6
PM13 PMO CCG staff Out-flow Buckinghamshire County
Council (specifically approved
by the CCG SIRO)
Risk stratification and population
health management
Personal data Anonymous Electronic Specific software solution Password protected Insight Population Analytics
(commissioned by CCG)
1001 plus Monthly Population Health management Within software solution Password protected Within UK (Bristol) 3 2 6 Wayne Thompson has a confidentiality
agreement [G:\AVCCG CCCG
SCWCSU\Statutory Documents\Information
Governance\Data Protection Toolkit 18-
19\Population Health Management] "Wayne
Thompson 8 June 2017"PM14 PMO CCG staff (BCC staff on
honorary contracts)
Out-flow GP Member practices
plus:
Various audiences:
PHM delivery board
Locality Clincians and localities
(through profiles)
Commissioners
Providers
Risk stratification and population
health management: Statistical graphs
from the above data sets
Personal data Anonymous Electronic Specific software solution Password protected Insight Population Analytics
(commissioned by CCG)
1001 plus Monthly Population Health management Within software solution Password protected Within UK (Bristol) 2 2 4 Shakiba Habibula and Tiffany have honorary
CCG Contracts [G:\AVCCG CCCG
SCWCSU\Statutory Documents\Information
Governance\Data Protection Toolkit 18-
19\Population Health Management\Honorary
Contract] "Dr Shakiba Habibula Honorary
Contract (signed)" "Honorary Contract Dr T
Burch"
PM15 PMO SCWCSU (including
DSCRO) on behalf of CCG
Out-flow Any named provider asked to
analyse (but not process) a
dataset sourced from SUS,
HES, or any other
commissioning data set at
patient level e.g. Sollis,
Catapult, Cap Gemini, PWC
Commissioning Data Set analysis (no
further processing), such as:
1. Localities profiles
2. Cancer activity
3. Population Health Management
Personal data Pseudonymised Electronic NHS shared drive None None 101 to 1000 Bi-monthly NHSmail to NHSmail NHSmail [secure] encryption Data Levels
(1 Record level (identifiable)
(2) Record level (Pseudonymised)
(3) Aggregated (low number supressed)
(4) Anonymised
Note: Under new GDPR/Data Security and Protection
Toolkit requirements, only anonymised flows do not
require DPIA, Information Sharing Agreement (Tier 2)
and Data flow mapping entry. All other flows require this
detail completing unless there is exemption (point 1
above)
Data Sets Utilised
COMMISSIONING DATA SETS NATIONAL FLOWS
(1) SUS (Invoice Validation and Risk Stratification)
(Commissioning)
(2) Local Provider Data
(3) Ambulance Local Provider Data
(4) Community Local Provider Data
(5) Mental Health Local Provider Data
(6) Population Data Local Provider Data
(7) Mental Health Services Data Set
(8) Improving Access to Psychological Therapies
(2016/2017)
(9) Maternity Services
(10) Mental Health Learning Disability Data Set
(11) Children and Young People’s Health
(12) Diagnostic Imaging Dataset
Will vary according to company
asked to analyse data
3 2 6 Not obvious that there is personal data in the files. We have
hisotrically used a template which requiries patient numbers, but
this template can be amended
(b) Performance of a contract to which
a Data Subject is party to
(h) Medical and Health diagnosis, treatment or
management of health or social care systems
and services
(a) Consent (implied, explicit,
informed)
DT05 Digital SCWCSU (originating from
NHS Digital)
In-flow CCG and GP Staff Insight Population Analytics (IPA) Electronic Secured by supplier in UK 2 0 (c) Controller has a legal obligation (h) Medical and Health diagnosis, treatment or
management of health or social care systems
and services
(c) Legal Duty Specific Information Sharing
Agreement
DT06 Digital Member GP practices Out-flow SCWCSU (originating from
NHS Digital)
Insight Population Analytics (IPA) Electronic Secured by supplier in UK 2 0 (c) Controller has a legal obligation (h) Medical and Health diagnosis, treatment or
management of health or social care systems
and services
(c) Legal Duty Specific Information Sharing
Agreement
DT07 Digital In-flow Sharon Hanley Looking at connections looking at a
live patient for graphnet ask NHS
2 (c) Controller has a legal obligation (h) Medical and Health diagnosis, treatment or
management of health or social care systems
and servicesDT01 Digital Graphnet / System C (as
LHCRE provider)
In-flow CCG staff Local Health and Care Record
Exemplar (LCHRE)
Personal data None - Identifiable Electronic Microsoft Azure UK (Public Cloud) Cloud storage Password protected network
drive/system
When required Direct care Within software solution Encrypted (approved) transfer is API (typically Health Level 7 - HL7) Data is in Azure UK. Data
Processor is UK based
4 1 4 RTO / RPO in contract (c) Controller has a legal obligation (h) Medical and Health diagnosis, treatment or
management of health or social care systems
and services
(c) Legal Duty TBD TBD TBD TBD
DT02 Digital SCWCSU (originating from
NHS Digital)
Out-flow CCG staff Local Health and Care Record
Exemplar (LCHRE)
Personal data Pseudonymised Electronic Microsoft Azure UK (Public Cloud) Cloud storage Password protected network
drive/system
When required Direct care Within software solution Encrypted (approved) transfer is API (typically Health Level 7 - HL7) Data is in Azure UK. Data
Processor is UK based
4 1 4 RTO / RPO in contract (c) Controller has a legal obligation (h) Medical and Health diagnosis, treatment or
management of health or social care systems
and services
(c) Legal Duty BOB STP Framework, Tier 1 and
Tier 2
TBD TBD TBD
QS01 Quality and
Safeguarding
Relevant provider
Buckinghamshire Healthcare
NHS Trust
Frimley Health NHS Trust
Any other provider relevant
to Buckinghamshire patients
In-flow CCG MRSA bacteraemias Personal data None - Identifiable Electronic NHS shared drive Restricted Access Folder Only quality team can access
restricted folder
1001 plus When required Need to contact relevant
providers to identify any
learning as a result of post
infection reviews
NHSmail to NHSmail NHS Secure file transfer within UK 4 1 4 (e) Performance of a task in the public
interest or the exercise of official
authority
(h) Medical and Health diagnosis, treatment or
management of health or social care systems
and services
(b) Public Interest Required to do this by NHSI As above As above As above
QS02 Quality and
Safeguarding
Infection Prevention &
Control Lead Nurse
Out-flow GP, care home, acute trust
(Buckinghamshire Healthcare
NHS Trust
Frimley Health NHS Trust
Any other provider relevant to
Buckinghamshire patients)
MRSA bacteraemias Personal data None - Identifiable Electronic NHS shared drive Restricted Access Folder only quality team can access
restricted folder
21 to 100 When required Need to contact relevent
providers to identify any
learning as a result of post
infection reviews
NHSmail to NHSmail NHS Secure file transfer within UK 4 1 4 (e) Performance of a task in the public
interest or the exercise of official
authority
(h) Medical and Health diagnosis, treatment or
management of health or social care systems
and services
(b) Public Interest Required to do this by NHSI -see
guidance link in next column
National requirement from NHSI -
https://improvement.nhs.uk/documents/2512/MR
SA_post_infection_review_2018_changes.pdf
National requirement from NHSI -
https://improvement.nhs.uk/documents/2512/MR
SA_post_infection_review_2018_changes.pdf
National requirement from NHSI -
https://improvement.nhs.uk/documents/2512/MR
SA_post_infection_review_2018_changes.pdf
QS03 Quality and
Safeguarding
Relevant provider:
Buckinghamshire Healthcare
NHS Trust
Frimley Health NHS Trust
Any other provider relevant
to Buckinghamshire patients
In-flow CCG Cdifficile incidents Personal data None - Identifiable Electronic NHS shared drive Restricted Access Folder Only quality team can access
restricted folder
101 to 1000 Weekly Need to contact relevent
providers to identify any
learning as a result of post
infection reviews
NHSmail to NHSmail NHS Secure file transfer There may be occassional paper returns by post Within UK 4 1 4 (e) Performance of a task in the public
interest or the exercise of official
authority
(h) Medical and Health diagnosis, treatment or
management of health or social care systems
and services
(b) Public Interest Required to do this by NHSI As above As above As above
QS04 Quality and
Safeguarding
Infection Prevention &
Control Lead Nurse
Out-flow GP, care home, acute trust
(Buckinghamshire Healthcare
NHS Trust
Frimley Health NHS Trust
Any other provider relevant to
Buckinghamshire patients)
Cdifficile incidents Personal data None - Identifiable Electronic NHS shared drive Restricted Access Folder only quality team can access
restricted folder
1001 plus Weekly Need to contact relevent
