- DPIA NI Vaccine Management System
DPIA NI Vaccine Management System
1. DPIA Vaccine Management System
The DoH circular HSS(MD)82/2020 ‘Deployment of the COVID-19 Vaccine in Northern Ireland’ (7 December 2020) sets out the public health measures to be put in place to help contain and reduce the spread of COVID-19 by the administration of COVID-19 vaccinations to the Northern Ireland population.
A vaccination programme for both COVID and seasonal flu have been commissioned and are managed by the Department of Health and delivered in partnership with the Health and Social Care Board (HSCB), the Public Health Agency (PHA), HSC Trusts, General Medical Services and Community Pharmacy.
This DPIA relates to the NI Vaccine Management System (VMS) and describes the process within Northern Ireland to administer and capture data on citizens and staff who receive vaccinations against COVID -19 and seasonal flu.
The DOH has mandated the HSC Trusts to implement the vaccine programme in NI, except for the programme phases led by GPs and community pharmacists. The need to have access to analysis of real-time or near real-time data on vaccination uptake and take targeted actions is a requirement for DOH, Trusts GPs and community pharmacists. The new technical solution has been constructed to better use patient data in the fight against COVID.
The historic approach to vaccination management/information recording for vaccines administered outside primary care and with the exception of childhood immunisations in NI is paper based and admin-resource intensive. This manual approach does not support efficient, safe, or secure data recording or sharing within an urgent, pandemic-based, mass vaccination programme.
The current approach does not support the ability to report on efficiently, accurately or analyse vaccination uptake – a key facet of effective vaccine management. Nor does it adequately support uptake at a local or regional level, on an hourly or daily basis, as will be the requirement by the NI Government i.e., as near “real time”/point-in-time reporting as possible.
Recording data at the point-of-care to a regional vaccine database will support both local and regional point-in-time/on-demand reporting and analysis, and therefore, inform a responsive, clinical, and public health intervention strategy. Furthermore, there will be a need to quickly link VMS data to other HSC data sources for analytics and health surveillance purposes. Vaccination Management System
The NI Vaccination Management System started development in early December 2020. The VMS is intended for use in any vaccination settings where a vaccination is delivered i.e. GP practice, clinic, care or residential home, patient’s home (housebound), ward (long stay patients) mobile clinics and community pharmacy. The VMS Platform, and those operating the system, is technically delivered by a combination of APTVision, Kainos, Business Services Organisation (BSO) and the Belfast Trust. Operational changes and revisions to the system are overseen by the Vaccine Management System Product Team headed up by Claire Büchner, Assistant Director Digital Health & Nursing.
The VMS is necessary to:
- Improve the “as is”/current approach within Northern Ireland of using paper processes and manually keying these into systems.
- Reduce/negate the clinical and information governance risks associated with the “as is”/ current approach e.g. reduce physical printing and transport of paper documents containing patient data; remove the ability of these documents/data being viewable by citizens or staff in clinical or back-office settings.
- Ensure Provider organisations meet obligations regarding patient confidentiality.
- Improve the accuracy of vaccine data recording e.g., automated HCN look up and thus reduces data error.
- Complement existing GP workflows and provide standardised clinical management and workflow working in all vaccination settings, supported by a software solution.
- Provided structured data relating to the vaccination of citizens to be included into regional datasets for improved reporting purposes in accordance with UK data protection legislation.
- Provide more timely, complete granular data source to develop the regional vaccine coverage surveillance system in order to provide more accurate direction of immunisation programme delivery thus improving uptake and reduce disease burden
It should be noted that the VMS includes an appointment management/clinic scheduling functionality and a clinical recording tool.
The VMS now supports near time analytics of COVID 19 vaccination data through a separate but connected data analytics capability. Vaccination data is copied from the VMS database into a specific data store, called the Gen 2 Folder, where HSCB and PHA data analysts and researchers can conduct analysis on vaccine coverage surveillance, vaccine effectiveness and efficacy, COVID and flu disease epidemiology including nosocomial infections.
The context for the VMS’s design and decision making were highly compressed timeframes and an urgency to rapidly develop a system that could support immediate vaccine roll out to the most vulnerable citizens. VMS planning and design started with a view to deploying vaccine teams to the Care Home community before Christmas 2020.
A development of this nature required the DHCNI team to design the VMS tactically using rapid, agile techniques covering selection, design, build and implementation. Linear, lengthy stakeholder engagement, requirements capture, investment and procurement processes would not have delivered the outcomes in the timeframes demanded by Department of Health. The urgency and speed needed to set up a VMS required DHCNI to adopt the fastest route to a workable solution using existing relationships within the DHCNI/BSO eco-system. Given the lessons learnt from the Track and Trace capability, DHCNI expanded the design brief with Kainos to incorporate the tactical VMS into their existing customer relationship management (CRM) capability built around Microsoft Dynamics.
The tactical VMS started deployment across NI from early December and was only considered a short-term solution until a more scalable, strategic capability could be designed and developed. The initial VMS was achieved in only 10 days and was based on a proven Commercial Off-The Shelf (COTS) medical booking system purchased via the G-Cloud 12 framework agreement. The tactical VMS has been developed by APTVision; a G-Cloud approved medical systems supplier. The high-level architecture of the VMS can be seen in Figure 1.
The VMS consists of two parts. The front end of the VMS uses the APTVision booking capability in figure 1 to provide the initial vaccine management functionality. This uses a web front end and web forms to deliver vaccine bookings and scheduling. No analytics or processing on citizen data is performed on this platform. This is the system that has been used since December 2020 to date. The main element of the VMS, shown in blue in figure 1, is the heart of VMS that is built around a Microsoft Dynamics data lake and includes an interface with the VMS reporting platform (Gen 2) to support national vaccine monitoring, reporting and analysis.
This system is also integrated with BSO’s Health & Care Index system and a write back to the GP systems for citizen matching and patient record updates. This will be mapped with custom designed Trust and GP workflows built into MS Dynamics to meet their clinical needs.
The Belfast Trust Azure Tenancy is the preference tenancy for the deployment and hosting of the VMS Azure solution. The Belfast Trust already hosts several services which the VMS uses to interact with including the CCS.
|Tactical VMS & Booking Engine (Green)|
|Strategic VMS & Reporting Platform (Blue)|
Figure 1 – The Core VMS System
DHCNI were approached by several suppliers (TotalMobile, Civica and Microsoft) shortly before Christmas and early in January 2021 after the VMS development had been started. These suppliers were given an opportunity to demonstrate their services to the VMS team to showcase what their offerings were capable of. The VMS team (supported by independent IT research organisation Gartner) quickly concluded that two of the offerings (TotalMobile and Microsoft) were not able to meet the most urgent VMS requirements at that time.
The TotalMobile proposition, whilst mature and comprehensive, was aimed at pure field operations rather than a more limited, short-term rollout to care homes across the region. This was not what was required at the time. The Microsoft proposition, received via the Kainos development team, was a re-configuration of their Dynamics application designed to support vaccine rollouts. This solution mirrored a move by several global enterprise application suppliers observed by Gartner analysts as keen to address the pandemic situation. After discussions with Kainos and Gartner it was concluded that it would take longer and cost more to deploy than the deployed APTVision pilot. Therefore, NI’s vaccine outcomes could not be accelerated nor improved by stopping the APTVision/Kainos developments and switching to either of these alternatives. The third proposition by Civica, another existing and established DHCNI supplier, had merit but could not be packaged in time to support care home vaccination time frames.
As described earlier the strategic VMS solution will be a combination of the APTVision front end, and a Microsoft Dynamics CRM solution deployed on Belfast Trust’s existing infrastructure. This will contain a central vaccine database and reporting capability for population COVID health management support and analysis.
From the week beginning the 15th of Feb 2021, the VMS combine the booking and scheduling engine developed by APTVision with the enterprise scale database and reporting capability built by Kainos on the Belfast Trust Microsoft Azure stack. In addition, the VMS team have had the time to work with Big Motive and key stakeholder groups such as the GP and pharmacy community as well as Trust leads to develop a custom workflow better suited to their clinical delivery needs. Vaccinations recorded by General Practice and community pharmacy will not be recorded in the tactical APTVision element of the VMS but be copied to the Data Model contained within the Kainos Dynamics Analytic Platform instance which forms part of the strategic VMS solution.
Rationale for this merger is the need for a sustainable, in-house vaccine management capability that is woven into the HSC ITS fabric and can be supported using existing service management processes and capability long term. The APTVision aspect of the VMS was only ever considered a short-term solution. To that end DHCNI will establish a standardised, regional approach to the recording of vaccination data and a regional dataset for national, regional, and local reporting.
The scope and requirements of the VMS continually evolves but the current tactical solution has met the current vaccine cohort delivery requirements to date. As vaccinations move to phase 2 of the NI Vaccine programme DHCNI need to ensure the VMS is sustainable long term, supportable and able to respond to emergent clinical needs in a controlled, financially predictable way. On 14th September 2021 JCVI published advice on the COVID-19 booster programme. This advice suggests co administration of COVID-19 and flu vaccines. The vaccine landscape requires additional use cases for booster data and flu if policy dictates these will be administered together and/or recorded in VMS.
VMS Data Management and Reporting
The information from the booking and administration of COVID-19 and seasonal flu vaccination is hosted in a single-secure environment which can be synthesised, as required, to inform an appropriate response to vaccine uptake. Data within the strategic VMS will also be used for reporting and research purposes to inform responsive, clinical/public health intervention strategy. This is described in the following sections of this DPIA.
Vaccinations will be delivered in accordance with the advice of the Joint Committee on Vaccination and Immunisation (JCVI). The most current advice, at the time of writing, is available here: JCVI issues updated advice on COVID-19 booster vaccination – GOV.UK (www.gov.uk).
