How the NCMD programme protects personal information
The National Child Mortality Database (NCMD) holds data on all children born in England who died before their 18th birthday. National data collection started on 1st April 2019 and in the first instance will continue for the duration of the NCMD Programme, which is currently funded until the end of March 2022. The NCMD includes information about children who have died since 1st April 2019 as well as information about children who have died prior to 1st April 2019, but their death review process is still ongoing.
The NCMD does not hold data relating to stillbirths or legal terminations of pregnancy. The data is collected by Child Death Review Partners via their Child Death Overview Panels (CDOPs) (or equivalent) throughout England. This is a statutory process and provision is made within the Children Act 2004 for the collection and processing of this data without consent.
Personal data on the child and any significant person in the child’s life is sent to CDOPs from all agencies who had contact with the child during their life, or after their death (see the NCMD Data Flow Diagram). CDOPs then enter the data into the NCMD, either manually, through a secure web portal, or automatically, through a web-based application programming interface (API).
For GDPR purposes, the NCMD data controller is Healthcare Quality Improvement Partnership (HQIP). HQIP is the commissioner of the NCMD programme on behalf of NHS England. The contract for the NCMD programme is awarded to the University of Bristol (UoB) and the NCMD team is employed by and based at UoB premises. UoB as well as the NCMD system developer, the software company QES, are the NCMD data processors. The data protection representative at UoB is Henry Stuart who can be contacted via email at email@example.com.
Processing of personal data requires a legal basis under GDPR (this includes pseudonymised data). HQIP, as controller, has determined that the most appropriate legal basis for the NCMD is:
- Article 6 (1) (e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. The overall aim of the NCMD programme is to drive improvements in the quality of health and social care for children in England and to help reduce premature mortality. The design and outputs from this programme will provide the data and intelligence to enable strategic focus on the most significant causes and contributory factors in child mortality in England in the medium and long term. They stimulate quality improvement and support organisations to find out if healthcare is being provided in line with nationally agreed standards. This processing is therefore undertaken in the public interest.
- Article 9 (2)(i) (processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy). This is justified as the NCMD programme aims to drive improvements in the quality and safety of care and to improve outcomes for patients.
- Section 16 (M) of the Children Act 2004 requires the analysis of information about child deaths. Child Death Review (CDR) partners meet this requirement by providing data to NCMD via their Child Death Overview Panels (CDOPs). The legal basis for this has been established through the following two documents:
HQIP, as data controller, may choose to share NCMD data for the purpose of quality improvement, including research, service evaluation, and audit, if certain conditions are met. HQIP enacts its data controller responsibilities through its Data Access Request Group (DARG). DARG is supported by HQIP’s Information Governance Advisory Group.
Why does NCMD need to collect personal data?
The NCMD programme needs to know the personal details of all children who die so their death and the events leading up to their death can be analysed. Each child may have had contact with a number of different services during their lifetime and each service will hold different information on the child. It is important that a complete picture is gained of the child’s whole life so as much as possible can be learned and actions can be taken forward to improve services and reduce the number of children who die. In addition, this ensures information about children with similar profile is not mismatched.
The NCMD programme also needs to know the personal details of significant people in the child’s life in order to ensure that the right information is collected for the right person. In addition, this ensures information about individuals with similar profile is not mismatched.
What personal information does NCMD collect and why?
The information collected by NCMD is about children who die before their 18th birthday and their families. It includes:
Personal details of the child: (name, NHS number, address, postcode, death of birth, date of death, age, gender, ethnicity). These details help to identify the person so that a thorough analysis of their death can be carried out. The NCMD team require this information so it can be linked up with information from other sources to ensure the information is as accurate and complete as possible. This information is also needed for the analysis to help understand why children die and, for instance to identify whether there are any local concerns if for instance an increased number of deaths is recorded in an area or period / season.
Personal details of significant people in the child’s life: (name, address, postcode and date of birth; in addition, the NHS number is collected for the child’s mother only) These details are required so NCMD can be linked up with information from other sources to ensure the information is as accurate and complete as possible.
Personal details of professionals: In addition to data collected about children who die, the NCMD also collect information about people who have contacted the team and wish to be included on our contact lists in order to receive updates and information about NCMD. The NCMD ensures that prior to inclusion on any contacts databases an individual provides their consent for this.
The following individual rights may be available to you in regard to the use of your personal data:
The right to be informed how your data is being processed
The right of access to your personal data
The right to rectification of inaccurate data
The right to request erasure of your data
The right to restrict the processing of your data
The right to data portability
The right to object to the processing of your data or withdraw consent
The right to object to any automated decision-making or profiling.