providers to identify any
learning as a result of post
infection reviews
NHSmail to NHSmail NHS Secure file transfer Within UK 4 1 4 (e) Performance of a task in the public
interest or the exercise of official
authority
(h) Medical and Health diagnosis, treatment or
management of health or social care systems
and services
(b) Public Interest Required to do this by NHSI -see
guidance link in next column
Cdifficile objective, requirement from NHSI - we
also have to adjudicate on whether acute trust
cases to determineif penalties are to be applied
https://improvement.nhs.uk/documents/808/CDI
_objectives_18_19_FINAL_Oct2018.pdf
Cdifficile objective, requirement from NHSI - we
also have to adjudicate on whether acute trust
cases to determineif penalties are to be applied
https://improvement.nhs.uk/documents/808/CDI
_objectives_18_19_FINAL_Oct2018.pdf
Cdifficile objective, requirement from NHSI - we
also have to adjudicate on whether acute trust
cases to determineif penalties are to be applied
https://improvement.nhs.uk/documents/808/CDI
_objectives_18_19_FINAL_Oct2018.pdf
QS05 Quality and
Safeguarding
Relevant provider In-flow CCG Gram-negative bloodstream infections
(GNBSI) - aka e.coli
Personal data None - Identifiable Electronic NHS shared drive Restricted Access Folder Only quality team can access
restricted folder
21 to 100 Monthly Not all cases will be followed
up, limited cohort
NHSmail to NHSmail NHS Secure file transfer Within UK 4 1 4 (e) Performance of a task in the public
interest or the exercise of official
authority
(h) Medical and Health diagnosis, treatment or
management of health or social care systems
and services
(b) Public Interest required to do this by NHSI As above As above As above
QS06 Quality and
Safeguarding
Infection Prevention &
Control Lead Nurse
Out-flow GP, care home, acute trust Gram-negative bloodstream infections
(GNBSI) - aka e.coli
Personal data None - Identifiable Electronic NHS shared drive Restricted Access Folder Only quality team can access
restricted folder
101 to 1000 Monthly NHSE requirement to folow up
cases and identify learning and
part of the Quality Premium
NHSmail to NHSmail NHS Secure file transfer within UK 4 1 4 (e) Performance of a task in the public
interest or the exercise of official
authority
(h) Medical and Health diagnosis, treatment or
management of health or social care systems
and services
(b) Public Interest Required to do this by NHSI -see
guidance link in next column
Requirement from NHSI
https://www.england.nhs.uk/wp-
content/uploads/2018/04/annx-b-quality-
premium-april-18.pdf
Requirement from NHSI
https://www.england.nhs.uk/wp-
content/uploads/2018/04/annx-b-quality-
premium-april-18.pdf
Requirement from NHSI
https://www.england.nhs.uk/wp-
content/uploads/2018/04/annx-b-quality-
premium-april-18.pdfQS07 Quality and
Safeguarding
Public Health England In-flow CCG Other (e.g. escalations of complex
cases)
Personal data None - Identifiable Electronic NHS shared drive Restricted Access Folder Only quality team can access
restricted folder
Less than 6 When required There can be occasional cases
where patient is dicussed and
needs to be identified. PHE
lead on this and only provide
PII where necessary - in most
cases the processis carried out
on an anonymised basis
Encrypted secure email
service
Encrypted (approved) This always comes from PHE they are not on NNHS mail
but I know their email is secure
Within UK 4 1 4 (e) Performance of a task in the public
interest or the exercise of official
authority
(i) Public health, (b) Public Interest Required to be involved with this for
public health reasons and protection
of patients health
Public health legislation might cover some of this Public health legislation might cover some of this Public health legislation might cover some of this
QS08 Quality and
Safeguarding
Public Health England In-flow Infection Control Lead Nurse HCAI DCS (Data Capture System): all
healthcare acquired infections
Personal data None - Identifiable Electronic NHS shared drive Restricted Access Folder Only quality team can access
restricted folder
21 to 100 Weekly To monitor cases, for liaison
and advice to professionals
caring for pt, to identify
learning and trends for
prevention of disease in future
SFTP NHS Secure file transfer Access to system is also password protected Within UK 4 1 4 (e) Performance of a task in the public
interest or the exercise of official
authority
(h) Medical and Health diagnosis, treatment or
management of health or social care systems
and services
(b) Public Interest For column Z you could also choose
public health becuase it is about
preventing infections in other people
as well
QS09 Quality and
Safeguarding
Nurses /GPs in GP
practices/care homes to
prompt case investigation
(e.g. community acquired C
Diff)
In-flow Infection Control Lead HCAI DCS (Data Capture System): all
healthcare acquired infections; Case
review information; used in discussion
of health economy wide C difficile
cases at Buckinghamshire Infection
Control Committee, prompted by data
held on HCAI DCS (Data Capture
System)
Personal data None - Identifiable Electronic NHS shared drive Restricted Access Folder Only quality team can access
restricted folder
Less than 6 Weekly To monitor cases, for liaison
and advice to professionals
caring for pt, to identify
learning and trends for
prevention of disease in future
SFTP NHS Secure file transfer Access to system is also password protected Within UK 4 1 4 (e) Performance of a task in the public
interest or the exercise of official
authority
(h) Medical and Health diagnosis, treatment or
management of health or social care systems
and services
(b) Public Interest For column Z you could also choose
public health becuase it is about
preventing infections in other people
as well
QS10 Quality and
Safeguarding
Infection Prevention &
Control Lead Nurse
Out-flow PHE, GP, care home, acute
trust
other Personal data None - Identifiable Electronic NHS shared drive Restricted Access Folder Only quality team can access
restricted folder
1001 plus When required As above but very rare that we
would need to send data out -
more likely that we will be
receiving
NHSmail to NHSmail NHS Secure file transfer Within UK 3 3 9 (e) Performance of a task in the public
interest or the exercise of official
authority
(i) Public health, (b) Public Interest Required to be involved with this for
public health reasons and protection
of patients health
Public health legislation might cover some of this Public health legislation might cover some of this Public health legislation might cover some of this
QS11BOTH Quality and
Safeguarding
University of Bristol In-flow CCG Quality Team LEDR programme. LEDR database
and secure local folders access
restricted
Personal data None - Identifiable Electronic NHS shared drive Restricted Access Folder Only quality team can access
restricted folder
6 to 20 When required Cases managed through ECDOP system if under 18. 3 3 9 (e) Performance of a task in the public
interest or the exercise of official
authority
(i) Public health, (b) Public Interest Required to be involved with this for
public health reasons and protection
of patients health
Public health legislation might cover some of this Public health legislation might cover some of this Public health legislation might cover some of this
QS12BOTH Quality and
Safeguarding
CCG Quality Team Out-flow University of Bristol LEDR programme. LEDR database
and secure local folders access
restricted
Personal data None - Identifiable Electronic NHS shared drive Restricted Access Folder Only quality team can access
restricted folder
101 to 1000 When required Cases managed through ECDOP system if under 18. 3 3 9 (e) Performance of a task in the public
interest or the exercise of official
authority
(i) Public health, (b) Public Interest Required to be involved with this for
public health reasons and protection
of patients health
Public health legislation might cover some of this Public health legislation might cover some of this Public health legislation might cover some of this
QS13BOTH Quality and
Safeguarding
Local Authority solicitors etc In-flow Safeguarding Leads Court of Protection judgements
(judicial deprivation of liberty
safeguards)
Personal data None - Identifiable Electronic NHSMail None To be transferred to restricted
safeguarding folder
Less than 6 When required Court of protection judgements:
for information only as we
commission the CHC team to
ensure CHC team is acting
upon actions specified
Royal Mail (special or
registered post)
Royal Mail (special or registered
post)
Within UK 5 4 20 We wont know if we were not in receipt, so there is no further
mitigations we can apply.
