© Crown copyright 2016
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: firstname.lastname@example.org.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/patient-confidentiality-in-nhs-population-screening-programmes/nhs-population-screening-confidential-patient-data
1. Data collection
Each local screening programme collects data on the people they screen. This enables them to provide a high-quality service and is important for:
- checking that local programmes offer and provide screening in every part of England
- ensuring that no types of people are more likely than others to miss out on screening
- investigating and learning lessons from when things go wrong
- evaluating screening programmes to see if they are meeting their objectives
- monitoring that screening programme standards at a national and local level are met
2. Data reports
Screening programmes often link data from several sources to increase the power of data and produce the most meaningful reports. Such “aggregated” data reports do not identify specific people. For instance, they would not include:
- NHS numbers
3. Use of identifiable data
Public Health England (PHE) requires identifiable data so the national screening programmes can invite people for screening and contact them for any follow-up tests or treatments that might be needed. The legal basis for this is given by the Secretary of State for Health by using Section 251 of the National Health Service Act 2006. This process is overseen by the NHS Health Research Authority’s Confidentiality Advisory Group (CAG).
PHE has appropriate safeguards in place to ensure the security and confidentiality of the data it uses. Individuals who choose to opt out from their data being accessed by PHE will not be invited to screening in the future.
National screening programmes operate within the PHE information governance framework.
4. Caldicott principles
The programmes aim to meet the 7 Caldicott principles governing the use, protection and sharing of personal confidential data (PCD):
- Justify the purpose for using the information.
- Do not use PCD unless it is necessary.
- Use the minimum necessary PCD.
- Access to PCD should be on a strict need to know basis.
- Everyone with access to PCD should be aware of their responsibilities.
- Comply with the law.
- The duty to share information can be as important as the duty to protect patient confidentiality.
Local screening staff ask patients to give their consent for any other purposes, such as using data to carry out research.