Data Sharing Remote Audit: City of Wolverhampton Council – Public Health
This report records the findings of a remote data sharing audit of the City of Wolverhampton Council – Public Health in June 2021.
Audit summary
Purpose
This report records the key findings of a remote data sharing audit of the City of Wolverhampton Council (CWC) - Public Health where the interviews were conducted between 16 and 22 June 2021. It provides an evaluation of how the CWC conforms to the requirements of both:
- the data sharing framework contract (DSFC) CON-392038-Z0Y2T-v2.01
- the data sharing agreement (DSA) DARS-NIC-41597-J6M1R-v5.3
This DSA covers the provision of the following datasets:
| Dataset | Classification of data | Dataset period |
|---|---|---|
| Vital Statistics Service | Aggregated, Small Numbers Not Suppressed, Pseudo/Anonymised, Non-sensitive | 1993 - 2022 |
| Primary Care Mortality Data | Identifiable, Sensitive | 1996 – March 2024 |
| Civil Registration - Births | Identifiable, Non-sensitive | 1995 - 2023 |
The Controller is the CWC and the Processor is the Royal Wolverhampton NHS Trust (RWT). The staff processing the data are Trust employees and all the data resides on infrastructure owned and manged by the RWT.
Analysis of the data is carried out to improve public health and will result in local adjustments to services to reduce mortality where possible and inform decisions and policies. This data assists the Local Authority to tailor local solutions to local problems using all the information at its disposal to improve health and reduce inequalities.
As the audit was conducted remotely, the Audit Team was unable to review or assess the physical environment. The findings are based on evidence and information provided during the interviews or supplied after.
This report also considers whether the CWC and its Processor conforms to their own policies, processes and procedures.
The interviews during the audit were conducted through video conferencing.
This is an exception report based on the criteria expressed in the NHS Digital Data Sharing Remote Audit Guide version 1.
Audit type and scope
| Audit type | Routine |
|---|---|
| Scope areas |
Information transfer |
| Restrictions | Access control - limited visibility of physical controls |
Overall risk statement
Based on evidence presented during the audit and the type of data being shared the following risk has been assigned from the options of Critical - High - Medium – Low.
Current risk statement: Medium
This risk is based on a deviation from the terms and conditions of the contractual documents, signed by both parties, with respect to compliance, duty of care, confidentiality or integrity.
Data recipient’s acceptance statement
The CWC has reviewed this report and confirmed that it is accurate.
Data recipient’s action plan
The CWC and RWT will establish corrective action plans to address each finding shown in the finding tables below. NHS Digital will validate these plans and the resultant actions at a post audit review with the CWC to confirm the findings have been satisfactorily addressed. The post audit review will also consider the outstanding evidence at which point the Audit Team may raise further findings.
Findings
The following tables identify the 5 agreement nonconformities, 1 organisation nonconformity, 1 observation, 3 opportunities for improvement and 2 points for follow-up raised as part of the audit.
CWC
| Ref | Finding | Link to area | Clause | Designation | Notes |
|---|---|---|---|---|---|
| 1 | The data are being stored at RWT locations not declared on the DSA. | Information transfer | DSA, Annex A, Clause 2 | Agreement nonconformity | |
| 2 | There was no evidence to show that access to the locations holding the data supplied by NHS Digital are reviewed on a regular basis. | Access control |
DSFC, Part 2, Clause 5.4.6. RWT, Access Control Procedure, v1.0 dated 2 June 2018, Clause 3.5 |
Agreement nonconformity | |
| 3 | The review of policies had in some instances been delayed due to Covid. However, there were some documents which had review dates prior to 2020. | Operational management | DSFC, Schedule 2, Section A, Clause 4.11 | Agreement nonconformity | |
| 4 | No Data Protection Impact Assessment (DPIA) screening questionnaire or a full assessment had been completed by the CWC for the data supplied. | Operational management | CWC, DPIA flowchart | Organisation nonconformity | |
| 5 | The CWC to consider specific Information Asset Owner (IAO) training. | Operational management | Opportunity for improvement | ||
| 6 | The CWC to consider whether there needs to be a more formal dialogue with RWT on risk in order to feed into CWC’s risk reporting given the data resides on RWT infrastructure. | Risk management | Opportunity for improvement | ||
| 7 | The Audit Team suggested that the CWC ensures appropriate stakeholders are made aware of any new DSFC and DSA, so parties are fully aware of their responsibilities and are fully compliant. | Operational management | Opportunity for improvement | ||
| 8 | At the post audit review, the Audit Team will look at:
|
Operational management | Follow-up |
RWT
| Ref | Finding | Link to area | Clause | Designation | Notes |
|---|---|---|---|---|---|
| 9 | The backup tapes that hold data supplied by NHS Digital are not encrypted. The DSFC requires portable media to be encrypted. The tapes are, however, kept in RWT offices. | Access control | DSFC, Schedule 2, Section A, Clause 4.7 | Agreement nonconformity | |
| 10 | The RWT does not have the data recorded on its Information Asset Register (IAR). | Operational management | DSFC, Schedule 2, Section A, Clause 3.2 | Agreement nonconformity | |
| 11 | The Audit Team clarified that should data supplied by NHS Digital be deleted from the live systems, then the RWT needs to establish a process by which such data cannot be retrieved from its backups given the long retention period for its tapes. | Data destruction | DSFC, Part 2, Clause 4.1.7 | Observation | |
| 12 | At the post audit review, the Audit Team will review the Trust’s Record of Processing Activities (ROPA) in relation to the data supplied by NHS Digital. | Operational management | Follow-up |
Supplementary notes
No notes
Use of data
The CWC confirmed that the datasets were only being processed and used for the purposes defined in the DSA and were not being linked with another dataset.
Data location
The RWT confirmed that processing and storage locations, including disaster recovery and backups, of the datasets were limited to the locations shown in the following table. These locations conform with the territory of use defined in clause 2c of the DSA.
| Organisation | Territory of use |
|---|---|
| RWT | England & Wales |
Backup retention
The duration for which data may be retained on backup media is:
| Organisation | Media type | Period |
|---|---|---|
| RWT | Disk | At least 30 days |
| RWT | Tape | Indefinitely |
Good practice
During the audit, the Audit Team noted the following area of good practice:
- the CWC demonstrated sound compliance controls through its risk management and internal audit programme
- the CWC was able to demonstrate direct benefits to health and social care from the use of the supplied data.
Disclaimer
The audit was based upon a sample of the data recipient’s activities, as observed by the Audit Team. The findings detailed in this audit report may not include all possible nonconformities which may exist. In addition, as the audit interviews were conducted through a video conference platform certain controls, that would normally be assessed whilst onsite, could not be witnessed.
NHS Digital has prepared this audit report for its own purposes. As a result, NHS Digital does not assume any liability to any person or organisation for any loss or damage suffered or costs incurred by it arising out of, or in connection with, this report, however such loss or damage is caused. NHS Digital does not assume liability for any loss occasioned to any person or organisation acting or refraining from acting as a result of any information contained in this report.
Last edited: 17 August 2021 1:50 pm