(e) Performance of a task in the public
interest or the exercise of official
authority
(i) Public health, (b) Public Interest Required to be involved with this for
public health reasons and protection
of patients health
Public health legislation might cover some of this Public health legislation might cover some of this Public health legislation might cover some of this
QS14BOTH Quality and
Safeguarding
Providers / other agencies
involved in the complex case
In-flow Safeguarding Leads Escalations of complex cases (Adults
and Children) e.g. child sexual
exploitation cases, FGM cases,
modern slavery, trafficking
Personal data None - Identifiable Electronic information received on a case by case basis NHS shared drive Restricted Access Folder Less than 6 When required responding to queries NHSmail to NHSmail NHS Secure file transfer Within UK 3 1 3 (c) Controller has a legal obligation (h) Medical and Health diagnosis, treatment or
management of health or social care systems
and services
(c) Legal Duty n/a
QS15BOTH Quality and
Safeguarding
Thames Valley Police In-flow Safeguarding Leads Domestic Homicide Reviews (always
adults, sometimes children)
Personal data None - Identifiable Electronic NHSMail Password protected files 1001 plus When required Management of reviews NHSmail to NHSmail NHSmail [secure] encryption Within UK 4 2 8 The initial request from domsetic homicode department comes
to LA, who request to partners to join the review. LA would
escalate to CCG Accountable Officer if there is a breakdown in
communication
The review will follow the Statutory Guidance for
Domestic Homicide Reviews under the Domestic
Violence, Crime and Victims Act 2004 which
came into force on 13th April 2011 and was
revised for all notifications from 1 August 2013
and further revised in December 2016.
QS16BOTH Quality and
Safeguarding
Home Office/Joint Terrorism
Analysis Centre (JTAC)
In-flow Safeguarding Leads Prevent and modern slavery related
data (both)
Special
Categories of
personal data
None - Identifiable Electronic Informationtion from Home Office/JTAC about security threats NHSMail Password protected network
drive/system
Less than 6 When required Management of local security
threats
NHSmail to NHSmail NHSmail [secure] encryption Within UK 5 4 20 Counter-Terrorism Local Profile lead would always be default for
contact from Joint Terrorism Action Committee (JTAC)
QS17BOTH Quality and
Safeguarding
Safeguarding Leads Out-flow Providers / other agencies
involved in the complex case
Escalations of complex cases (Adults
and Children) e.g. child sexual
exploitation cases, FGM cases,
modern slavery, trafficking
Personal data None - Identifiable Electronic information received on a case by case basis NHSMail Restricted Access Folder Less than 5 When required responding to queries NHSmail to NHSmail NHS Secure file transfer Within UK 3 1 3 (c) Controller has a legal obligation (h) Medical and Health diagnosis, treatment or
management of health or social care systems
and services
(c) Legal Duty n/a
QS18CH Quality and
Safeguarding
Buckinghamshire County
Council e.g. social worker
In-flow Safeguarding Leads Serious Case Reviews (via
Safeguarding Children Sub-Group or
Child Death Overview Panel)
Personal data None - Identifiable Electronic serious case reviews are anonymised before the report is published NHS shared drive Restricted Access Folder Less than 5 When required statutory requirement NHSmail to NHSmail Password protected Cases managed through ECDOP system if under 18. Within UK 2 1 2 (c) Controller has a legal obligation (c) Vital interests, (c) Legal Duty n/a legislation required legislation required legislation required
QS19CH Quality and
Safeguarding
Buckinghamshire County
Council e.g. social worker
In-flow Safeguarding Lead Children,
BCC Integrated
Commissioning Team
Looked After Children including health
assessments and related invoices
Personal data None - Identifiable Electronic information also received via post NHS shared drive Restricted Access Folder Restricted Access folders are
both in CCG and BCC
Less than 5 When required statutory guidance dictates
CCG requires the information
NHSmail to NHSmail NHSmail [secure] encryption Also stored on county council N drive Within UK 3 1 3 (c) Controller has a legal obligation (f) Legal claims, (c) Legal Duty n/a statutory guidance statutory guidance statutory guidance
QS20CH Quality and
Safeguarding
Home Office and District
Councils
In-flow Designated Nurse
Safeguarding Children and
Looked After Children
Refugee Resettlement Personal data None - Identifiable Electronic We house refugees from Syria mainly NHS shared drive Restricted Access Folder Less than 5 When required NHSmail to NHSmail NHSmail [secure] encryption Within UK 3 1 3 (c) Controller has a legal obligation (f) Legal claims, (c) Legal Duty n/a statutory guidance statutory guidance statutory guidance
QS21SA Quality and
Safeguarding
Buckinghamshire County
Council e.g. social worker
In-flow Safeguarding Adult Lead Safeguarding Adult Reviews (via
Safeguarding Adult Review sub-group)
Personal data None - Identifiable Electronic safeguarding adult reviews are anonymised before the report is published NHS shared drive Restricted Access Folder Less than 5 When required statutory requirement (through
secure messaging system
Egress Switch)
Within software solution Password protected Within UK 2 1 2 (c) Controller has a legal obligation (c) Vital interests, (c) Legal Duty n/a legislation required legislation required legislation required
QS22 Quality and
Safeguarding
SCWCSU In-flow CCG Quality Team Complaints/Patient Queries. Could
also include primary care disputes.
Personal data None - Identifiable Electronic SCWCSU route complaint responses to patients NHSMail Password protected network
drive/system
0 to 4 Daily Complaints Process NHSmail to NHSmail NHSmail [secure] encryption Within UK 0
QS23 Quality and
Safeguarding
CCG Quality Team Out-flow SCWCSU Complaints/Patient Queries. Could
also include primary care disputes.
Personal data None - Identifiable Electronic SCWCSU route complaint responses to patients NHSMail Password protected network
drive/system
0 to 4 Daily Complaints Process NHSmail to NHSmail NHSmail [secure] encryption Within UK 0
QS24 Quality and
Safeguarding
CCG member GP practices In-flow CCG Quality Team Clinical Concerns Personal data None - Identifiable Electronic Adhoc soft intelligence on quality and performance issues with commissioned providers experienced
in primary care
NHS shared drive Restricted Access Folder 5 to 50 Monthly Queries from GPs Post NHSmail [secure] encryption Within UK 0
QS25 Quality and
Safeguarding
CCG Quality Team Out-flow CCG member GP practices Clinical Concerns Personal data None - Identifiable Electronic Adhoc soft intelligence on quality and performance issues with commissioned providers experienced
in primary care
NHS shared drive Restricted Access Folder 5 to 50 Monthly Answer GP query email within NHS NHSmail [secure] encryption Within UK 0
QS26 Quality and
Safeguarding
Serious Incident to the
Strategic Executive
Information System (StEIS)
In-flow CCG Quality Team Serious incident management Personal data None - Identifiable Electronic Date of birth and gender Specific software solution Password protected network
drive/system
Less than 5 When required serious incident management -
investigation and learning
NHSmail to NHSmail NHSmail [secure] encryption Within UK
QS27 Quality and
Safeguarding
CCG Quality Team Out-flow Serious Incident to the
Strategic Executive Information
System (StEIS)
Serious incident management Personal data None - Identifiable Electronic Date of birth and gender. Specific software solution Password protected network
drive/system
Less than 5 When required serious incident management -
investigation and learning
NHSmail to NHSmail NHSmail [secure] encryption Within UK
QS28 Quality and
Safeguarding
Buckinghamshire County
Council e.g. social worker
In-flow Safeguarding Adults Lead safeguarding alerts Personal data None - Identifiable Electronic The types of a safeguarding alert are potentially numerous and not necessarily easy to categorise. A
safeguarding alert is generally defined as information which indicates a risk to an individual or group.
