Independent Group Advising (NHS Digital) on the Release of Data (IGARD) Terms of Reference

NHS Digital is the national provider of information, data and IT systems for NHS commissioners, analysts and clinicians in health and social care.  NHS Digital is an executive, non-departmental public body, sponsored by the Department of Health.

Establishment of IGARD

In September 2010 NHS Digital (then HSCIC) established the Data Access Advisory Group (DAAG) an independent monitoring and recommendations function, in order to improve transparency, accountability, and quality of decision-making and to build public trust. Following consultation with the public in 2016, NHS Digital confirmed that the independent monitoring and recommendation function remained relevant and important and the NHS Digital Board then established the Independent Group Advising on the Release of Data (IGARD). From 1February 2017 IGARD replaces DAAG and incorporates the data dissemination role of the General Practice Extraction Service Independent Advisory Group

Changes to the data dissemination process

NHS Digital is currently in the process of restructuring the way in which it fulfils its functions and provides its services to the public. As a result, the way in which IGARD will undertake its role will be changing and these terms of reference are under active review.

Purpose and scope 

As an advisory body to the NHS Digital Board, IGARD has two purposes:

To make general recommendations or observations to NHS Digital, via the SIRO, Caldicott Guardian or other approved route, about NHS Digital’s processes, policies and procedures relating to data disseminations from NHS Digital, including transparency measures such as the data dissemination register, and produce IGARD’s annual report

To scrutinise and advise NHS Digital on the appropriateness of requests for dissemination of confidential information as defined in Section 263 (2) of the Health and Social Care Act 2012 , including

• personal data as defined in the General Data Protection Regulation6 (and in due course the Data Protection Act 2018)
• personal Information as defined in the Statistics and Registration Services Act 2007
• data which is pseudonymised, anonymous in context or which is de-identified for limited access
• data which is aggregated but which does not have small numbers suppressed

IGARD will achieve these purposes by:

1. Providing advice on a series of precedents and standards for NHS Digital Data Access Request Service (DARS) to follow. IGARD will also review the practical application of these precedents and standards to determine whether the dissemination of data is in accordance with these precedents and standards and in order to continue to provide advice and guidance. As part of this activity, IGARD will be able to take into account any changes in context and will also be able to check the proper application of the standards and precedents.

2. Considering in detail all novel applications for data, and those that are potentially contentious or repercussive, as guided by relevant parts of NHS Digital’s Code of Practice on Confidential Information and as specified in the NHS Digital Data Dissemination Framework.

3.IGARD will also advise on requests for data disseminations, or any other requests for data dissemination or publication at the discretion of the NHS Digital Board, the NHS Digital SIRO, or the NHS Digital Caldicott Guardian, or the Director of Data Dissemination.

4. In providing advice, IGARD will advise NHS Digital on whether applicants have presented appropriate evidence that demonstrates that data is being processed within the law. IGARD will consider the following additional principles when shaping its advice:

• Sharing information can be as important as protecting confidentiality – unnecessary obstacles should not be allowed to prevent information sharing where it is in the interests of patients, service users and the wider public
• Confidential personal information will only be disclosed when there is a secure basis in law AND the information is necessary for the proposed purpose
• Recipients of pseudonymised or anonymised data extracts should be prohibited from attempting to link the data they receive with other datasets if doing so would make it possible to identify individuals
• NHS Digital has a duty to respect and promote the privacy of recipients of health services and of adult social care in England. The potential benefits for patients, clinicians, the service and the public need to be balanced against the risk of data dissemination intruding on the privacy of individuals.
• Risks of data dissemination must be understood, mitigated and managed; ensuring that the related benefits are understood and justify such processing, given the risks

5. IGARD will (as a minimum) review these principles annually to take account of changes in legal and ethical frameworks, government policy, NHS Digital policy and practice, new technologies and ways of working and feedback from stakeholders.

The Health Research Authority (HRA) and NHS Digital have a general duty under Section 111 of The Care Act 2014 to cooperate with a view to coordinating and standardising their practice. IGARD will work with NHS Digital, HRA and others to harmonise their procedures, assessment criteria and public explanations. IGARD will work to support the formal close relationships between NHS Digital and HRA Confidentiality Advisory Group (CAG) in alignment with the regulations associated with section 122(4) of the Care Act 2014 any subsequent amendments and the NHS Digital Data Dissemination Framework. 

Whilst NHS Digital provides secretarial and other support (see section 5) to IGARD, IGARD’s role is to provide independent advice to the NHS Digital Board which is accountable in relation to the data it has responsibility for, in line with its governance arrangements, via the Executive Director acting as the NHS Digital Senior Information Risk Owner (SIRO).

IGARD members do not represent their employee organisations, professional body, any group or organisation but bring with them individual experience, knowledge and expertise, and IGARD provides its independent advice collectively (see section 3). Members drawn from a range of backgrounds and have a variety of interests, knowledge and expertise which will be relevant to the role, taking into account the objectives of IGARD and the complexity of the health and care system.

On occasion, NHS Digital may decide to act not in accordance with advice provided by IGARD and in such cases IGARD will be informed for the purposes of transparency and accountability, and to allow IGARD to consider whether standards and precedents need to be revised.

The Chair and/or Deputy Chair of IGARD may take advice from the NHS Digital Caldicott Guardian or their deputy, HRA CAG or the National Data Guardian.

The IGARD Chair is responsible for the proper conduct and functioning of IGARD and reports to the NHS Digital Board. IGARD, or its Chair, will consider and respond in a timely manner to any issues raised by the Board.