For convenience, the priority in which the COVID vaccinations will be delivered is as follows:
- Older adults’ resident in a care home for older adults and their carers
- All those 80 years of age and over and front-line health and social care workers
- All those 75 years of age and over
- All those 70 years of age and over and clinically extremely vulnerable individuals
- All those 65 years of age and over
- All individuals aged 16 years to 64 years with underlying health conditions which put them at higher risk of serious disease and mortality
- All individuals aged 12 years and over who share a household with someone who is immunosuppressed
- All those 60 years of age and over
- All those 55 years of age and over
- All those 50 years of age and over (
- Rest of the population (priority to be determined)
- All those 12-15 years
This model will by necessity require a multi-agency approach where personal identifiable information of staff (essential and others), residents and general population will be disclosed between the partner organisations.
Analysis of data is likely to be performed by PHA health surveillance and analytics staff, with support from the Health and Social Care Board (HSCB) clinicians and the Digital Health and Care (DHCNI) team. The future integration of VMS data within the analytics platform will take account of the risks and potential risks relating to the use of personal data as well as the necessity of using the data for surveillance purposes. This is described in a separate MOU between HSCB and PHA.
Roles and Responsibilities
The Health and Social Care Board (HSCB) and Public Health Agency (PHA) are joint data controllers for the personal data processed on the VMS, under the Data Protection Legislation, and will direct the use of personal information for the following purposes:
- Confirming the appointment at a regional vaccination centre
- Performing a security and ID verification at the vaccination centre
- Processing the citizen’s vaccination action
- Sharing the details of the vaccination with the citizen’s GP
- Undertaking quality assurance of the vaccination process, for example clinical process assurance
- Analysis to support operational decisions to improve the full end-to-end vaccination process, such as:
- Day-to-day use, for example whether someone attended their appointment
- Management capacity or throughput
- Support end-to-end logistics planning.
- Analysis to support health surveillance and health research
DHCNI will provide the digital solutions to ensure the VMS delivers on Trust, GP and community pharmacy requirements. The VMS sits within the governance structures (shown in Appendix A) of the overall Vaccine programme. This is led by the DoH through the Vaccine Programme Implementation Group (chaired by Patricia Donnelly, an independent chair appointed by the Chief Medical Officer) and the DoH Vaccine Oversight Board (chaired by Dr Michael McBride the Chief Medical Officer).
There are several data processors and other roles assisting HSC and GMS in designing, building, and operating the VMS these are listed at Appendix C.
The NI COVID -19 Vaccination Programme was established under the strategic direction of an Oversight Group chaired by the DoH Chief Medical Officer (CMO); and a Vaccine Implementation Group established by the CMO. The Steering Group, which reports to the CMO, is independently chaired by Patricia Donnelly with membership from DoH, PHA, and Trusts
Key stakeholders include:
- GMS and the GP Community
- The Northern Ireland public
- Department of Health
- Public Health Agency
- Health and Social Care Board
- Health and Social Care Trusts
- Community Pharmacies
- Privacy Advisory Committee
- Information Commissioners Office
- Interest groups (human rights, privacy, women’s rights, older people, children, minority ethnic, disability groups etc.).
- Business Services Organisation – (HR, DLS, IT)
- Queens University Belfast & Ulster University
- Kainos – software development company
- APTVision – software development company
- BigMotive – A user experience and software development company
- NI Direct – call centre provider
- Political representatives
Due to the urgent requirement to establish and operationalise the service, a formal consultation was not undertaken. However, informal engagement is ongoing with a range of stakeholders.
Research undertaken by Big Motive on various aspects of contact tracing and the public perception thereof has provided learning as to user journey and digital communication platform content for vaccination.
DHCNI and DOH also remain in close contact with our counterparts in England and the other devolved administrations as well as the Republic of Ireland to share learning.
Programme leads have liaised extensively with the HSCB Personal Data Guardian (PDG), HSCB DPO, PHA PDG and lead clinicians, PHA DPO, DoH DPO, Trust IG/DPO leads, and Directorate of Legal Services, taking account of advice and comments in developing this DPIA and ensuring that appropriate measures are in place to safeguard individual’s personal data. There has also been significant engagement with the ICO office in NI.
A VMS Product Team has been formed by DHCNI on behalf of the Department of Health to design, develop and co-ordinate the roll out of the VMS. This is headed up by an Assistant Director for Digital Health and Nursing and subject matter expert who acts as the Product Manager for all aspects of the Vaccine Management System.
The VMS Product Manager provides expert clinical advice and development prioritisation to the VMS development team product owners, one for Kainos the other for APTVision. The VMS Product Manager works directly for Vaccine Programme Implementation Group. The VMS Product Manager, on behalf of Patricia Donnelly, is tasked with, amongst other responsibilities, to ensure that the:
- VMS is used for its intended purpose.
- VMS data processing is appropriately bounded in time and scope,
- This DPIA report is kept under review and up to date, and
- Co‐ordinating the necessary analysis to assess the efficacy of the VMS
The VMS Product Manager, Product Owners and supporting development teams meet daily to ensure vaccine priorities from the CMO and Programme Implementation Group are enacted.
The VMS Product Manager provide regular updates to the on the uptake and functioning of the VMS to DOH team and Oversight Board. Key stakeholder groups including PHA, the Health and Social Care Trusts, GP Community and Community Pharmacists. The ICO will also be circulated a copy of the DPIA prior to publication, for the purpose of scrutiny.
Changes to the VMS are informed by clinical directives from the DOH via the Vaccine Programme Implementation Group. Requirement prioritisation is conducted by the Product Manager who in turn engages with the Data Controllers to ensure information governance requirements are satisfied and subsequently directs VMS development through the Product Owners to the suppliers. Once the VMS moves to the strategic variant, day to day management of the system will move to BSO who will manage the system using standard ITIL change control, configuration, and service support processes.
A wide range of stakeholders are responsible for and contribute to the delivery of the VMS. A summary is here. A more detailed breakdown of stakeholder roles can be found at appendix B. The breakdown of data controller vs data processor accountabilities and responsibilities is detailed in appendix C.
|DOH (Department of Health for NI)||To mandate reporting requirements To provide vaccine programme policy and standard|
|Health and Social Care Trusts (HSCTs)||To provide their own staff data as an employer. To collate staff groups data and report to DOH To provide and use cohort identification|
|Primary Care Organisations e.g. GP Surgeries, Pharmacies, Dentists etc.||To provide staff data To provide and use cohort identification|
|HSCB (Health and Social Care Board)||To ensure alignment with existing Health and Social Care processes|
|PHA (Public Health Agency)||To ensure alignment with existing Health and Social Care vaccine processes and care pathways|
|Regulation and Quality Improvement Authority (RQIA)||To provide up to date care home details|
|Digital Health and Care NI (DHCNI)||To commission the VMS design and development To commission data engineering and reporting|
|Information Commissioners Office (ICO)||To promote openness of official information and protection of private information, and their role is to uphold the information rights in the public interest.|
|Business Services Organisation (BSO)||To support the delivery of the VMS as a sustainable capability|
3. Processing Overview and Scope
This section of the document describes the VMS data that will be sourced, processed, how much data is being collected and used, how often it will be processed, how long it will be retained for, and who the data relates to.
The proposed data processing within the VMS relates to all individuals in NI who will be vaccinated and have their data captured as part of that process as set out by JCVI.
The primary purpose of the processing of this data is to ensure the safe COVID-19 and seasonal flu vaccination of citizens in Northern Ireland. The context of processing citizen data is described above.
Access to basic patient demographics (e.g., name, age, address, occupation etc.) will be essential to allow a rapid risk assessment to be carried out to support health surveillance interventions now and in the future. Disease outbreak and vaccine efficacy information is assessed in terms of time, place, and person (e.g., name, age, address, occupation etc.) without this information you cannot effectively associate COVID and flu cases with likely transmission and spread.
Given the huge number of vaccinations expected and the requirement to report on population uptake by phase and other agreed data variables such as age group and disease, a new system was required. This would need to automate the graphing (visual localisation) of vaccination uptake by age, sex, geographical location, for example, and linkage to those members of the population who have health conditions. This is dependent upon having full details of each citizen vaccinated, right down to their residency and full demographics. This approach is both necessary and proportional relative to the need to protect citizens. Only with this information is it possible for health protection to accurately report on the NI COVID Vaccination and Seasonal Flu programme. The VMS reporting engine will facilitate this in a graphic way which is easy to understand and is used additively to the standard data collection to facilitate rapid response. Anonymised data may be shared later with other organisations (e.g., DoH, universities etc.) for the purposes of planning and research related to COVID 19, in line with established processes. A more detailed description of the use of vaccination data can be seen in section 7 – sharing data to tackle COVID.
The analytics platform is planned to receive a continuous stream of data from the strategic VMS to aid vaccine management and regional reporting. Going forward the VMS reporting analytic platform are anticipated to be the primary public health clinical tool for the management of the COVID pandemic and all vaccination events. An existing analytics platform is already facilitating the NI Contact tracing Service and has become an integrated part of the response to the COVID pandemic.
The VMS now supports near time analytics of vaccination data through a separate but connected data analytics capability. Vaccination data is copied from the VMS database into a specific data store, called the Gen 2 Folder, where HSCB and PHA data analysts and researchers can conduct analysis to test for vaccine efficacy, nosocomial infection and immunisation effectiveness. Use of vaccine data by PHA within the analytics platform will be agreed through this Joint MOU arrangement.
