Project Implementation Update
Way forward
Pseudonymisation implementation will become a crucial part of ensuring that usage and governance of patient level data in NHS organisations conforms to relevant legal requirements and NHS policy. To that end, pseudonymisation will need to be undertaken locally and implemented in conjunction with appropriate strong access control and data management regimes, as well as the establishment of suitable ‘back office’ functions covering data quality, derivations and record linkage.
The timescale for implementing this approach to local NHS data usage and governance and pseudonymisation is to target completion during 2010/11. This is expected to apply to provider organisations as well as commissioners.
Next steps
The next steps include bringing NHS organisations up to speed on what is required in relation to the management and use of patient level data outside of clinical and direct care support systems. Workshops will be held to provide information on the pseudonymisation solution and the local planning required for the related implementation.
These workshops will also cover the contents expected in plans to be submitted in response to the IM&T Planning Guidance, part of the 2009/10 Operating Framework and provide checklists for local plan contents.
The Pseudonymisation Implementation Project Team will continue its work with NIGB and ECC to ensure that NHS business operations can continue to function effectively in a safe, secure and legal manner; and with NHS organisations, DH Digital Policy Team, the Information Standards Board on developing good practice guidance, policy aspects and emerging standards.
What can be done now?
NHS organisations can be moving forward on pseudonymisation by attending the ½ day workshops planned for 8 and 10 July. Initial work that needs to be undertaken by any organisation affected by pseudonymisation is to document the current position for the organisation, in effect a stock-take of identifiable data flows (building on previous data flow mapping exercises), where identifiable data is stored, who has access to such data and what the access control arrangements are.
Thanks
Many thanks to the staff of 99 organisations that completed the Pseudonymisation Questionnaire sent out in November 2008. The responses proved crucial in establishing a national picture of information about data flows and patient information usage and management.
Thanks are also due to the members of the PIP Advisory Group and others from many organisations around the country, either involved in the Pseudonymisation Model Validation work or who have made direct contact with the Project Team. All contributors have helped in providing information and insight into business processes, the detailed use and management of data in supporting commissioning – and proffering views on how to take pseudonymisation forward.
Questions?
If you have queries about Pseudonymisation and its implementation, please check out the SUS website using the link below or at or e-mail the Information Centre Helpdesk at mailto:enquiries@ic.nhs.uk