NHS shared drive Restricted Access Folder 0 to 4 Daily To allow investigation System outside NHS Encrypted (approved) This flow involves the use of GCSX secure email address
at BCC
Within UK 0
QS29 Quality and
Safeguarding
Safeguarding Adults Lead Out-flow Buckinghamshire County
Council e.g. social worker
safeguarding alerts Personal data None - Identifiable Electronic The types of a safeguarding alert are potentially numerous and not necessarily easy to categorise. A
safeguarding alert is generally defined as information which indicates a risk to an individual or group.
NHS shared drive Restricted Access Folder 0 to 4 Daily To allow investigation System outside NHS Encrypted (approved) This flow involves the use of GCSX secure email address
at BCC
Within UK 0
QS30 Quality and
Safeguarding
NHS England In-flow CCG Primary Care Team GMC Notifications / NHS England
Performance Advistory Group
Personal data None - Identifiable Electronic GMC Number/name NHS shared drive Restricted Access Folder Less than 5 When required Primary Care Commissioning NHSmail to NHSmail NHSmail [secure] encryption Within UK 0
QS31 Quality and
Safeguarding
CCG Primary Care Team
(Local Area Designated
Officer)
Out-flow NHS England GMC Notifications / NHS England
Performance Advistory Group
Personal data None - Identifiable Electronic Name of individual (e.g. GP/practice nurse) and pracrice they work for - we have a concern with a
request to review
NHS shared drive Restricted Access Folder Less than 5 When required Primary Care Commissioning NHSmail to NHSmail NHSmail [secure] encryption Within UK 0
QS32 Quality and
Safeguarding
CCG staff In-flow CCG Freedom to Speak Up
Guardians
Staff information associated with
whistleblowing concerns/investigations
Personal data None - Identifiable Electronic Name of individual (e.g. GP/practice nurse) and pracrice they work for - we have a concern with a
request to review
NHS shared drive Restricted Access Folder Less than 5 When required Primary Care Commissioning NHSmail to NHSmail NHSmail [secure] encryption Within UK 0
SOURCES: COMMISSIONING DATA SETS:
SUS (Commissioning)
Local Provider Data
Ambulance Local Provider Data
Community Local Provider Data
Mental Health Local Provider Data
Population Data Local Provider Data
Mental Health Services Data Set
Improving Access to Psychological Therapies (2016/2017)
Maternity Services
Mental Health Learning Disability Data Set
Children and Young People’s Health
Diagnostic Imaging Dataset
These flows are the outputs of the DARS agreement signed
between CCG and NHS Digital to describe processing
arrangements for SUS and Commissioning Data Set sources.
SUS data source (from NHS Digital) And Primary Care (from member GP practices as data
controllers)
Strictly speaking this is not an outflow from CCG to BCC or practices, but as the CCG commissions
the tool for transfer of the data (i.e.IPA) it is then described as a CCG outflow. As a CCG, there are
DSA's in place between CCG and practices for sanction of flow of PC data for risk stratification
purposes, DARS agreement with NHS Digital that sdactions flow of identifable SUS data for risk
stratification, and DPA with CCG to approve SCWCSU to act as data processor on CCG behalf.
Use separate or manual data extraction mechanisms, manually
develop required analysis and reporting to maintain current
operational level
Page 2 13/06/2019
Data Flow Mapping NHS South, Central and West CSU
NHS BUCKINGHAMSHIRE CLINICAL COMMISSIONING GROUP
Data Flow Mapping; NHS Data Security and Protection Toolkit 2018-19
Last Updated:
BCCG Contact:
Email:
26.04.19
01494 586771
Telephone:
Who
Russell Carpenter, Data Protection Officer
Where WhenWhat How Additional InformationLegal Basis of Data FlowQS33 Quality and
Safeguarding
CCG Freedom to Speak Up
Guardians
Out-flow CCG staff Staff information associated with
whistleblowing concerns/investigations
Personal data None - Identifiable Electronic NHS shared drive Restricted Access Folder Less than 5 When required Primary Care Commissioning NHSmail to NHSmail NHSmail [secure] encryption Within UK 0
QS34 Quality and
Safeguarding
Member GP practices In-flow CCG staff Patient records to facilitate reviews
arising as recommendation from
Mazars report (Independent review of
deaths of people with a Learning
Disability or Mental Health problem in
contact with Southern Health NHS
Foundation
Trust April 2011 to March 2015)
Personal data None - Identifiable Electronic NHS shared drive Restricted Access Folder Less than 5 When required Primary Care Commissioning NHSmail to NHSmail NHSmail [secure] encryption Within UK 0
RC01 Right Care/Planned
Care
CCG member GP practices In-flow CCG Right Care Team/Head of
Planned Care and occasionally
named GP for portfolio
Patient name, DOB and NHS number
with description of symptoms and
pathway experience. Usually relates to
complaint or concern that GP has
raised. Not saved. Usually attachment.
Personal data None - Identifiable Electronic Usually related to a pathway issue - liaise with relevant provider to escalate - they always ask for NHS
number. Practices still vary in utilisation of clinical concerns process which has appropriate IG
safeguards in place (QS24-25)
NHSMail None Information is removed; there may
be a need to send to PALS for
hold archive, after which
delegated from NHS Mail at CCG
end.
Less than 5 When required Pathway troubleshooting NHSmail to NHSmail NHSmail [secure] encryption Within UK
RC02 Right Care/Planned
Care
CCG Right Care Team/Head
of Planned Care
Out-flow SCWCSU patient advice and
liaison service/complaints team
Patient name, DOB and NHS number
with description of symptoms and
pathway experience. Usually relates to
complaint or concern that GP has
raised. Not saved. Usually attachment.
Personal data None - Identifiable Electronic Usually related to a pathway issue - liaise with relevant provider to escalate - they always ask for NHS
number. Practices still vary in utilisation of clinical concerns process which has appropriate IG
safeguards in place (QS24-25)
NHSMail None Information is removed; there may
be a need to send to PALS for
hold archive, after which
delegated from NHS Mail at CCG
end.
Less than 5 When required Pathway troubleshooting NHSmail to NHSmail NHSmail [secure] encryption Within UK
RC03 Right Care/Planned
Care
Buckinghamshire Healthcare
NHS Trust
In-flow CCG Right Care Team/Head of
Planned Care and Associate
Director of Contracts
APMG papers: speciality performance
reporting RTT and cancer - initials
only. No corresponding out flow
Personal data None - Identifiable Electronic PAS number removed when asked for it to be taken out. NHSMail None Forwarded to clinical lead for
oversight of performance data.