The use of patient demographics in this way will shorten the length of time it takes public health experts to identify population groups and not only their update of the vaccine but longer-term follow-up and virus surveillance going forward. This process would not be as efficient or effective if no personal data were used. Therefore, in the balance of risk it would be negligent of the Region not to use it as efficiently as possible to protect the public. Multiple mitigations in place to make this as secure as possible -please see sections 10 and 11 for risk mitigations in place to protect the VMS and its data.
Information Flows are shown in figures 3 and 4 on pages 18 and 19.
The cohort information will be derived from the following methods.
|Priority Group Where does data come from? Residents in a care home Care home workers Records obtained from RQIA that have a care home address, with cross checking to the testing data. 80 years of age and over Records in GP clinical systems where age >=80 Health and social care workers Minimum dataset collected by and supplied HSC Trusts to identify workers 75 years of age and over Records in GP clinical systems where age >=75 70 years of age and over Records in GP clinical systems where age >=70 65 years of age and over Records in GP clinical systems where age >=65 Clinically extremely vulnerable individuals Citizens considered high risk extracted from GMS and the shielded patient list developed earlier in the first COVID lock-down  Individuals aged 12 years to 64 years with underlying health conditions Citizens considered at moderate risk extracted from GMS and criteria in the GP systems Younger people identified via Special School registers 60 years of age and over Records in NI Census where age >=60 55 years of age and over Records in NI Census where age >=55 50 years of age and over Records in NI Census where age >=50 The rest of the population aged over 18 All other records not previously extracted from NI Census Information is derived from the following sources: Applicable cohorts Approach Older persons resident in care homes NI Demographic Survey forms the basis for population data which is then matched with care home residential address list held by RQIA. In addition, care home residents (and staff) are identified as part of the COVID testing process as their status is held in test registry. Care home workers; HSC workers Employers have been asked to supply list of eligible employees in care home sector. HSC Trusts are supplying lists of staff. Clinically extremely vulnerable individuals As above, citizens considered high risk extracted from GP systems and the shielded patient list developed earlier in the first COVID lock-down. HSCB are compiling this list. Individuals aged 12 years to 64 years with underlying health conditions Citizens with underlying health conditions extracted from criteria in the GP systems and Special School registers Citizens in age bands 80+, 75+, 70+, 65+, 60+, 55+ NI Demographic Survey will be used to identify numbers in these cohorts, considering individuals who fall into one of the cohorts identified above|
The VMS has the potential to hold at a minimum the demographics relating to the whole of the adult population of Northern Ireland. Prior to individuals receiving a vaccine, the data held will not consist of data which is subject to the duty of confidence. Individuals may have concerns about their data being processed in this way (without consent) but the overriding benefits to individuals, the health and care system and wider society are the driving factors for the vaccination programme.
A privacy notice is now available in the public domain to ensure all service users are aware of how their data is used. This can be found at this website:
For people receiving vaccines in general practice or community pharmacy settings they can request a copy of the privacy notice.
4. Context of Processing
Twenty-eight citizen data attributes are held and entered into the VMS. This data will be provided by citizens directly into the web booking platform, via a call centre or vaccinators on their behalf in care homes. This data will be linked to the Health and Care Index to ensure accurate patient identity and vaccination recording. The data capture will be as follows:
- Vaccine site
- Date of Vaccination
- Reason patient not suitable for vaccine
- Product Name
- Vaccine – dose given
- Vaccine – Batch Number
- Informed Consent
- Vaccination Centre
- Date of Birth
- First Name
- Family Name
- Health & Care Number
- Home Address
- Phone Numbers
- RQIA Code (care home staff and residents)
HSC Staff (in addition to above)
- Place of Work
- Job role
- Staff Number
For vaccinations administered in a location where the online booking has not been used the demographic details will be collected at the time of vaccination directly into the VMS recording tool. Some data has been collated manually via paper and excel spreadsheets. This information is transferred electronically into the VMS.
Data will also be collected from the individuals who come forward book and consent to receiving a vaccination.
Personally, identifiable data will be held for the primary purposes of clinical vaccination and any required follow-up health care. Information may also be shared with other countries in line with International Health Regulations (2005) part VIII, Article 45, Treatment of Personal Data but only where there is a suitable lawful basis which allows us to do this. Non identifiable and aggregated data will be shared with Public Health England for the purposes of UK national vaccination surveillance.
For NI citizens who have received their vaccination outside of NI and for GB citizens who received their vaccine in NI there is a requirement to share vaccination records across country boundaries to ensure complete clinical records held in country of origin. Any transfers will be fully compliant with the UK GDPR and only when we have a legitimate basis for doing so.
Figure 3 NI VMS to other UK Nations
Figure 4 Other UK Nations to NI VMS
To enable the necessary daily public health reporting requirements to be extracted from the VMS analytics platform (MS Dynamics) requires the holding of anonymised data variables. This is necessary to ensure that we have as much information as possible to be able to link to other disease registries and system held health and care data. The VMS analytics platform is the quickest and most effective way of reporting the defined vaccine programme matrix.
The constructed analytics platform may include other sources of data in the future, including COVID-19 test data such as Antibody serology and screening testing. Decisions regarding the expansion of its data sources are beyond the remit of this document, but appropriate DAAs will be put in place for that processing when required.
As set out above health protection and surveillance is the statutory responsibility of the PHA and the organisation and indeed HSC has much experience in vaccination programmes in relation to communicable diseases, albeit the COVID-19 Vaccination programme is of a much larger scale and longer duration. However, PHA health protection expertise and knowledge is central to the development and management of this programme. Collaboration is taking place between the DOH, Trusts and GPs, Digital Health and Care NI (DoH, HSCB and PHA) and Business Services Organisation IT Service (BSO ITS), to bring in expert technical knowledge and advice in respect of the IT system development, implementation, governance and management.
The VMS system is a time stamped register of all the citizens in NI who have received a vaccine to protect against COVID-19. The recording of the vaccination is only the first part in establishing if vaccination has been successful in preventing infection from COVID-19. To confirm effectiveness the vaccination system must be matched to records of disease activity – in this case the Test Track Protect platform or hospital admission data. By integrating information regarding positive COVID-19 tests to a vaccine registry we can identify if citizens who are vaccinated subsequently become infected and we can confirm the timeframe around that infection. This is critical to understanding the effectiveness of vaccination.
Figure 5 Data Integration
The UK is deploying vaccines based on JCVI recommendations, which deviate from pharmaceutical trial protocols. There is, therefore, a greater imperative to ensure appropriate collection of relevant data to confirm safety and efficacy of the vaccination deployment strategy. To facilitate this procedure the positive test registry for Covid-19 on the TTP platform must be compared to vaccination status on the VMS.
Citizens with positive Covid-19 events post vaccination will be identified for further evaluation. Depending on timing of infection this may represent vaccine failure, or unpreventable infection occurring before vaccination could reasonably be expected to provide protection.
In addition to identifying episodes of vaccine failure – methodology as outlined above – we must be able to quantify the effects of that failure on the in citizens infected. To do this we are required to follow-up citizens identified with vaccine failure to see if they came to harm, and if so, to quantify that harm. This will require matching of citizens with vaccine failure to records of hospitalisation, Intensive Care admission, and diagnostic coding data. This will include mortality data. This matching will be performed within the BSO data warehouse which manages all Northern Ireland’s secure health data sets. Additional analysis on this dataset will be for immediate safety and delivery of vaccination programme and will not involve research without a separate application to Honest Broker and process by relevant ethics authorities.
Figure 6 – High Level Process Flow and Data Entry Points into the VMS
The complete data flow and capture of citizen information to support vaccination is shown above in Figure 4. Patient related vaccine data enters the VMS in 6 ways:
- The citizen enters their demographic data at the time of booking into the APTVision booking webpage. This enables a vaccine booking slot to be generated, their details to be recorded and a confirmation (shown below) plus an SMS to be sent out. The SMS message provides the citizen confirmation of their booking.
For citizens who are unable to book their vaccination online they can book via NIdirect’s telephone call centre. NIdirect call handlers will use the same VMS booking webpage and enter the same citizen data into the VMS on their behalf. They have the same access to the VMS as citizens booking themselves on the website.
- Care home residents and their care staff provide their vaccine booking data to community nurses or nominated Trust staff who will enter the resident’s demographic data into the VMS through a customised VMS booking page via an authorised vaccinator computing device e.g. laptop. Residents or their carers will also help the vaccinator record the health vaccination data if the vaccination is administered at the same time.
- BSO transfer patient’s unique H&CN data into the VMS via an electronic interface via a secure file transfer system. This data exchange is one way and done automatically by the BSO system.
- Extracts of historical patient COVID vaccination records are transferred from GP systems into the VMS to ensure a complete picture of COVID vaccination is recorded for vaccine coverage, and distribution purposes. These are records of COVID vaccinations given at a GP practice to citizens prior to the VMS being available.
- Citizens who present themselves at their local GP practice to book a vaccine provide identical demographic data to those citizens in A. GP staff will enter patient demographic data into the VMS through a customised VMS booking page via a practice computing device. Additional health vaccination data (listed in section 7) is entered into the VMS when the vaccine is administered.
- Citizens who present themselves at their local community pharmacy to book a vaccine provide identical demographic data to those citizens in A. Pharmacy staff will enter patient demographic data into the VMS through a customised VMS booking page via a practice computing device. Additional health vaccination data (listed in section 7) is entered into the VMS when the vaccine is administered.
- Citizens who present themselves at Trust vaccination centres provide identical demographic data to those citizens in A. when if they have not already booked via the website or NI Direct. Trust vaccination administrators or clinical staff will enter patient demographic data into the VMS through a customised VMS booking page via an authorised computing device. Additional health vaccination data (listed in section 7) is entered into the VMS when the vaccine is administered.
