Privacy and Data Security


The Integrated Monitoring System (IMS) is designed to protect client privacy and to keep your data secure. We haven’t changed how we process your data and how we make sure it is kept secure. The information on these pages describes how IMS fulfills the principles of the General Data Protection Regulation (GDPR). In addition GDPR strengthens the rights of the individual in relation to their data. These rights are listed on the 'Rights of Individuals' tab together with information to explain how they may be exercised in relation to IMS.

Introduction

Cheshire and Merseyside Local Authorities requested the Public Health Institute, Liverpool John Moores University, to implement a data monitoring system for local treatment providers. This involved the development of a dataset specifically tailored towards individuals with issues around substance use in conjunction with a robust database enabling timely recording of treatment, outcomes and wellbeing data by relevant agencies. The data is supplied to the Public Health Institute via the secure IMS website either by data entry or through a secure file transfer protocol.

Why does this data need to be collected?

Local areas require surveillance to determine the distribution, determinants and efficacy of interventions for the substance using population. As several non-structured and structured services may be involved in the care of a substance user simultaneously or consecutively, this integrated monitoring system, provides robust attributable data to describe the nature and journey of individuals presenting for treatment interventions. When analysed with NDTMS data care pathways and onward referral to structured treatment are identified. Data reporting will facilitate policy formulation and will support the development of efficient commissioning systems at a local level.

Which providers should report to the monitoring system?

Services who provide non structured treatment interventions, including the provision of open access facilities and outreach which deliver: substance-specific advice, information and support; extended brief interventions to help drug and alcohol users reduce substance-related harm; and assessment and referral of those with more serious substance-related problems for care-planned structured treatment.

What data is to be collected?

In summary the main data items include the following information:
    •  Attributer: Composed of initials, date of birth and gender, used to identify individuals at agency level and across services – used for treatment journey monitoring
    •  Geographical: Recording of table linked postcode information allowing reporting by postcode of residence to DAAT and Local Authority.
    •  Intervention: Date and type of intervention accessed
    •  Outcome information: Fields regarding accommodation, employment and wellbeing information
    •  Referral information: Data relating to referral source to treatment and referral destinations to partner and external organisations and associations

The collection of client details

It is necessary that the individual’s actual initials, date of birth and sex (attributer), rather than a pseudonym attributer is reported by the provider. From a statistical perspective this will eliminate double counting and will ensure reporting systems are based on individuals.

Treatment journeys

The attributor is vital when mapping client treatment journeys. If an individual accesses treatment interventions in provider A, B and C, the initials, date of birth and sex are used to identify the movement between services; if an individual uses a pseudonym at each provider an efficient treatment system cannot be evidenced, as the client’s treatment journey cannot be linked. The ‘true’ attributer can be used to substantiate service coordination and provide support to an effective recovery system.

Attributable data and research

Data are collected for statistical, service planning and research purposes. These data are not made available in a form that identifies data subjects.

Initials, date of birth and sex are obtained primarily to remove double counting of individuals. This is the minimum necessary personal data for research purposes. The main factor influencing the amount of personal data collected is the need to identify duplicate records. This requires the individual’s first and last initials, date of birth and sex.

Postcode has been requested to assign individuals to local geographies. Ethnicity and nationality are also required for general monitoring, planning purposes and trend analysis. These data items are vital to service planning and to meet the information needs of service providers and commissioners.

Data sets are not disclosed outside the Public Health Institute in attributable format other than for the purposes of data matching with Public Health England (PHE) so that local authorities can discern the total number of individuals in contact with any level of treatment delivery in their area. PHE will not hold the data once the match has taken place. Data otherwise are only disclosed in the form of reports and manuscripts in which the data are aggregated in summary.

Principles for processing personal data - General Data Protection Regulation (GDPR)

•   It is lawful, fair, and transparent.

The IMS system is a registry of any individual in contact with 'Needle and Syringe Programmes' (NSP) and other treatment services. The legal basis by which IMS data is processed is for reasons of public interest in the area of Public Health. Patient registries play a key role in ensuring high standards of healthcare and in advancing knowledge of diseases and treatment.

•   It is specific, explicit and legitimate.

The IMS data collection tool is a modular system which allows services to capture only activity which is relevant to the need and operation of that service.

•   It is adequate, relevant and not excessive.

A full list of data fields is available from the IMS data set & reference documentation page. This is reviewed annually to ensure data is captured to meet the reporting needs of both service providers and commissioners, and to remove fields which are no longer relevant.

•   It is accurate and kept up to date.

The IMS system is a live and updatable database, whereby system users may add, edit, or delete data as required, or where support is required to action this, users may request data is updated by the IMS team.

•   It is kept for no longer than necessary.

IMS data is used for longitudinal surveillance to map the provision and demand for NSP services, and to identify client demographic changes over time. This means that data is not subject to a date of destruction. However individuals may at any time choose to withdraw their 'consent for data processing' or request the deletion of personal data, which will be applied retrospectively to all relevant data.

•   It is processed securely.