Contains information for
performance reporting and
historically saved on shared
server G drive for archive should
there be future challenge as to
whether the CCG was aware of
issues the data raises
101 to 1000 Monthly Contract and performance
monitoring - meetings to
discuss the reporting are
arranged by the Trust to which
the CCG is invited
NHSmail to NHSmail NHSmail [secure] encryption Within UK None - Buckinghamshire Healthcare NHS Trust
is the data controller
None - Buckinghamshire Healthcare NHS Trust
is the data controller
MM01 Medicines Management CCG member GP practices In-flow CCG Medicines Management
Team
Blacklisted drugs; asking for
prescription exceptions and non-
formulary items
Personal data None - Identifiable Electronic All requests now being sent direct to the IFR team in SCWCSU by member practices; CCG
medicines management may be asked to confirm funding through cross check to Buckinghamshire
Formulary for individual IFR applications
NHSMail None 0 to 4 When required Management of funding
applications for formulary
drugs
NHSmail to NHSmail NHSmail [secure] encryption Within UK 1 1 1
MM02 Medicines Management CCG member GP practices In-flow CCG Medicines Management
Team
Blacklisted drugs; asking for
prescription exceptions and non-
formulary items
Personal data None - Identifiable Electronic All requests now being sent direct to the IFR team in SCWCSU by member practices; CCG
medicines management may be asked to confirm funding through cross check to Buckinghamshire
Formulary for individual IFR applications
NHSMail None 0 to 4 When required Management of funding
applications for formulary
drugs
NHSmail to NHSmail NHSmail [secure] encryption Within UK 1 1 1
MM03 Medicines Management Out of area providers In-flow CCG Medicines Management
Team - medicines optimisation
pharmacists and pharmacists
working in practices
Blueteq system; high cost drugs data
and patients prescribed these high
cost drugs
Personal data Pseudonymised Electronic May include letters from practices/consultants regarding individual patient Medicines Management -
to request prescribing advice for particular patients or request specific drug
Specific software solution Password protected network
drive/system
6 to 20 Daily Medicines optimisation Within software solution Not applicable - must add comment Within system only Within UK 4 2 8 Paper approval if system was unavailable
MM04 Medicines Management CCG member GP practices In-flow CCG Medicines Management
Care Homes Team
Medicines management information
from GPs; GP hardcopy patient
records
Special
Categories of
personal data
None - Identifiable Hard copy Medical histories, clinical conditions, blood tests Secure filing cabinet/room None 21 to 100 Daily Optimisation of medicines
management in care homes -
making sure Approproate time
and dose to ensure healthy
patients
Manually transferred Not applicable - must add comment Data is transcribed from original record on to a template.
Transported securely and stored in chiltern ccg or gp
practice with limited access. Secure transfer of personal
information procedures
Within UK 4 4 16 If this could be securely stored at care home, there would not
be a need for the CCG to take the data
MM05 Medicines Management CCG Medicines
Management Care Homes
Team
Out-flow CCG member GP practices Medicines management information
from GPs; GP hardcopy patient
records
Special
Categories of
personal data
None - Identifiable Hard copy Medical histories, clinical conditions, blood tests Secure filing cabinet/room None 21 to 100 Daily Optimisation of medicines
management in care homes -
making sure Approproate time
and dose to ensure healthy
patients
Manually transferred Not applicable - must add comment Data is transcribed from original record on to a template.
Transported securely and stored in chiltern ccg or gp
practice with limited access. Secure transfer of personal
information procedures
Within UK 4 4 16 If this could be securely stored at care home, there would not
be a need for the CCG to take the data
MM06 Medicines Management CCG member GP practices In-flow CCG Medicines Management
(all teams)
Email queries: Prescribed medicines,
new drug therapies
Personal data None - Identifiable Electronic Prescribed medicines, new drug therapies NHSMail Password protected network
drive/system
21 to 100 Daily Optimisation of medicines
management in care homes -
making sure Approproate time
and dose to ensure healthy
patients
Manually transferred Not applicable - must add comment Data is transcribed from original record on to a template.
Transported securely and stored in chiltern ccg or gp
practice with limited access. Secure transfer of personal
information procedures
Within UK 4 4 16 If this could be securely stored at care home, there would not
be a need for the CCG to take the data
MM07 Medicines Management CCG Medicines
Management Care Homes
Team
Out-flow CCG member GP practices) Email queries: Prescribed medicines,
new drug therapies
Personal data None - Identifiable Electronic Prescribed medicines, new drug therapies NHSMail Password protected network
drive/system
21 to 100 Daily Optimisation of medicines
management in care homes -
making sure Approproate time
and dose to ensure healthy
patients
Manually transferred Not applicable - must add comment Data is transcribed from original record on to a template.
Transported securely and stored in chiltern ccg or gp
practice with limited access. Secure transfer of personal
information procedures
Within UK 4 4 16 If this could be securely stored at care home, there would not
be a need for the CCG to take the data
MM08 Medicines Management Buckinghamshire Healthcare
NHS Trust (medicines for
older people division)
In-flow CCG Medicines Management
(all teams)
Email queries: Prescribed medicines,
new drug therapies
Special
Categories of
personal data
None - Identifiable Electronic Prescribed medicines, new drug therapies NHSMail Password protected network
drive/system
21 to 100 Daily Optimisation of medicines
management in care homes -
making sure Approproate time
and dose to ensure healthy
patients
Manually transferred Not applicable - must add comment Data is transcribed from original record on to a template.
Transported securely and stored in chiltern ccg or gp
practice with limited access. Secure transfer of personal
information procedures
Within UK 4 4 16 If this could be securely stored at care home, there would not
be a need for the CCG to take the data
MM9 Medicines Management CCG Medicines
Management Care Homes
Team
Out-flow Buckinghamshire Healthcare
NHS Trust (medicines for older
people division)
Email queries: Prescribed medicines,
new drug therapies
Special
Categories of
personal data
None - Identifiable Electronic Prescribed medicines, new drug therapies NHSMail Password protected network
drive/system
21 to 100 Daily Optimisation of medicines
management in care homes -
making sure Approproate time
and dose to ensure healthy
patients
Manually transferred Not applicable - must add comment Data is transcribed from original record on to a template.
Transported securely and stored in chiltern ccg or gp
practice with limited access. Secure transfer of personal
information procedures
Within UK 4 4 16 If this could be securely stored at care home, there would not
be a need for the CCG to take the data
MM10 Medicines Management Buckinghamshire Healthcare
NHS Trust geriatricians
In-flow CCG Medicines Management
Care Homes Team
Outcomes of clinical Multi-Disiplinary
Team medication reviews undertaken
by geriatricians with care homes
pharmacists
Special
Categories of
personal data
None - Identifiable Electronic Prescribed medicines, new drug therapies NHSMail Password protected network
drive/system
21 to 100 Daily Optimisation of medicines
management in care homes -
making sure Approproate time
and dose to ensure healthy
patients
Manually transferred Not applicable - must add comment Data is transcribed from original record on to a template.
Transported securely and stored in chiltern ccg or gp
practice with limited access. Secure transfer of personal
information procedures
Within UK 4 4 16 If this could be securely stored at care home, there would not
be a need for the CCG to take the data
MM11 Medicines Management CCG Medicines
Management Care Homes
Team
Out-flow Buckinghamshire Healthcare
NHS Trust geriatricians
Outcomes of clinical Multi-Disiplinary
Team medication reviews undertaken
by geriatricians with care homes
pharmacists
Special
Categories of
personal data
None - Identifiable Electronic Prescribed medicines, new drug therapies NHSMail Password protected network
drive/system
21 to 100 Daily Optimisation of medicines
management in care homes -
making sure Approproate time
and dose to ensure healthy
patients
Manually transferred Not applicable - must add comment Data is transcribed from original record on to a template.
Transported securely and stored in chiltern ccg or gp
practice with limited access. Secure transfer of personal
information procedures
Within UK 4 4 16 If this could be securely stored at care home, there would not
be a need for the CCG to take the data
MM12 Medicines Management CCG member GP practices In-flow CCG Medicines Management
Team practice pharmacists,
care homes pharmacists and
dieticians
Through access to EMIS through
username and password or smartcard
access, reviewing patients with
recommendations to GPs for final
decision. Sometimes practices will do
the searches and ask for comments.
Where relevant smart card used to
acccess through pharmacist position
permitted on the system and
authorised by practice as Data
Controller. Two DPIA's and Data
Sharing agreements - one for
pharmacists and one for care homes
team
Special
Categories of
personal data
None - Identifiable Electronic Through access to EMIS through username and password or smartcard access, reviewing patients
with recommendations to GPs for final decision on prescriptions/medication. Sometimes practices will
do the searches and ask for comments. Will include medical history. Where relevant smart card used
to acccess through pharmacist position permitted on the system and authorised by practice as Data
Controller.
Specific software solution Password protected network
drive/system
21 to 100 Daily Through access to EMIS
through username and
password or smartcard access,
reviewing patients with
recommendations to GPs for
final decision on
prescriptions/medication.
Sometimes practices will do the
searches and ask for
comments. Will include medical
history.
