The Health and Social Care Information Centre (HSCIC) is reviewing its data sharing practices, with a focus on how organisations should be applying to access the Hospital Episode Statistics (HES) and other datasets.
The review comes weeks after HSCIC published a list of companies that have had access to patient data since its formation in April 2013, and organisations that had been granted access to the datasets by HSCIC's predecessor, the NHS Information Centre in a register.
The HSCIC's register was published in response to calls for greater transparency prompted by the government's controversial care.data programme. The register showed that private healthcare providers such as Bupa and Care UK, as well as consultancy firms such as PwC and Ernst & Young had received patient data.
The Commons' health select committee, which is holding an investigation into the care.data programme, found that the NHS Information Centre had approved and released HES data for uses that supporters of care.data have long claimed would not be allowed. In addition, the centre did not have a thorough auditing process to ensure that organisations that had access to such data were using it appropriately.
On its website, HSCIC said that the data sharing approvals process was in line with "developing public trust through being a transparent organisation that operates and makes decisions against clear and open policies and processes".
"We are therefore undertaking work to improve our policies, processes and governance for the sharing of data to ensure that they are fully robust and transparent," it continued.
HSCIC also warned that while this work was being undertaken, the approval processes for renewals and new applications for data extraction are likely to take longer than normal "due to additional scrutiny".
Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes
Focus on cost efficiency, simplicity, performance, scalability and future-readiness when architecting your data protection strategy