Some organisations, mostly small, independent sector providers, work with another organisation who submits data to the MHSDS on their behalf. This may be the case where a system supplier provides a service that covers data collection right through to submission, or when a Trust outsources patients to a smaller provider.
If the person submitting the data is from a different organisation, there is no change to the DUC form process above. The relevant people must be listed as submitters for the organisation that is providing the care. When the submitters log on to the SDCS Cloud portal, they will then be able to select the organisation for which they are submitting (the one providing the care).
In the Header table of the database, there is a field where the organisation code of the person submitting the data should be entered (this is explained further in Mandatory tables).
Information Governance considerations
If two organisations wish to set up an arrangement for data flow, they would need a contract and a data depositor agreement. The agreement would place the submitting organisation as data processor, and the organisation providing the care as data controller. The data controller would be contracting the data processor to make MHSDS submissions.
Due to the data sharing required, organisations must ensure compliance with General Data Protection Regulation (GDPR) such as by undertaking a data protection impact assessment. There are no templates for this as these are local arrangements. Helpful resources exist, such as guidance published by the Information Commissioner’s Office (ICO).