We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
Community Services Data Set information governance and fair processing guidance
This guidance document is designed to support care providers that are implementing the Community Services Data Set.
It describes the CSDS and contains suggested fair processing information for including with existing patient information material.
This is to comply with the requirements of the common law duty of confidentiality, the Data Protection Act 2018, the General Data Protection Regulation (GDPR), NHS Constitution and the Department of Health and Social Care’s Directions to NHS Digital, formerly known as the HSCIC, issued in 2015, 2017 and 2018 on upholding patients’ national data opt out preferences
The suggested fair processing information should not be produced as a separate information leaflet for patients but should be incorporated into existing material wherever possible.
Please note that this fair processing information also applies to the Children and Young People’s Health Services (CYPHS) data set. The CYPHS data set collected the same community data as the CSDS, but for patients aged 0-19 only, and the CSDS has now replaced the CYPHS data set to allow data about adults to be submitted.
Legal basis for the collection
NHS Digital has been directed by the Department for Health and Social Care under section 254 of the Health and Social Care Act 2012 to establish and operate a system for the collection and analysis of the CSDS information.
Under GDPR, our lawful basis for processing is Article 6 (1) (c), which relates to processing necessary to comply with a legal obligation to which we are subject. Our lawful basis for processing special category data is GDPR Article 9 (2) (h) and Schedule 1, Part 1 (2) (2) (f) of the Data Protection Act 2018.
A Data Provision Notice (DPN) for the CSDS has been published to enforce the data requirements as per NHS Digital statutory powers, under Section 259 (1) of the Act.
Secondary use of data
The Community Services Data Set (CSDS) expands the scope of the Children and Young People's Health Services Data Set (CYPHS) data set, by removing the 0-18 age restriction. The CSDS supersedes the CYPHS data set, to allow adult community data to be submitted. The structure and content of the CSDS remains the same as the CYPHS data set. The Community Information Data Set (CIDS) has been retired, to remove the need for a separate local collection and reduce burden on providers. It includes record level data on referrals and care contacts with publicly funded community services.
The data are submitted by providers to NHS Digital’s Bureau Services Portal. After processing at the end of the submission period, files are made available via the portal to both NHS Digital analysts and to DSCROs. NHS Digital has a central reporting system where an anonymised/pseudonymised version of the CSDS will be held for reporting purposes. This platform will support the analysis of CSDS data and serve the following purposes:
- anonymised/pseudonymised data will be published on the NHS Digital website and shared with national bodies, allowing the effective monitoring of service standards, including efficiency, equity and effectiveness of service, by policy makers
- extracts of data will be made available to care providers and their commissioners to allow the local monitoring of service provision, assist with allocating payments and help submitters to improve data quality
- anonymised/pseudonymised data will also be made available at provider level to help to inform a patient's care and treatment choices, such as via the NHS Choices website
- the data held in the CSDS may also be linked to other data sets, such as the Maternity Services Data Set (MSDS), in order to investigate the relationship between care in maternity services and subsequent health visiting and school nursing activity.
Fairness and transparency
As the CSDS data is to be used for secondary uses rather than direct patient care, patients using the services covered by the CSDS must be made aware that their confidential data will be used for this beneficial, additional purpose i.e. to improve care. (The services covered by the CSDS, as well as the wider scope of the data set, are set out in the CSDS Requirements Specification. Acting fairly and transparently ensures compliance with the common law duty of confidentiality, the NHS Constitution and legislation e.g. the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).
Ensuring fairness is the responsibility of the care provider from which the data will be collected (NHS Digital has provided some suggested wording later in this document).
Patients must also be informed of their right to set a national data opt-out preference to prevent their confidential patient information from being used for purposes beyond their own direct care and treatment (e.g. for research and planning purposes). This complies with the Department of Health and Social Care’s Directions, issued to NHS Digital in 2015, 2017 and 2018 on the upholding of patients’ national data opt out preferences.
Providers are legally required to submit full returns of CSDS data, as the Data Provision Notice (DPN) issued under section 259 (10) of the Health and Social Care Act 2012 sets aside the common law duty of confidence in respect of this data. However, providers may themselves exclude records where they are subject to any other restriction on disclosure, such as by other laws.
Patients however do have a right to set a national data opt-out preference to prevent their data being used for purposes beyond their direct care and treatment. Where an opt-out is received from a patient (or their parent or guardian in the case of a child), NHS Digital will exclude the relevant records from any onward dissemination of the data.
Patients using these services have the right to change their minds about a disclosure decision at any time before the disclosure is made and can do so afterwards to prevent further disclosures.
Read more about the national data opt out programme.
This guidance document complies with the NHS Digital Code of practice on confidential information.
Fairness and transparency information for patients
A key transparency requirement under the GDPR is that individuals have the ‘right to be informed’ about the collection and use of their personal data. The following suggested wording is intended to be incorporated into a hospital's existing information for patients. It does not need to be a separate leaflet.
Suggested wording for inclusion in patient (fair processing) information
Controller’s contact details
[Insert your organisation’s name and contact details here]
Data Protection Officer’s contact details
[Insert contact details of your organisation’s Data Protection Officer]
Purpose and legal basis for processing
We collect information about you (your personal data) from our Community Services including our health visiting services, school nursing services and diabetes services. This includes information about your referrals, assessments, diagnoses, activities (for example, taking a blood pressure test) and, in some cases, your answers to questionnaires.
We do this in order to assess the effectiveness of our care so that we can provide you with the best possible care and ensure that we can continually improve our services.
Our lawful basis for processing this data is [insert Article 6 processing condition, Article 9 processing condition and DPA 2018 schedule 1 processing condition]
What we do with it
The data is securely sent to NHS Digital, which is the central organisation that receives the same data from all publicly-funded Community Services across England. NHS Digital removes all identifying details and combines the data we send with the data sent by other care providers, forming the Community Services Data Set (CSDS).
The CSDS data set is used to produce anonymised/pseudonymised reports that only show summary numbers of, for instance, patients referred to different types of services. It is impossible to identify any individual patient in the reports, but the reports do help us to improve the care we provide to you and other patients.
The benefits of the CSDS to you as a patient include:
- making sure Community Services are available to all patients in all areas by measuring the care that is being delivered
- better care, through monitoring progress to allow future services to be planned
- informing patients about the care offered at different hospitals
- more personalised and better organised care for patients through understanding what care is needed nationally, for example understanding how many patients who are discharged from hospitals then need looking after at home
Find more information about how NHS Digital uses your personal data including their lawful basis for processing, how long they hold it for and your rights.
Alternatively, you can call 0300 303 5678.
How long we keep it
[Insert details here of how long your organisation retains Community Services data]
What are your rights?
You have a right to object to the processing (use) of your personal data in some circumstances by letting us know [insert contact details here]. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it. This will not affect your treatment in any way.
You can also make a subject access request for information that we hold about you.
[insert details here of how patient can make a subject access request]
You also have the right to have inaccurate personal data rectified and to request the restriction or suppression of your personal data in specific circumstances, for example if you feel that the data held is inaccurate. Please contact us on [insert contact details here].
Your right to complain
If you wish to raise a complaint concerning our handling of your personal data, please visit our feedback and complaints pages [insert link to your organisation’s complaints pages].
You also have a right to raise a concern with the Information Commissioner’s Office at any time. Their contact details are: ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.