Who are the BSR?
The British Society for Rheumatology (BSR) is the UK’s leading specialist medical society for rheumatology and musculoskeletal professionals.
What information are we collecting?
The National Early Inflammatory Arthritis Audit (NEIAA) is commissioned by the Healthcare Quality Improvement Partnership (HQIP) on behalf of NHS England and the Welsh Government. Over 200 hospitals in England and Wales are taking part.
The audit follows patients through the first 12 months of care. The audit is collecting health information at the first appointment for all patients with suspected inflammatory arthritis then 3 months later and at the end of the first year for those who have a diagnosis of Rheumatoid Arthritis (RA). This will include diagnosis, tests undertaken to reach the diagnosis and treatment.
The identifiable information we are collecting is: patient name, date of birth, NHS number, postcode and gender. The benefit of collecting these personal details is that it enables us to link with other national sources of information and this will give us a fuller picture of how well people respond to treatment.
The information gathered will answer the following questions:
- How quickly patients are referred to secondary care by GPs and how long it takes to see a specialist in rheumatology?
- What treatment patients with inflammatory arthritis receive over this first year and is this in line with national (NICE) guidelines?
- How well staffed rheumatology departments are, and do they have access to specialist services such as physiotherapy, podiatry, psychology?
- Do patients receive timely education about their new diagnosis to help manage it well?
- Can patients get access to advice quickly if their symptoms worsen or they run into problems?
How are we collecting the information?
We are using a specially made and secure online platform to collect this data, which will be entered by clinicians (at www.arthritisaudit.org.uk) and patients (at www.myarthritisaudit.org.uk).
Who are we sharing the information with?
To create this in-depth picture of patient care, the personal details (NHS number, date of birth, postcode) are sent to NHS Digital (England) and to NHS Wales Informatics Service (Wales). NHS Digital and NHS Wales Informatics Service will then use these details to find relevant information (HES admitted patient data http://www.hscic.gov.uk/hesdatadictionary and PEDW admitted patient data http://www.datadictionary.wales.nhs.uk/). The linked information is returned to the NEIAA study team in a pseudonymised format. BSR has commissioned a team at King’s College London, in partnership with King's College Hospital, who will analyse the results of this audit.
The confidential information is stored safely in accordance with NHS recommendations, standards and regulations.
Data from the audit may also be shared to third party applicants for the purposes of research, service evaluation and health/care improvement. Sharing data will always be under relevant legal and information governance regulations. Personal identifiers will not be shared unless the appropriate legal, ethical and security arrangements are in place. No personal information will ever be made public and no data will be transferred outside of the EU. We will store your data permanently for as long as the NEIAA is running.
What is the legal basis for collecting this data?
We have gained approval from the Health Research Authority’s Confidentiality Advisory Group in order to collect patient data without written consent. This means that patients have to actively opt out if they do not want their information to be included.
The legal basis for processing the information collected is article 9 (2) (i) of GDPR ‘processing is necessary for reasons of public interest in the area of public health’.
Can I see what information is collected about me?
If you would like to see your information, please contact your local Rheumatology department.
Can I withdraw my information?
Of course. Please contact your rheumatology department and inform them that you do not wish your data to be included. They will then contact BSR with your Case ID and we will remove your record from the audit.
You also have the right to raise concerns or make a complaint through the Information Commissioners Office by calling 0303 123 1113 or following the link https://ico.org.uk/concerns/
The joint data controllers are HQIP and NHS England. You can contact HQIP's data protection officer at data.protection@hqip.org.uk.
The BSR’s data protection officer is Caroline Wilson, and can be contacted on cwilson@rheumatology.org.uk
FAQ
Will the data be identified?
The data processor will extract identifiable audit data.
Does the audit have a S251 exemption?
Yes, This is available publicly here – https://www.hra.nhs.uk/planning-and-improving-research/application-summaries/confidentiality-advisory-group-registers/
How will the host organisation control access to the data?
Net Solving and KCLarethe primary data processors for the auditon behalf of the British Society for Rheumatology (BSR). The following outlines the measures that are being put in place to safeguard the security of the data:
- Clinicians have unique logins. They will only see data for their own patients.
- The web audit tool is hosted byRackspace, a secure web hosting provider.
- The data is stored in a Microsoft SQL Server database, secured using Windows authentication which prevents login information being stored in the application.
- Net Solving hosts an SQL database in a RAID array preventing data loss if a hard drive fails.
- Data is backed up in a secure remote physical location.
- KCL accesses pseudonymised data directly from the web portal.
- KCL adheres to institutional data handling policies with full GDPR compliance.
How will the data be transferred to the host organisation?
Via the online portal- www.arthritisaudit.org.uk
Will there be any additional transfers from the host organisation?
During data linkage, data will be transferred to NHS Digital and NHS Wales informatics service.
How will the host organisation securely store the data?
The server is hosted in a Rackspace datacentre. Rackspace is one of the leading hosting companies in the world. Each Rackspace data center is restricted by biometric authentication, keycards, and 24x7x365 surveillance. This helps to ensure that only authorised engineers have access to routers, switches and servers.
How long will the host organisation retain the data?
Identifiable data will be retained for ten years after project completion. The audit is currently funded until 2022. There is an opportunity for this to be extended.
Data protection registration number
Z127452X
