ADP

Application Development Projects. This is the HIC team that carries out software development to facilitate secure data collection, consisting entirely of HIC Developers and working mainly with consented data. This team has since been renamed: Software.

Anonymised Data

Any and all data that could allow individuals to be identified has been removed. These include CHI, name, date of birth, address, full postcode, GP code, General Medical Council registration number, GP Practice code. Any request for data containing any of this information will be treated as a request for identifiable data, which will require explicit Caldicott approval from the NHS Board(s) of residence of the patient(s). HIC Services recognises that while the data is anonymised it is potentially disclosive, so is treated by HIC Services as potentially personal data.

Application

The implementation of a service (web application, console application, etc.)

Appropriate

Suitable for the level of risk identified and justifiable by risk assessment.

Approved Data User

An Approved Data User is an approved DLS Project Principal Investigator (PI) as named on the PM System, or a person who is authorised by the PI to also have access to the DLS Project Dataset. The Approved Data User, to whom data has been made available, will be recorded on the PM system. 

• The Approved Data User must complete approved Information Governance training and provide the certificate to HIC.

• Employees of NHS Tayside, NHS Fife, the University of Dundee, or the University of St Andrews need to read, sign, and follow the terms of the HIC Data User Agreement.

• Where an Approved Data User is not such an employee the HIC Data User Agreement must also be signed by a senior representative of the Approved Data User's organisation.

Approved Project

An approved project is a project that is logged into the Project Management System and has Ethics, Caldicott and NHS R&D governance approval, as required. 

Asset 

Anything that has a value to HIC Services 

Automated Build Environment

Software system used by HIC to manage consistent, tested, and automated building and release of applications.

Caldicott Guardian

A Caldicott Guardian is a senior person responsible for protecting the confidentiality of patient and service-user information and enabling appropriate information-sharing.  

• Each NHS organisations is required to have a Caldicott Guardian; this was mandated for the NHS by Health Service Circular: HSC 1999/012. The mandate covers all organisations that have access to patient records, so it includes acute trusts, ambulance trusts, mental health trusts, primary care trusts, strategic health authorities, and special health authorities such as NHS Direct. 

• Caldicott Guardians were subsequently introduced into social care in 2002, mandated by Local Authority Circular: LAC 2002/2. 

• The Guardian plays a key role in ensuring that NHS, Councils with Social Services Responsibilities and partner organisations satisfy the highest practical standards for handling patient identifiable information. 

• Acting as the 'conscience' of an organisations, the Guardian actively supports work to enable information sharing where it is appropriate to share and advises on options for lawful and ethical processing of information. 

Change Approvers

Process manager. 

Change Advisory Group

The CAG is a HIC internal group comprised of senior members of staff and is responsible for approval of changes. 

Change Category

Defines a common scale against which to judge the magnitude of the change in terms of effort and risks.

Change Description

Description of the change – what is being changed and how. 

Change Impact Category

Defines a common scale against which to judge the magnitude of the change in terms of effort and risks: 

• Extensive - There is a significant business service impact because multiple customers are affected by the change. Considerable human and technical resources are needed. Management is involved in the decision process. The RFC must be discussed in the CAG meeting and approved by the change manager. The change manager seeks advice on change authorization and planning. 

• Significant - There is a clear service impact because at least one customer is affected by the change. The RFC must be discussed in the CAG meeting and approved by the change manager. The change manager seeks advice on authorization and planning. 

• Moderate - There is little impact on current services because no customers are affected because of the change. The change manager can authorize this RFC. 

• Minor - The change can be executed without prior approval from the change manager because no customers are affected by the change.
   

Change Risk Assessment

Provides a review of the likelihood of risk and the related consequence: 

• Likelihood:

  • 1 – Rare 

  • 2 – Unlikely 

  • 3 – Possible 

  • 4 – Likely 

  • 5 – Almost Certain 

• Consequences: 

  • 1 – Insignificant 

  • 2 – Minor 

  • 3 – Moderate 

  • 4 – Major 

  • 5 – Catastrophic 

Change Type 

Defines the type of change being submitted for review: 

• Standard Change – a low risk change that’s preapproved and follows documented, repeatable tasks. 

• Non-Standard Change – a thorough review process is conducted before approving this change. 

   

Change Urgency

Provides a comparator scale to measure how urgent the change is: 

• Critical - The change is immediately necessary to prevent severe business impact. Change approval is needed by the CAG or Emergency Committee. 

• High - The change is needed as soon as possible because of potentially damaging service impact. 

• Medium - The change will solve irritating problems or repair missing functionality. This change can be scheduled. 

• Low - The change will lead to improvements, changes in workflow, or configuration. This change can be scheduled. 
   

CHI

Community Health Index number. Unique 10-digit NHS (Scotland) patient identifier consisting of patient's date of birth (as DDMMYY), followed by four digits: two digits randomly generated, the third digit identifying gender at birth (odd for men, even for women) and a check digit. HIC uses CHI to link cohort records across datasets when creating Project datasets. 

Client

The requestor of a software project. This could be internal or external to HIC.

Cohort Manager

DLS software used to manage versions and Pro-CHI allocation of Approved Project cohorts. 

Communication Plan

Detailed description of the communications to be provided during the change.

Control

A means of managing risk by providing safeguards. This includes policies, procedures, guidelines, other administrative controls, technical controls, or management controls. 

Consented Data

The individuals to whom the data relates (data subjects) have given explicit approval for its processing for the purposes being undertaken. 

Data

Information held in electronic or paper form.

Data Controller

A group or individual responsible for determining the purposes for which and the manner in which any personal data are, or are to be, processed. For example, NHS Tayside and Fife are Data Controllers for regional NHS data processed on their behalf by HIC Services. 

Data Processor

An individual outside the Data Controller’s organisation processing data on behalf of the Data Controller. 

Development Team

Comprised of the Developer Manager, Senior Developers and Junior Developers.

DLS

Data Linkage Service. This is the HIC team of mainly Data Analysts that carries out data receiving, managing, linkage, anonymisation and release, mainly with unconsented NHS data. 

External Party

(or Third Party) in relation to personal data, means any person other than the data subject, the data controller, or any data processor or other person authorised to process data for the data controller or processor.