NHS Tayside

Local Intelligence Network (LIN)
for Controlled Drugs (CDs)
Information Sharing Protocol

Author: Head of Controlled Drugs Governance

/

Review Group: Local Intelligence Network for CDs

Review Date: May 2011

/

Last Update: Version: 2.2

Document No: Version 3.0

/

Issue No: 1

UNCONTROLLED WHEN PRINTED

Signed:

/

Executive Lead

(Authorised Signatory)

CONTENTS

Page

1. Introduction3

2.Objectives4

3. General Principles4

4. Agreed Parameters5

4.1 Data and Information to be Shared

4.2 Criteria for Access

4.3 Gatekeepers

5. Roles & Responsibilities6

5.1 Gatekeepers

5.2 Local Management

5.3 Protocol Guardians

6. Protocols7

6.1 Security

6.2 Referral Process

6.3 Record Keeping

7. Other Relevant Documentation8

8. Local Policies8

9.Signatories to Protocol Document9

Appendix IGatekeeper Confidentiality Statement11

1.Introduction

The fourth report of the Shipman Inquiry, ‘The Regulation of Controlled Drugs in the Community’, made recommendations to strengthen and improve the current systems for the management and use of controlled drugs. As a consequence, new legal requirements to promote the safe and effective use of controlled drugs have been introduced in the UK Health Act 2006 and the Controlled Drugs (Supervision of Management and Use) Regulations 2006.

The new regulations place a statutoryduty of co-operation on responsible bodies to share information and intelligence about the management and use of controlled drugs by any relevant person. The term “relevant person” is defined as any individual, whether or not healthcare professional, who are involved in any way (NHS or private) with the management or use of controlled drugs. In addition to the requirements of the Regulations, the requirements of the Data Protection Act 1998 around the sharing of information are satisfied.

  • Schedule 2, Condition 3: The processing is necessary for compliance with any legal obligation to which the data controller is subject –-that is compliance with the Regulations.
  • Schedule 3, Condition 10: The Data Protection (Processing of Sensitive Personal Data) Order 2000, SI 2000 No.417.

The processingis (a) in the substantial public interest; (b) necessary for the discharge of any function which is designed for protecting members of the public against -

(i) dishonesty, malpractice, or other seriously improper conduct by, or the unfitness or incompetence of, any person, or (ii) mismanagement in the administration of, or failures in services provided by, any body or association; and

(c) must necessarily be carried out without the explicit consent of the data subject being sought so as not to prejudice the discharge of that function.

The Tayside Local Intelligence Network (LIN) has been established in order to facilitate information sharing to support the safer management of controlled drugs in Tayside. The LIN will enable responsible bodiesto share concerns through appropriate channels about professional or organisational activities around the management and use of controlled drugs. This may involve the sharing of person identifiable data and information held by participating bodies.

The bodies involved are Tayside healthcare organisations, NHS Scotland Counter Fraud Services, professional regulatory bodies, Tayside Police, the Scottish Prison Service, Local Authorities and the Care Commission.

Systems for identifying and investigating concerns are to be established whereby the sharing of information takes account of the specified restrictions relating to disclosure [1] and the need to comply with the record keeping requirements [2] relating to the sharing of information.

This document outlines the terms agreed between the participating bodiesunder which provision of data and information is permitted.

2.Objectives

The objectives of this document are to:

  1. Set out the agreed parameters under which access to and sharing of data and information will be permitted.
  2. Define the purpose for which the data and information is required.
  3. Define the roles and responsibilities of those involved in the operation of this protocol.
  4. Provide a framework which will ensure that confidentiality is maintained.

3.General Principles

The general principles under which this Protocol operates are as follows:

  1. The organisations that are party to this agreement are committed to enable data to be shared in a manner that is compliant with their statutory responsibilities.
  2. The data and information will only be accessed by a restricted number of personnelwho will have been made aware of the confidential nature of the data and information.
  3. Organisations to take responsibility for their own data handling/security. Principle 7 of the Data Protection Act 1998 states that appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of or damage to personal data.
  4. LIN memberswill be given access to minimum data and information as agreed in this document.
  5. Confidential information about patients will be anonymised where appropriate, otherwise patient/carer consent will be sought wherever practicable and/or appropriate.
  6. Where appropriate, health and social care professionals will be made aware of concerns raised about them.
  7. All person identifiable information will be considered as strictly confidential.
  8. Breaches of confidentiality will be considered as contravention of the Data Protection Act 1998 and will be dealt within the terms of the appropriate authority’s policy.
  9. The maintenance of this protocol will be the responsibility of named Protocol Guardians for the participating authorities.

