NHS Digital Data Sharing Remote Audit: Healthcare Quality Improvement Partnership
This report records the key findings of a remote data sharing audit of the Healthcare Quality Improvement Partnership in January 2022
Audit summary
Purpose
This report records the key findings of a remote data sharing audit of the Healthcare Quality Improvement Partnership (HQIP) between 10 and 19 January 2022. It provides an evaluation of how HQIP conforms to the requirements of both:
- the data sharing framework contract (DSFC) CON-326178-V9S5X v2.01
- the data sharing agreement (DSA) DARS-NIC-355855-R4G6G-v7.2
This DSA covers the provision of the following datasets:
| Dataset | Classification of data | Dataset period |
|---|---|---|
| Hospital Episode Statistics (HES) Admitted Patient Care | Identifiable, Non-sensitive | 2012/12 – 2020/21 |
| HES Critical Care | Identifiable, Non-sensitive | 2015/16 – 2020/21 |
| Medical Research Information Service (MRIS) – Flagging Current Status Report | Identifiable, Sensitive | February 2016 to March 2020 |
| MRIS – Cohort Event Notification Report | Identifiable, Sensitive | February 2016 to March 2020 |
| MRIS – Cause of Death Report | Identifiable, Sensitive | February 2016 to March 2020 |
| Demographics | Sensitive | Latest Available, quarterly |
| Civil Registration - Deaths | Sensitive | Latest Available, quarterly |
The Controller is HQIP, and the two Processors are the Royal College of Anaesthetists (RCoA) and the Royal College of Surgeons of England (RCS).
Emergency abdominal surgery (or emergency laparotomy) is associated with significant morbidity and mortality worldwide. The aim of the National Emergency Laparotomy Audit (NELA) is to enable the improvement of the quality of care for patients undergoing emergency laparotomy by providing high quality comparative information of the clinical practice and outcomes of all NHS providers of emergency laparotomy in England and Wales. NELA is a national clinical audit commissioned by HQIP as part of the National Clinical and Patient Outcomes Programme.
HQIP has commissioned the RCoA to deliver the NELA audit. The RCoA is working in partnership with the Clinical Effectiveness Unit of the RCS, and the three organisations collectively make up the NELA project team.
HQIP acts as Controller for the national clinical audit but do not have access to any data collected or analysed by the RCoA and the RCS. As a result, the audit focussed on the work undertaken by the two Processors.
This report also considers whether the RCoA and the RCS conform to their own policies, processes and procedures.
The interviews during the audit were conducted through video conferencing.
This is an exception report based on the criteria expressed in the NHS Digital Data Sharing Remote Audit Guide version 1.
Audit type and scope
| Audit type | Routine |
|---|---|
| Scope areas |
Information transfer |
| Restrictions |
Access control - limited visibility of physical controls |
Overall risk statement
Based on evidence presented during the audit and the type of data being shared the following risk has been assigned from the options of Critical - High - Medium - Low
Current risk statement: Medium
This risk represents a deviation from the terms and conditions of the contractual documents, signed by both parties. In deriving this risk, the Audit Team will consider compliance, duty of care, confidentiality and integrity, as appropriate.
Data recipient’s acceptance statement
HQIP, the RCoA and the RCS have reviewed this report and confirmed that it is accurate.
Data recipient’s action plan
The RCoA and the RCS will establish a corrective action plan to address each finding shown in the two findings tables below. NHS Digital will validate this plan and the resultant actions at a post audit review with the RCoA and the RCS to confirm the findings have been satisfactorily addressed.
Findings
The following tables identify the 6 agreement nonconformities, 8 opportunities for improvement and 1 point for follow-up raised as part of the audit.
