It has been a few months since I blogged about information governance and the progress that the Scalable Approach to Vulnerability Via Interoperability (SAVVI) project is making in this area. In my last IG blog, I talked about setting up an IG Quality Assurance group for the SAVVI project. This group, made up of public sector IG practitioners, met on 29 July 2021 to review project progress so far which I’m keen to share with you in this update.
Shelley Heckman, iNetwork (SAVVI Project Manager), opened the session with a reminder of the following SAVVI process: purpose > Find > Assess > Support > Report > Improve. Within the SAVVI process, Information Governance considerations feature primarily in two parts: within the ‘find’ and ‘assess’ stages. In the public sector, we handle a lot of data and this is often collected and shared for very specific purposes, to run various government services at local and national level. The ‘find’ stage of the SAVVI process requires IG considerations because it entails the reuse of data sets for secondary purposes (i.e. not for the primary purpose it was collected for) in order to identify /find vulnerable people and households. The second area of IG work that SAVVI is particularly working on is in the ‘assess’ stage. Once vulnerable people and households have been identified, a responsible organisation will make contact with the people at risk to listen to their circumstances and assess needs. At this assessment stage, new personal data is collected, so there are further information governance steps to consider.
John Curtis, Bolton Council and Aidan Richmond, GMCA (SAVVI IG Support) provided an update on the IG learning from the SAVVI Pilots so far. They showcased some practical guidance that aims to enable non-IG staff to work through what needs to be considered as part of the overall information governance framework. This IG guidance aims to look at service redesign and the appropriate reuse of personal data.
This guidance aims to help an organisation consider appropriate options around service redesign and lawful, safe and secure data sharing and processing. This guidance is being further enriched by both the IG Quality Assurance group members and the stakeholders we are supporting as part of SAVVI. To support this thinking, a simple SAVVI IG acronym has been developed: SAFER
Paul Davidson, iStandUK (SAVVI Product Owner), gave an update on the SAVVI catalogue. The SAVVI catalogue was initially developed as an output of SAVVI phase 1. It is a navigable repository containing best practice templates and resources that councils and partners have given us to share. In particular, Paul showcased the updates to the data flows section; this is a browsable list of the data-sets, attributes and IG conditions that councils have used to find vulnerable people. You can browse the lists by the following ways:
Datasets – listing datasets and the attributes that they contain, together with the original purpose that the data is collected for.
Attributes – listing attributes of vulnerability, and the datasets that they can be found in.
Propositions – listing the rules that councils have used, or would like to use, to allow a set of attributes to be used to find people with a particular vulnerability.
Themes – listing the types of vulnerability that councils have addressed with data.
This information can be a starting point when considering what data to use to find vulnerable people. However, councils will still need to take their own legal advice when deciding if data sharing is lawful and ethical.
Shelley Heckman, iNetwork and Paul Davidson, iStandUK then provided a reflection on the ongoing Inquiry by the House of Lords Public Service Committee on Vulnerable Children. The inquiry asks whether reforming public services can address the growing problem of child vulnerability. This is particularly of interest to SAVVI because many of the issues raised by expert witnesses talked about the problems that our project seeks to address. For example, a witness from the Care Quality Commission (CQC) talks about the fact that “there are often fracture points and gaps between the services, where children and young people fall through, and their needs are not recognised and responded to”. This very issue is the point of the SAVVI project, and whilst much of the inquiry is about vulnerable children, many of the issues highlighted are broader issues that apply to other types of vulnerabilities. The lack of ability to join up data in order to be able find vulnerable children is a key theme in the inquiry.
Charlotte Owen, Strategy Lead, MoJ, introduced a new cross Government programme to link data in order to support individuals within the criminal justice arena. This new programme, backed by £20 million of investment, will improve the connectedness of government data so that policy-makers and those working on the frontline of UK public services have better quality evidence on what works in supporting victims, reducing homelessness and drug misuse and helping offenders turn their backs on crime. This programme is very much in its infancy, but it shares similar goals of addressing overlapping challenges that SAVVI exists to find solutions for. More about this programme will be shared in due course.
Paul Davidson, iStandUK talked about barriers to accessing and sharing health data. SAVVI has been talking to a variety of stakeholders about the difficulties of sharing health data, and it has become clear that we need to formally listen and understand the issues at local level and to explore with Government colleagues ways we might be able to address them. Paul asked the group meeting members to share their anecdotal evidence of health data sharing.
Interestingly, at the SAVVI Tech group meeting held the week before, a supplier particularly raised the issue of accessing health data via Section 251 and how lengthy the process is. We invited Emily Griffiths, from The University of Manchester, to help us understand what this was about. Emily explained that certain kinds of data are given extra legal protections, such as data about a person’s health, and yet there can be important reasons for sharing otherwise private information that are recognised in law. One such route is section 251 of the NHS Act 2006, where relevant purposes include: “preventative medicine, medical diagnosis, medical research, the provision of care and treatment and the management of health and social care services”. One body that can give section 251 approval for sharing of personal confidential health information for research without consent is the Confidentiality Advisory Group. This is a specialist committee run by the Health Research Authority that typically operates a lengthy process of thorough review.
Finally, the session looked at next steps for SAVVI IG. We are in the process of organising a couple of workshops to look at barriers to health data; the IG QA group were invited to attend these. The SAVVI IG Group continues to be the gatekeeper for SAVVI catalogue content; this catalogue is under development and plans are underway to show content contributors how the catalogue displays their information. The SAVVI IG experts, John and Aidan, are in the process of contributing an IG perspective to the two SAVVI local authority case studies, and will continue to update the IG guidance based on the feedback from the session.