Data security
We make every effort to ensure our standards are high in handling specialist categories information as part of our patient safety research. Here we explain how we use the specialist categories information that we collect, and the rights that you have if you think that we hold information about you as a data subject. Find out more in our data security documents.
National Data Opt-Out
The National Data Opt-Out (where a person chooses not to have their health data shared for reasons beyond treatment and care) does not apply to data collected by the National Confidential Inquiry into Suicide and Safety in Mental Health (NCISH). This is due to overriding public interest in improving safety in clinical services.
Privacy notice
Who is responsible for the data we collect?
The National Confidential Inquiry into Suicide and Safety in Mental Health (NCISH) is commissioned by the Healthcare Quality Improvement Partnership (HQIP). NHS England and HQIP are joint controllers for the National Clinical Audit and Patient Outcomes Programme England data. HQIP is led by a consortium of the Academy of Medical Royal Colleges, the Royal College of Nursing and National Voices. HQIP’s aim is to promote quality improvement, and it hosts the contract to manage and develop the Clinical Outcome Review Programmes, one of which is the Mental Health Clinical Outcome Review Programme, funded by NHS England, NHS Wales, the Health and Social Care division of the Scottish Government, the Northern Ireland Department of Health, and the States of Jersey and Guernsey. The programmes, which encompass confidential enquiries, are designed to help assess the quality of healthcare, and stimulate improvement in safety and effectiveness by systematically enabling clinicians, managers and policy makers to learn from adverse events and other relevant data. More details can be found here.
NCISH and its data are based at The University of Manchester, which was established by Royal Charter.
Contact details for our data controllers:
The Healthcare Quality Improvement Partnership (HQIP)
27A Harley Place
London
W1G 8LZ
NHS England
NHS England London
Skipton House
80 London Road
London
SE1 6LH
Compliance and Risk
Room MLG.006
John Owens Building
The University of Manchester
Oxford Road
Manchester
M13 9PL
What information do we collect?
We collect information on people who have died by suicide, and some information on people who committed homicide.
We receive identifying information about people who have been allocated a suicide or undetermined conclusion at coroner’s inquest from the Office for National Statistics (ONS) (England and Wales), the National Register Office (NRS) (Scotland), and pseudonymised data from the Regulation and Quality Improvement Authority (RQIA), who manage identifying information from the Northern Ireland Statistics and Research Agency (NISRA).
We also receive identifying information about people who have committed homicide from the Home Office (England and Wales), the Scottish Crown Office, and Greater Manchester Police.
The information we initially receive from these organisations includes people’s names, addresses, dates of birth and death or offence, and cause of death or information related to the offence. We share this information securely with healthcare providers who let us know whether the person was in contact with mental health services in the year before death/offence. For people who died by suicide, we collect detailed clinical information from the healthcare organisation they had contact with before death via an online questionnaire. No identifying information is collected on the questionnaire and any further correspondence with healthcare services uses a unique identifier that we generate in our office. The clinical information is held on a database which is not linked to the personal identifiable information.
We do not collect information directly from data subjects, and this information is not part of a statutory obligation.
Suicide in NHS Staff data collection
We also receive anonymised information from NHS organisations about staff who have died by suspected suicide whilst employed by an NHS Trust. These people are identified by the NHS organisation. The information provided to us does not include people’s names, addresses, dates of birth or dates of death. A questionnaire is completed by the NHS organisation to provide information on factors experienced by staff members prior to death.
What rights do we have to hold this information?
Processing of the data that we hold is necessary in the public interest, for scientific and statistical research purposes in accordance with Article 89(1) of the General Data Protection Regulation. We only hold and process data which is proportionate to our aim of improving safety in mental health services. We respect the essence of the right to data protection and we have specific measures in place to safeguard the fundamental rights and interests of the data subjects.
Our research has been approved by the NHS Research Ethics Committee. In order to carry out the research, we have:
- Section 251 approval; this allows us to hold identifiable and patient sensitive data;
- Data Access Agreements; these are agreements of principals for the release of sensitive data;
- Caldicott Guardian agreements with all mental health providers; this is an agreement between us and health providers about what information we will share, and how we will manage the data;
- A satisfactory Data Security and Protection Toolkit (DPST); this is an online assessment against Information Governance policies and standards, and a requirement of applying for Section 251 approval.
Suicide in NHS Staff data collection
Processing of the anonymised data we hold on NHS staff is necessary in the public interest and in the interest of NHS England to ensure the safety and well-being of people working for an NHS organisation. We only hold and process data which is proportionate to improving safety for all NHS staff. We respect the essence of the right to data protection and specific measures in place to safeguard this information.