Within software solution Password protected Within UK 4 2 8 (d) To protect vital interests
MM13 Medicines Management CCG Medicines
Management Team practice
pharmacists, care homes
pharmacists and dieticians
Out-flow CCG member GP practices Through access to EMIS through
username and password or smartcard
access, reviewing patients with
recommendations to GPs for final
decision. Sometimes practices will do
the searches and ask for comments.
Where relevant smart card used to
acccess through pharmacist position
permitted on the system and
authorised by practice as Data
Controller.
Special
Categories of
personal data
None - Identifiable Electronic Through access to EMIS through username and password or smartcard access, reviewing patients
with recommendations to GPs for final decision on prescriptions/medication. Sometimes practices will
do the searches and ask for comments. Will include medical history. Where relevant smart card used
to acccess through pharmacist position permitted on the system and authorised by practice as Data
Controller.
Specific software solution Password protected network
drive/system
21 to 100 Daily Through access to EMIS
through username and
password or smartcard access,
reviewing patients with
recommendations to GPs for
final decision on
prescriptions/medication.
Sometimes practices will do the
searches and ask for
comments. Will include medical
history.
Within software solution Password protected This flow may need to be updated to include CareCentric
(a system used in care homes)
Within UK 4 2 8 (d) To protect vital interests
MM14 Medicines Management Care homes across the
county
In-flow CCG Medicines Management
Team practice pharmacists,
care homes pharmacists and
dieticians
A care home could refer a patient to
the CCG Medicines Management
Team for either medical or dietetic
advice
Special
Categories of
personal data
None - Identifiable Electronic Through access to EMIS through username and password or smartcard access, reviewing patients
with recommendations to GPs for final decision on prescriptions/medication. Sometimes practices will
do the searches and ask for comments. Will include medical history.
Specific software solution Password protected network
drive/system
21 to 100 Daily Through access to EMIS
through username and
password or smartcard access,
reviewing patients with
recommendations to GPs for
final decision on
prescriptions/medication.
Sometimes practices will do the
searches and ask for
comments. Will include medical
history.
Within software solution Password protected This flow may need to be updated to include Care Centric
(a system used in care homes)
Within UK 4 2 8 (d) To protect vital interests
MM15 Medicines Management CCG Medicines
Management Team practice
pharmacists, care homes
pharmacists and dieticians
Out-flow Care homes across the county A care home could refer a patient to
the CCG Medicines Management
Team for either medical or dietetic
advice
Special
Categories of
personal data
None - Identifiable Electronic Through access to EMIS through username and password or smartcard access, reviewing patients
with recommendations to GPs for final decision on prescriptions/medication. Sometimes practices will
do the searches and ask for comments. Will include medical history.
Specific software solution Password protected network
drive/system
21 to 100 Daily Through access to EMIS
through username and
password or smartcard access,
reviewing patients with
recommendations to GPs for
final decision on
prescriptions/medication.
Sometimes practices will do the
searches and ask for
comments. Will include medical
history.
Within software solution Password protected Within UK 4 2 8 (d) To protect vital interests
MM16 Medicines Management Buckinghamshire Healthcare
NHS Trust
In-flow CCG Medicines Management
Team
Insulin pump prior approval requests Personal data None - Identifiable electronic Only NHS Number - through Blueteq Specific software solution Password protected network
drive/system
Less than 5 When required Prior approval so that invoices
can be paid (undertaken by
SCWCSU)
Within software solution Password protected TBC 2 2 4 We would have to ask BHT to undertake this process on our
behalf
MM17 Medicines Management CCG Medicines
Management Team
Out-flow SCWCSU Finance Manager Insulin pump prior approval requests Personal data None - Identifiable electronic Only NHS Number - through Blueteq Specific software solution Password protected network
drive/system
Less than 5 When required Prior approval so that invoices
can be paid (undertaken by
SCWCSU)
Within software solution Password protected TBC 2 2 4 We would have to ask BHT to undertake this process on our
behalf
MM18 Medicines Management SCWCSU IFR Team In-flow CCG Medicines Management
Team
IFR funding requests Personal data None - Identifiable Electronic Software system similar to Blueteq Specific software solution Password protected network
drive/system
0 to 4 Daily Request funding review Post None None N/A 3 3 9
MM19 Medicines Management CCG Medicines
Management Team
Out-flow SCWCSU IFR Team IFR funding requests Personal data None - Identifiable Electronic Software system similar to Blueteq Specific software solution Password protected network
drive/system
0 to 4 Daily Info for panel member email within NHS NHSmail None N/A 3 3 9
MM20 Medicines Management SCWCSU IFR Team In-flow CCG IFR Triage and Case
Review Panels
IFR funding requests Personal data None - Identifiable Electronic Software system similar to Blueteq Specific software solution Password protected network
drive/system
Less than 5 When required Request funding review Post None None N/A 3 3 9
MM21 Medicines Management CCG IFR Triage and Case
Review Panels
Out-flow SCWCSU IFR Team IFR funding requests Personal data None - Identifiable Electronic Software system similar to Blueteq Specific software solution Password protected network
drive/system
Less than 5 When required Info for panel member email within NHS NHSmail None N/A 3 3 9
MM22 Medicines Management EPACT2 In-flow CCG Medicines Management
Team
Online application which gives
authorised users access to
prescription data.
Personal data Pseudonymised Electronic CCG filters data according to age and sex in terms of reviewing prescribing trends. Data is otherwise
lniked between practices on EMIS or other clinical systems to Prescription Pricing Authority
Specific software solution Password protected network
drive/system
1001 plus When required Identifying and analysing drug
spend across patient groups
for cost effectiveness
Within software solution Password protected None Within UK 5 2 10
MM23 Medicines Management EPACT2 Out-flow CCG Medicines Management
Team
Online application which gives
authorised users access to
prescription data.
Personal data Pseudonymised Electronic Specific software solution Password protected network
drive/system
1001 plus When required Identifying and analysing drug
spend across patient groups
for cost effectiveness
Within software solution Password protected None Within UK 5 2 10
CORP01 Corporate SCWCSU In-flow CCG - Deputy Chief Officer Freedom of Information Requests Other Anonymous Electronic 20 working day timescale for response NHS shared drive None none 0 to 4 Daily Response to FOI enquiries email within NHS NHSmail None N/A 4 2 8
CORP02 Corporate CCG - Deputy Chief Officer Out-flow SCWCSU Freedom of Information Requests Other Anonymous Electronic 20 working day timescale for response NHS shared drive None none 0 to 4 Daily Pass info back to CSU email within NHS NHSmail None Within UK 4 2 8
CORP03 Corporate SCWCSU In-flow CCG staff Recruitment process incl interview
packs, appointment forms and HR
contracts
Personal data None - Identifiable Hard copy NHS shared drive Restricted Access Folder Role based access, IT service
Desk provide access to individuals
0 to 4 Monthly Draft contract to CCG for
aproval and signature
email within NHS NHSmail None N/A 3 2 6
CORP04 Corporate SCWCSU In-flow CCG staff Recruitment process incl interview
packs, appointment forms and HR
contracts
Personal data None - Identifiable Electronic NHS shared drive Restricted Access Folder Role based access, IT service
Desk provide access to individuals
0 to 4 Monthly Draft contract to CCG for
aproval and signature
email within NHS NHSmail None N/A 3 2 6
CORP05 Corporate CCG - all staff Out-flow Potential employee/applicant Recruitment process incl interview
packs, appointment forms and HR
contracts
Personal data None - Identifiable Hard copy NHS shared drive Restricted Access Folder Role based access, IT service
Desk provide access to individuals
0 to 4 Monthly Offer a job/communicate with
candidate
Post None None Within UK 3 2 6
CORP06 Corporate CCG - all staff Out-flow Potential employee/applicant Recruitment process incl interview
packs, appointment forms and HR
contracts
Personal data None - Identifiable Electronic NHS shared drive Restricted Access Folder Role based access, IT service
Desk provide access to individuals
0 to 4 Monthly Offer a job/communicate with
candidate
Post None None Within UK 3 2 6
CORP07 Corporate Potential employee/applicant In-flow CCG - all staff Recruitment process incl interview
packs, appointment forms and HR
contracts
Personal data None - Identifiable Hard copy NHS shared drive Restricted Access Folder Role based access, IT service
Desk provide access to individuals
0 to 4 Monthly Offer a job/communicate with
candidate
Post None None Within UK 3 2 6
CORP08 Corporate Potential employee/applicant In-flow CCG - all staff Recruitment process incl interview
packs, appointment forms and HR
contracts
Personal data None - Identifiable Electronic NHS shared drive Restricted Access Folder Role based access, IT service
Desk provide access to individuals
0 to 4 Monthly Offer a job/communicate with
candidate
Post None None Within UK 3 2 6
CORP09 Corporate CCG - all staff Out-flow SCWCSU Recruitment process incl interview
packs, appointment forms and HR
contracts
Personal data None - Identifiable Electronic Payroll NHS shared drive Restricted Access Folder Role based access, IT service
Desk provide access to individuals
0 to 4 Monthly Offer a job/communicate with
candidate
Post None None Within UK 3 2 6
CORP10 Corporate SCWCSU Human
Resources
In-flow CCG staff Electronic Personnel files Personal data None - Identifiable Electronic Restricted on G drive - LP/DH/NL - info added from HR/line managers - e.g. contracts, sick notes
etc.
