Common use of Summary of the Sharing Requirement Purpose Clause in Contracts

Summary of the Sharing Requirement Purpose. The integrated Commissioning Team for Adult Services brings together the Surrey County Council Commissioning Team for Adult Services and the NHS Surrey Heartlands CCG Adult Services Commissioning Team. This integrated team of health and social care staff will be responsible for commissioning (planning, buying and quality assuring) a range of health and social care services for adults on behalf of Surrey County Council (SCC) and Surrey Heartlands Clinical Commissioning Group (the CCG). Data will be shared as follows: • Commercially Sensitive Data (including data relating to contracts and spend) – will be accessed via written request to the appropriate SCC / CCG Information Asset Owner. This data be stored on electronic filing systems / ICT systems that are secure with access restricted to only those that require it; • Staff Personal Data (including special category data such as Occupational Health records etc.) – will be accessed via written request to the CCG / SCC HR Department and only be provided following written authorisation from the SCC / CCG Information Asset Owner. This data be stored on secure electronic filing systems / ICT systems of SCC / CCG with access restricted to only those that require it; • Anonymised and Pseudonymised Personal Data relating to CCG Commissioned Services will be accessed via written request to the CCG’s Information Team. Pseudonymise data will be transferred via secure file transfer or email encrypted to AES256 bit. Pseudonymised data be stored on secure electronic filing systems / ICT systems of SCC / CCG with access restricted to only those that require it. Details of storage and processing address for pseudonymised CCG data will be provided to the CCG and NHS Digital as required; • Anonymised and Pseudonymised Personal Data relating to SCC Commissioned Services will be accessed via written request to SCC’s Information Team. Pseudonymise data will be transferred via secure file transfer or email encrypted to AES256 bit. Pseudonymised data be stored on secure electronic filing systems / ICT systems of SCC / CCG with access restricted to only those that require it; • Identifiable data relating to patients will be accessed via written request to the SCC / CCG Information Asset Owner and only be provided following written authorisation from the SCC / CCG Caldicott Guardian. This data will be stored on secure electronic filing systems / ICT systems for SCC / CCG with access restricted to only those that require it. The privacy arrangements are considered satisfactory as:

Summary of the Sharing Requirement Purpose. The integrated Children’s Commissioning Team for Adult Services brings together the Surrey County Council Children’s Commissioning Team for Adult Services and the NHS Surrey Heartlands CCG Adult Services Children’s Commissioning Team. This integrated team of health and social care staff will be responsible for commissioning (planning, buying and quality assuring) a range of health and social care services for adults a variety of children, young people and families with eligible needs on behalf of Surrey County Council (SCC) and Surrey Heartlands Clinical Commissioning Group (the CCG). Data will be shared as follows: • Commercially Sensitive Data (including data relating to contracts and spend) – will be accessed via written request to the appropriate SCC / CCG Information Asset Owner. This data be stored on electronic filing systems / ICT systems that are secure with access restricted to only those that require it; • Staff Personal Data (including special category data such as Occupational Health records etc.) – will be accessed via written request to the CCG / SCC HR Department and only be provided following written authorisation from the SCC / CCG Information Asset Owner. This data be stored on secure electronic filing systems / ICT systems of SCC / CCG with access restricted to only those that require it; • Anonymised and Pseudonymised Personal Data relating to CCG Commissioned Services will be accessed via written request to the CCG’s Information Team. Pseudonymise data will be transferred via secure file transfer or email encrypted to AES256 bit. Pseudonymised data be stored on secure electronic filing systems / ICT systems of SCC / CCG with access restricted to only those that require it. Details of storage and processing address for pseudonymised CCG data will be provided to the CCG and NHS Digital as required; • Anonymised and Pseudonymised Personal Data relating to SCC Commissioned Services will be accessed via written request to SCC’s Information Team. Pseudonymise data will be transferred via secure file transfer or email encrypted to AES256 bit. Pseudonymised data be stored on secure electronic filing systems / ICT systems of SCC / CCG with access restricted to only those that require it; • Identifiable data relating to patients will be accessed via written request to the SCC / CCG Information Asset Owner and only be provided following written authorisation from the SCC / CCG Caldicott Guardian. This data will be stored on secure electronic filing systems / ICT systems for SCC / CCG with access restricted to only those that require it. The privacy arrangements are considered satisfactory as:

