National COVID-19 and Flu Vaccination Programmes

The National Immunisation Management Service

Purposes for processing

With the availability of a vaccine for COVID-19, there is a need to coordinate vaccination for the population of England.

The seasonal flu programme is a long-established and successful vaccination programme. The service is offered to patients who are particularly susceptible to the flu for example because of their health condition, age or because they are pregnant.

NHS England has established a centralised service for the management of both the COVID-19 and seasonal flu vaccination programmes. This service is supported by a central system, the Immunisation Management System.

The key functions of this system are to enable identification of priority groups, to send invitations to book appointments for vaccination, to manage and monitor the progress of the programme.

In summary, the system works as follows:

Loading personal information about people in England

The demographic details of everyone resident in England or registered with a GP in England are imported into the system from the Primary Care Registration Management Service operated by NHS Digital on behalf of NHS England. After an initial load from NHS Digital, the data is kept up to date overnight.

Information about patients who are particularly susceptible to the flu because of their health condition or because they are pregnant is also uploaded into the system from data held by NHS Digital.

Further data such as lists of shielded patients, NHS staff and social care workers and ethnic category information are also uploaded. This data can then be used for prioritising invitation for flu or COVID-19 vaccination, and for reporting purposes.

Selecting people to invite for immunisation

The system has an interactive dashboard which will allows us to select groups of people to invite for immunisation. Factors such as age, ethnic origin, gender and underlying health conditions can be applied. We can also select NHS staff and social care workers.

The system shows how many people will be invited if the selected criteria are used. The analysis will include a full geographical breakdown so users can ensure there are sufficient vaccinations and delivery capacity to meet demand.  People already vaccinated will be excluded automatically so they are not invited again.

The system sends invitation letters to the people selected.

Sending invitations for vaccination

The list of people to be invited to book an appointment is sent to an automated mailing service. The mailing service prints and sends invitation letters, which explain how to book an appointment for vaccination either for flu or COVID-19.

The list of people that have been invited for a COVID-19 vaccination is sent to the National Booking System, which invitees can use to book an appointment online. This system is managed by NHS Digital.

We will send SMS text message invitations to some groups of people selected for their age or other priority reasons.

The Immunisation Management System keeps a record of everyone who has been invited for vaccination. NHS England uses this information to remind people by telephone, text or letter if they have been invited to attend for vaccination and have not been vaccinated. We may also send reminders to people who have been invited for COVID-19 vaccination and have not booked an appointment through the National Booking System.

Informing GPs

The system sends daily updates to GP systems to allow them to update their local record and monitor progress for their patients.

Statistics

The system includes a business intelligence tool which provides comprehensive analysis of how the vaccination programmes are progressing, nationally and locally.

Data collection and reporting

To provide centralised data collection and reporting services for the National Immunisation Service, NHS England has implemented a centralised data capture tool for clinical teams delivering COVID-19 and seasonal flu vaccinations. The system collects data about vaccinations administered to NHS staff for COVID-19 and flu, in schools and by maternity teams for the flu vaccine only.

Categories of personal data and sources

The IMS obtains names, addresses telephone numbers, other personal details, and GP registration information from the Primary Care Registration Management service that NHS Digital manages as a processor for NHS England.

It receives information about health conditions and other factors that can make people vulnerable to the flu from NHS Digital who collect it from GP Practices, acting under directions from the Secretary of State for Health and Social Care. We also obtain information about ethnic category from NHS Digital.

It receives information about vaccinations given from GP Practices, pharmacies and other vaccination centres. This is so that we can send out reminder letters, inform GPs for them to update their records, and monitor the progress of the vaccination programme.

The data collection and reporting system receives information about vaccination decisions – given or not given. It also includes demographic data about NHS staff from the NHS Electronic Staff Record, obtains NHS Numbers traced from the Primary Care Registration Management service

Categories of recipients

The system sends lists of people to be invited for vaccination to the mailing service managed by NHS England, and for COVID-19 vaccination invitations, the National Booking Service managed by NHS Digital.

The system sends information to GP Practices so that they can update their records about vaccinations that their patients have received at pharmacies or other vaccination centres.

The system sends personal data to the NHS England COVID-19 datastore.

Personal data from the Immunisation Management System is shared with the following external agencies:

  • Public Health England (PHE) – an executive agency sponsored by the Department of Health and Social Care
  • Joint Biosecurity Centre (JBC) – a directorate of the Department of Health and Social Care
  • Trusted Research Environments – operated by the Office for National Statistics (ONS) and Health Data Research (HDRUK)
  • SPI-M – an independent group set up by the Government to support the Scientific Advisory Group for Emergencies (SAGE)

Data protection impact assessment: National Flu and COVID-19 Vaccination programme including the National Immunisation Management Service (NIMS)

View the Data protection impact assessment: National Flu and COVID-19 Vaccination programme including the National Immunisation Management Service (NIMS)

Data protection impact assessment: national immunisation, vaccination system – health care workers

View the Data protection impact assessment: national immunisation, vaccination system – health care workers.

Legal basis for processing

For GDPR purposes NHS England’s lawful basis for processing is Article 6(1)(e) – ‘…exercise of official authority…’.

For the processing of special categories (health) data the conditions are

Article 9(2)(h) – ‘…health or social care…’

Article 9(2)(i) – ‘…public health purposes…’,

Article 9(2)(j) – ‘……archiving…research…or statistical purposes…’

For processing special categories (ethnicity) data the conditions are

Article 9(2)(b) – ‘…social protection law…’ (for monitoring equality of access)

Article 9(2)(h) – ‘…health or social care…’

Article 9(2)(j) – ‘……archiving…research…or statistical purposes…’

NHS England’s basis to process confidential patient information, setting aside the duty of confidence, is regulation 3(3) of the Health Service (Control of Patient Information) Regulations 2002 (COPI), which were made under section 251 of the NHS Act 2006.