Invoice validation

Who Pays? Information governance advice for invoice validation

The Secretary of State for Health has approved the NHS England application for support under Regulation 5 of the Health Service (Control of Patient Information) Regulations 2002 (Section 251 Support). This allows Clinical Commissioning Groups (CCGs) and Commissioning Support Units (CSUs) to process Personal Confidential Data (PCD) which are required for invoice validation purposes. This approval is subject to a set of conditions. This advice explains these conditions and sets the actions that CCGs, CSUs and Providers must now take in order to ensure they are acting lawfully.

An extension until 31 March 2017 has been granted for application CAG 7-07(a-c)/2013 for invoice validation.

CCGs are reminded to notify NHS England if they change their supplier for invoice validation services. This can be done by completing the Supplier Change Proposal Form in the Controlled Environment for Finance (CEfF) Assurance Statement document.

NHS England is grateful to South London CSU who worked collaboratively with us to produce this advice.

Update on Processing PCD for Invoice Validation

NHS England and NHS SBS have introduced a new mechanism within the Integrated Single Finance Environment (ISFE) system, which identifies suppliers, and their associated Commissioners (CCG), that submit Personal Confidential Data (PCD) for invoice validation purposes. The CCG is responsible for ensuring that the correct process is followed for the submission of PCD to validate invoices via the CCG’s nominated Controlled Environment for Finance (CEfF).

  1. CCG letter – Update on processing PCD for Invoice validation purposes
  2. NHS SBS Guidance on Implementation of the new rejection mechanism in ISFE

Urgent update regarding S251 CAG Approvals – 28 March 2017

Confidentiality Advisory Group (CAG) s251 Approvals for Risk Stratification (CAG 7-04)(a)/2013) and Invoice Validation (CAG 7-07(a-c)/2013)

NHS England attended the Confidentiality Advisory Group meeting in late February 2017 with a view to requesting the extension of the current CAG approvals for Risk Stratification and Invoice Validation – both of which include the use of all datasets listed under CAG 2-03(a)/2013 until the end of Sept 2018. CAG indicated that they did not envisage any issues with the request and they will provide their response in due course and that in the meantime, the current approvals do not expire. This would ensure that all processing under the above s251 approvals can continue.

During the course of the discussion with CAG members, it was also felt that to ensure sufficient legal cover continues to be in place to enable the de-identification of data previously processed under CAG 2-03(a)/2013 (ASH) and currently held by CCGs/CSUs in an identifiable format, this approval be also extended but only for a period of 4 months to the end of July 2017. This would support the de-identification of data in line with the ICO Anonymisation Code of Practice.

NHS England will update the website again as soon as NHS England receives a formal response from CAG.

If you have any queries relating to the above, please email them to