As part of the recording of the clinical procedure in all sites the vaccinator must carry out a clinical assessment to ensure the patient is eligible to have a vaccine. Following a positive clinical assessment, the vaccinator records consent and proceeds to vaccinate. This information is also captured as part of the clinical record and is limited to that which is necessary for the purpose.
For Phase 2 of the NI Vaccine programme the VMS application will allow all users to view the vaccination history of the patient attending for Covid-19 booster or flu vaccination independent of where they have received their initial vaccinations. The rationale for this development is to improve both data quality and clinical safety. By matching patients in VMS against the Health & Care Number Index (the central NI database with all known citizens present), fewer demographic data issues would be present, thus leading to a higher number of “matches” against GP records and lower number of issues with vaccination certificates.
The HCN is used to “find a patient” and currently searches based on HCN or a full name (both first and surname) along with either postcode and/or date of birth – presenting back all known NI citizens in the HCN Index to select from.
After searching for a patient, the VMS prompts the user to select from a list of possible matches. In this phase, the following is shown to allow the user to accurately choose which patient:
Once a patent is selected the detail shown in the screenshot above can be viewed by the VMS user. It is of important to note that the system has an industry-standard “2-factor authentication” login approach, whereby only named users and named practices have valid login credentials, confirmed via another method (for example, email, SMS or a mobile app). At the point of login, the VMS also prompts the user that an audit mechanism is in place. These two factors greatly reduce the risk of clinical misuse
The lawful basis for processing personal information according to the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018 is:
- UK GDPR Article 6(1) (e) – the processing is necessary for the performance of its official tasks carried out in the public interest in providing and managing a health service.
The HSCB is a statutory organisation that commissions health and social care services for the population of Northern Ireland. The HSCB are accountable to the health minister, for turning their vision for health and social care into a range of services that deliver high quality and safe outcomes for patient and service users, are good value for the taxpayer, and comply with statutory duties.
Under the Health and Social Care (Reform) Act (Northern Ireland) 2009 the Regional Board shall exercise on behalf of the Department functions of the Department (including functions imposed under an order of any court) with respect to the administration of health and social care as the Department may direct.
The PHA is the statutory regional organisation for health protection and health and social wellbeing improvement. The Health Protection Directorate provides strategic oversight and coordination of the implementation and ongoing delivery of regional vaccination programmes; provision of resources for health professionals and the public; interventions to improve uptake; disease and vaccine coverage surveillance; investigation, and management of cases, outbreaks and other immunisation incidents; and provision of expert advice to policy makers, commissioners, providers and the public.
In this instance the public task relates to the functions of the Public Health Agency which the Agency exercises on behalf of the Department of Health for:
(a) the health improvement functions mentioned in subsection (2);
(b) the health protection functions mentioned in subsection (3); and
(c) obtaining and analysis of data and other information in subsection (4)
as outlined in the Health and Social Care (Reform) Act (Northern Ireland), 2009, section 13.
The data collected on the COVID 19 Vaccination Management System includes personal data. Some of this data relates to health data which is described as ‘special category data’. In relation to that processing, the following UK GDPR conditions apply:
- Article 9(2) (h) – the processing is necessary for medical diagnosis, the provision of health treatment and management of a health and social care system.
- Article 9(2)(i) – the processing is necessary for reasons of public interest in the area of public health.
- Article 9(2)(j) – the processing is necessary for archiving purposes in public interest – scientific/historical research purposes.
- Data Protection Act 2018 Schedule 1, Part 1 (2) – Health or Social Care Purposes
- Data Protection Act 2018 – Schedule 1, Part 1 (3) – reasons of public interest in the area of public health
- Data Protection Act 2018 – Schedule 1, Part 1 (4) – reasons of public interest in the area of public health research.
The staff working within the vaccination programme and collecting data for use within the analytics platform are governed by their professional codes of conduct and HSC contractual terms, including the duty of confidentiality.
Under common law, if information is given in circumstances where it is expected that a duty of confidence applies, that information cannot normally be disclosed without the information provider’s consent. In practice, this means that all patient/client information, whether held on paper or computer, must not normally be disclosed without the consent of the patient/client. However, there are several very specific circumstances that make the disclosure of confidential information lawful, including the sharing of necessary information with other health and care professionals and agencies where the interests of patient safety and public protection override the need for confidentiality.
The vaccination programme will need to share personal information in the interests of individual patient safety as the vaccination record held in VMS will need to form part of the individual’s primary care record held by their General Practitioner. The VMS team will consult with the Privacy Advisory Committee (PAC) regarding secondary uses of data prior to any sharing being agreed. Any decisions made by the PAC will added as an appendix to this DPIA and guided by the DoH code of practice on confidentiality.
In Northern Ireland, the COVID-19 and seasonal Flu vaccination programme will be supported by the VMS to allow citizens to receive their vaccinations and to provide a central regionalised record of all vaccinations. Assumptions on the perceived capacity benefits of co-administration of the flu and COVID vaccine, have been tested with systems and clinicians. Feedback suggests that co-administration could potentially reduce the administrative time taken to invite and book patients in for appointments and reduce appointments times for clinicians with a combined appointment taking less time than two separate appointments, noting that consent will be required for both. It will also be more convenient for citizens.
On 14th September 2021 JCVI published advice on the COVID-19 booster programme. This advice suggests co administration of COVID and flu vaccines.
Only the minimum data set is processed, to enable safe vaccination and to provide demographic data to identify and manage uptake for public health surveillance.
COVID 19 is still a new and relatively unknown disease, and actions will be determined by both local (NI) experience of it as well as from wider national and international experience, knowledge and understanding. While it is recognised that specific actions may need to change, and may do so rapidly, as understanding and knowledge of the disease develops, the personal data collected through the VMS will only be used for purposes of vaccination and public health surveillance in respect of COVID 19.
Vaccination is an established and recognised methodology for controlling and reducing the spread of communicable infectious diseases, that is used nationally and internationally.
Vaccines contain weakened or inactive parts of a particular organism (antigen) that triggers an immune response within the body. Newer vaccines contain the blueprint for producing antigens rather than the antigen itself. Regardless of whether the vaccine is made up of the antigen itself or the blueprint so that the body will produce the antigen, this weakened version will not cause the disease in the person receiving the vaccine, but it will prompt their immune system to respond much as it would have on its first reaction to the actual pathogen.
Some vaccines require multiple doses, given weeks or months apart. This is sometimes needed to allow the production of long-lived antibodies and development of memory cells. In this way, the body is trained to fight the specific disease-causing organism, building up memory of the pathogen to rapidly fight it when exposed in the future. This information is a vital part of the fight against COVID and will be needed to ensure vaccine efficacy and interventions are delivered when and where they needed as soon as possible.
Developing a VMS has been necessary to delivering the vaccine rapidly to the population because they current mixed IT/ paper-based vaccine delivery mechanism in place is not geared to delivering vaccines at volume in a pandemic scenario. A specifically designed VMS has ensured equity of access to the vaccine across population cohorts through a single, consistent scheduled booking system.
The optimal way to accelerate vaccine roll out and provide NI with a simple, easy and speedy vaccination programme has been enabled by a single VMS collating the key COVID-19 vaccination data. This has provided the ability to have all the vaccine records in one place and help save lives by having vaccination records in one place that can be continually updated and analysed to track the vaccine’s efficacy. With access to this data the DOH, Trusts GPs and community pharmacy will be able to effectively monitor the impact of the vaccine and make optimal decisions in the future.
Given the success of phase 1 and the associated benefits of having all vaccination data in a single data base, DOH have requested that flu vaccine data for 2021 and beyond are recorded in VMS.
The VMS is proportionate given the current vaccine’s delivery mechanism’s inability to support a pandemic scenario. It does this by:
- Ensuring the DOH meets its obligations regarding the protection of patient data and confidentiality
- Ensuring the DOH use best practice in the care and safety of any person receiving the vaccine
- Reducing or eliminating the clinical and information governance risks associated with the existing vaccination systems and processes.
- Providing a fit for purpose platform that can be used again in future pandemic outbreaks and for consistent vaccinations generally. Improving the accuracy of NI clinical/vaccine data recording and reporting
- Capturing data relating to adverse drug reactions post administration of the vaccine and within the observation period
- Making COVID vaccine data readily and securely accessible to those authorised to process it
- Helping support standardised clinical and GP workflow management in all vaccination settings.
The GDPR sets out the 8 rights that individuals have in respect of their data. These have been considered in respect of the NI COVID Vaccination programme as follows:
- The right to be informed
Individuals are provided with information about the collection and use of their personal data for the VMS, including what personal data is collected, the purposes for collecting, retention periods and potential sharing of data. The information is available in the privacy notices found here:
In addition, the PHA website also includes a range of information about the vaccine programme, so that the public are informed and aware about the service.
- Right of access
Individuals can ask for copies of the information that we hold about them. HSC has an established subject access request (SAR) process to ensure that requests are dealt with promptly and appropriately.
- Right to rectification
Individuals can ask to have inaccurate personal data corrected or completed if it is incomplete. Vaccine centre and general practice staff will verify data at vaccination appointments.
- Right to erasure
GDPR introduced a right for individuals to have personal data erased (‘the right to be forgotten’), however the right is not absolute and only applies in certain circumstances.
- Right to restrict processing
Individuals have the right to request the restriction or suppression of their personal data, however the right is not absolute. While individuals can request that the vaccine programme stops processing their data, as set out in number 4 above, the data held will still need to be processed for the purpose of public health protection and personal clinical record keeping.
- Right to data portability
Individuals can ask the vaccine programme to share their information with another organisation (although this may not always be possible).
- Right to object
Individuals have the right to object to the processing of their personal data, including when the lawful basis for processing is public task. However, this is not an absolute right, and processing can continue if there are compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the individual.
