Controlled drugs accountable officer – alerts

Role of the Controlled Drugs Accountable Officer

Regional Lead Controlled Drugs Accountable Officers (CDAOs) are responsible for all aspects of Controlled Drugs management. The roles and responsibilities of CDAO’s are governed by the Controlled Drugs (Supervision of Management and Use) Regulations 2013.

All organisations within the region are required to report controlled drug incidents and concerns to the CDAO. The Lead CDAOs are required to set up Controlled Drugs Local Intelligence Networks (CD LINs) to share concerns and good practice within their area. Whilst we can determine the specific membership, it is largely comprised of the CDAOs across the area, Clinical Commissioning Group representatives and the relevant regulators and agencies as set out in the regulations.

Cascade Alerts – sharing personal and sensitive information

Incidents of significant concern locally, for example, patients or healthcare professionals fraudulently obtaining Controlled Drugs, prescriptions, patient alerts would need to be shared through a cascade alert with healthcare professionals including GP Practices, dental practices, hospitals, community pharmacies and other relevant healthcare providers. These alerts may contain sensitive personal information to help prevent further fraudulent activity and prevent harm to the public.

Personal sensitive information shared on alerts is usually provided to us by the police and other healthcare professionals who request us to send out an alert on a local standard NHS England template with the NHS logo. We facilitate this process and on some occasions this information may only be alleged concerns.

Private Prescriber Applications

The lead CDAO also receive requests from healthcare professionals to be able to order stock of CDs via requisitions and/or prescribe Controlled Drugs privately and accordingly manage these applications with a lot of personal information included.

Sharing and reporting Fitness to Practice concerns and criminal activity

Where the lead CDAO has concerns about a healthcare professional’s fitness to practise they will share this information with the professional regulator and or other relevant bodies across the NHS. Information on criminal activity would be shared with the police and counter fraud agencies.

We receive information and unproven intelligence from:

Members of public

Registered healthcare professionals

Non-registered healthcare staff

NHS and Private Healthcare organisations/providers

Counter Fraud agencies

Commissioners

Police CDLOs

Regulators

NHS England colleagues

Voluntary organisations

Anonymous

CDAOs would very rarely send out an alert with any sensitive information.

Full Name

Personal address

Organisation address

Date of birth

Email addresses

NHS Number

Photographs

Professional Registration Number

Description of alleged claim(s)

We may share information and intelligence to relevant organisations:

GP Practices

Dental practices

NHS and private hospitals

Community pharmacies

Other healthcare providers

Voluntary organisations

Police

Counter Fraud agencies

Commissioners

Regulators

NHS England colleagues

Other CDAOs

CDAOs and relevant departments outside of England footprint, for example, Scotland, Wales, Northern Ireland

NHS Business Services Authority

Primary Care Services England

Local authorities

Public Health departments

Indemnity Insurance providers

Adult and children safeguarding boards

For GDPR purposes NHS England’s lawful basis for processing is Article 6(1)(e) '…exercise of official authority…'. For the processing of special categories (health) data the basis is Article 9(2)(h) '…health or social care…'.