Appendix D Auditing local CP-IS usage in NCRS (using the Spine Reporting Service)

Organisations may wish to use the Spine Reporting Service to assist local organisations who use NCRS to access CP-IS data. The service will enable them to review and audit local CP-IS business processes and check they are working effectively. For example, it can be used to check whether CP-IS is being routinely accessed by staff with CP-IS permissions, and whether a patient’s record has been requested and accessed appropriately when the patient presented at an unscheduled health setting.

To access the functionality on the Spine Reporting Service, one of the following Smartcard job roles is required:

• Privacy Officer, job role code - R0001
• Caldicott Guardian, job role code - R5105

In addition, the user will also need the smartcard RBAC activities:

• B0264 – Access NCRS (perform patient trace)
• B0107 – View Child Protection Plan

Key reports that the Spine Reporting Service can produce:

1. Patient Access Report - The purpose of this report is to see which end users have accessed the specified patient during the period entered.
2. User Access Report - The purpose of this report is to identify the NCRS transactions for a specified end user during the period entered
3. Patient Enquiries Report - The purpose of this report shows the specified date range which end users have traced patients within NCRS, the NHS Numbers on which they have performed a trace, and how many enquiries they have made for each patient listed within an organisation.

   The maximum search period for each report is one month, however data can be exported and compiled for multiple months.

You can access the portal using the following links:

National Health Service Spine Portal Web

Spine Reporting Service