Acute Data Alignment Programme: GDPR information

Private healthcare Admitted Patient Care (APC) data is administrative and clinical data, including details of private hospital activity within a private healthcare provider.

This data is required to support the Acute Data Alignment Programme (ADAPt), a joint initiative between NHS Digital and the Private Healthcare Information Network (PHIN), is exploring how data collected by PHIN from UK private healthcare providers could be aligned to NHS data standards and integrated into relevant NHS quality and safety reporting systems.

The data processing will also support one of the key recommendations of the Independent Inquiry into the Issues raised by Paterson, namely the creation of a single repository of the whole practice of consultants across England.

The data processing will comprise the collection of private healthcare APC data relating to private healthcare providers participating in the pilots 

This information is currently collected by PHIN from private healthcare providers to meet the legal requirement of the CMA Private Healthcare Investigation Order 2014 (as amended).

Private healthcare APC data is required by NHS Digital to undertake data linkage, including to NHS funded activity data and mortality data, and analysis to assess the feasibility of using private healthcare data to meet a variety of key stakeholder use cases.

The information will be analysed to assess: 

• whether there are service delivery and patient care benefits in combining NHS and private healthcare data
• whether such collection could support a reduction in the reporting burden on NHS and private providers
• the feasibility of such information to meet a variety of other use cases, for example, derivation of performance metrics, the requirements of healthcare regulators and supporting authorised research

The pilots will establish whether key stakeholder scenarios could be met if private healthcare data was routinely collected and processed by NHS Digital and made available to customers via the Data Access Request Service (DARS).

The piloting will help inform the future strategic direction of private healthcare information flows. 

No personal data will be disclosed by NHS Digital during the pilots.

• Be informed
  
• Get access to it
  
• Rectify or change it
  
• Erase or remove it
  
• Restrict or stop processing it
  
• Move, copy or transfer it
  
• Object to it being processed or used
  
• Know if a decision was made by a computer rather than a person
  

Consent is not the basis for processing.

• GDPR Article 6(1)(c) - legal obligation (the Direction issued under HSCA section 254 is a legal obligation on NHSD to collect such information from PHIN as is necessary to meet the Acute Data Alignment Programme Discovery Directions 2020)
• GDPR Article 9(2)(g) - substantial public interest
  • DPA 2018 Schedule 1 Part 2 para 6(2)(a) - NHSD may process what is necessary to enable it to comply with an enactment - i.e. the Direction issued under HSCA section 254
• Common Law Duty of Confidentiality satisfied - under HSCA section 254, The Secretary of State may Direct to collect data including confidential information, with which NHS Digital must comply. 
  • The Direction provides a defence to a breach of confidence claim