Appendix G – Partner Agency Information Sharing Arrangement
This Information Sharing Arrangement (the “Arrangement”) has been drawn up under the umbrella of the Multi Agency Information Sharing Protocol (the “Protocol”), which sets out the core information sharing principles which have been agreed by its signatory organisations.
The core Protocol documents and list of signatories can be found here.
This Arrangement should be read in conjunction with the Protocol which sets out the core information sharing principles which have been agreed by the Partner Agencies. Any defined terms in this Arrangement are set out in the Glossary of Terms of the Protocol. Partners entering into a Partner Agency Information Sharing Arrangement accept the terms of the Protocol and this Arrangement sets out the practical details of the data sharing.
By signing this Arrangement, all signatories accept responsibility for its execution and agree to ensure that the information processing referred to in this agreement is done in accordance with all relevant legislation, particularly the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA), the Protocol and this agreement.
Once complete, circulate to the Information Sharing Contacts within each organisation who will publish and circulate accordingly, and add to the register of Partner Agency Information Sharing Arrangements, held by each organisation.
Please complete all of the following sections. Do not leave boxes blank, and seek guidance from your Data Protection Officer if you are unsure of the level of detail/requirements. Please delete any explanatory comments (Red) before the Arrangement is signed.
REFERENCE: |
Reference Number |
TITLE: |
Project/Arrangement Title |
EFFECTIVE DATE: |
1st April 2022 |
REVIEW DATE: |
1st Oct 2022 |
Part One : Partners |
|||||
Partner |
Address |
Project information sharing
contact |
Data Protection
Officer |
Authorisation |
|
1. NYCC |
NYCC County Hall, Northallerton, DL7 8AD |
Emma Lonsdale Commissioning Manager Health |
Veritau, West Offices, Station Rise, York, North Yorkshire, YO1 6GA |
Emma Lonsdale Commissioning Manager Health |
|
2. NYCCG |
NYCCG 1 Grimbald Crag Court St James Business Park Knaresborough HG5 8QB |
Lorna Galdas Commissioning Manager – Children and Young People |
Helen Sanderson 1 Grimbald Crag Court St James Business Park Knaresborough HG5 8QB |
Lorna Galdas Commissioning Manager – Children and Young People |
|
Part Two : Purpose (Principle Two) |
|||||
The main aims and objectives of the Partners in entering in to this Agreement are, in line with North Yorkshire Mental Health and Learning Disabilities Partnership Proposed Strategic Priorities, to: § bring together commissioners in the procurement of services to support young people aged 9-19 in respect of their emotional health and wellbeing, working together to deliver an integrated and easily accessible service offer which reduces duplication and ensures ease of access for people using the service and professionals, contributing to the national target to increase access to mental health services by 35%; § provide a greater focus on prevention and early intervention; § provide integrated care closer to home; § intervene and support people earlier and more effectively in their illness to reduce the number of admissions for inpatient treatment; § better use resources across the whole pathway; § support people to achieve their self-determined health and well-being goals; and § deliver comprehensive mental health and learning disability services, initially prioritising those in the NHS Long Term Plan and the local Transforming Care Partnership. Principle · North Yorkshire Clinical Commissioning Group (NYCCG) and North Yorkshire County Council (NYCC) agreed to jointly commission and fund the Children's Emotional Health and Wellbeing Service in alignment with the priorities of the North Yorkshire Mental Health & Learning Disabilities Partnership; to improve the health and well-being of people across North Yorkshire with mental health issues and/or a learning disability through partnership working. · Through the Section 75 Partnership Agreement between NYCC and NYCCG , it was agreed that oversight and responsibility would be shared, with NYCCG being the host commissioner for the service.
