REFERENCE:

Reference Number

TITLE:

Project/Arrangement Title

EFFECTIVE DATE:

1^st April 2022

REVIEW DATE:

1^st Oct 2022

Part One : Partners

Partner

Address

Project information sharing contact
(name, job title & contact)

Data Protection Officer
(name, job title & contact)

Authorisation
(name, job title & date)

1.    NYCC

NYCC

County Hall, 

Northallerton, 

DL7 8AD

Emma Lonsdale

Commissioning Manager Health

Veritau,

West Offices,

Station Rise,

York,

North Yorkshire,

YO1 6GA

Emma Lonsdale

Commissioning Manager Health

2.    NYCCG

NYCCG

1 Grimbald Crag Court

St James Business Park

Knaresborough

HG5 8QB

Lorna Galdas

Commissioning Manager – Children and Young People

Helen Sanderson

1 Grimbald Crag Court

St James Business Park

Knaresborough

HG5 8QB

Lorna Galdas

Commissioning Manager – Children and Young People

Part Two : Purpose (Principle Two)

The main aims and objectives of the Partners in entering in to this Agreement are, in line with North Yorkshire Mental Health and Learning Disabilities Partnership Proposed Strategic Priorities, to:

§    bring together commissioners in the procurement of services to support young people aged 9-19 in respect of their emotional health and wellbeing, working together to deliver an integrated and easily accessible service offer which reduces duplication and ensures ease of access for people using the service and professionals, contributing to the national target to increase access to mental health services by 35%;

§    provide a greater focus on prevention and early intervention;

§    provide integrated care closer to home;

§    intervene and support people earlier and more effectively in their illness to reduce the number of admissions for inpatient treatment;

§    better use resources across the whole pathway;

§    support people to achieve their self-determined health and well-being goals; and

§    deliver comprehensive mental health and learning disability services, initially prioritising those in the NHS Long Term Plan and the local Transforming Care Partnership.

Principle

·         North Yorkshire Clinical Commissioning Group (NYCCG) and North Yorkshire County Council (NYCC) agreed to jointly commission and fund the Children's Emotional Health and Wellbeing Service in alignment with the priorities of the North Yorkshire Mental Health & Learning Disabilities Partnership; to improve the health and well-being of people across North Yorkshire with mental health issues and/or a learning disability through partnership working.

·         Through the Section 75 Partnership Agreement between NYCC and NYCCG , it was agreed that oversight and responsibility would be shared, with NYCCG being the host commissioner for the service.

Contractual arrangements

·         NYCCG commissions Tees Esk and Wear Valley NHS Foundation Trust (TEWV) to deliver Mental Health and Learning Disabilities services through a standard NHS contract.  NYCC will have operational input into NYCCG’s contract with TEWV regarding any specific data or service requirements as stated in  Schedule 7.of the section 75 agreement;

·         TEWV will subcontract the provision of the Children's Emotional Health and Wellbeing service to "the provider" of that service.

·         NYCC and NYCCG will enter into a section 75 agreement to reflect the partnership arrangements.

Categories of Data to be Disclosed

Purpose of disclosure

Data Flow:

a.    Name address, DOB service, medical conditions (sensitive categories of information)

This information would be provided by NYCC to NYCCG to facilitate the investigation with providers

To aid in the investigation of complaints received by NYCC from members of the public and other organisations.

b.    Children and Staff  - service provider workforce

This reporting information would be provided by NYCCG to NYCC as part of the section 75 agreement

·         NYCC will be informed by NYCCG/TEWV who any chosen providers of the service will be. 

·         Data will be sent directly from the provider of the service to NYCCG and NYCC within a report on a quarterly basis for the duration of the contract for performance and quality monitoring purposes.