- Rights relating to automated decision-making
While the VMS uses computer systems to process personal data, it does not include automated individual decision-making (i.e. making a decision solely by automated means without any human involvement).
The VMS analytic platform does not use any automated processing at present rather it identifies statistical observation that are flagged to human being.
Every person booking through the VMS will get a notification (provided their details are accurately added) there is no algorithm determining the decision.
SMS and email booking confirmation and reminder messages will only be sent to those that have booked vaccine appointments; this is algorithm based.
If an individual is not happy with what the VMS does with the information that is held about them, they can contact the Trusts’ or their GP.
We are utilising some IT solutions to mitigate risks such as the transfer of personal data from the VMS to the MS Dynamics system used to record information about vaccination.
As set out in section 6 personal data will be shared with General Practice.
When citizen vaccine information is collected and processed for one reason but is then used or processed in ways beyond the original VMS purpose this is called function creep. Measures are in place to ensure this is prevented including consultation with Data Controllers as necessary.
Any technical or functional changes needed to be made to the VMS that do not change the data usage require a formal request be made to the VMS programme team. These are then prioritised, costed and applied to a technical backlog for subsequent development.
Technical or functional changes that are needed to enable the sharing of VMS data with a 3rd party or additional government agency will require the development and approval of an appropriate Data Sharing or Access Agreement (DSA or DAA). These can only be approved by the Personal Data Guardian (or equivalent) within the data controller organisations once usage has been determined to satisfy this DPIA, confidentiality and appropriateness. This may also require the data controller organisations to confer with invested stakeholder groups prior to approval being given. This formal process ensures there is clear accountability and governance of the VMS during development and on-going operation.
5. Security Measures
Security measures are in place to ensure the information processed is carried out only as detailed in this DPIA and ultimately only for the purposes intended.
The organisational security measures implemented include the following security controls
- VMS citizen data can only be accessed under specific circumstance by authorised clinical/administration staff at GP practices, Trusts and Community Pharmacy Staff.
- Trust, GP staff and Community Pharmacy staff are nominated access by their role within their area of business only. Users will not be able to use the system unless added to an application role.
- Access controls for VMS vaccine administration staff is governed by each HSC Trust, GP Practice and Pharmacy operational procedures
- Access to citizen data is monitored by security and authentication mechanisms. Data access by clinical users, VMS administrators and development staff is also monitored and recorded for audit purposes.
- Common VMS data and analytic services are limited to specific users within two Azure Active Directory groups
- Only required accounts have been sync’d from on premise to Azure Active Directory via AD Connect.
- No live system access rights are allocated to 3rd parties. All 3rd party access is in accordance to agreed contacts and contract management processes.
- An appropriate separation of roles will be employed, for example developers will manage supporting backend configurations.
VMS Suppliers Kainos, APTVision and Microsoft comply with both international and industry-specific compliance standards and participate in rigorous third-party audits and penetration testing that verify security controls. As required by the GDPR, the VMS developers implement and maintain appropriate technical and organisational security measures, including measures that meet the requirements of ISO 27001 and ISO 27018, to protect personal data they process as data processors or sub processors on its customers’ behalf.
Both VMS Suppliers provide audit capabilities that allow the data controller and processors to monitor vaccine data. VMS administrators can run a report on any patient record to see all the staff who have accessed it, what if any change were made and where that access was appropriate or necessary.
Appendix D gives more detail about the VMS security measures in place. A glossary at Appendix E gives more description of the technical terms and abbreviations.
The organisational security measures implemented include the following security controls that have applied to the environment:
- Restriction on user access to the VMS Reporting capability
- All Azure resources are managed via Azure Active Directory. This provides a mechanism to ensure only those who are on the system directory and authorised can access the VMS.
- Access to Data Science Virtual Machines is restricted to via encrypted connection through Azure Bastion. Connection to Bastion is via whitelisted IP addresses only. Only named Azure Active Directory identities can access the DSVMs via this secure connection
- Access to the Reporting dashboard is currently whitelisted to only Kainos IP addresses. When planning to open this up to HSCNI staff, it will be to named individuals identified by Azure Active Directory identity and whitelisted to the appropriate HSCNI IP addresses only.
- Security of data as it moves into the strategic VMS and within the reporting platform is controlled by four mechanisms:
- A named CRM service account with least-privilege access is used in conjunction with a registered Azure Active Directory App to authenticate and authorise the data extract application when connecting to the VMS to retrieve data for sync to the reporting database
- This connection between the data extract application and Dynamics CRM web services is encrypted via secure method known as SSL which uses TLS encryption
- Connections to the VMS database are also encrypted via SSL/TLS and access is only granted via managed identity used by the Data Science VMS, reporting dashboard, and data extract processes. I.e., there is no direct access to the database via a user of the Azure portal
- All data stored in the Azure DB is strongly encrypted using industry standards
All users are offered training to cover their use of the VMS. Training for the VMS to Trusts is provided on a ‘train the trainer’ basis and VMS run-throughs by the development team, video demonstrations and written manual.
- User readiness has been tracked as part Readiness meetings.
- GP and community pharmacy users are being supported by HSCB Practice Support Teams and DHCNI central team Further Developments
As more information is made available about the different vaccines available in Northern Ireland the VMS may have to change and develop accordingly. While it is impossible to predict these developments at this stage several developments are anticipated including:
- VMS reporting function uses cloud architecture, hosted within Microsoft UK Southern Region datacentres, using software already configured within the Belfast Trust. In the longer term it will ultimately be re-provisioned centrally within Business Services Organisation when a Microsoft Azure environment for Northern Ireland can be constructed.
- Consideration of machine learning purposes, a human element would remain. There is no automated decision made by machines in this process, all decisions are human made. There are no plans to change this in the future.
As the Vaccine Management System DPIA is a living document it will be updated, as necessary.
Risks will be assessed using both HSCB regional risk matrix (Diagram C; full document in Appendix H)
|IMPACT||Risk Quantification Matrix|
|5 – Catastrophic||Low (5)||Medium (10)||High (15)||High (20)||High (25)|
|4 – Major||Low (4)||Medium (8)||High (12)||High (16)||High (20)|
|3 – Moderate||Low (3)||Medium (6)||Medium (9)||High (12)||High (15)|
|2 – Minor||Low (2)||Low (4)||Medium (6)||Medium (8)||Medium (10)|
|1 – Insignificant||Low (1)||Low (2)||Low (3)||Low (4)||Low (5)|
|1 Rare||2 Unlikely||3 Possible||4 Likely||5 Almost Certain|
|Describe source of the risk and nature of potential impact on individuals||Likelihood of harm||Severity of impact||Overall Risk Rating|
|1||Access by nominated VMS programme staff and developers to patient data during product development cannot be limited||Possible||Moderate||Medium|
|2||Non-vetted staff users may exist in the VMS accepted user lists e.g. using personal email accounts to log on to the system.||Possible||Moderate||Medium|
|3||Risk of inaccurate data being entered into the VMS by clinical staff or by members of the public that will delay the patient’s vaccine booking. For example,|
– The ability to be able to stop a person booking into several different facilities to get their vaccines’. E.g. go to a Trust to receive first dose and then invited by GP for first dose.
– Being able to overcome a common scenario where citizens are commonly known by one name but registered in Health and Care Index under another variation of this name.
|4||Risk of data loss during import of patient data from APTVision solution to the Kainos VMS Dynamics data lake resulting in low quality, low confidence population. This will reduce the ability of the DHCNI to support the CMO in making timely decisions to accelerate and target vaccinations.||Remote||Moderate||Low|
|5||Risk of data breach (with the loss or unauthorised sharing of personal identifiable data, with potential impact of distress or reputational damage to individuals.), by staff working in the VMS Teams, through human error or intent. In addition, the risk of reputational damage to the HSCB, PHA and DoH.||Remote||Moderate||Medium|
|6||Risk of the VMS being ‘hacked’, with the theft of personal identifiable data (data breach), with the risk of distress or reputational damage to individuals. Or the system being compromised or inaccessible because of a cyber security incident therefore VMS being unable to operate with no vaccine bookings being undertaken. In addition, the risk of reputational damage to the DoH, HSCB, PHA and DHCNI.||Possible||Major||High|
|7||Risk of unauthorised access to the personal data on the VMS, resulting in a data breach with potential impact of distress or reputational damage to individuals. In addition, the risk of reputational damage to the DoH, HSCB, PHA and DHCNI.||Possible||Major||High|
|8||Risk of unauthorised access (internal or external) to the personal data on the APTVision (PostgreSQL), Kainos VMS Data (Azure Data Lake) and Reporting Platforms, resulting in a data breach with potential impact of distress or reputational damage to individuals. In addition, the risk of reputational damage to the DoH, HSCB, PHA and DHCNI.||Possible||Major||High|
|9||Risk relating to Adult Safeguarding Privacy concerns, particularly regarding inappropriate access to current information on identity and location. Vulnerable people may be particularly concerned about the risk of identification or the disclosure of information.|
Communication issues with vulnerable adults – issues with receiving/understanding information/instructions. If there are inadequate disclosure controls, there is an increase in the likelihood of information being shared inappropriately
|10||Risk of noncompliance with HSCB/PHA/DOH data protection and information governance policies and procedures which may result in accidental or deliberate misuse of sensitive personal data with potential of data protection requirements not being adhered to and for a data breach with the potential impact of distress or reputational damage to individuals. In addition, the risk of reputational damage to the DoH, HSCB, PHA and DHCNI.||Remote||Moderate||Medium|
|11||Risk of noncompliance with established BSO ITS Service Transition Approval Process (the VMS STAP) and the BSO do not have enough capacity to support the VMS. Potential, in error, to negatively impact the MS Dynamics environment and therefore the VMS would not be available when required.||Unlikely||Moderate||Medium|
|12||Risk of access to personal data by 3rd party processors which may result in accidental or deliberate use of sensitive personal information. Potential impact of a data breach, with potential impact of distress or reputational damage to individuals. In addition, the risk of reputational damage to the DoH, HSCB, PHA and DHCNI.||Possible||Major||High|
|13||Risk that personal data is used inappropriately for analytical purposes. Inappropriate sharing of personal data which could result in potential impact of distress or reputational damage to individuals. In addition, the risk of reputational damage to the DoH, HSCB, PHA and DHCNI.||Rare||Minor||Low|
|14||Risk of fraudsters sending similar looking messages with malicious intent. Potential impact of distress or reputational damage to individuals, in addition the risk of reputational damage to the DoH, HSCB, PHA and DHCNI.||Likely||Moderate||Medium|
|15||Risk of fraudsters setting up a similar web booking front end with malicious intent. Potential impact of distress or reputational damage to individuals, in addition the risk of reputational damage to the DoH, HSCB, PHA and DHCNI.||Possible||Moderate||Medium|
|16||Risk of the VMS failing or suffering technical malfunctions rendering the system inoperable. The impact of the VMS suffering failure would slow or reduce the vaccination programme’s ability to vaccinate NI citizens.||Unlikely||Major||Medium|
7. Identify Measures to Reduce Risks
|Describe source of the risk and nature of potential impact on individuals||Effect on risk (Eliminated, Reduced, Accepted)||Residual harm (Low; medium; or high)|
|1||Access by nominated VMS programme staff and developers to patient data during product development cannot be limited||DHCNI have several controls in place contractually suppliers covered under their contracts.|
Patient data processing and confidentiality is described and enforced by Kainos Limited’s contractual and call-off terms under the UK’s G-Cloud 11 & 12 framework agreements.