NHS shared drive Restricted Access Folder Role based access, IT service
Desk provide access to individuals
Less than 5 When required To update staff folders with
relevant information regarding
there role/employment
NHSmail to NHSmail NHSmail [secure] encryption None Within UK 3 2 6
CORP11 Corporate CCG staff Out-flow SCWCSU Human Resources Electronic Personnel files Personal data None - Identifiable Electronic Restricted on G drive - LP/DH/NL - info added from HR/line managers - e.g. contracts, sick notes
etc.
NHS shared drive Restricted Access Folder Role based access, IT service
Desk provide access to individuals
Less than 5 When required To update staff folders with
relevant information regarding
there role/employment
NHSmail to NHSmail NHSmail [secure] encryption None Within UK 3 2 6
CORP12 Corporate SCWCSU Human
Resources
In-flow CCG staff Historic Paper personnel files Personal data None - Identifiable Hard copy Secure filing cabinet/room Area access by key/keypad Key locked away. Less than 5 When required To update staff folders with
relevant information regarding
there role/employment
Manually transferred Manual transfer by approved
colleagues
None Within UK 3 2 6
CORP13 Corporate CCG staff Out-flow SCWCSU Human Resources Electronic Staff Records (ESR) Personal data None - Identifiable Electronic People logging in to the system log in to their own information Specific software solution Password protected network
drive/system
User reports Less than 5 When required Staff members log in to ESR to
review their own information
Within software solution Password protected None Within UK 3 2 6
CORP14 Corporate SCWCSU Human
Resources
In-flow CCG staff Electronic Staff Records (ESR) Personal data None - Identifiable Electronic Specific software solution Password protected network
drive/system
User reports Less than 5 When required Staff members log in to ESR to
review their own information
Within software solution Password protected None Within UK 3 2 6
CORP15 Corporate SCWCSU Human
Resources
In-flow CCG Director of
Transformation
Consult OD Personal data None - Identifiable Electronic Stat/mandatory training information NHS shared drive Password protected network
drive/system
Less than 5 When required To record staff completition of
training
NHSmail to NHSmail NHSmail [secure] encryption Within UK 3 2 6
CORP16 Corporate Users and Carers In-flow CCG staff Users and carers claim forms Personal data None - Identifiable Electronic NHSMail Smartcard and password
protected
Less than 5 When required Payment of claims Non-secure email Not applicable - claimants use their
own email to send.
Within UK 3 2 6
CORP17 Corporate Users and Carers In-flow CCG staff Users and carers claim forms Personal data None - Identifiable Hard copy None Less than 5 When required Payment of claims Royal Mail (first or second
class)
Royal Mail (first or second class) Within UK 3 2 6
CORP18 Corporate CCG staff Out-flow SCWCSU patient transport
team
Users and carers claim forms Personal data None - Identifiable Electronic NHSMail Smartcard and password
protected
Less than 5 When required Payment of claims Non-secure email Not applicable - claimants use their
own email to send.
Within UK 3 2 6
CORP19 Corporate CCG staff Out-flow SCWCSU patient transport
team
Users and carers claim forms Personal data None - Identifiable Hard copy Claim forms are put into confidential waste None Less than 5 When required Payment of claims Royal Mail (first or second
class)
Royal Mail (first or second class) Within UK 3 2 6
CORP20 Corporate HM Courts Service In-flow CCG staff NHS Resolution/claim requests Personal data None - Identifiable Electronic Claim requests where NHS Resolution appointed as case manager and CCG named as a defendant NHS shared drive Restricted Access Folder Less than 5 When required Claim requests where NHS
Resolution appointed as case
manager and CCG named as a
defendant
Royal Mail (first or second
class)
Royal Mail (first or second class) Claim requests where NHS Resolution appointed as case
manager and CCG named as a defendant
Within UK 2 2 4
CORP21 Corporate CCG staff Out-flow NHS Resolution NHS Resolution/claim requests Personal data None - Identifiable Electronic Claim requests where NHS Resolution appointed as case manager and CCG named as a defendant NHS shared drive Restricted Access Folder Less than 5 When required Claim requests where NHS
Resolution appointed as case
manager and CCG named as a
defendant
Within software solution Password protected Claim requests where NHS Resolution appointed as case
manager and CCG named as a defendant
Within UK 2 2 4
CORP22 Corporate CCG staff Out-flow TIAA (Local Counter Fraud
Specialist)
Counter Fraud - investigation evidence
and reports including and following
referrals
Personal data None - Identifiable Electronic Counter Fraud - investigation evidence and reports including and following referrals NHS shared drive None Less than 5 When required Counter Fraud - investigation
evidence and reports including
and following referrals
NHSmail to NHSmail NHSmail [secure] encryption Reports received are password protected Within UK 4 2 6 Telephone backup to prompt investigation where necessary.
Section 24 of the national standard? Equal obligation
(c) Controller has a legal obligation (g) Substantial public interest, (c) Legal Duty None
CORP23 Corporate TIAA (Local Counter Fraud
Specialist)
In-flow CCG staff Counter Fraud - investigation evidence
and reports including and following
referrals
Personal data None - Identifiable Electronic Counter Fraud - investigation evidence and reports including and following referrals NHS shared drive None Less than 5 When required Counter Fraud - investigation
evidence and reports including
and following referrals
NHSmail to NHSmail NHSmail [secure] encryption Reports received are password protected Within UK 4 2 6 Telephone backup to prompt investigation where necessary
CORP24 Corporate SCWCSU In-flow CCG Head of
Governance/Board
Secretary/Data Protection
Officer
Smartcards list/Registration Authority
requests
Personal data None - Identifiable Electronic NHSMail Password protected network
drive/system
CORP25 Corporate CCG Head of
Governance/Board
Secretary/Data Protection
Officer
Out-flow SCWCSU Smartcards list/Registration Authority
requests
Personal data None - Identifiable Electronic NHSMail Password protected network
drive/system
CORP26 Corporate SCWCSU In-flow CCG Caldicott Guardian Subject Access Requests Personal data None - Identifiable Electronic NHSMail Password protected files Less than 5 When required Confidentiality breaches
reported on Datix
Within software solution Password protected Within UK
CORP27 Corporate CCG Caldicott Guardian Out-flow SCWCSU Subject Access Requests Personal data None - Identifiable Electronic NHSMail Password protected files Less than 5 When required Confidentiality breaches
reported on Datix
Within software solution Password protected Within UK
CORP28 Corporate Acute providers: could be
from anywhere across the
country
In-flow CCG Head of
Governance/Board
Secretary/Data Protection
Officer
OOH notifications Personal data None - Identifiable Electronic The CCG had previously been sent A&E discharges from out of area providers NHSMail Password protected files Data not stored by CCG - if
received re-directed to primary
care practice having established
where the patient is registered
Less than 5 When required Re-direction of out of area
discharge notifications
Royal Mail (first or second
class)
Not applicable - must add comment Original notifcations sent by post so re-directd with no
additional protection
Within UK
CORP29 Corporate ASE CORPORATE
EYECARE LIMITED
(Company Registration No.
