We collect information on people who have died by suicide, and some information on people who committed homicide.

We receive identifying information about people who have been allocated a suicide or undetermined conclusion at coroner’s inquest from the Office for National Statistics (ONS) (England and Wales), the National Register Office (NRS) (Scotland), and pseudonymised data from  the Regulation and Quality Improvement Authority (RQIA), who manage identifying information from the Northern Ireland Statistics and Research Agency (NISRA).

We also receive identifying information about people who have committed homicide from the Home Office (England and Wales), the Scottish Crown Office, and Greater Manchester Police.

The information we initially receive from these organisations includes people’s names, addresses, dates of birth and death or offence, and cause of death or information related to the offence. We share this information securely with healthcare providers who let us know whether the person was in contact with mental health services in the year before death/offence. For people who died by suicide, we collect detailed clinical information from the healthcare organisation they had contact with before death via an online questionnaire. No identifying information is collected on the questionnaire and any further correspondence with healthcare services uses a unique identifier that we generate in our office. The clinical information is held on a database which is not linked to the personal identifiable information.

We do not collect information directly from data subjects, and this information is not part of a statutory obligation.

Processing of the data that we hold is necessary in the public interest, for scientific and statistical research purposes in accordance with Article 89(1) of the General Data Protection Regulation. We only hold and process data which is proportionate to our aim of improving safety in mental health services. We respect the essence of the right to data protection and we have specific measures in place to safeguard the fundamental rights and interests of the data subjects.

Our research has been approved by the NHS Research Ethics Committee. In order to carry out the research, we have:

• Section 251 approval; this allows us to hold identifiable and patient sensitive data;
• Data Access Agreements; these are agreements of principals for the release of sensitive data;
• Caldicott Guardian agreements with all mental health providers; this is an agreement between us and health providers about what information we will share, and how we will manage the data;
• A satisfactory Data Security and Protection Toolkit (DPST); this is an online assessment against Information Governance policies and standards, and a requirement of applying for Section 251 approval.

We publish annual reports which include analysis of the most recent year of national data on patient suicides, as well as trends over time. In addition to annual reports, we publish project reports investigating specific patient sub-groups. We recommend changes to clinical practice and policy to reduce the risk of suicide and improve the safety of mental health patients. We only publish aggregate figures, and we follow ONS guidance about small numbers – we don’t publish low counts, and we never share information about an individual. 

Our key audiences are:

• People who receive care: Patients & service users, their families & carers, the general public & press
• People who deliver care: Mental health professionals, who provide us with our data and whose clinical practice is the main focus of our recommendations, medical/clinical directors, risk managers, trust chief executives & boards
• People who commission care: CCG’s, NHS England/Improvement, devolved governments including policy and practice leaders
• People who regulate care and provide national oversight: CQC, NICE, Health Education England and equivalent bodies in all UK countries.

There are various retention periods for the differing data we receive, based on the specific requirements of the data providers and our overall Section 251 approval. Once a data destruction date is reached, the data are securely destroyed. 

If you believe that NCISH hold personal information about you, you have a right to ask for a copy of that information. This is commonly called a Subject Access Request (SAR).

Requests for medical (health) records

A request for information from health records has to be made with the organisation that holds your health records – the data controller. For hospital health records, contact the records manager or patient services manager at the relevant hospital trust. You can find a list of hospital trusts on the NHS Choices website.

If you would like to receive a copy of other information we hold about you, your request should be made in writing (or email) to:

• Post: NCISH, PO Box 86, Manchester, M20 2EF
• Email: ncish@manchester.ac.uk

Please include the words ‘Subject Access Request’ at the beginning of your letter or in the subject line of your email.

When making your request, please include the following details:

• Your name, address and postcode;
• The type of information you want to look at including any relevant dates.

We aim to send you a reply as soon as possible and by the latest within 30 calendar days. You may also be asked to provide proof of identity.

Currently, any bespoke data requests must be initiated by the Medical Director of the healthcare organisation. Annually, we provide a Safety Scorecard to the Medical Director of each mental health trust in England. This Scorecard was developed in response to a request from our commissioners for benchmarking data to support quality improvement. We provide information on indicators that relate to our work: suicide rate, homicide rate, patients under the Care Programme Approach (CPA), staff turnover and NCISH questionnaire response rate. This information is for trusts to consider internally, and we do not give this data directly to any other organisation. We suggest that trusts may wish refer to our 10 key elements of safer care in mental health services – key safety measures that trusts can implement, available to download from our website.