Patient data and confidentiality is covered and enforces by APTVision contractual and call-off terms under the UK’s G-Cloud 12 framework agreement. APTVision may process patient data on behalf of DHCNI as a data processor for the purposes of development. No patient identifiable info in APTVision or Kainos pre-production environments
Patient data and confidentiality is covered and enforced by Gartner UK Ltd.’s contractual and call-off terms under the UK’s G-Cloud 12 framework agreement. Gartner does not process any patient data on behalf of DHCNI as a data processor
|2||Non-vetted staff users may exist in the VMS accepted user lists e.g. using personal email accounts to log on to the system.||Trust to immediately action or reduce list to only those staff members who need access||Reduced||Low|
|3||Risk of inaccurate data being entered into the VMS by clinical staff or by members of the public that will delay the patient’s vaccine booking. For example,|
The ability to be able to stop a person booking into several different facilities to get their vaccines’. Go to a Trust to receive first dose and then invited by GP for first dose.
Being able to overcome a common scenario where citizens are commonly known by one name but registered in Health and Care Index under another variation of this name.
|Verification of patient identification via photo ID and checks against the HCN Index by vaccination staff conducted at the point of vaccination to mitigate data inaccuracies or errors made during phone or web bookings.|
Clinical staff have been briefed and trained on the use of the APTVision booking system.
The APTVision booking system has gone through numerous design changes to improve user experience, ease of use and accessibility to ensure patient entry errors are minimised.
Once patient data has been entered into the VMS after the vaccine has been administered the record is ‘locked’. Any subsequent changes to the record will need to be done via the VMS Service desk
|4||Risk of data loss during import of patient data from APTVision solution to the Kainos VMS Dynamics data lake resulting in low quality, low confidence population. This will reduce the ability of the DHCNI to support the CMO in making timely decisions to accelerate and target vaccinations.||Automatic electronic import process is used to load the APTVision patient data extract on the Kainos VMS Dynamics data lake.||Eliminated||Low|
|5||Risk of data breach (with the loss or unauthorised sharing of personal identifiable data, with potential impact of distress or reputational damage to individuals.), by staff working in the VMS Teams, through human error or intent. In addition, the risk of reputational damage to the HSCB, PHA and DoH.||All involved HSCNI staff in the VMS are required to complete the HSC information governance and IT Security e-learning module. NI Direct has been established as the primary contact centre for the Northern Ireland Civil Service (NICS), its agencies and the wider public sector. Suppliers to NI Direct must comply with Data Protection requirements and this is detailed in the contract with the supplier, in this case BT. the Privacy Notice i.e. https://covid-19.hscni.net/vaccine-service-privacy-notice/ is referenced at the start of each call and in the MOU with DOH. There are strict protocols and training provided to the call handlers. The supplier also has a Quality Manager who sample checks calls against set criteria to score the call.Risk and management of breach of confidentiality covered in training, in line with contract requirements. Staff are subject to regulatory Codes of Conduct e.g., NMC and GMC which include duties of confidentiality. Confidentiality clauses in contracts of employment of staff and supporting developer/advisory suppliers. Appropriate disciplinary action will be taken in the event of proven breachStaff operating within Trusts and GP Practices come under their respective IG governance rules and procedures.||Reduced||Low|
|6||Risk of the VMS being ‘hacked’, with the theft of personal identifiable data (data breach), with the risk of distress or reputational damage to individuals. Or the system being compromised or inaccessible because of a cyber-security incident therefore VMS being unable to operate with no vaccine bookings being undertaken. In addition, the risk of reputational damage to the DoH, HSCB, PHA and DHCNI.||Kainos and Microsoft (VMS developers) comply with both international and industry-specific compliance standards and participate in rigorous third-party audits and penetration testing that verifies security controls. As required by the GDPR, the VMS developers implement and maintain appropriate technical and organisational security measures, including measures that meet the requirements of ISO 27001 and ISO 27018, to protect personal data it processes as a data processor or sub processor on its customers’ behalf. APTVision meet the requirements of ISO 9001:2015 and develop/deploy their software products on the GDS approved G-Cloud provider UKCloud. UKCloud are ISO-27001, 27017 and 27018 certified. The VMS developers follow the UK Standard Contractual Clauses (data resides in secure cloud locations within the UK. The Belfast Trust (BHSCT) have applied the following security controls: ● Common data services is unavailable to everyone on WWW except for users within two Azure Active Directory groups ● Multi-Factor authentication is required to access the VMS outside of BHSCT Trusted locations (BHSCT and BSO Networks). ● Legacy authentication has been blocked for all users. ●A user must have a Dynamic 365 license assigned before they are able to access the Kainos VMS Common Data Services. ● Users will not be able to use the system unless added to an application role. ● Application roles have been set up to ensure a “least privileged” approach (Kainos developed). ● Only required accounts have been sync’d from on premise to Azure Active Directory via AD Connect. APTVision security protocols include: ● Firewalls deny access by default ● Security patches applied automatically (nightly) ● All external traffic in transit encrypted ● SSL 2.0, 3.0, TLS 1.0, 1.1 are disabled, only TLS 1.2, 1.3 allowed ● No patient identifiable info in pre-production environments ● Certificates provided by DigiCert ● We have an A+ rating from Qualys SSL labs: https://www.ssllabs.com/ssltest/analyze.html?d=admin%2dimmunisation.aptvision.com&s=220.127.116.11&hideResults=on&latest ● HTTP Strict Transport Security (HSTS) used ● A recent external audit tested against OWASP top 10, all significant findings were resolved||Reduced||Medium|
|7||Risk of unauthorised access to the personal data on the VMS, resulting in a data breach with potential impact of distress or reputational damage to individuals. In addition, the risk of reputational damage to the DoH, HSCB, PHA and DHCNI.||Kainos and Microsoft (VMS developers) comply with both international and industry-specific compliance standards and participate in rigorous third-party audits and penetration testing that verify security controls. As required by the GDPR, the VMS developers implement and maintain appropriate technical and organisational security measures, including measures that meet the requirements of ISO 27001 and ISO 27018, to protect personal data it processes as a data processor or sub processor on its customers’ behalf. APTVision meet the requirements of ISO 9001:2015 and develop/deploy their software products on the GDS approved G-Cloud provider UKCloud. UKCloud are ISO27001, 27017 and 27018 certified.|
The VMS developers follow the UK Standard Contractual Clauses (data resides in secure cloud locations within the UK).
The Belfast Trust (BHSCT) & Kainos have applied the following security controls:
● Common data services is unavailable to everyone on WWW except for users within two Azure Active Directory groups
● Multi-Factor authentication is required to access the VMS outside of BHSCT Trusted locations (BHSCT and BSO Networks).
●Once logged into VMS, user actions are logged in an audit trail which includes CREATE, VIEW, UPDATE events on patient details ●Legacy authentication has been blocked for all users.
●A user must have a Dynamic 365 license assigned before they are able to access the Kainos VMS Common Data Services.
● Users will not be able to use the system unless added to an application role.
● Application roles have been set up to ensure a “least privileged” approach (Kainos developed).
● Only required accounts have been sync’d from on premise to Azure Active Directory via AD Connect
|8||Risk of unauthorised access (internal or external) to the personal data on the APTVision (PostgreSQL), Kainos VMS Data (Azure Data Lake) and Reporting Platforms, resulting in a data breach with potential impact of distress or reputational damage to individuals. In addition, the risk of reputational damage to the DoH, HSCB, PHA and DHCNI.||APTVision controls|
-APTVision sessions to the infrastructure (SSH access) records login time and IP source
-Sessions to the admin portal are logged. There is auto logout functionality in place after session expires.