Summary of the Sharing Requirement Purpose. The integrated Commissioning Team for Adult Services brings together the Surrey County Council Adults Services Commissioning Team for Adult Services and the NHS Surrey Heartlands CCG Commissioning Team for Adult Services Commissioning TeamServices. This integrated team of health and social care staff will be responsible for commissioning (planning, buying and quality assuring) a range of health and social care services for adults on behalf of Surrey County Council (SCC) and Surrey Heartlands Clinical Commissioning Group (the CCG). Data will be shared as follows: • Commercially Sensitive Data (including data relating to contracts and spend) – will be accessed via written request to the appropriate SCC / CCG Information Asset Owner. This data be stored on electronic filing systems / ICT systems that are secure with access restricted to only those that require it; • Staff Personal Data (including special category data such as Occupational Health records etc.) – will be accessed via written request to the CCG / SCC HR Department and only be provided following written authorisation from the SCC / CCG Information Asset Owner. This data be stored on secure electronic filing systems / ICT systems of SCC / CCG with access restricted to only those that require it; • Anonymised and Pseudonymised Personal Data relating to CCG Commissioned Services will be accessed via written request to the CCG’s Information Team. Pseudonymise data will be transferred via secure file transfer or email encrypted to AES256 bit. Pseudonymised data be stored on secure electronic filing systems / ICT systems of SCC / CCG with access restricted to only those that require it. Details of storage and processing address for pseudonymised CCG data will be provided to the CCG and NHS Digital as required; • Anonymised and Pseudonymised Personal Data relating to SCC Commissioned Services will be accessed via written request to SCC’s Information Team. Pseudonymise data will be transferred via secure file transfer or email encrypted to AES256 bit. Pseudonymised data be stored on secure electronic filing systems / ICT systems of SCC / CCG with access restricted to only those that require it; • Identifiable data relating to patients will be accessed via written request to the SCC / CCG Information Asset Owner and only be provided following written authorisation from the SCC / CCG Caldicott Guardian. This data will be stored on secure electronic filing systems / ICT systems for SCC / CCG with access restricted to only those that require it. The privacy arrangements are considered satisfactory as:

Summary of the Sharing Requirement Purpose. The integrated Children’s Commissioning Team for Adult Services brings together the Surrey County Council Children’s Commissioning Team for Adult Services and the NHS Surrey Heartlands CCG Adult Services Children’s Commissioning Team. This integrated team of health and social care staff will be responsible for commissioning (planning, buying and quality assuring) a range of health and social care services for adults a variety of children, young people and families with eligible needs on behalf of Surrey County Council (SCC) and Surrey Heartlands Clinical Commissioning Group (the CCG). Data will be shared as follows: • Commercially Sensitive Data (including data relating to contracts and spend) – will be accessed via written request to the appropriate SCC / CCG Information Asset Owner. This data be stored on electronic filing systems / ICT systems that are secure with access restricted to only those that require it; • Staff Personal Data (including special category data such as Occupational Health records etc.) – will be accessed via written request to the CCG / SCC HR Department and only be provided following written authorisation from the SCC / CCG Information Asset Owner. This data be stored on secure electronic filing systems / ICT systems of SCC / CCG with access restricted to only those that require it; • Anonymised and Pseudonymised Personal Data relating to CCG Commissioned Services will be accessed via written request to the CCG’s Information Team. Pseudonymise data will be transferred via secure file transfer or email encrypted to AES256 bit. Pseudonymised data be stored on secure electronic filing systems / ICT systems of SCC / CCG with access restricted to only those that require it. Details of storage and processing address for pseudonymised CCG data will be provided to the CCG and NHS Digital as required; • Anonymised and Pseudonymised Personal Data relating to SCC Commissioned Services will be accessed via written request to SCC’s Information Team. Pseudonymise data will be transferred via secure file transfer or email encrypted to AES256 bit. Pseudonymised data be stored on secure electronic filing systems / ICT systems of SCC / CCG with access restricted to only those that require it; • Identifiable data relating to patients / service users will be accessed via written request to the SCC / CCG Information Asset Owner and only be provided following written authorisation from the SCC / CCG Caldicott Guardian. This data will be stored on secure electronic filing systems / ICT systems for SCC / CCG with access restricted to only those that require it. The privacy arrangements are considered satisfactory as: