Confidential Data Release Form
for users of NHS personal data /
1 User Details
Name:
Job title:
Organisation:
Address:
Tel No: ______
Data Protection Reg No: / 2 Sponsor Details
See Rule 6 for appropriate sponsor
Name:
Job title:
Organisation:
Address:
Tel No:
3 Name(s) of all co-user(s):
Only the user and people listed here will have access to the data. This should include only those for whom access is essential to the work. Please see rule 3
4 Nature of data requested,including a list of variablesrequired:
Only data essential to the proposed work should be requested.
5 All purposes for which data will be used,including publications:
No data which carries the risk of identification of an individual will be put into the public domain. Please refer to the Information Services Division’s (ISD) Statistical Disclosure Control Protocol and/or discuss with the ISD Head of Statistics where disclosure is a concern. Please see Rule 5

Confidential Data Release FormVersion 2.0March 2011

Page 1 of 1

6 Proposed method of transfer of data:
The final decision will be taken in consultation with the NSS analyst and should comply with NSS policy
7 Measures in place to protect and use the data securely and confidentially:
Describe thephysical and electronic systems for data storage and access
8 Intended duration of use of data:
All users and co-users must agree to destroy the data after an agreed date using a certificated electronic destruction process. Paper data must also be destroyed
9 Date data to be destroyed:
Staff from NSS may contact to confirm destruction

User’s Declaration

I declare that I understand and undertake to abide by the Rules for confidentiality, security and release of data received from NSS as specified in paragraphs 1-5listed below.

Signature: ______Date: ______

Sponsor’s Declaration

I declare that Laurence Truman, is a bona fide worker engaged in a reputable project and that the data requested can be entrusted to him/her in the knowledge that (s)he will conscientiously discharge his/her obligations in regard to confidentiality of the data, as stated in paragraphs 1-5 listed below. I am happy for him/her to receive these data.

Signature: ______Date: ______

Professional registration no.: ______

For NSS only
Caldicott Guardian, NHS National Services Scotland, Gyle Square, 1 South Gyle Crescent, Edinburgh, EH12 9EB
Information request number ______
Release authorised by
______Date______Senior manager(HOG or HOP)
______Date______Caldicott Guardian or deputy

RULES ON CONFIDENTIALITY, SECURITY AND RELEASE OF INFORMATION

FOR USERS OF NHS PERSONAL DATA

  1. Personal data held by NSShave been notified under the Data Protection Act 1998 for the purposes of:

Staff Administration / Licensing and Registration
Advertising, Marketing and Public Relations / Research
Accounts and Records / Crime Prevention and Prosecution of Offenders
Consultancy and Advisory Services / Administration of Justice
Health Administration and Services / Trading/sharing in Personal Information
Information and Databank Administration / Blood Transfusion (Blood, Tissue and Stem Cells) Services
Legal Services / Lending and Hire Services, Library Services
Public and Environmental Health Surveillance and Analysis / Transfer of Primary Medical Records by Practitioner Services
Education / National Fraud Initiative – Data Matching

It cannot be used for any other purposes.

2.If thedata received from NSS are to be held on computer, the signatory of this request, or the organisation they represent, should have an appropriate notification with the Office of the Information Commissioner. Details of the registration number should be entered on page 1 of this document. Whether stored on computer or otherwise, the signatory should be aware that the Data Protection Act 1998 requires that all personal data is processed fairly and lawfully and in accordance with the Data Protection Principals.

3.Data received from NSS should not be divulged to any person whose name is not specified as a ‘co-user of data’ nor used for any purpose other than that declared on page 1 (Intended use of data) of this document. All users and co-users must understand their responsibilities in protecting data provided.

4.Proper safeguards should be applied in keeping the data secure and destroying it on completion of the work/project declared on page 1 to prevent any breach of confidentiality. Any misuse or loss of these data should be notified immediately to the NSS Data Protection Officer

5.Statistics or results of research based on data received from NSS should not be made available in a form which:

a)directly identifies individual data subjects or creates a risk of indirect identification. The riskshould be assessed using ISD’s Statistical Disclosure Control Protocoland may be discussed with the ISD Head of Statistics if disclosure is a concern;

b)is not covered by the ‘intended use of data’ clause specified on page 1.

  1. Sponsor Details on form:
  • For release to NHS operational units of data relating to their own treated patients the sponsor should be the unit’s Medical Director. For releases of data relating to patients in a specific directorate, the relevant Clinical Director may sign the statement.
  • For release to NHS Boards of data relating to their resident population the sponsor should be Director of Public Health.
  • For release to CHPs of data relating to their resident population or of people treated in their units,the sponsor should be the Clinical Director of the CHP
  • For release of data to General Practice regarding their registered patients, the sponsor should be a GP principal in that practice.
  • For releases to researchers of data which have not requiredPACauthorisation, the sponsor will be the registered health professional responsible for ensuring the confidentiality of the data.
  • For release of data to an organisation holding a contract with an NHS Board or with the Scottish Government: for the purpose of fulfilling that contract the sponsor will be the NHS Board Director of Public Healthor a registered health professional in theScottish Government.
  • For release of workforce data, the sponsor should be a senior manager in the organisation to which data will be released

7.The information provided to you is derived from systems used in the NHS for the administration of health services or from the registrations held by the General Register Office for Scotland. Although there are quality assurance processes in place, the data may contain undetected inaccuracies about an individual patient, member of staff or department. Therefore the data arenot collected for the purpose of informing direct clinical decisions about individual patients, or judging the performance of individual staff and should be verified if to be used for either of these purposes.

  1. A signed paper copy of the confidentiality statement should be sent to the analyst by mail or by fax to the following fax no. 0131 275 7606

NSS would welcome copies of any publications based on data supplied.

Confidential Data Release FormVersion 2.0March 2011

Page 1 of 1