How is the personal information about children who die and significant people in their lives obtained by NCMD?
The main source of information for NCMD is from CDOPs. When the death is notified to the local CDOP, the CDOP will in turn notify NCMD of the death; personal information about the child will be collected by both the CDOP and NCMD. This is so an alert system for peaks and clusters of death can be identified in real time. The main source of information for NCMD is from CDOPs. When the death is notified to the local CDOP, the CDOP will in turn notify NCMD of the death; personal information about the child will be collected by both the CDOP and NCMD. This is so an alert system for peaks and clusters of death can be identified in real time.
The NCMD team will also receive information about child deaths from health or care systems to ascertain the information and to complete any missing details which required for achieving the NCMD main aims, which is to gather knowledge and learning and to inform policies to reduce child deaths in future. This will be achieved through data linkage of the CDOP data as received by NCMD to routinely collected clinical information systems such as:
- BadgerNet (a national clinical system, which collects information on all babies who have been admitted to Neonatal Intensive Care Units)
- PICANet (the Paediatric Intensive Care audit database)
- the Maternity Services Dataset from NHS Digital
- Public Health England’s (PHE) National Disease Registration Service for information on children diagnosed with cancer, congenital anomalies, and rare diseases
- the Office for National Statistics (ONS) mortality data sourced from civil registration data.
In addition, during the COVID-19 pandemic, data linkage has been established between NCMD and PHE virology database to confirm all COVID-19 related deaths. This data is contributing to the PHE information response to the pandemic as well as to NCMD in line with the NCMD overall aims.
Data linkages are only established within the required legal frameworks, and strict information governance rules are followed to ensure the secure flow of information between organisations. Personal information (such as child / mother NHS number, names and date of birth) is used for linking up the correct records.
What does the NCMD do with the personal information it receives?
The personal information is used to review the deaths of children. The purpose of these reviews is to identify if there are any potentially modifiable factors associated with the deaths and to offer suggestions for improvements that may help reduce premature deaths of children. With regards to data held in our contacts database, the information is held for no other reason than to ensure communications are sent out to those interested parties. Consent for this can be revoked by the individual at any time by contacting the team at firstname.lastname@example.org.
Who has access to the personal information of children who die and significant people in their lives?
Only the core NCMD team members have access to personal identifiable data included in the database for the purposes of database development and data analysis. All core team members, which include the NCMD academics and researchers, the NCMD Project Lead, the NCMD Manager and the NCMD Analyst, must complete the UoB mandatory data security and protection training and sign the NCMD confidentiality declaration before having access to the system and the data. The software company QES, as the NCMD system developer, have access to the database for the purposes of system development. The other members of the NCMD Steering Group – the NCMD programme’s partners (University of Oxford, UCL Partners and the NCMD partner charities) and HQIP representatives do not have access to the database and to the NCMD identifiable information. However, confidential information relating to specific cases may be discussed at meetings if related to the discussions’ topics e.g. improving learning or raising causes of concern. All members of the Steering Group sign the NCMD confidentiality declaration before joining the programme.
Information stored in NCMD and the programme contacts’ database is not used for any other purpose than that specified in the contract with the commissioner and data controller, is protected by GDPR rules and regulations, and is not accessible by, or shared with any third-party agencies.
How is the personal information of children who die and significant people in their lives kept safe and secure?
The NCMD programme shares and stores personal information on a secure web-based platform that has been built especially for this purpose. The platform has been rigorously tested and meets the requirements for confidential information set by NHS England. The platform can only be accessed by those with a unique username and password, which is allocated after the user has received data security and protection and database training. Access rights are set at a number of different levels, so that information is limited on a ‘need to know’ basis.
Linked to the secure web-based platform is a secure data storage facility where data downloads are stored for data analysis purposes.
The NCMD contacts database is held on a secure server with sole use by the Bristol NCMD team. The usual PC security protocols are in place protecting this data, as is physical protection such as locked office doors and a comprehensive alarm system.
No personal and confidential information is kept on paper records. All information is stored on the secured and encrypted database and secured and protected servers.
How long is personal information stored for?
The information on the children who die and significant people in their lives will be kept for the duration of the programme.
Information on the NCMD contacts’ database is held as long as consent is provided. Consent can be revoked at any time and then the record is deleted immediately.
For further information:
Please contact the NCMD team at:
Telephone: 0117 342 5633
Individuals have a right to complain to the Information Commissioners Office (ICO) if they think there is a problem with the way we are handling their data.
The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. The ICO website is https://ico.org.uk.