Communication by others on behalf of IGARD should indicate whether input from IGARD has been received. 

IGARD will have 8-10 independent members, including the independent Chair. 

The IGARD Chair and IGARD Members are appointed by NHS Digital through open recruitment and the duration of appointment of independent members will normally be for three years, with appointments staggered such that the overall change in the membership should be approximately one third of members in a given year. This enables a rotation of members but also helps to give consistency and provide continuity, as issues develop in the changing health and care landscape.

The appointment of a Deputy Chair will be agreed on an annual basis between the IGARD Chair and the members in-meeting.

All members must declare any actual and potential conflicts of interest in relation to applications and other matters considered by IGARD. Members will be aware of and must adhere to the Nolan Principles published by the Committee on Standards in Public Life. 

IGARD meetings will take place in person, via confidential dial-in and via secure link and is quorate with four of its members present (including the Chair) and meetings will normally be attended by:

• The Chair and / or Deputy Chair of IGARD
• IGARD members
• IGARD secretariat
• Information Asset Owners (IAOs), senior members of the DARS team or their nominated deputies who will present cases as appropriate
• standing observers
• other observers may attend at the discretion of the Chair

If the Chair is unable to attend, the Deputy Chair will lead for that meeting or if necessary any other member may be Acting Chair at the discretion of the members forming a quorum for that meeting.

Meeting frequency and urgent requests outside of meetings

Meetings will be held in line with NHS Digital business requirements usually on a weekly basis with meeting dates published three months in advance on the IGARD website.

The Chair or Deputy Chair may call an additional meeting at their discretion and the Chair or Deputy Chair will ask members to consider matters outside formal meetings on behalf of IGARD where necessary; for example, where a specific follow up action has been completed following a full IGARD meeting; or where there are particular urgent circumstances which might apply.

The Standard Operating Procedures will detail the authority of the Chair or Deputy Chair to give temporary approval to an urgent proposal which should normally be considered at the next regular meeting. The Chair or Deputy Chair, via the IGARD Secretariat, will manage this process and ensure members are fully informed of all actions carried out on behalf of the Group where this is the case. All such actions will be reported to the Group on the following full meeting agenda and recorded in the minutes

Meeting content

A Application advice 

IGARD will review all applications that are considered by DARS to meet any of the following and according to rules and conditions developed by DARS / IGARD and as identified in section B, IGARD may review any application(s) at its request:

• novel, contentious or repercussive applications specifically, applications that are not covered by precedents set
• criteria: Any application that otherwise does not meet the threshold for novel, contentious, repercussive criteria but is judged sufficiently close to meeting such criteria in one or more areas that it warrants a review
• breach: Each first of type application from an application where they have had a breach within the last 2 years (i.e.: the first renewal/extension in relation to that breach, and any new application within the next 2 years from breach)
• advice or comment: Where DARS requests an application to be considered by IGARD for the purposes of advice, for example in relation to standards and precedents set

The outcome from IGARD will be one of 

• recommended for approval to the NHS Digital SIRO
• recommended for approval subject to conditions 
• deferral of application pending the receipt of additional information or clarification
• not recommend for approval
• comment or advice (where the application was provided prior to final submission, for example on consent materials). Any IGARD advice will be given without prejudice to the consideration of future applications, where applicable

IGARD will aim to support NHS Digital to guide applicants to solutions to any problems that are identified. IGARD does not have any authority to approve or reject the application and does not make the decision as to whether data is to be disseminated. The decision (about whether or not to disseminate) is taken by NHS Digital.

Where an application is recommended for approval, IGARD may advise DARS if a precedent has been set, with a view to setting the criteria by which similar applications may be agreed by NHS Digital without reference to IGARD, noting an approval will not automatically set a precedent.

IGARD will normally reach its conclusions based on a consensus of the members present. However, in the event that this is not possible, the chair of the meeting may call for a vote, in which case each of the members present will have one vote. In the event of a tie, the Chair of the meeting will have a casting vote.

IGARD may review any application(s) at IGARD’s request via a monthly list provided by NHS Digital.

B. Standards and Precedents

IGARD will develop, advise on and review the standards that applicants for data from NHS Digital should meet, and the continued applicability of precedents that have been set. Such consideration of standards and precedents will be provided to support NHS Digital’s DARS to assist in considering applications. IGARD will support a feedback loop to and from NHS Digital from themes identified to support and maintain the application process.

NHS Digital will support the work of IGARD by providing secretariat services to the Group and by providing expert advice (which shall include inter alia confirmation on the legal basis underpinning each application) and relevant budget.

NHS Digital advisers (NHS Digital Caldicott Guardian or deputy / NHS Digital DPO or deputy) and secretariat will not form part of the membership of the Group but will attend IGARD meetings and be able to comment and advise on all agenda items and any matters considered out-of-committee. The following partner organisations have a standing invitation to attend as observers:

1. HRA CAG representative

2. DH sponsor representative

IGARD will annually review its terms of reference, membership, Standard Operating Procedures and its own effectiveness and recommend any necessary changes to the NHS Digital Board in an annual report to be produced at the end of each financial year and published on the IGARD webpages.

Terms of reference may be reviewed more frequently where appropriate. Advice provided by IGARD and minutes of the group meetings will be available on the NHS Digital website not more than ten working days after the meeting date. Queries about meetings or minutes may be raised by contacting the IGARD Secretariat ([email protected]).

The Group will agree, maintain and review a set of published IGARD Standard Operating Procedures for itself including this Terms of Reference, and take into account a number of key NHS Digital policies and procedures