·         Data will include

Ø  Activity and Finance

Ø  Activity and Finance (including never events and duty of candour)

Ø  Complaints

Ø  Incidents

Ø  Number of referrals

Ø  % of children seen for treatment within 6 weeks of referral

Ø  Number of professional consultations

Ø  % of training delegates reporting increase in knowledge

Ø  % of children reporting excellent or good of their experience of the service

Ø  Number of texts sent to the text messaging service, including primary reason for contact

To fulfil the Section 75 agreement requirements

Part Three : Lawful Basis for Sharing (Principle One)

Every disclosure of personal data, and processes used to transmit it, are to be compliant with Human Rights legislation and with Data Protection legislation.

Purpose

(As per Part Two)

Article 6 Processing Condition

Include Act & Section if relevant

Article 9 Processing Condition

Include Act & Section if relevant

Article 13 and14 Privacy Notice

Eg. Link to website or embed privacy notice

Other Evidence

eg link to a website or other evidence to evidence basis. Link to consent form if applicable. DPIA

1.    To aid in the investigation of complaints received by NYCC from members of the public and other organisations/third parties

Article 6 (b) Contract – to ensure the contract between NYCC and NYCCG is fit for purpose and delivering the service NYCC has commissioned

Article 6(1)(c) – Legal obligation

Article 9 (a) Explicit consent: in this context a complaint has been made by the customer who provided this information so their complaint can be investigated

Article 9(g) Reasons of substantial public interest (with a basis in law)

Article 9(2)(h) – Provision of health and social care

The legislations, policies and guidance that relate to this service includes, but is not limited to:

• Early Education and Childcare Statutory Guidance for Local Authorities
• Special Educational Needs and Disability (SEND) Code of Practice: 0 to 25 years
• Working Together to Safeguard Children 2015
• Children and Families Act 2014
• Children Act 2004

https://www.northyorks.gov.uk/info/inclusion-service-privacy-notice

The Section 75 Agreement

2.    To fulfil the Section 75 agreement requirements

No personal data will be shared as part of this processing

Personal Data:

All data sent to NYCC and NYCCG will be anonymised or aggregated and will contain no personal identifiable information.

N/A

Special Category Data:

Activity numbers only as per the above list

N/A

N/A

Part Four : Information Flow, Limitation, Minimisation, and Accuracy (Principles Two, Three, and Four)

NYCC Data Sharing

Data minimisation principles will be adhered to where data is shared by NYCC with NYCCG. Where complaints are received by NYCC we will liaise with NYCCG and provide relevant and minimal details only to ensure that the complaint can be fully investigated by NYCCG and the appropriate provider(s) and that the Section 75 contract is fit for purpose and the service is delivered as described.

Personal or sensitive categories of data shared by NYCC will have been provided by a third party via a complaint, usually directly from the complainant themselves, therefore accuracy of the information is taken at face value as NYCC has no other means of corroborating or validating this information independently. This information is to aid NYCC and NYCCG to identify the original provider of the service and to facilitate any potential investigation into the complaint. It is expected that any information provided back to NYCC from NYCCG or the provider will be an accurate reflection of the service delivered to the complainant.

Any data shared by NYCC with NYCCG will be for the purpose of investigating complaints only, to identify the provider and to report back investigation findings to NYCC. This personal or sensitive information must not be used for any other purpose. It is expected that NYCCG will only share personal or sensitive categories of data with the relevant provider.

Data will be shared by NYCC with NYCCG will be via secured email (@gov.uk and  @nhs.net)

Once an investigation is complete, any actions or lessons learned must be anonymised by NYCCG and the Provider.

Aggregated/Anonymous reports from NYCCG to NYCC

Before sharing aggregated or anonymised data, officers will check that the information being shared is accurate and up to date to the best of their knowledge.

Governance structures for both organisations showing formal links to NYCCG are included in the Section 75 Agreement, showing how NYCCG governance links to existing NYCC and NYCCG structures and respective decision making processes.

