Controlled drugs accountable officer – alerts etc.

Purposes for processing

Role of the Controlled Drugs Accountable Officer

Regional Lead Controlled Drugs Accountable Officers (CDAOs) are responsible for all aspects of Controlled Drugs management. The roles and responsibilities of CDAO’s are governed by the Controlled Drugs (Supervision of Management and Use) Regulations 2013.

All organisations within the region are required to report controlled drug incidents and concerns to the CDAO. The Lead CDAOs are required to set up Controlled Drugs Local Intelligence Networks (CD LINs) to share concerns and good practice within their area. Whilst we can determine the specific membership, it is largely comprised of the CDAOs across the area, Clinical Commissioning Group representatives and the relevant regulators and agencies as set out in the regulations.

Cascade Alerts – sharing personal and sensitive information

Incidents of significant concern locally e.g. patients or healthcare professionals fraudulently obtaining Controlled Drugs, prescriptions, patient alerts would need to be shared through a cascade alert with healthcare professionals including GP Practices, Dental Practices, Hospitals, Community Pharmacies and other relevant healthcare providers. These alerts may contain sensitive personal information to help prevent further fraudulent activity and prevent harm to the public.

Personal sensitive information shared on alerts is usually provided to us by the police and other healthcare professionals who request us to send out an alert on a local standard NHS England Template with the NHS Logo. We facilitate this process and on some occasions this information may only be alleged concerns.

Private Prescriber Applications

The lead CDAO also receive requests from healthcare professionals to be able to order stock of CDs via requisitions and / or prescribe Controlled Drugs Privately and accordingly manage these applications with a lot of personal information included.

Sharing and reporting Fitness to Practice Concerns and Criminal Activity

Where the lead CDAO has concerns about a healthcare professional’s fitness to practise they will share this information with the professional regulator and or other relevant bodies across the NHS. Information on criminal activity would be shared with the police and counter fraud agencies

Sources of the data

We receive information / unproven intelligence from:

  • Members of public
  • Registered healthcare professionals
  • Non-registered healthcare staff
  • NHS and Private Healthcare organisations/providers
  • Counter Fraud Agencies
  • Commissioners
  • Police CDLOs
  • Regulators
  • NHS England Colleagues
  • Voluntary organisations
  • Anonymous

Categories of personal data

CDAOs would very rarely send out an alert with any sensitive information.

  • Full Name
  • Personal Address
  • Organisation Address
  • Date of Birth
  • Email addresses
  • NHS Number
  • Photographs
  • Professional Registration Number
  • Description of alleged claim(s)

Categories of recipients

We may share information and intelligence to relevant organisations:

  • GP Practices
  • Dental Practices
  • NHS & Private Hospitals
  • Community Pharmacies
  • Other healthcare providers
  • Voluntary Organisations
  • Police
  • Counter Fraud Agencies
  • Commissioners
  • Regulators
  • NHS England Colleagues
  • Other CDAOs
  • CDAOs and relevant departments outside of England Footprint e.g. Scotland, Wales, Northern Ireland
  • NHS Business Services Authority
  • Primary Care Services England
  • Local Authorities
  • Public Health Departments
  • Indemnity Insurance Providers
  • Adult and children safeguarding boards

Legal basis for processing

For GDPR purposes NHS England’s lawful basis for processing is Article 6(1)(e) ‘…exercise of official authority…’. For the processing of special categories (health) data the basis is Article 9(2)(h) ‘…health or social care…’.