Following the 2012 NHS reform (Health and Social Care Act 2012), the legal basis for the Clinical Commissioning Groups (CCGs) prevented staff from directly handling identifiable personal and confidential information for commissioning purposes.
The Act created the Health and Social Care Information Centre (HSCIC), now known as NHS Digital and granted it powers to collect, analyse, publish and disseminate national health and social care data and statistical information.
Except for a handful of very specific exceptions commissioners are not able to receive identifiable data. They need an intermediary service that specialises in processing, analysing and packaging patient information into a format they can legally use.
This intermediary service is underpinned by NHS Digital’s Data Services for Commissioners (DSfC) team. Using regional processing centres (RPC’s) the Data Services for Commissioners Regional Offices (DSCROs) de-identify the data before it is passed to the Commissioning Support Units (CSU’s) who act as the data processers for the commissioners.
Whilst staff within the DSCROs are employed by the CSUs they are seconded to NHS Digital and must have appropriate approvals in place to allow them to access, handle and process identifiable data. They adhere to the same strict data security policies and controls as permanent NHS Digital staff.