How the NCMD programme protects personal information
The National Child Mortality Database (NCMD) Programme holds data on all children born in England who died before their 18th birthday. National data collection started on 1st April 2019 and in the first instance will continue for the duration of the NCMD Programme, which is currently funded until the end of June 2023. NCMD includes information about children who have died since 1st April 2019 as well as information about children who have died prior to 1st April 2019, but whose death review process was still ongoing after the 1st April 2019.
NCMD does not hold data relating to stillbirths or legal terminations of pregnancy. The data is collected by Child Death Review Partners via their Child Death Overview Panels (CDOPs) (or equivalent) throughout England. This is a statutory process and provision is made within the Children Act 2004 for the collection and processing of this data without consent.
Personal data on the child and any significant person in the child’s life is sent to CDOPs from all agencies who had contact with the child during their life, or after their death (see the NCMD Data Flow Diagram). CDOPs then enter the data into NCMD, either manually, through a secure web portal, or automatically, through a web-based application programming interface (API).
For GDPR purposes, the joint data controllers are NHS England and the Healthcare Quality Improvement Partnership (HQIP). HQIP is the commissioner of the NCMD programme on behalf of NHS England. The contract for the NCMD programme is awarded to the University of Bristol (UOB) and the NCMD team is employed by and based at UOB premises. UOB as well as the NCMD system developer, the software company QES, are the NCMD data processors. The data protection representative at UOB is Henry Stuart who can be contacted via email at firstname.lastname@example.org.
Processing of personal and confidential data requires a legal basis under the UK GDPR and the UK DPA 2018 (this includes pseudonymised data) and the common law duty of confidentiality. HQIP, as controller, has determined that the most appropriate legal basis for the NCMD is:
- Article 6 (1) (e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. The overall aim of the NCMD programme is to drive improvements in the quality of health and social care for children in England and to help reduce premature mortality. The design and outputs from this programme will provide the data and intelligence to enable strategic focus on the most significant causes and contributory factors in child mortality in England in the medium and long term. They stimulate quality improvement and support organisations to find out if healthcare is being provided in line with nationally agreed standards. This processing is therefore undertaken in the public interest.
- Article 9 (2)(i) (processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy). This is justified as the NCMD programme aims to drive improvements in the quality and safety of care and to improve outcomes for patients.
- UK DPA 2018 Schedule 1(1)(3) ‘public health’ underpinned by Health and Social Care Act 2012 Part 1 section 2
- Section 16 (M) of the Children Act 2004 requires the analysis of information about child deaths. Child Death Review (CDR) partners meet this requirement by providing data to NCMD via their Child Death Overview Panels (CDOPs). The legal basis for this has been established through the following two documents:
HQIP, as data controller, may choose to share NCMD data for the purpose of quality improvement, including research, service evaluation, and audit, if certain conditions are met. HQIP enacts its data controller responsibilities through its Data Access Request Group (DARG). DARG is supported by HQIP’s Information Governance Advisory Group.
Why does NCMD need to collect personal data?
The NCMD programme needs to know the personal details of all children who die so their death and the events leading up to their death can be analysed. Each child may have had contact with a number of different services during their lifetime and each service will hold different information on the child. It is important that a complete picture is gained of the child’s whole life so as much as possible can be learned and actions can be taken forward to improve services and reduce the number of children who die. In addition, this ensures information about children with similar profile is not mismatched.
The NCMD programme also needs to know the personal details of significant people in the child’s life to ensure that the right information is collected for the right person. In addition, this ensures information about individuals with similar profile is not mismatched.
What personal information does NCMD collect and why?
The information collected by NCMD is about children who die before their 18th birthday and their families. It includes:
Personal details of the child: (name, NHS number, address, postcode, death of birth, date of death, age, gender, ethnicity). These details help to identify the person so that a thorough analysis of their death can be carried out. The NCMD team require this information so it can be linked up with information from other sources to ensure the information is as accurate and complete as possible. This information is also needed for the analysis to help understand why children die and, for instance to identify whether there are any local concerns if for instance an increased number of deaths is recorded in an area or period of time / season.
Personal details of significant people in the child’s life: (name, address, postcode and date of birth; in addition, the NHS number is collected for the child’s mother only) These details are required so NCMD data can be linked up with information from other sources to ensure the information is as accurate and complete as possible.
Personal details of professionals: In addition to data collected about children who die, NCMD also collect information about people who have contacted the team and wish to be included on our contact lists to receive updates and information about NCMD. NCMD ensures that prior to inclusion on any contacts databases an individual provides their consent for this.
