Versions Compared

Old Version 10

changes.mady.by.user Andrew Syme

Saved on

compared with

New Version 11

changes.mady.by.user Andrew Syme

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Step 1: identify the need for a DPIA

  • Step 2: describe the processing

  • Step 3: consider consultation

  • Step 4: assess necessity and proportionality

  • Step 5: identify and assess risks

  • Step 6: identify measures to mitigate the risks

  • Step 7: sign off and record outcomes

Contractual Context

  1. A Skyline Subscription is procured by a Customer (e.g. a CCG).

    1. The Customer has a Contract and/or a Data Processing Deed (DPD) which provides the legal basis for processing data.

    2. A Subscription contains one or more Solutions.

  2. Relevant Solutions within a Subscription are made available to Subscription Organisations, also known as Beneficiaries in the associated DPD.

    1. Each Solution will have an associated Solution Agreement will include links to the DPD as appropriate; a Solution may not process sensitive data in which case such links will be for information only.

    2. Where the Subscription Organisation is the Controller they will need to agree to Solution Agreements for each Solution they use prior to the Solution being made available to Users .

Step 1: Identify the need for a DPIA

...

Skyline processes patient data as follows:

  1. Acquiring patient medical records from the different Principal Clinical Systems such as EMIS;

  2. Analysing the patient medical records according to specifications to support clinical care;

  3. Supporting clinicians to make clinical decisions by interpreting the results of the previous analysis;

  4. Displaying the results of the patient data analysis to assist in direct clinical care, planning and research;

  5. Where a practice is participating in, and has given explicit consent,

    1. Extracting subsets of data from the patient medical records for provision to third parties such as SAIL or the National Diabetes Programme;

    2. Collecting new and updated medical data about patients to support patient reviews and Public Health programmes such as the NHS Health Check;

  6. Assisting GP practices in the day-to-day operations of patient management, for example managing the call and recall process for immunisation programmes.

Warning

Do we need to do a DPIA?

The ICO publishes guidance on when a DPIA is needed. Under that guidance a DPIA is needed for various reasons:

  1. GDPR Article 35(3):

    1. Systematic and extensive profiling with significant effects [Article 35(3)(b)];

    2. Large scale use of sensitive data [Article 35(3)(b)];

  2. Article 29 working party of EU data protection authorities (WP29) guidelines:

    1. Evaluation or scoring of health data;

    2. Sensitive data or data of a highly personal nature including special categories of personal data;

    3. Data processed on a large scale;

    4. Data concerning vulnerable data subjects.

Step 2: Describe the processing

...

What is the nature of the personal data?

Patient medical records.

What is the volume and variety of the personal data?

Data held for every patient registered with the practice.

What is the sensitivity of the personal data?

Sensitive based on these special categories:

  • Race and ethnic origin

  • Health data;

  • Data related to sexual preferences, sex life, and/or sexual orientation.

What is the extent and frequency of the processing?

A patient’s personal data is processed:

  1. Whenever it is sent from the Principal Clinical System to Skyline. This happens whenever the underlying data held in the Principal Clinical System changes;

  2. When a change to the data analysis parameters in Skyline is made;

  3. When a user wants to view a cohort that the patient belongs to;

  4. When a user wants to perform aggregated data analysis involving the patient.

The frequency of this processing depends on:

  • How often their source data changes in the Principal Clinical System;

  • How frequently users access the patient’s cohorts;

  • How frequently aggregated data analysis is requested by users.

It can be expected that, when looking across these types of processing, an individual patient’s data is processed on a daily basis.

What is the duration of the processing?

A patient’s personal data will be processed whilst they are registered at the practice. Once they are de-registered their data will continue to be processed for historic data analysis purposes.

What is the number of data subjects involved?

This depends on the GP practice. The median number of patients in a practice in England and Wales is ~8,500.

What is the geographical area covered.

That of the catchment area of the GP practice.

...

Note for the Data Controller

The purposes of processing are defined in the individual Solution Agreements and Data Processing Deeds

It is the responsibility of the data controller to ensure that they have established their purpose for using Skyline to process patient data.

For the majority of Cases the following purpose will be appropriate:

Skyline provides Clinical Decision Support, Risk Stratification and Population Health Management capabilities that help GP practices to:

  • Improve the quality of patient care and achieve the best clinical outcomes for patients;

  • Manage and plan clinic services to ensure that appropriate care is in place;

  • Participate in health and social care research.

In most cases the The underlying purpose is provision of direct patient care.

Step 3: Consultation process

...