RCoA
| Ref | Finding | Link to area | Clause | Designation |
|---|---|---|---|---|
| 1 | Data supplied by NHS Digital are being stored at locations not declared in the DSA. Consideration should also be given as to whether the owner of these storage locations should be added as a Processor. | Information Transfer | DSA, Annex A, Section 2 DSA, Annex A, Section 1c |
Agreement nonconformity |
| 2 | There has been no regular review of access to the network folders where the data supplied by NHSD is held. | Access Control | DSFC, Schedule 2, Section A, Clause 4.1 | Agreement nonconformity |
| 3 | Security assessments have not been performed on the infrastructure holding the data supplied by NHS Digital. | Access Control | DSFC, Schedule 2, Section A, Clause 1.1 | Agreement nonconformity |
| 4 | A signed copy of the Memorandum of Understanding (MoU) for the research fellows has not been provided to NHS Digital as required by the DSA. | Access Control | DSA, Annex A, Section 6 | Agreement nonconformity |
| 5 | The RCoA should ask the third-party data destruction contractor to provide a detailed list of the assets destroyed along with a data destruction certificate. This list would allow the RCoA to reconcile the assets sent for destruction with those destroyed. The RCoA IT Assets Disposals Policy should also be updated to reflect this process. | Data Destruction | Opportunity for improvement | |
| 6 | The RCoA should implement a recording mechanism for staff, contracted as research fellows, who have completed the necessary mandatory training at their substantive organisation. All users with direct access to data provided by NHS Digital had completed annual Information Governance training. | Operational Management | Opportunity for improvement | |
| 7 | The RCoA should document the password settings enforced via Active Directory group policy for all staff, within its IT Password Policy. | Access Control | Opportunity for improvement | |
| 8 | The RCoA should update its Data Protection Impact Assessment (DPIA) to record that all parties agree with the content (HQIP, RCoA and RCS) along with the review dates. | Operational Management | Opportunity for improvement | |
| 9 | The RCoA’s Information Asset Register (IAR) could be updated to:
|
Operational Management | Opportunity for improvement |
RCS
| Ref | Finding | Link to area | Clause | Designation |
|---|---|---|---|---|
| 10 | The backup tapes that hold data supplied by NHS Digital are not encrypted. The tapes are, however, kept in RCS premises. | Access Control | DSFC, Schedule 2, Section A, Clause 4.7 | Agreement nonconformity |
| 11 | The server holding data provided by NHS Digital is running unsupported software. | Access Control | DSFC, Schedule 2, Section A, Clause 1.1 | Agreement nonconformity |
| 12 | The RCS should consider performing a review of its IAR to ensure it is capturing the appropriate information. As part of this review the IAR could be compared with the NELA IAR to ensure their contents are aligned. | Operational Management | Opportunity for improvement | |
| 13 | The RCS should update its Data Protection Impact Assessment (DPIA) to record that all parties agree with the content (HQIP, RCoA and RCS) along with the review dates. | Operational Management | Opportunity for improvement | |
| 14 | The RCS should ask the third-party data destruction contractor to provide a detailed list of the assets destroyed along with the data destruction certificate. This list would allow the RCS to reconcile the assets sent for destruction with those destroyed. The RCS IT Assets Disposals Policy should also be updated to reflect this process. | Data Destruction | Opportunity for improvement | |
| 15 | At the post audit review, the Audit Team will review evidence of the actions taken following a recent security assessment. | Access Control | Follow-up |
Use of data
The RCoA and the RCS confirmed that the datasets were only being processed and used for the purposes defined in the DSA and were only being linked with those datasets explicitly allowed in the DSA.
Data location
The RCoA and the RCS confirmed that processing and storage locations, including disaster recovery and backups, of the data were limited to the locations shown in the following table. These locations conform with the territory of use defined in clause 2c of the DSA.
| Organisation | Territory of use |
|---|---|
| RCoA | England / Wales |
| RCS | England / Wales |
Backup retention
The duration for which data may be retained on backup media is:
| Organisation | Media type | Period |
|---|---|---|
| RCoA | Disk | 1 year |
| RCS | Tape | 16 weeks |
Good Practice
During the audit, the audit team noted the following area of good practice:
The RCoA and the RCS were able to clearly demonstrate the value the data supplied under this DSA has had towards benefitting the provision of health and social care in England. Specifically, this has been through improvement of the quality of care for patients undergoing emergency laparotomy.
Disclaimer
The audit was based upon a sample of the data recipient’s activities, as observed by the audit team. The findings detailed in this audit report may not include all possible nonconformities which may exist. In addition, as the audit interviews were conducted through a video conference platform, certain controls that would normally be assessed whilst onsite could not be witnessed.
NHS Digital has prepared this audit report for its own purposes. As a result, NHS Digital does not assume any liability to any person or organisation for any loss or damage suffered or costs incurred by it arising out of, or in connection with, this report, however such loss or damage is caused. NHS Digital does not assume liability for any loss occasioned to any person or organisation acting or refraining from acting as a result of any information contained in this report.
Last edited: 17 May 2022 12:16 pm