CAG approval to extend s251 support for Invoice Validation data processing (CAG 7-07(a-c)/2013) to the end of September 2022
The Secretary of State for Health has approved the NHS England application for an extension for support under Regulation 5 of the Health Service (Control of Patient Information) Regulations 2002 (Section 251 Support). This allows Clinical Commissioning Groups (CCGs) and Commissioning Support Units (CSUs) to process Personal Confidential Data (PCD) which are required for invoice validation purposes. This approval is subject to a set of conditions. This advice explains these conditions and sets the actions that CCGs, CSUs and Providers must now take in order to ensure they are acting lawfully.
An extension until end of September 2022 has been granted for application CAG 7-07(a-c)/2013 for invoice validation
CCGs are reminded to notify NHS England if they change their supplier for invoice validation services. This can be done by completing a Controlled Environment for Finance (CEfF) compliance statement.
- The List of Controlled Environment for Finance Organisations is available in PDF and Excel format. Please note that the PDF is the definitive version.
In line with the recommendation from the National Data Guardian outlined in the National Data the Review of Data Security, Consent and Opt-Outs CAG have agreed to waive the requirement to apply national data opt outs to data required for invoice validation purposes as set out in the CAG 7-07(a-c)/2013 approval.
The NDG review indicated that ‘members of the public did not express a concern about their information being used for payment purposes. ‘Overall there were no issues with this example of data sharing because the information is shared within the NHS. The law is not clear on whether personal confidential data can be used for these purposes without an opt-out. Taking into account the importance of accurately allocating NHS resources and the lack of evidence of public concern in relation to the use of data for this specific purpose, it is recommended that invoice validation for non-contracted activity should be an exception to the opt-out’.
This effectively means that data which includes an identifier (usually NHS number) which is flowing from NHS Digital to commissioners for invoice validation/ challenge purposes will be provided for all patients to ensure that providers receive the correct funding for the health and care services they provide.
If you have any queries relating to the above, please email them to firstname.lastname@example.org.