Contractual arrangements · NYCCG commissions Tees Esk and Wear Valley NHS Foundation Trust (TEWV) to deliver Mental Health and Learning Disabilities services through a standard NHS contract. NYCC will have operational input into NYCCG’s contract with TEWV regarding any specific data or service requirements as stated in Schedule 7.of the section 75 agreement; · TEWV will subcontract the provision of the Children's Emotional Health and Wellbeing service to "the provider" of that service. · NYCC and NYCCG will enter into a section 75 agreement to reflect the partnership arrangements.
|
|||||
Categories of Data to be Disclosed |
Purpose of disclosure |
||||
Data Flow: |
|||||
a. Name address, DOB service, medical conditions (sensitive categories of information) This information would be provided by NYCC to NYCCG to facilitate the investigation with providers |
To aid in the investigation of complaints received by NYCC from members of the public and other organisations. |
||||
b. Children and Staff - service provider workforce This reporting information would be provided by NYCCG to NYCC as part of the section 75 agreement
· NYCC will be informed by NYCCG/TEWV who any chosen providers of the service will be. · Data will be sent directly from the provider of the service to NYCCG and NYCC within a report on a quarterly basis for the duration of the contract for performance and quality monitoring purposes. · Data will include Ø Activity and Finance Ø Activity and Finance (including never events and duty of candour) Ø Complaints Ø Incidents Ø Number of referrals Ø % of children seen for treatment within 6 weeks of referral Ø Number of professional consultations Ø % of training delegates reporting increase in knowledge Ø % of children reporting excellent or good of their experience of the service Ø Number of texts sent to the text messaging service, including primary reason for contact |
To fulfil the Section 75 agreement requirements |
||||
Part Three : Lawful Basis for Sharing (Principle One) |
|||||
Every disclosure of personal data, and processes used to transmit it, are to be compliant with Human Rights legislation and with Data Protection legislation.
|
|||||
Purpose
(As per Part Two) |
Article 6 Processing Condition Include Act & Section if relevant |
Article 9 Processing Condition Include Act & Section if relevant |
Article 13 and14 Privacy Notice Eg. Link to website or embed privacy notice |
Other Evidence eg link to a website or other evidence to evidence basis. Link to consent form if applicable. DPIA |
|
1. To aid in the investigation of complaints received by NYCC from members of the public and other organisations/third parties |
Article 6 (b) Contract – to ensure the contract between NYCC and NYCCG is fit for purpose and delivering the service NYCC has commissioned
Article 6(1)(c) – Legal obligation |
Article 9 (a) Explicit consent: in this context a complaint has been made by the customer who provided this information so their complaint can be investigated
Article 9(g) Reasons of substantial public interest (with a basis in law)
Article 9(2)(h) – Provision of health and social care The legislations, policies and guidance that relate to this service includes, but is not limited to:
|
https://www.northyorks.gov.uk/info/inclusion-service-privacy-notice |
The Section 75 Agreement |
|
2. To fulfil the Section 75 agreement requirements |
No personal data will be shared as part of this processing
Personal Data: All data sent to NYCC and NYCCG will be anonymised or aggregated and will contain no personal identifiable information.
|
N/A Special Category Data: Activity numbers only as per the above list |
N/A |
N/A |
|
Part Four : Information Flow, Limitation, Minimisation, and Accuracy (Principles Two, Three, and Four) |
|||||
NYCC Data Sharing Data minimisation principles will be adhered to where data is shared by NYCC with NYCCG. Where complaints are received by NYCC we will liaise with NYCCG and provide relevant and minimal details only to ensure that the complaint can be fully investigated by NYCCG and the appropriate provider(s) and that the Section 75 contract is fit for purpose and the service is delivered as described.
Personal or sensitive categories of data shared by NYCC will have been provided by a third party via a complaint, usually directly from the complainant themselves, therefore accuracy of the information is taken at face value as NYCC has no other means of corroborating or validating this information independently. This information is to aid NYCC and NYCCG to identify the original provider of the service and to facilitate any potential investigation into the complaint. It is expected that any information provided back to NYCC from NYCCG or the provider will be an accurate reflection of the service delivered to the complainant.
Any data shared by NYCC with NYCCG will be for the purpose of investigating complaints only, to identify the provider and to report back investigation findings to NYCC. This personal or sensitive information must not be used for any other purpose. It is expected that NYCCG will only share personal or sensitive categories of data with the relevant provider.
Data will be shared by NYCC with NYCCG will be via secured email (@gov.uk and @nhs.net)
Once an investigation is complete, any actions or lessons learned must be anonymised by NYCCG and the Provider.
Aggregated/Anonymous reports from NYCCG to NYCC Before sharing aggregated or anonymised data, officers will check that the information being shared is accurate and up to date to the best of their knowledge.
Governance structures for both organisations showing formal links to NYCCG are included in the Section 75 Agreement, showing how NYCCG governance links to existing NYCC and NYCCG structures and respective decision making processes.