Permission to obtain this data on NHS Staff suicide deaths is given by the University of Manchester Research Ethics Committee. We comply with the Information Governance principles of the University and of an NHS Trust who provides the information. We also fulfil any permission requirements requested by an NHS Trust such as signing a formal data sharing agreement or seeking approval from the Caldicott Guardian before any data is received and processed.
How will we use this information?
We publish annual reports which include analysis of the most recent year of national data on patient suicides, as well as trends over time. In addition to annual reports, we publish project reports investigating specific patient sub-groups. We recommend changes to clinical practice and policy to reduce the risk of suicide and improve the safety of mental health patients. We only publish aggregate figures, and we follow ONS guidance about small numbers – we don’t publish low counts, and we never share information about an individual.
Our key audiences are:
- People who receive care: Patients & service users, their families & carers, the general public & press
- People who deliver care: Mental health professionals, who provide us with our data and whose clinical practice is the main focus of our recommendations, medical/clinical directors, risk managers, trust chief executives & boards
- People who commission care: CCG’s, NHS England/Improvement, devolved governments including policy and practice leaders
- People who regulate care and provide national oversight: CQC, NICE, Health Education England and equivalent bodies in all UK countries.
There are various retention periods for the differing data we receive, based on the specific requirements of the data providers and our overall Section 251 approval. Once a data destruction date is reached, the data are securely destroyed.
Suicide in NHS Staff data collection
We provide reports to NHS England and make recommendations to ensure the safety and wellbeing of NHS staff. When reporting to NHS England we include aggregate figures, we never share information about an individual or report low counts. An anonymised version of the database where information on suicide in NHS Staff Suicide is held will be retained.
How do I get a copy of my personal information held by NCISH?
If you believe that NCISH hold personal information about you, you have a right to ask for a copy of that information. This is commonly called a Subject Access Request (SAR). However, data collected on suicide in NHS staff is anonymised and therefore it is not possible for us to identify individuals in order to provide them or others with the information that we may hold about them.
Requests for medical (health) records
A request for information from health records has to be made with the organisation that holds your health records – the data controller. For hospital health records, contact the records manager or patient services manager at the relevant hospital trust. You can find a list of hospital trusts on the NHS Choices website.
If you would like to receive a copy of other information we hold about you, your request should be made in writing (or email) to:
- Post: NCISH, PO Box 86, Manchester, M20 2EF
- Email: ncish@manchester.ac.uk
Please include the words ‘Subject Access Request’ at the beginning of your letter or in the subject line of your email.
When making your request, please include the following details:
- Your name, address and postcode;
- The type of information you want to look at including any relevant dates.
We aim to send you a reply as soon as possible and by the latest within 30 calendar days. You may also be asked to provide proof of identity.
Access to the information by people who are not data subjects
Medical Directors of healthcare organisations may request bespoke data analysis for the purposes of performance reviews, quality improvement or benchmarking their organisation against national data. These requests are managed by NCISH as part of project delivery with information restricted to patients to which they have provided direct care.
Your information may be shared or re-used to support purposes such as wider research, service evaluation or healthcare improvement, subject to appropriate legal gateways being in place. Applications for access to the data collected by NCISH as part of the Mental Health Clinical Outcome Review Programme (MHCORP) are considered by HQIP’s Data Access Request Group (DARG). Any data access agreed is anticipated to benefit the health and care of the public.
On occasion we collaborate with visiting researchers, who are allowed access to strictly anonymised datasets for analysis to contribute to our outputs. All visiting researchers are bound by the same confidentiality agreements as our contracted members of staff. Applications for access to identifiable data by a visiting researcher would need to be considered by HQIP’s DARG.
All of our published outputs can be accessed via our website. We inform people of our work through events, presentations, print and social media.
Right to restrict processing
The National Data Opt-Out (where a person chooses not to have their health data shared for reasons beyond treatment and care) does not apply to the core data collected by NCISH. This is due to overriding public interest in improving safety in clinical services.
The right to restrict processing is not an absolute right and applies only in specific circumstances:
- Where you contest the accuracy of your personal data and we need to verify the accuracy of the data;
- The personal data were unlawfully processed (i.e. otherwise in breach of the DPA2018 and GDPR), and you request restriction rather than erasure of the data;
- Where the personal data are no longer necessary in relation to the purpose for which it were originally collected/processed, but you need us to keep the data in relation to a legal claim;
- When you object to the processing and we are considering whether our legitimate interest for continuing the processing would override this objection.
