Data Sharing Remote Audit: City of Wolverhampton Council – Public Health

This report records the findings of a remote data sharing audit of the City of Wolverhampton Council – Public Health in June 2021.

Audit summary

Purpose

This report records the key findings of a remote data sharing audit of the City of Wolverhampton Council (CWC) - Public Health where the interviews were conducted between 16 and 22 June 2021. It provides an evaluation of how the CWC conforms to the requirements of both:

the data sharing framework contract (DSFC) CON-392038-Z0Y2T-v2.01
the data sharing agreement (DSA) DARS-NIC-41597-J6M1R-v5.3

This DSA covers the provision of the following datasets:

Dataset	Classification of data	Dataset period
Vital Statistics Service	Aggregated, Small Numbers Not Suppressed, Pseudo/Anonymised, Non-sensitive	1993 - 2022
Primary Care Mortality Data	Identifiable, Sensitive	1996 – March 2024
Civil Registration - Births	Identifiable, Non-sensitive	1995 - 2023

The Controller is the CWC and the Processor is the Royal Wolverhampton NHS Trust (RWT). The staff processing the data are Trust employees and all the data resides on infrastructure owned and manged by the RWT.

Analysis of the data is carried out to improve public health and will result in local adjustments to services to reduce mortality where possible and inform decisions and policies. This data assists the Local Authority to tailor local solutions to local problems using all the information at its disposal to improve health and reduce inequalities.

As the audit was conducted remotely, the Audit Team was unable to review or assess the physical environment. The findings are based on evidence and information provided during the interviews or supplied after.

This report also considers whether the CWC and its Processor conforms to their own policies, processes and procedures.

The interviews during the audit were conducted through video conferencing.

This is an exception report based on the criteria expressed in the NHS Digital Data Sharing Remote Audit Guide version 1.

Audit type and scope

Audit type	Routine
Scope areas	Information transfer Access control Data use and benefits Risk management Operational management and control Data destruction
Restrictions	Access control - limited visibility of physical controls

Overall risk statement

Based on evidence presented during the audit and the type of data being shared the following risk has been assigned from the options of Critical - High - Medium – Low.

Current risk statement: Medium

This risk is based on a deviation from the terms and conditions of the contractual documents, signed by both parties, with respect to compliance, duty of care, confidentiality or integrity.

Data recipient’s acceptance statement

The CWC has reviewed this report and confirmed that it is accurate.

Data recipient’s action plan

The CWC and RWT will establish corrective action plans to address each finding shown in the finding tables below. NHS Digital will validate these plans and the resultant actions at a post audit review with the CWC to confirm the findings have been satisfactorily addressed. The post audit review will also consider the outstanding evidence at which point the Audit Team may raise further findings.

Findings

The following tables identify the 5 agreement nonconformities, 1 organisation nonconformity, 1 observation, 3 opportunities for improvement and 2 points for follow-up raised as part of the audit.

CWC

Ref	Finding	Link to area	Clause	Designation
1	The data are being stored at RWT locations not declared on the DSA.	Information transfer	DSA, Annex A, Clause 2	Agreement nonconformity
2	There was no evidence to show that access to the locations holding the data supplied by NHS Digital are reviewed on a regular basis.	Access control	DSFC, Part 2, Clause 5.4.6. RWT, Access Control Procedure, v1.0 dated 2 June 2018, Clause 3.5	Agreement nonconformity
3	The review of policies had in some instances been delayed due to Covid. However, there were some documents which had review dates prior to 2020.	Operational management	DSFC, Schedule 2, Section A, Clause 4.11	Agreement nonconformity
4	No Data Protection Impact Assessment (DPIA) screening questionnaire or a full assessment had been completed by the CWC for the data supplied.	Operational management	CWC, DPIA flowchart	Organisation nonconformity
5	The CWC to consider specific Information Asset Owner (IAO) training.	Operational management		Opportunity for improvement
6	The CWC to consider whether there needs to be a more formal dialogue with RWT on risk in order to feed into CWC’s risk reporting given the data resides on RWT infrastructure.	Risk management		Opportunity for improvement
7	The Audit Team suggested that the CWC ensures appropriate stakeholders are made aware of any new DSFC and DSA, so parties are fully aware of their responsibilities and are fully compliant.	Operational management		Opportunity for improvement
8	At the post audit review, the Audit Team will look at: the report and any mitigation plan arising from CWC’s latest validation testing report the latest Senior Information Risk Owner (SIRO) annual statement.	Operational management		Follow-up

RWT

Ref	Finding	Link to area	Clause	Designation
9	The backup tapes that hold data supplied by NHS Digital are not encrypted. The DSFC requires portable media to be encrypted. The tapes are, however, kept in RWT offices.	Access control	DSFC, Schedule 2, Section A, Clause 4.7	Agreement nonconformity
10	The RWT does not have the data recorded on its Information Asset Register (IAR).	Operational management	DSFC, Schedule 2, Section A, Clause 3.2	Agreement nonconformity
11	The Audit Team clarified that should data supplied by NHS Digital be deleted from the live systems, then the RWT needs to establish a process by which such data cannot be retrieved from its backups given the long retention period for its tapes.	Data destruction	DSFC, Part 2, Clause 4.1.7	Observation
12	At the post audit review, the Audit Team will review the Trust’s Record of Processing Activities (ROPA) in relation to the data supplied by NHS Digital.	Operational management		Follow-up

Supplementary notes

No notes

Use of data

The CWC confirmed that the datasets were only being processed and used for the purposes defined in the DSA and were not being linked with another dataset.

Data location

The RWT confirmed that processing and storage locations, including disaster recovery and backups, of the datasets were limited to the locations shown in the following table. These locations conform with the territory of use defined in clause 2c of the DSA.

Organisation	Territory of use
RWT	England & Wales

Backup retention

The duration for which data may be retained on backup media is:

Organisation	Media type	Period
RWT	Disk	At least 30 days
RWT	Tape	Indefinitely

Good practice

During the audit, the Audit Team noted the following area of good practice:

the CWC demonstrated sound compliance controls through its risk management and internal audit programme
the CWC was able to demonstrate direct benefits to health and social care from the use of the supplied data.

Disclaimer

The audit was based upon a sample of the data recipient’s activities, as observed by the Audit Team. The findings detailed in this audit report may not include all possible nonconformities which may exist. In addition, as the audit interviews were conducted through a video conference platform certain controls, that would normally be assessed whilst onsite, could not be witnessed.

NHS Digital has prepared this audit report for its own purposes. As a result, NHS Digital does not assume any liability to any person or organisation for any loss or damage suffered or costs incurred by it arising out of, or in connection with, this report, however such loss or damage is caused. NHS Digital does not assume liability for any loss occasioned to any person or organisation acting or refraining from acting as a result of any information contained in this report.

Last edited: 17 August 2021 1:50 pm