4.Agreed Parameters

4.1.Data and Information to be Shared

Incidents or concerns regarding the management and use of controlled drugs may be raised directly or identified as a result of inspections, patient complaints, routine monitoring of prescribing data or adverse incident reports.

Members of the LIN may disclose to any other member any information which may help to identify cases where action may need to be taken in respect of management and use of controlled drugs. This enables members who have a cause for concern to share them as soon as possible with any other members who may be affected or who may have complimentary information.

Information which may be shared will include details of the following:

  • Incidents involving controlled drugs
  • Concerns regarding any aspect of the management and use of controlled drugs
  • Intelligence on controlled drug issues

Any of the above may include confidential details of relevant individuals involved, including health or social care professionals, staff members, patients, carers or other members of the public.

Detailed discussion based on such information may take place at the Core Local Intelligence Network.

Information will be presented in an anonymised format for sharing with the full membership of the Local Intelligence Network.

4.2.Criteria for Access

Access to this data and information is only permitted in support of the legitimate purpose of the Tayside LIN. Requests for access for any other purpose must be referred to Accountable Officer for Controlled Drugs. Any Freedom of Information requests will be referred to the Information Governance Team, NHS Tayside. Any information or intelligence originating from Tayside Police will not be disclosed without referral to the Tayside Police LIN SPOC.

Distribution lists for the LIN and Core LIN will be held by the PA to the Controlled Drugs Team and papers for scheduled meetings (including agendas and minutes) will be circulated in advance by e-mail to all members. Sensitive information will not be circulated electronically but will either be sent through the postal service to named individuals, marked ‘In Confidence’, or will be tabled at the meeting. Confidential information about individuals will only be shared on a strict need to know basis.

Confidential reports of incidents, concerns and intelligence will be held in a locked filing cabinet in a locked office within a secure building with restricted access, and/or in a password-protected electronic file.

4.3.Gatekeepers

Access to the data and information provided will be restricted and managed by identified staff (termed Gatekeepers). Gatekeepers are required to sign a confidentiality statement, see Appendix I.

Protocol Guardians will hold copies of the signed confidentiality statements and maintain a register of Gatekeeper names.

Gatekeepers are: Local Intelligence Network (LIN)

Accountable Officer for CDs (Fernbrae)

Accountable Officer for CDs (Rachel House)

Care Commission Officer, Scottish Commission for the Regulation of Care

Director of Intelligence, Tayside Police

Director of Nursing - Delivery Unit, NHS Tayside

Directors of Pharmacy/Accountable Officers for CDs, NHS Tayside

Medical Director, NHS Tayside

Associate Medical Director - Primary Care, NHS Tayside

Director of Tayside Audit Resources for Primary Care (TARPC) - Clinical Governance Co-ordinator

Investigator, NHS Counter Fraud Service

Lead Nurse, NHS Tayside Out of Hours

LSA Midwifery Officer - North of Scotland

Head of Controlled Drugs Governance, NHS Tayside

Pharmacy Adviser, Scottish Prison Service

Pharmacy Development Manager, NHS Tayside

Principal Pharmacist, NHS Tayside Substance Misuse Service

Professional Standards Inspector, Royal Pharmaceutical Society of Great Britain

Core Local Intelligence Network (Core LIN)

Director of Intelligence, Tayside Police

Director of Nursing - Delivery Unit, NHS Tayside

Directors of Pharmacy/Accountable Officers for CDs, NHS Tayside

Medical Director, NHS Tayside

Head of Controlled Drugs Governance, NHS Tayside

Professional Standards Inspector, Royal Pharmaceutical Society of Great Britain

5.Roles & Responsibilities

5.1.Gatekeepers

Members of the Tayside LIN who have access to the data and information will not be permitted to:

  • divulge data or information to any other party outwith the bodies involved in the LIN
  • use the data or information for any purpose other than specified in this document
  • amendthe data other than anonymisation for aggregation, e.g. for the production of statistics.

To fulfil the purposes outlined in 4.2 above, the members of the Tayside LIN who have received training and have been registered to fulfil a Gatekeeper function will be permitted access.

5.2.Local Management

Those members of the Tayside LIN who are fulfilling the function of Gatekeepers are accountable through their local line management structure. Protocol Guardians will monitor the activities of the Gatekeepers.

5.3.Protocol Guardians

The Protocol Guardians for NHS Tayside are:

Angela TimoneyAlistair Jack

Accountable Officer for Controlled Drugs,Accountable Officer for Controlled Drugs,

NHS Tayside/Joint Chair Tayside LINNHS Tayside/Joint Chair Tayside LIN

6.Protocols

6.1.Security

6.1.1.Location of Equipment

All confidential information will be held in a locked filing cabinet in a locked room within a secure building with restricted access and/or in a password-protected electronic file.

