Purpose and scope
As an advisory body to the NHS Digital Board, IGARD has two purposes:
To make general recommendations or observations to NHS Digital, via the SIRO, Caldicott Guardian or other approved route, about NHS Digital’s processes, policies and procedures relating to data disseminations from NHS Digital, including transparency measures such as the data dissemination register, and produce IGARD’s annual report
To scrutinise and advise NHS Digital on the appropriateness of requests for dissemination of confidential information as defined in Section 263 (2) of the Health and Social Care Act 2012 , including
- personal data as defined in the General Data Protection Regulation6 (and in due course the Data Protection Act 2018)
- personal Information as defined in the Statistics and Registration Services Act 2007
- data which is pseudonymised, anonymous in context or which is de-identified for limited access
- data which is aggregated but which does not have small numbers suppressed
IGARD will achieve these purposes by:
1. Providing advice on a series of precedents and standards for NHS Digital Data Access Request Service (DARS) to follow. IGARD will also review the practical application of these precedents and standards to determine whether the dissemination of data is in accordance with these precedents and standards and in order to continue to provide advice and guidance. As part of this activity, IGARD will be able to take into account any changes in context and will also be able to check the proper application of the standards and precedents.
2. Considering in detail all novel applications for data, and those that are potentially contentious or repercussive, as guided by relevant parts of NHS Digital’s Code of Practice on Confidential Information and as specified in the NHS Digital Data Dissemination Framework.
3.IGARD will also advise on requests for data disseminations, or any other requests for data dissemination or publication at the discretion of the NHS Digital Board, the NHS Digital SIRO, or the NHS Digital Caldicott Guardian, or the Director of Data Dissemination.
4. In providing advice, IGARD will advise NHS Digital on whether applicants have presented appropriate evidence that demonstrates that data is being processed within the law. IGARD will consider the following additional principles when shaping its advice:
- Sharing information can be as important as protecting confidentiality – unnecessary obstacles should not be allowed to prevent information sharing where it is in the interests of patients, service users and the wider public
- Confidential personal information will only be disclosed when there is a secure basis in law AND the information is necessary for the proposed purpose
- Recipients of pseudonymised or anonymised data extracts should be prohibited from attempting to link the data they receive with other datasets if doing so would make it possible to identify individuals
- NHS Digital has a duty to respect and promote the privacy of recipients of health services and of adult social care in England. The potential benefits for patients, clinicians, the service and the public need to be balanced against the risk of data dissemination intruding on the privacy of individuals.
- Risks of data dissemination must be understood, mitigated and managed; ensuring that the related benefits are understood and justify such processing, given the risks
5. IGARD will (as a minimum) review these principles annually to take account of changes in legal and ethical frameworks, government policy, NHS Digital policy and practice, new technologies and ways of working and feedback from stakeholders.
The Health Research Authority (HRA) and NHS Digital have a general duty under Section 111 of The Care Act 2014 to cooperate with a view to coordinating and standardising their practice. IGARD will work with NHS Digital, HRA and others to harmonise their procedures, assessment criteria and public explanations. IGARD will work to support the formal close relationships between NHS Digital and HRA Confidentiality Advisory Group (CAG) in alignment with the regulations associated with section 122(4) of the Care Act 2014 any subsequent amendments and the NHS Digital Data Dissemination Framework.
Whilst NHS Digital provides secretarial and other support (see section 5) to IGARD, IGARD’s role is to provide independent advice to the NHS Digital Board which is accountable in relation to the data it has responsibility for, in line with its governance arrangements, via the Executive Director acting as the NHS Digital Senior Information Risk Owner (SIRO).
IGARD members do not represent their employee organisations, professional body, any group or organisation but bring with them individual experience, knowledge and expertise, and IGARD provides its independent advice collectively (see section 3). Members drawn from a range of backgrounds and have a variety of interests, knowledge and expertise which will be relevant to the role, taking into account the objectives of IGARD and the complexity of the health and care system.
On occasion, NHS Digital may decide to act not in accordance with advice provided by IGARD and in such cases IGARD will be informed for the purposes of transparency and accountability, and to allow IGARD to consider whether standards and precedents need to be revised.
The Chair and/or Deputy Chair of IGARD may take advice from the NHS Digital Caldicott Guardian or their deputy, HRA CAG or the National Data Guardian.
The IGARD Chair is responsible for the proper conduct and functioning of IGARD and reports to the NHS Digital Board. IGARD, or its Chair, will consider and respond in a timely manner to any issues raised by the Board.
Communication by others on behalf of IGARD should indicate whether input from IGARD has been received.