Both parties to agree to changes in any data processing changes to be agreed at the JCG and minuted for audit purposes

Part Five : Retention and Deletion (Principle Five)

NYCC Data Sharing

NYCCG and the relevant provider may only retain the personal and sensitive categories of information for the length of the investigation and to report any findings to NYCC. After this time the NYCCG and the relevant provider must anonymise any investigation records, including but not limited to any actions or lessons learned.

NYCCG may only share personal information with the relevant Provider in order to investigate and report on any claims made in the complaint.

Aggregated/Anonymous reports from NYCCG to NYCC

·         All data sent to NYCC will be anonymised or aggregated and will contain no personal identifiable information

·         NYCCG records are destroyed in accordance with the NHS Retention Schedules, which sets out the appropriate length of time different types of records are retained. Typically data is retained for eight years.

·         NYCC records are destroyed in accordance with the NYCC Retention Schedule, which sets out the appropriate retention length for different types of records. The data outlined above will be retained for eight years subject to any legislative or public tasks changes that occur in this time.

Part Six: Means of Transmission and Security (Principle Six)

The Protocol provides details of the overall security standards required of partners to manage the information they receive from other parties under this Arrangement. These must be respected by all signatories.

NYCC Data Sharing

Personal and sensitive categories of information will be shared by NYCC with  NYCCG via secure email (@gov.uk and @nhs.net)

NYCCG will be responsible for securely providing any personal or sensitive categories of information to the relevant provider for investigation.

NYCCG will be responsible for ensuring that they and any providers that will be processing the information shared by NYCC will do so securely and in line with their GDPR responsibilities as data controllers.

If a security incident is recorded against any of the shared datasets, as outlined in the ‘Part Two, Data Flow A’, by NYCCG or a provider then the originating party must be notified within 24 hours of being made aware.  The party who has recorded the incident must allow audit of the investigation into the incident and a copy of any implemented mitigations must be provided to the originator of the data.  Each organisation must follow their own security incident procedure to the full, where notification to the ICO is required it is recommended that the Data Protection Officers (DPO’s) of both organisations notify each other directly.

Aggregated/Anonymous reports from NYCCG to NYCC

Any data provided as part of a system or procedural audit will be transferred in a secured/encrypted manner

If a security incident is recorded against any of the shared datasets, as outlined in the ‘Part Two, Data Flow B’, by NYCCG or a provider then NYCC must be notified within 24 hours of being made aware.  NYCCG must audit/investigation the incident and a copy of any implemented mitigations must be provided to NYCC.  Each organisation must follow their own security incident procedure to the full, where notification to the ICO is required it is recommended that the Data Protection Officers (DPO’s) of both organisations notify each other directly.

Part Seven: Other Considerations

Identify any other requirements not covered in the above

How will you handle FOI /EIR Requests and how will you hand Data Protection Rights (access, erasure, rectification etc)?

NYCC Data Sharing

The recipient of the request will be responsible for handling SAR, FOI/EIR requests, with the exception of notifying the other partner where needed to fulfil such a request

NYCC – standard procedure for exercising individual rights, SAR, FOI/EIR will be used. Full details of each individual process can be found at  https://www.northyorks.gov.uk/privacy-notices

The recipient of the request will be responsible for handling SAR, FOI/EIR requests, with the exception of notifying the other partner where needed to fulfil such a request

NYCCG – standard procedure for exercising individual rights, SAR, FOI/EIR will be used. Full details of each individual process can be found at  [   ]

Part Eight: Termination of Arrangement

Details what should happen with the information held by each partner upon termination of the arrangement

This agreement will be in place for the duration of the accompanying section 75 agreement

Part Nine: Signatures

By signing this Arrangement, all signatories accept responsibility for its execution and agree to ensure that the information processing referred to in this agreement is done in accordance with all relevant legislation, particularly the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA), the Protocol and this agreement.

Partner

Project Officer or Information Asset Owner

PO / IAO Signature and Date

Data Protection Officer

DPO Signature and Date

1.

2.

3.