If you would like to request a restriction of processing of your personal data in relation to any NCISH topic study that is not exempt from applying the National Data Opt-Out, your request should be made in writing (or email) to:
- Post: NCISH, PO Box 86, Manchester, M20 2EF
- Email: ncish@manchester.ac.uk
Please include the words ‘Request to Restrict Processing’ at the beginning of your letter or in the subject line of your email.
When making your request, please include the following details:
- Your name, address and postcode;
- The grounds for your request for erasure.
We aim to send you a reply as soon as possible and by the latest within 30 calendar days. You may also be asked to provide proof of identity.
How the NHS and care services use your information
NCISH is one of many organisations working in the health and care system to improve care for patients and the public.
Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.
The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
- Improving the quality and standards of care provided;
- Research into the development of new treatments;
- Preventing illness and diseases;
- Monitoring safety;
- Planning services.
This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
The National Data Opt-Out (where a person choose not to have their health data shared for reasons beyond treatment and care) does not apply to data collected by NCISH. This is due to overriding public interest in improving safety in clinical services.
You can find out more about how patient information is used at: www.hra.nhs.uk/information-about patients (which covers health and care research); and understandingpatientdata.org.uk/introducing-patient-data (which covers how and why patient information is used, the safeguards and how decisions are made).
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
Suicide in NHS Staff data collection
The data collection on suicide in NHS staff is not health or care service data. No healthcare records are accessed as part of this data collection.
Right to object to processing
The National Data Opt-Out (where a person chooses not to have their health
data shared for reasons beyond treatment and care) does not apply to the core
data collected by NCISH. This is due to overriding public interest in improving
safety in clinical services.
You have the right to object to the processing of your personal data:
- Based on legitimate interests of the performance of a task in the public interest/exercise of official authority;
- Direct marketing;
- Processing for the purposes of scientific/historical research and statistics.
You must have an objection on grounds relating to your particular situation. If you would like to raise an objection to the processing of your personal data in relation to any NCISH topic study that is not exempt from applying the National Data Opt-Out, your objection should be made in writing (or email) to:
- Post: NCISH, PO Box 86, Manchester, M20 2EF
- Email: ncish@manchester.ac.uk
Please include the words ‘Object to Processing’ at the beginning of your letter or in the subject line of your email. When making your request, please include the following details:
- Your name, address and postcode;
- Details of the grounds for your objection.
We aim to send you a reply as soon as possible and by the latest within 30 calendar days. You may also be asked to provide proof of identity.
Right to correct inaccurate personal information
You have the right to request that any personal data that is inaccurate be rectified.
If you would like to request that personal data that we hold about you be corrected, your request should be made in writing (or email) to:
- Post: NCISH, PO Box 86, Manchester, M20 2EF
- Email: ncish@manchester.ac.uk
Please include the words ‘Object to Processing’ at the beginning of your letter or in the subject line of your email.
When making your request, please include the following details:
- Your name, address and postcode;
- Details of the inaccuracy.
We aim to send you a reply as soon as possible and by the latest within 30 calendar days. You may also be asked to provide proof of identity.
Data held on Suicide in NHS Staff is anonymous and therefore we are unable to identify individuals to rectify any inaccurate information.
Report a concern to the Information Commissioner’s Office
You can report any concerns you have about our information rights practices to the Information Commissioner’s Office (ICO): https://ico.org.uk/concerns
Changes to our privacy policy
We keep our privacy policy under regular review and will place any updates on this webpage. This privacy policy was last updated on 30th September 2024.
Policy documents and related information
Information security and management policy
Our policy sets out our data management in light of guidance on information governance, data protection and confidentiality. This policy is reviewed annually.
Data protection impact assessment document
This template and guide is a tool which can help us identify the most effective way to comply with data protection obligations and meet individuals’ expectations of privacy
Our patient data flow
Our chart shows who provides data to us, who we share that data with, and at what stage identifiable data are pseudonymised/anonymised. This chart is updated in line with any new data sharing agreements.
Identification and management of cause for concern
This Healthcare Quality Improvement Partnership (HQIP) policy relates to the rare circumstances in which information submitted to us could reasonably suggest the presence of very serious issues with clinical practice or system failure that presents a risk of harm to patients.
Understanding practice in clinical outcome review programmes tool: UPCORP-tool guidance and checklist
A protocol to describe the key features of clinical outcome review programmes.
NCISH quality improvement plan
This plan sets out how we are promoting quality improvement within our work.
NCISH PPI&E strategy
This strategy describes our approach to involving, engaging, and informing patients, and their family members, friends or carers who have been involved with mental health care throughout our work.
How to contact us
Please contact us if you have any questions about our privacy policy or any of the data that we hold.
- Post: NCISH, PO Box 86, Manchester, M20 2EF
- Email: ncish@manchester.ac.uk