Both parties to agree to changes in any data processing changes to be agreed at the JCG and minuted for audit purposes
|
|||||
Part Five : Retention and Deletion (Principle Five) |
|||||
NYCC Data Sharing NYCCG and the relevant provider may only retain the personal and sensitive categories of information for the length of the investigation and to report any findings to NYCC. After this time the NYCCG and the relevant provider must anonymise any investigation records, including but not limited to any actions or lessons learned.
NYCCG may only share personal information with the relevant Provider in order to investigate and report on any claims made in the complaint.
Aggregated/Anonymous reports from NYCCG to NYCC · All data sent to NYCC will be anonymised or aggregated and will contain no personal identifiable information · NYCCG records are destroyed in accordance with the NHS Retention Schedules, which sets out the appropriate length of time different types of records are retained. Typically data is retained for eight years. · NYCC records are destroyed in accordance with the NYCC Retention Schedule, which sets out the appropriate retention length for different types of records. The data outlined above will be retained for eight years subject to any legislative or public tasks changes that occur in this time. |
|||||
Part Six: Means of Transmission and Security (Principle Six) |
|||||
The Protocol provides details of the overall security standards required of partners to manage the information they receive from other parties under this Arrangement. These must be respected by all signatories. NYCC Data Sharing Personal and sensitive categories of information will be shared by NYCC with NYCCG via secure email (@gov.uk and @nhs.net) NYCCG will be responsible for securely providing any personal or sensitive categories of information to the relevant provider for investigation. NYCCG will be responsible for ensuring that they and any providers that will be processing the information shared by NYCC will do so securely and in line with their GDPR responsibilities as data controllers.
If a security incident is recorded against any of the shared datasets, as outlined in the ‘Part Two, Data Flow A’, by NYCCG or a provider then the originating party must be notified within 24 hours of being made aware. The party who has recorded the incident must allow audit of the investigation into the incident and a copy of any implemented mitigations must be provided to the originator of the data. Each organisation must follow their own security incident procedure to the full, where notification to the ICO is required it is recommended that the Data Protection Officers (DPO’s) of both organisations notify each other directly.
Aggregated/Anonymous reports from NYCCG to NYCC Any data provided as part of a system or procedural audit will be transferred in a secured/encrypted manner
If a security incident is recorded against any of the shared datasets, as outlined in the ‘Part Two, Data Flow B’, by NYCCG or a provider then NYCC must be notified within 24 hours of being made aware. NYCCG must audit/investigation the incident and a copy of any implemented mitigations must be provided to NYCC. Each organisation must follow their own security incident procedure to the full, where notification to the ICO is required it is recommended that the Data Protection Officers (DPO’s) of both organisations notify each other directly.
|
|||||
Part Seven: Other Considerations |
|||||
Identify any other requirements not covered in the above How will you handle FOI /EIR Requests and how will you hand Data Protection Rights (access, erasure, rectification etc)? NYCC Data Sharing The recipient of the request will be responsible for handling SAR, FOI/EIR requests, with the exception of notifying the other partner where needed to fulfil such a request NYCC – standard procedure for exercising individual rights, SAR, FOI/EIR will be used. Full details of each individual process can be found at https://www.northyorks.gov.uk/privacy-notices The recipient of the request will be responsible for handling SAR, FOI/EIR requests, with the exception of notifying the other partner where needed to fulfil such a request NYCCG – standard procedure for exercising individual rights, SAR, FOI/EIR will be used. Full details of each individual process can be found at [ ]
|
|||||
Part Eight: Termination of Arrangement |
|||||
Details what should happen with the information held by each partner upon termination of the arrangement
This agreement will be in place for the duration of the accompanying section 75 agreement |
|||||
Part Nine: Signatures |
|||||
By signing this Arrangement, all signatories accept responsibility for its execution and agree to ensure that the information processing referred to in this agreement is done in accordance with all relevant legislation, particularly the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA), the Protocol and this agreement. |
|||||
Partner |
Project Officer or Information Asset Owner |
PO / IAO Signature and Date |
Data Protection Officer |
DPO Signature and Date |
|
1. |
|
|
|
|
|
2. |
|
|
|
|
|
3. |
|
|
|
|
|