03425183) whose registered
office is at 14 Quarry Farm,
Bodiam, East Sussex TN32
5RA (“the Supplier
In-flow CCG /SCWCSU Personal data None - Identifiable Electronic Secure network None Less than 5 Monthly United Kingdom, Microsoft Azure
North Europe (Dublin), Mircosoft
Azure West Europe (Amsterdam)
CORP30 Corporate CCG /SCWCSU Out-flow ASE CORPORATE EYECARE
LIMITED (Company
Registration No. 03425183)
whose registered office is at 14
Quarry Farm, Bodiam, East
Sussex TN32 5RA (“the
Supplier
Personal data None - Identifiable Electronic Secure network None Less than 5 Monthly United Kingdom, Microsoft Azure
North Europe (Dublin), Mircosoft
Azure West Europe (Amsterdam)
CORP31 Corporate Patients In-flow CCG (through
Buckinghamshire County
Council Communications
Team)
Public consultation responses (though
software solution provided by Ivovem)
Personal data None - Identifiable Electronic ICO registration Z8289153 Specific software solution Password protected files 21 to 100 When required Management of consultations Within software solution Password protected
CORP32 Corporate Patients In-flow CCG (through
Buckinghamshire County
Council Communications
Team)
Mailchimp Personal data None - Identifiable Electronic Specific software solution Password protected files 21 to 100 When required Management of consultations Within software solution Password protected
VDU assessment referrals for
eyecare
• Eye and eyesight test
• Spectacles for VDU use
Date, Voucher, Patient, Employee
Number, Description, Unit, Quantity
Net VAT Gross
Page 3 13/06/2019
Data Flow Mapping NHS South, Central and West CSU
NHS BUCKINGHAMSHIRE CLINICAL COMMISSIONING GROUP
Data Flow Mapping; NHS Data Security and Protection Toolkit 2018-19
Last Updated:
BCCG Contact:
Email:
26.04.19
01494 586771
Telephone:
Who
Russell Carpenter, Data Protection Officer
Where WhenWhat How Additional InformationLegal Basis of Data FlowPC01 Primary Care Primary Care Support
England (PCSE)
In-flow CCG Primary Care Team Special Allocations Service requests
for review
Personal data None - Identifiable Electronic NHS shared drive Restricted Access Folder Less than 5 When required Repatriation of patients NHSmail to NHSmail NHSmail [secure] encryption Patients may also be discussed by telephone (without
consent), or need a response when coming to CCG
offices unannounced (implied consent)
Within UK 2 2 4 Legal Basis for processing
For GDPR purposes NHS England’s lawful basis
for processing is Article 6(1)(e) ‘…exercise of
https://www.england.nhs.uk/contact-us/privacy-
notice/how-we-use-your-information/safety-and-
quality/if-you-are-a-patient-assigned-to-the-special-
allocation-scheme/PC02 Primary Care CCG Primary Care Team Out-flow Primary Care Support England
(PCSE)
Special Allocations Service requests
for review - outcomes, plus requests to
allocate as necessary
Personal data None - Identifiable Electronic NHS shared drive Restricted Access Folder Less than 5 When required Repatriation of patients NHSmail to NHSmail NHSmail [secure] encryption Patients may also be discussed by telephone (without
consent), or need a response when coming to CCG
offices unannounced (implied consent)
Within UK 2 2 4 Legal Basis for processing
For GDPR purposes NHS England’s lawful basis
for processing is Article 6(1)(e) ‘…exercise of
official authority…’. For the processing of
special categories (health) data the basis is
Article 9(2)(h) ‘…health or social care…’.
https://www.england.nhs.uk/contact-us/privacy-
notice/how-we-use-your-information/safety-and-
quality/if-you-are-a-patient-assigned-to-the-special-
allocation-scheme/
PC03 Primary Care CCG Primary Care Team Out-flow Special Allocations Service Special Allocations Service requests
for review
Personal data None - Identifiable Electronic NHS shared drive Restricted Access Folder Less than 5 When required Repatriation of patients NHSmail to NHSmail NHSmail [secure] encryption Patients may also be discussed by telephone (without
consent), or need a response when coming to CCG
offices unannounced (implied consent)
Within UK 3 2 6
PC04 Primary Care Special Allocations Service In-flow CCG Primary Care Team Special Allocations Service requests
for review
Personal data None - Identifiable Electronic NHS shared drive Restricted Access Folder Less than 5 When required Repatriation of patients NHSmail to NHSmail NHSmail [secure] encryption Patients may also be discussed by telephone (without
consent), or need a response when coming to CCG
offices unannounced (implied consent)
Within UK 3 2 6
PC05 Primary Care CCG Primary Care team Out-flow CCG Member GP Practices Practice allocations (including, but not
limited to, follow on from Special
Allocations Service reviews)
Personal data None - Identifiable Electronic NHS shared drive Restricted Access Folder Less than 5 When required Repatriation of patients NHSmail to NHSmail NHSmail [secure] encryption Patients may also be discussed by telephone (without
consent), or need a response when coming to CCG
offices unannounced (implied consent)
Within UK 5 3 15 Where patient doesn't have access to primary care they may
be affeacted, however again they will remain on scheme until
allocated
PC06 Primary Care Interpretation Service
providers
In-flow CCG Primary Care Team Interpretation request invoices (By
exception)
Personal data None - Identifiable Electronic Interpretation service provider to CCG Primary Care Team Specific software solution Password protected network
drive/system
Oracle Less than 5 When required Connecting patients to
interpretation services
Within software solution Password protected Within UK 2 2 4
PC07 Primary Care CCG Primary Care Team Out-flow Interpretation Service providers Interpretation requests invoices (by
exception)
Personal data None - Identifiable Electronic Interpretation service provider to CCG Primary Care Team Specific software solution Password protected network
drive/system
Oracle Less than 5 When required Connecting patients to
interpretation services
Within software solution Password protected Within UK 1 1 1
PC08 Primary Care Local Authorities In-flow CCG Primary Care Team Patient details for purpose of planning
resettlement from refugee camps
Personal data None - Identifiable Electronic Bucks Syrian Vulnerable Persons Resettlement scheme; a government scheme we participate in
where we house refugees from Syria mainly. Local Authorities participate; CCG ensures they are
registered with a GP and have access to medical resources depending on their circumstances.
Department of Health selects the practice that will receive the patient. We will be notified in order for
Finance to make the payment. Likely only name and address as identifiers
NHS shared drive Restricted Access Folder Less than 5 When required Planning resettlement from
refugee camps
NHSmail to NHSmail NHSmail [secure] encryption Within UK 2 2 4
Patient name, address and reasons for referral / withdrawal to VPS.
We have a contract for the special allocations service with a practice (in Bedfordshire). We are
notified that a practice has removed a patient. We obtain the immediate removal form from the
practice via PCSE. The Special Allocations Service undertake assessment on patient, which we
receive, with recommendation that patient remains on the service or repatriated back into primary c
are. Recipient is Senior Primary Care Managwr, with request to CCG Chair for clinical view. We then
reply to SAS as to whether we agreed with the recommendation. if the patient is to remain on service
process ends. If they have to be repatriated, it is not an issue unless patient needs to be allocated. If
this is necessary, we should obtain notication from NHSE that patient needs to be allocated. We will
then discuss with another practice about registration. We amy also instrcut PCSE to alocate the
patient.
Potentially patients would not have access to primary care
(IMPACT). PCSE also have separate communication with SAS
so if flow were to stop there would be no major impact
Patient remains registered with the SAS until such as time as
registsred with a named practce, so patient will not be affected
in terms of their access to primary care
Please contact the IG team if further rows are required
Page 4 13/06/2019