-Once logged into VMS, user actions are logged in an audit trail which includes CREATE, VIEW, UPDATE events on patient details
-Access to reporting functionality that includes export is controlled via individual user permission group that has to be explicitly assigned to selected users
-SSH access require short lived (12 hour) SSH certificates, meaning regular re-authentication is required with the identity provider
-Remote access is controlled using industry standard methods (SSH keys, no passwords allowed, secure VPN, roles and permissions assigned per user)
Kainos/Belfast Trust Controls
-All Belfast Trust Azure resources are managed via Azure Active Directory
-Access to BHSCT Trust based Kainos Servers, Containers and Virtual Machines are
restricted to via encrypted connection through Azure Bastion. Connection to Bastion is via whitelisted IP addresses only. Only named Azure Active Directory identities can access the DSVMs via this secure connection
Security of VMS data as it moves from APTVision, into and within the VMS Kainos dynamics platform:
– Data is securely transferred from APTVision to VMS via encrypted SSL/TLS connection using a secure Azure Logic App flow. A secure managed identity is used to connect the Logic App to Dynamics CRM which is associated with a least privilege security role granting the minimum permissions to update the VMS data model.
-A named CRM service account with least privilege access is used in conjunction with a registered Azure Active Directory App to authenticate and authorise the data extract application when connecting to the Contact Tracing system to retrieve data for sync to the reporting database
-This connection between the data extract application and Dynamics CRM web services is encrypted via SSL using TLS encryption
-Future connections to PHA’s Analytics platform – Azure Cosmos DB database will also encrypted via SSL/TLS and access is only granted via managed identity used by the Data Science VMs, reporting dashboard and data extract processes. I.e., there is no direct access to the database via a user of the Azure portal. This capability is not yet in place.
Any VMS data stored in Cosmos DB will be encrypted at rest by default using AES-256 encryption.
|9||Risk relating to Adult Safeguarding Privacy concerns, particularly regarding inappropriate access to current information on identity and location. Vulnerable people may be particularly concerned about the risk of identification or the disclosure of information.|
Communication issues with vulnerable adults – issues with receiving/understanding information/instructions. If there are inadequate disclosure controls, there is an increase in the likelihood of information being shared inappropriately
|Administration access to the VMS is controlled (as set out above), so no unauthorised personnel have access to the VMS.|
Only authorised clinical, Trust/GP administration and VMS development staff have access to the data on the VMS; they are bound by the existing controls and policies and professional regulatory Codes of Conduct.
VMS operated by staff recruited for their professional skills (e.g., nursing) that will assist in communicating with vulnerable adults. In respect of vulnerable adults, the vaccinators and clinical staff will seek to speak to a proxy (e.g., legal guardian). If a vaccinator has a concern about the capacity of the contact, they can refer to the clinical lead.
Managerial and clinical supervision arrangements are in place via the relevant Trust or GP Practice. Legal advice is sought as required
|10||Risk of noncompliance with HSCB/DHCNI data protection and information governance policies and procedures which may result in accidental or deliberate misuse of sensitive personal data with potential of data protection requirements not being adhered to and for a data breach with the potential impact of distress or reputational damage to individuals. In addition, the risk of reputational damage to the DoH, HSCB, PHA and DHCNI.||Development of DPIA to identify risks & put appropriate measures in place;|
There is mandatory Information Governance and IT Security training for all DoH staff.
All staff have access to the DoH, HSCB, PHA and DHCNI. Information Governance policies and procedures all available on each organisations intranet site;
All staff bound by HSCNI employment contracts Staff bound by professional regulatory Codes of Conduct
Appropriate disciplinary action will be taken in the event of proven breach
|11||Risk of noncompliance with established BSO ITS Service Transition Approval Process (the VMS STAP) and the BSO do not have enough capacity to support the VMS. Potential, in error, to negatively impact the MS Dynamics environment and therefore the VMS would not be available when required.||The VMS is being developed using a rapid, agile development technique which differs from a standard IT service transition used by the BSO. The VMS programme is collaborating with BSO, Suppliers and the BHSCT to align with the STAP process as closely as is practical to ensure a smooth transition to on-going sustainable services.|
Completion of documentation and approval by BSO ITS assistant director in line with existing governance applied to all HSC IT systems.
|12||Risk of access to personal data by 3rd party processors which may result in accidental or deliberate use of sensitive personal information. Potential impact of a data breach, with potential impact of distress or reputational damage to individuals. In addition, the risk of reputational damage to the DoH, HSCB, PHA and DHCNI.||No live system access rights are allocated to 3rd parties. All 3rd party access is in accordance with agreed contacts and contract management processes.||Reduced||Low|
|13||Risk that personal data is used inappropriately for analytical purposes. Inappropriate sharing of personal data which could result in potential impact of distress or reputational damage to individuals. In addition, the risk of reputational damage to the DoH, HSCB, PHA and DHCNI.||All staff involved are HSCNI employees and therefore must comply with mandatory Information Governance training.|
Developers and advisory suppliers are bound by NDAs align with DHCNI Information Governance standards. (APTV to confirm)
Access to the Kainos VMS capability will be controlled via user management and allocation of appropriate rights and levels (e.g., read/write at various levels based on authorised need)
|14||Risk of fraudsters sending similar looking messages with malicious intent. Potential impact of distress or reputational damage to individuals, in addition the risk of reputational damage to the DoH, HSCB, PHA and DHCNI.||Advice was sought from the National Cyber Security Centre (NCSC) for VMS usage of SMS to ensure that the SMS is as safe as possible – this advice has been adopted when considering the use of NI Direct sourced SMS to confirm vaccine bookings.|
Sender ID based on guidance from the National Cyber Security Centre (NCSC) and SMS message content was also reviewed. Both have been classed as technically suitable by NCSC due to: The creation of some distance between SenderID and others nearby and the creation of a simple, recognisable link that is harder to mimic
|15||Risk of fraudsters setting up a similar web booking front end with malicious intent. Potential impact of distress or reputational damage to individuals, in addition the risk of reputational damage to the DoH, HSCB, PHA and DHCNI.||Advice was sought from the National Cyber Security Centre (NCSC) to ensure that the SMS is as safe as possible.|
There is a large amount of material available via website, apps etc. to ensure the public are fully aware of what information will be required and why.
|16||Risk of the VMS failing or suffering technical malfunctions rendering the system inoperable. The impact of the VMS suffering failure would slow or reduce the vaccination programme’s ability to vaccinate NI citizens.||The VMS Programme are adding the system to DHCNI’s Information Asset (IA) Register. In the event of a major failure or catastrophe systems listed in the organisation’s IA register are deemed critical and receive the highest priority in terms of resources and measures to restore back to normal operation. In such cases Trusts, GPs and other vaccination centres will revert to their existing patient records to ensure vaccination data is still captured during vaccine roll outs until the VMS has been fully restored.||Reduced||Low|
Lynda McAree IG
Appendix A- VMS Stakeholder Landscape
Appendix B – Data Controllers and Processors (who are they)
All data processors are appointed under Data Processors Agreements in compliance with Article 28 of the UK GDPR. Public Health Agency and Health and social Care Board are joint Data Controllers for VMS.
The role of each party in this Joint Data Controller arrangement is as follows:
- Controller 1 (HSCB): to oversee the transfer of accurate, timely patient vaccine data to the Vaccine Management System (VMS). The Board are also responsible for the safe keeping of the data once entered into the VMS and ensuring effective data confidentiality measures are in place through role-based access/controls.
- Controller 2 (PHA): to oversee the data management and analysis of:
- COVID Booster
- Flu vaccine data
PHA role includes vaccine coverage surveillance, immunisation programme and population health management measures.
PHA, in agreement with HSCB and General Practice, will also look to provide the strategic oversight of the ongoing development of the VMS into the Northern Ireland Health and Social Care service in line with evidence-based practice for immunisation information systems.
Contracts, Data Sharing Agreements and MoUs are in place to govern relationships with the above data processors and sub-processors which set out the obligations of each party and the data controller’s obligations and rights regarding the data that is being processed. All contracts adhere to established BSO Procurement and Logistics Services (PaLs) processes with legal input provided by BSO Department of Legal Services (DLS).
All data processing takes place within the UK area, and as such is subject to legislation in the form of the UK General Data Protection Regulation (GDPR).
All data processors are appointed under Data Processors Agreements in compliance with Article 28 of the UK GDPR, either via UK GDPR compliant contracts, or Memorandum of Understanding (MoU) s.
Under the terms of these arrangements HSCB is the data controller responsible for assessing that all processors listed below are competent to process personal data in line with UK GDPR requirements. This assessment will consider the nature of the processing and the risks to the data subjects.
Under Article 28(1) HSCB will ensure that only processors that can provide “sufficient guarantees” (in terms of its expert knowledge, resources, and reliability) to implement appropriate technical and organisational measures to ensure the processing complies with the UK GDPR and protects the rights of individuals. Contracts or Memorandum of Understanding (MoUs) will be in place to govern relationships with the data processors, which set out the obligations of each party and the data controllers’ obligations and rights regarding the data that is being processed. All contracts adhere to established BSO Procurement and Logistics Services (PaLs) processes and legal input provided by BSO Department of Legal Services (DLS).
All data processing takes place within the UK area and as such is subject to legislation in the form of the UK – GDPR.
The following provides a list of joint data controllers involved in delivery of the system.
- Public Health Agency was established in 2009 and is an Agency within NI whose role is to improve health and social wellbeing and oversee public health protection managing vaccination programmes (outside COVID-19).
- HSCB (Health and Social Care Board) is a statutory organisation responsible for providing health care services, including COVID-19 vaccination service.
The following provides a list of data processors involved in delivery of the system.