On occasion we collaborate with visiting researchers, who are allowed access to strictly anonymised datasets for analysis to contribute to our outputs. All visiting researchers are bound by the same confidentiality agreements as our contracted members of staff.

All of our published outputs can be accessed via our website. We inform people of our work through events, presentations, print and social media.

We are bound by the conditions in our permissions which are intended to safeguard the identifiable clinical information we hold, and therefore it may not always be possible to respond to a data request if it risks breaching these agreements.

The National Data Opt-Out (where a person chooses not to have their health data shared for reasons beyond treatment and care) does not apply to the core data collected by NCISH. This is due to overriding public interest in improving safety in clinical services.

The right to restrict processing is not an absolute right and applies only in specific circumstances:

• Where you contest the accuracy of your personal data and we need to verify the accuracy of the data;
• The personal data were unlawfully processed (i.e. otherwise in breach of the DPA2018 and GDPR), and you request restriction rather than erasure of the data;
• Where the personal data are no longer necessary in relation to the purpose for which it were originally collected/processed, but you need us to keep the data in relation to a legal claim;
• When you object to the processing and we are considering whether our legitimate interest for continuing the processing would override this objection.

If you would like to request a restriction of processing of your personal data in relation to any NCISH topic study that is not exempt from applying the National Data Opt-Out, your request should be made in writing (or email) to:

• Post: NCISH, PO Box 86, Manchester, M20 2EF
• Email: ncish@manchester.ac.uk

Please include the words ‘Request to Restrict Processing’ at the beginning of your letter or in the subject line of your email.

When making your request, please include the following details:

• Your name, address and postcode;
• The grounds for your request for erasure.

We aim to send you a reply as soon as possible and by the latest within 30 calendar days. You may also be asked to provide proof of identity.

NCISH is one of many organisations working in the health and care system to improve care for patients and the public.

Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.

The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

• Improving the quality and standards of care provided;
• Research into the development of new treatments;
• Preventing illness and diseases;
• Monitoring safety;
• Planning services.

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

The National Data Opt-Out (where a person choose not to have their health data shared for reasons beyond treatment and care) does not apply to data collected by NCISH. This is due to overriding public interest in improving safety in clinical services. 

You can find out more about how patient information is used at: www.hra.nhs.uk/information-about patients (which covers health and care research); and understandingpatientdata.org.uk/introducing-patient-data (which covers how and why patient information is used, the safeguards and how decisions are made).

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

The National Data Opt-Out (where a person chooses not to have their health
data shared for reasons beyond treatment and care) does not apply to the core
data collected by NCISH. This is due to overriding public interest in improving
safety in clinical services.

You have the right to object to the processing of your personal data:

• Based on legitimate interests of the performance of a task in the public interest/exercise of official authority;
• Direct marketing;
• Processing for the purposes of scientific/historical research and statistics.

You must have an objection on grounds relating to your particular situation. If you would like to raise an objection to the processing of your personal data in relation to any NCISH topic study that is not exempt from applying the National Data Opt-Out, your objection should be made in writing (or email) to:

• Post: NCISH, PO Box 86, Manchester, M20 2EF
• Email: ncish@manchester.ac.uk

Please include the words ‘Object to Processing’ at the beginning of your letter or in the subject line of your email. When making your request, please include the following details:

• Your name, address and postcode;
• Details of the grounds for your objection.

We aim to send you a reply as soon as possible and by the latest within 30 calendar days. You may also be asked to provide proof of identity.

You have the right to request that any personal data that is inaccurate be rectified.

If you would like to request that personal data that we hold about you be corrected, your request should be made in writing (or email) to:

• Post: NCISH, PO Box 86, Manchester, M20 2EF
• Email: ncish@manchester.ac.uk

Please include the words ‘Object to Processing’ at the beginning of your letter or in the subject line of your email.

When making your request, please include the following details:

• Your name, address and postcode;
• Details of the inaccuracy.

We aim to send you a reply as soon as possible and by the latest within 30 calendar days. You may also be asked to provide proof of identity.

You can report any concerns you have about our information rights practices to the Information Commissioner’s Office (ICO): https://ico.org.uk/concerns

We keep our privacy policy under regular review and will place any updates on this webpage. This privacy policy was last updated on 26 May 2023.