The following individual rights may be available to you in regard to the use of your personal data:
The right to be informed how your data is being processed
The right of access to your personal data
The right to rectification of inaccurate data
The right to request erasure of your data
The right to restrict the processing of your data
The right to data portability
The right to object to the processing of your data or withdraw consent
The right to object to any automated decision-making or profiling.
How is the personal information about children who die and significant people in their lives obtained by NCMD?
The main source of information for NCMD is from CDOPs. When the death is notified to the local CDOP, the CDOP will in turn notify NCMD of the death; personal information about the child will be collected by both the CDOP and NCMD. This is so an alert system for peaks and clusters of death can be identified in real time.
The NCMD team will also receive information about child deaths from health or care systems to ascertain the information and to complete any missing details. This is required so NCMD’s main aim is met to gather knowledge and learning and to inform policies to reduce child deaths in future. This will be achieved through data linkage of the CDOPs data as received by NCMD to routinely collected clinical information systems such as:
- BadgerNet (a national clinical system, which collects information on all babies who have been admitted to Neonatal Intensive Care Units)
- PICANet (the Paediatric Intensive Care audit database)
- Hospital episode statistics, maternity services and civil registrations deaths datasets from NHS Digital
- the Office for National Statistics (ONS) mortality data sourced from civil registration data
- the UK Health Security Agency (UKHSA) for infectious diseases test results
- Department for Education serious incidents notifications data
During the COVID-19 pandemic, data linkage has been established between NCMD and the UKHSA (previously Public Health England) virology database to confirm all COVID-19 related deaths. The NCMD data contributed to the response to the pandemic in line with the programme’s overall aims.
Data linkages are only established within the required legal frameworks, and strict information governance rules are followed to ensure the secure flow of information between organisations. Personal information (such as child’s / mother’s NHS number, names and date of birth) is used for linking up the correct records.
What does NCMD do with the personal information it receives?
The personal information is used to review the deaths of children. The purpose of these reviews is to identify if there are any potentially modifiable factors associated with the deaths and to offer suggestions for improvements that may help reduce premature deaths of children. With regards to data held in our contacts’ database, the information is held for no other reason than to ensure communications are sent out to those interested parties. Consent for this can be revoked by the individual at any time by contacting the team at email@example.com.
Who has access to the personal information of children who die and significant people in their lives?
Only the core NCMD team members have access to personal identifiable data included in the database for the purposes of database development and data analysis. All core team members must complete the UOB mandatory data security and protection training and sign the NCMD confidentiality declaration before having access to the system and the data. The software company QES, as the NCMD system developer, have access to the database for the purposes of system development. The other members of the NCMD Steering Group – the NCMD programme’s partners (University of Oxford, UCL Partners and the NCMD partner charities) and HQIP representatives do not have access to the database and to the NCMD identifiable information. However, confidential information relating to specific cases may be discussed at meetings if related to the discussions’ topics e.g., improving learning or raising causes of concern. All members of the Steering Group sign the NCMD confidentiality declaration before joining the programme.
Information stored in NCMD and the programme contacts’ database is not used for any other purpose than that specified in the contract with the commissioner and data controller, is protected by GDPR rules and regulations, and is not accessible by, or shared with any third-party agencies.
How can I access information about my child?
To access information about your child and the review of their death, it is best to contact your local CDOP. You can find contact details for all CDOPs in this list maintained by the Department of Health and Social Care.
How is the personal information of children who die and significant people in their lives kept safe and secure?
The NCMD programme shares and stores personal information on a secure web-based platform that has been built especially for this purpose. The platform has been rigorously tested and meets the requirements for confidential information set by NHS England. The platform can only be accessed by those with a unique username and password, which is allocated after the user has received data security and protection and database training. Access rights are set at a number of different levels, so that information is limited on a ‘need to know’ basis.
Linked to the secure web-based platform is a secure data storage facility where data downloads are stored for data analysis purposes.
The NCMD contacts’ database is held on a secure server with sole use by the core NCMD team. The usual PC security protocols are in place protecting these data, as is physical protection such as locked office doors and a comprehensive alarm system.
No personal and confidential information is kept on paper records. All information is stored on the secured and encrypted database and secured and protected servers.
How long is personal information stored for?
The information on the children who die and significant people in their lives will be kept for the duration of the programme.
Information on the NCMD contacts’ database is held as long as consent is provided. Consent can be revoked at any time and then the record is deleted immediately.
For further information
Please contact the NCMD team at firstname.lastname@example.org
Individuals have a right to complain to the Information Commissioners Office (ICO) if they think there is a problem with the way we are handling their data.
The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. The ICO website is https://ico.org.uk.
See also our data flow diagram