Access to the IMS online tool requires use of a username and password. Users must change their password every sixty days. The new password is validated to ensure a sufficiently complex combination of characters is used. The IMS online tool uses data views, which secure against vulnerability to attacks using SQL injection. The IMS webpage uses the HTTPS (RSA 2048-Bit) protocol to establish a secure encrypted link between the LJMU servers and the client’s computer. All IMS data is stored in SQL on Windows 2012 R2 servers which are members of a 2012 R2 domain and secured via the active directory. Windows servers are fully patched each month. Access to each file share is restricted to named users, using role based access and least privilege in terms of accounts connecting. The data is backed up every night. The LJMU firewall stops anyone from outside of LJMU accessing the particular fileserver in question. It also stops people logging onto the domain. Fileshares use NetBIOS over TCP-IP (NBT) which encrypts the data.

Rights of individuals - General Data Protection Regulation (GDPR)

•   The right to be informed

Individuals have the right to be informed what data we are collecting about them and how this data will be used. ‘Information sheet 5 - Information for Clients/Individuals’ can be found on page 11 of the IMS Privacy and Data Security guide, and this should be made available for individuals.

•   The right of access

Individuals have the right to access their data. The IMS user reports function includes a 'Client Detailed Record' which may be used to obtain a summary of client data. For more detailed data you should use the 'Create Extract, >> Local Extract' option to download your data, then filter this to obtain data for the specific individual.

•   The right to rectification

The IMS system is a live and updatable database. IMS users may add, edit, or delete data as required. When support is required, this may requested from the Public Health Institute, Liverpool John Moores University. Where support is requested, data update requests will be completed within five working days.

•   The right to erasure

IMS users may edit and delete client details and activity as required. However you should also be aware that IMS client data is securely backed up daily, and is also held within data audit tables. Therefore if a client wishes to exercise their right to erasure, you should contact us and quote the client’s unique IMS ID number. This is a unique and anonymous code which will allow us to delete all relevant data and we will confirm that the client has been erased from the IMS system.

•   The right to restrict processing

The client details screen contains a ‘consent to process data' question. This must be completed when the client is first entered on the IMS system, and may be updated at any time. Where this item is marked as 'No', data relating to the individual will only be viewed by staff within the specific service and will not be used for any reporting or data analysis by the Public Health Institute, Liverpool John Moores University. Where this question is updated, any change will be applied retrospectively to any data relating to the individual.

•   The right to data portability

Individuals have the right to their own data, for example if they wish to transfer their data to another treatment provider. To obtain detailed client data you should use the 'Create Extract, >> Local Extract' option to download your data, then filter this to obtain data for the specific individual.

•   The right to object

Individuals must be informed how their data will be used; this is set out in ‘Information sheet 5 - Information for Clients/Individuals’ on page 11 of the Privacy and Data Security guide. Where the individual objects to use of their personal data you should use the ‘dummy attributor’ with initials “X X” and date of birth “05/05/1955”. As with clients who respond 'No' to the 'consent to process data' question, data recorded with these client details will not be subject to any further data processing.

•   Rights in relation to automated decision making and profiling

IMS data is processed for reasons of public interest in the area of Public Health. It is not used in relation to automated decision making or profiling.

Exercising rights of access

In most instances the individual client should contact the specific treatment service provider, who will fulfil their request.

However in some circumstances this may not be possible;

•   Some providers record client data via a separate client data system (for example NexWebstar Health, PharmOutcome, or CRiIS). In these situations data is extracted from the relevant system and uploaded to IMS. Where this is the case, the provider will be given a user login and password for the IMS system which enables them to access their data in the same way as services who use the ‘direct data entry’ method.

•   Due to recommissioning and other changes in service providers the original service provider may no longer exist. Where this is the case, the individual may contact the Public Health Institute LJMU directly with their request.

Data relating to IMS users

In order to maintain an IMS user account it is necessary to provide your full name and a valid email address. This information is required to use the IMS system. In addition we may also send you occasional emails with information such as reports and updates relating to IMS or other relevant Public Health information from the Public Health Institute.

If you wish to check or update your personal information, or unsubscribe from emails, this can be done on the IMS user account details page. If you are unable to access IMS or wish to delete your user account please contact us with your request.

Privacy & Data Security guide

A pdf copy of the IMS Privacy & Data Security guide can be downloaded here.

This document contains all the information presented on these pages, as well as the following information sheets;

•   Sheet 1 - Sharing Data with the Public Health Institute

Local confidentiality policies may differ due to the different needs and practices of treatment services but, in the case of information collected and shared with the Public Health Institute, Liverpool John Moores University this sheet provides guidance.

•   Sheet 2 - The type of information collected, and why it is needed

Why the Public Health Institute collect information, and the type of activity collected.

•   Sheet 3 - How information is handled

More information about the Public Health Institute, Liverpool John Moores University and the way in which they handle and use IMS data.

•   Sheet 4 - Rights of Individuals - GDPR

The GDPR (General Data Protection Regulation) legislation sets out important rights for the individual, this sheet explains how these rights may be exercised in relation to IMS.

•   Sheet 5 - Information for Clients/Individuals

The information on this sheet should be used to inform clients/individuals. It can be adapted, as necessary, by your treatment service and included as part of your own service policy.