6.1.2.Training

All members of the Accountable Officer for CDs Team will undertake the training on IT Security, Data Protection, Caldicott, Freedom of Information, Records Management and Quality Management provided by the NHS Tayside Information Security and Confidentiality Team.

6.1.3.Monitoring

The information sharing activities of the Tayside LIN is subject to regular management. The Core LIN will monitor the information sharing arrangements.

6.1.4.Untoward Incidents/Breaches of Security

Untoward incidents regarding breaches of security will be reported to the Accountable Officers for CDs. They will be recorded and investigated in line with existing procedures for dealing with untoward incidents.

6.2.Referral Process

The sharing of information may be triggered during the course of an investigation of an incident or concern where it is clear that another body may have information which may assist the investigation or where the other body may be affected.

Where several agencies are involved the NHS Tayside Accountable Officer for CDs may establish a Controlled Drug Incident Panel of relevant agencies or individuals to consider specific serious concerns. Membership of the panel will depend on the nature of the concern or incident, but will include members of the LIN.

Each agency will retain responsibility for taking appropriate action where required. Action may include the further investigation of issues of concern or the initiation of processes to protect the safety of the public. If patient safety is thought to be at risk immediate action will be taken.

6.3.Record Keeping

LIN members will keep records of any decisions to disclose information and any requests to disclose the information. Details of the nature of the information disclosed, the responsible body to which the information was disclosed and any other relevant details must also be recorded. Records will be held securely as described in 6.1.1. and destroyed when no longer required by a cross-cut shredder.

7.Other Relevant Documentation

This protocol has been drawn up taking into account the following legislation and guidance documents:

  • Safer Management of Controlled Drugs: Guidance on Strengthened Governance Arrangements HDL (2007) 12
  • Misuse of Drugs Act 1971
  • Misuse of Drugs Regulations 2001
  • The Controlled Drugs (Supervision of Management and Use) Regulations 2006
  • Data Protection Act 1998
  • The Freedom on Information (Scotland) Act 2002
  • Caldicott Report as adopted by the NHS Scotland
  • Information Sharing between NHS Scotland and the Police, CEL 13 (2008)
  • Accountable Officers/the Association of Chief Police Officers in Scotland (ACPOS) – Working Protocol for reporting suspected criminal activity in relation to controlled drugs.

8.Local Policies

  • General Protocol for Sharing Information, NHS Tayside, Angus Council, Dundee City Council and Perth & Kinross Council
  • NHS Tayside Local Intelligence Network for Controlled Drugs Terms of Reference
  • Tayside Police Information Sharing Protocol with the NHS

9.Signatories to Protocol Document

Tayside Local Intelligence Network for Controlled Drugs

- Information Sharing Protocol -

NHS Tayside
Signature
Name
Designation
Date signed
FernbraeHospital
Signature
Name
Designation
Date signed
Rachel House
Signature
Name
Designation
Date signed
Monroe House, Castlebeck Care
Signature
Name
Designation
Date signed
Tayside Police
Signature
Name
Designation
Date signed
Scottish Prison Service
Signature
Name
Designation
Date signed
Scottish Commission for the Regulation of Care
Signature
Name
Designation
Date signed

All healthcare regulatory bodies have a duty to cooperate with other responsible bodies and to disclose information in accordance with the Health Act 2006 and the Controlled Drugs (Supervision of Management and Use) Regulations 2006.

APPENDIX I

GATEKEEPER CONFIDENTIALITY STATEMENT

I, ______, understand that in the course of my duties in the function of ‘gatekeeper’ I require to access person identifiable data. I understand that the information held for the purpose of the Tayside Local Intelligence Network for Controlled Drugs is strictly confidential and that the following rules must be adhered to. Failure to fulfil these obligations will be considered gross misconduct.

  1. I will only make use of the data and information for the express purposes specified in the Information Sharing Protocol.
  2. I will not divulge information from the supplied data to anyone who is not authorised to receive it.
  3. I will not amend any of the data or information provided.
  4. I will not divulge any passwords or access codes associated with provided data or information to any other individual.
  5. If I am unsure whether use of the information is authorised I shall refer the matter to the Protocol Guardian.

NAME:

POSITION:

SIGNATURE: DATE:

Accountable Officer for Controlled Drugs

I, , as Accountable Officer, agree to the above named individual acting in the role of ‘gatekeeper’ and accessing Tayside Local Intelligence Network for Controlled Drugs data and information for use as agreed within this protocol.

SIGNATURE: DATE:

Page 1 of 11

[1]Section 27, The Controlled Drugs (Supervision of Management and Use) Regulations 2006

[2]Section 28, The Controlled Drugs (Supervision of Management and Use) Regulations 2006