- Kainos is a system integrator providing VMS platform for storage and processing of vaccination records
- APTVision are medical systems software development company chosen to develop the VMS booking and scheduling platform and are responsible for the configuration of the booking system and interim VMS database. They are regarded as a processor contracted by HSCB. APTVision will provide support on an ongoing basis to the VMS booking system for the duration of its operation, as part of their contract. Their services are delivered via UK GDPR compliant G-Cloud contracts.
- BigMotive are software development company who were chosen to develop the VMS user interface and are responsible for the configuration of the VMS webforms and are regarded as a processor contracted by the HSCB. BigMotive will provide support for user experience (UX) design on an ongoing basis to HSCNI for the duration of the VMS operation, as part of their contract. Their services are delivered via UK GDPR compliant contracts.
- Business Services Organisation (BSO) is a statutory organisation providing services as a data processor for HSCB and PHA. BSO are responsible for monitoring and managing all Microsoft contracts as commissioned and monitored by HSCB and PHA. They are responsible for all VMS environments user access and provision of new user hardware (PC and phones). BSO ITS are responsible for the supply and maintenance of user hardware. PHA and HSCB have overarching SLAs with the BSO for services including ITS. Their services are managed via appropriate agreements with PHA and HSCB.
- Belfast Health and Social Care Trust (BHSCT). BHSCT is a statutory organisation providing VMS services as a processor for HSCB and PHA. BHSCT host the VMS application on their infrastructure. Their services are managed via appropriate agreements with HSCB and PHA.
- Microsoft are responsible for, within the Microsoft Azure environment including the Dynamic 365 environment, software upgrades, security patching and updates for the Vaccine Management System; these are published via MS Office 365 portal that BSO ITS have access to.
The VMS retains a full audit history of both user access (who viewed what and when) and an audit history on field-level record modifications. The later will record:
- The record that was changed,
- Who changed it,
- The value before the change,
- The value after the change for the affected fields.
APTVision meet the requirements of ISO 9001:2015 and develop/deploy their software products on the GDS approved G-Cloud provider UKCloud. UKCloud are ISO-27001, 27017 and 27018 certified.
The VMS developers follow the UK Standard Contractual Clauses (data resides in secure cloud locations within the UK). APTVision, Kainos and The Belfast Trust (BHSCT) have collectively applied the following security controls to protect the VMS:
- Multi-Factor authentication is required to access the VMS outside of BHSCT Trusted locations (BHSCT and BSO Networks). Legacy authentication has been blocked for all users.
- Common VMS data services are unavailable to everyone on WWW except for users within two Azure Active Directory groups
- APTVision sessions to the infrastructure (SSH access) records login time and IP source to track users access the APTVision system
- APTVision sessions to the admin portal are logged. There is auto logout functionality in place after session expires.
- Once logged into the tactical VMS, APTVision user actions are logged in an audit trail which includes CREATE, VIEW, UPDATE events on patient details
- Access to reporting functionality that includes export is controlled via individual user permission group that must be explicitly assigned to selected APTVision users
- SSH access require short lived (12 hour) SSH certificates, meaning regular re-authentication is required with the identity provider
- A user must have a Dynamic 365 license assigned before they are able to access federated VMS data and services.
- Application roles have been set up to ensure a “least privileged” approach (Kainos developed).
- Only required accounts have been sync’d from on premise to Azure Active Directory via AD Connect.
|AD||Active Directory, which is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services|
|AES-256||The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.|
|Azure||Microsoft Azure, commonly referred to as Azure, is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centres.|
|CMO||Chief Medical Officer who is the most senior government advisor on health matters.|
|COTS||Commercial off-the-Shelf Systems are products are packaged solutions which are then adapted to satisfy the needs of the purchasing organisation, rather than the commissioning of custom-made, or bespoke, solutions.|
|CRM||Customer Relationship Management system|
|Data Lake||A data lake is a system or repository of data stored in its natural/raw format. A data lake is usually a single store of data including raw copies of source system data, sensor data, social data etc.|
|DHCNI||Digital Health and Care Northern Ireland (DHCNI) is the data and technology lead to the Health and Social Care (HSC) system in Northern Ireland.|
|DLS||Directorate of Legal Services for Northern Ireland|
|DOH||The Department of Health for Northern Ireland|
|DPA||Data Protection Act 2018|
|DPIA||Data Protection Impact Assessment – this document.|
|G-Cloud||Is the principal commercial framework run by UK government for the purchase of cloud related software and services.|
|GDPR||This refers to the UK-General Data Protection Regulations|
|GDS||The Government Digital Service (GDS) which is part of the UK Cabinet Office. GDS’s job is digital transformation of government.|
|GMS||General Medical Services is the term used to describe the very wide range of services and support that all patients receive from their General Practitioner (GP).|
|GP||General Practitioner commonly known as a Doctor|
|GPIP||GP Intelligence Platform. An aggregated platform that’s still in development that takes data from the GP systems for sharing with other medical systems.|
|HCN||Health and Care Number. The HCN uniquely identifies a patient within the NHS in Northern Ireland. It is the equivalent of the NHS NUMBER in England and Wales.|
|HTTP||Hypertext Transfer Protocol (HTTP) is an application layer protocol for distributed, collaborative, hypermedia information systems|
|HSC||Health and Social Care|
|HSCB||The Health and Social Care Board (HSCB) is a statutory organisation that arranges or ‘commissions’ health and social care services for the population of Northern Ireland|
|HSCTs||Health and Social Care (HSC) Trusts in Northern Ireland. 5 HSC Trusts provide integrated health and social care services across Northern Ireland, the sixth is the NI Ambulance Service.|
|HSTS||HTTP Strict Transport Security (HSTS) is a web security policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking.|
|ICO||The Information Commissioner’s Office (ICO) upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.|
|IP||The Internet Protocol (IP) is the principal communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet.|
|ISO 9001:2015||ISO 9001:2015 is an international standard dedicated to Quality Management Systems (QMS).|
|ISO 27001||ISO/IEC 27001 is an international standard on how to manage information security.|
|ISO 27017||ISO/IEC 27017 is a security standard developed for cloud service providers and users to make a safer cloud-based environment and reduce the risk of security problems|
|ISO 27018||ISO/IEC 27018 is a security standard part of the ISO/IEC 27000 family of standards. It was the first international standard about the privacy in cloud computing services which was promoted by the industry.|
|ITIL||ITIL is a set of detailed practices for IT service management that focuses on aligning IT services with the needs of business|
|ITS||Information & Technology Systems|
|JCVI||The Joint Committee on Vaccination and Immunisation (JCVI) advises UK health departments on immunisation.|
|MS Dynamics||Microsoft Dynamics CRM is cloud based customer relationship management software package developed by Microsoft.|
|Multi-Factor authentication||Multi-factor authentication (MFA; encompassing Two-factor authentication or 2FA, along with similar terms) is an electronic authentication method in which a computer user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism:|
|NCSC||National Cyber Security Centre (NCSC) is an organisation of the United Kingdom Government that provides advice and support for the public and private sector in how to avoid computer security threats.|
|OWASP||Open Web Application Security Project (OWASP) is an online community that produces freely available articles, methodologies, documentation, tools, and technologies in the field of web application security|
|PAC||The Privacy Advisory Committee whose role is to advise HSC bodies about the use of information relating to patients and clients.|
|PHA||Public Health Agency is the NI body responsible for health and social wellbeing, health protection, public health support to commissioning, policy and HSC research.|
|PostgreSQL||PostgreSQL also known as Postgres, is a free and open-source relational database management system (RDBMS) emphasising extensibility and SQL compliance.|
|SLA||Service Level Agreement which describes how a service will be delivered and defines the quality aspects of the service|
|SMS||Simple Messaging Service, also known as text messages.|
|SQL||Structured Query Language is a domain-specific language used in programming and designed for managing data held in a relational database management system (RDBMS), or for stream processing in a relational data stream management system (RDSMS).|
|SSH||SSH or Secure Shell is a cryptographic network protocol for operating network services securely over an unsecured network.|
|SSL||Secure Sockets Layer (SSL) are cryptographic protocols designed to provide communications security over a computer network.|
|STAP||Service Transition Approval Process. This document provides BSO with the necessary information to take on support of a new healthcare Service.|
|TLS||The Transport Layer Security protocol aims primarily to provide privacy and data integrity between two or more communicating computer applications.|
|VMS||Vaccine Management System used to support the delivery and roll out of vaccines across Northern Ireland|
 Digital Health and Care Northern Ireland (DHCNI) is the data and technology lead to the Health and Social Care (HSC) system in Northern Ireland.
 For example, vaccine certificates, portals for SAR
 As at August 2021
 Note: Previously individuals aged 16 to 64 with underlying health conditions were prioritised; the age range was extended on 27/07/2021 to include children from the age of 12 with underlying health conditions
 This is a new category added to the priority list on 27/07/21
 Cohort added September 2021
 Updated to cover UK GDPR (following UK exit from EU ) and DPAO 2018
 There have been several additions to this cohort following first lockdown. Trusts have also been an important source of information particularly for those on immunosuppressant therapies that are red listed to primary care.
 The Business Services Organisation (BSO has established an Honest Broker Service (HBS) for Health and Social Care (HSC). The aim is to enable non-identifiable data to be safely shared to maximise the uses and health service benefits which can be gained from it, including planning, commissioning of services and public health monitoring. The HBS enables access to anonymised, aggregated and in some cases pseudonymised health and social care data to the DoH, HSC organisations and for anonymised data for health and social care related research
 Include Personal identification, contact information and H&CN
 This refers to the processing that is necessary for the performance of the official tasks carried out in the public interest in providing and managing a health service.
 Microsoft Azure DB
 At rest by default using AES-256 encryption.
 Use of the VMS for other vaccines delivered as part of the DH recommended regional vaccinations programmes will be negotiated between the parties once this Jt MOU is agreed.