Received a questionnaire?

The NHS Patient Survey Programme was established in 2002 as a result of the Government’s commitment to ensuring that patients and the public have a real say in how NHS services are planned and developed. Getting feedback from people and listening to their views is vital for improving services.

All eligible NHS trusts in England carry out local surveys asking people for their views on their recent health care experiences. One main purpose of these surveys is to provide organisations with detailed feedback on standards of service and care in order to help set priorities for delivering a better service for people in the future.

The NHS Patient Survey Programme is managed by the Care Quality Commission (CQC), the independent regulator of health and adult social care in England.

CQC works with the Survey Coordination Centre, based at Picker Institute Europe, to develop and implement the surveys.

Neither CQC nor the Survey Coordination Centre receive your name, full address or information from your medical records. This confidential information is held by the NHS trust(s) that provided your care. Researchers analysing the results of the survey will use your postcode to undertake geographical analysis of overall results.

Your answers are put together with everyone else’s who takes part.

This information is then analysed to help understand peoples’ experience at trust level, and for England as a whole. The results are published on the CQC website.

Results are used by a number of different organisations for the purposes of helping to improve NHS healthcare in England.

• CQC will use survey results in the regulation, monitoring and inspection of NHS trusts in England. Survey data will be used in CQC’s Insight system, which provides inspectors with an assessment of how NHS trusts are performing. The survey data will also form a key source of evidence to support the judgements and ratings published for trusts.
• Trusts and service commissioners, are expected to take action to improve services based on the results
• NHS England use questions from the NHS Patient Survey Programme to produce a separate index measure called the Overall Patient Experience Score. The scores are calculated in the same way each year, so that the experience of people who use NHS services can be compared over time. As part of the supporting documentation, NHS England also produce and publish a diagnostic tool to help NHS managers and the public to understand what feeds in to the overall scores and to see how scores vary across individual NHS provider organisations.

As well as the Care Quality Commission, the results are likely to be seen by the governing board and the senior managers of the trust. The trust is also encouraged to share the results with its staff and with the local community that use its services. This can be done in a range of ways, including publishing the results on the trust’s website, announcing the findings to the local media and in any trust newsletters.

Survey results are available on Care Quality Commission website.

Each trust has a Patient Advice and Liaison Service (PALS) representative who can tell you more about your local survey findings and what action is being taken to bring about improvements. You can obtain their details by visiting the trust’s website or ringing the trust directly.

Your local trust should analyse the results to find out where they can make improvements. They can compare the findings with previous years’ survey findings or with the findings of other trusts around the country that are similar to them. They then need to decide the main priorities and draw up an action plan of what needs to happen to introduce the changes. Ideally one person from the organisation takes the lead in making sure these changes take place.

Depending on what changes are needed, a range of staff can get involved in introducing improvements. The trust is also encouraged to invite patients and representatives from the local community to help in this process to ensure that their views continue to be included.

We share survey data with other organisations to help them with their work. This does not include names and addresses so it is not possible to directly identify you.

NHS England use questions from the NHS Patient Survey Programme to produce a separate index measure called the Overall Patient Experience Score. The scores are calculated in the same way each year, so that the experience of people who use NHS services can be compared over time. As part of the supporting documentation, NHS England also produce and publish a diagnostic tool to help NHS managers and the public to understand what feeds in to the overall scores and to see how scores vary across individual NHS provider organisations.

The Department of Health and Social Care and NHS England may use the results to generate aggregate indicators at local, regional and national level. These indicators form part of the range of the Outcome Frameworks and other publications. The NHS Outcomes Framework is a set of indicators developed by the Department of Health and Social Care to monitor the health outcomes of adults and children in England. This includes indicators on peoples’ experience of care. The data will also be shared with NHS Digital or other organisations, working on behalf of Department of Health and Social Care or NHS England for the purpose of generating these indicators.

As stated on all questionnaires, freetext comments provided will be looked at in full by the Care Quality Commission, NHS Trust and researchers analysing the data. This includes sharing the comments with organisations such as the Department of Health and Social Care and NHS England and Improvement.

We also send a heavily abridged version of the survey dataset to the UK Data Archive so data can be used by other researchers. This dataset is pseudonymised to ensure that no respondents are identifiable through the data. This involves a number of variables being deleted and others being recoded (for example, age is grouped into age bands, ethnicity is deleted). Pseudonymised data may also be shared with academics and other researchers upon request.

The NHS trust drew a sample of people who had recently used their services. This was used by the NHS trust, or their approved contractor, to send you the questionnaire and reminders.

This data is confidential and will only be used for the purposes of carrying out the survey. Your contact details will not be linked to your responses or shared with anyone else except in very rare cases where there is reason to believe that you or someone else is at serious risk of harm. This would only be the case if a comment is written on a questionnaire that requires us to follow up as part of our safeguarding duty. If comments on the questionnaire suggest you or someone else is at risk of serious harm, your details would be provided to the appropriate authority to investigate.

Each questionnaire has a unique reference number which is used by the trust, or the approved contractor to identify who has responded to the survey, and to send reminders to those who have not. Once the mailing process for the surveys is complete, your name and address information will be securely deleted from records relating to the survey.

Your contact details will not be linked to your responses or shared with anyone else except in very rare cases where there is reason to believe that you or someone else is at serious risk of harm. This would only be the case if a comment is written on a questionnaire that requires us to follow up as part of our safeguarding duty. If comments on the questionnaire suggest you or someone else is at risk of serious harm, your details would be provided to the appropriate authority to investigate.

All findings are reported by CQC at an aggregate level, either trust level, or England as a whole. To further help anonymity, answers are suppressed or redacted where fewer than 30 people responded (for the Children and Young People Survey, this is where fewer than 20 people responded). Approved Contractors are only permitted to share an abridged version of the data set with trusts. Data must be anonymised to ensure that indirect identification by particular characteristics is not possible. This is achieved by:

• Deleting variables for ethnicity, sexual orientation and religion.
• Deleting the variable for age and recoding this into age groups (e.g. 16-35, 36-50, 51- 65 and 66+).
• Any other additional information specific to a survey that can potentially be used to identify individual patients must be removed. For example, department type, CCG, and NHS site code.

Where a trust has carried out a survey themselves in-house (not used an approved contractor) only staff who have signed a data protection declaration are permitted access to the data. This means that staff have stated that they understand, and will comply with, the principles of the General Data Protection Regulation (GDPR). This document is also signed by the trust Caldicott Guardian. A Caldicott Guardian is usually a senior person within a trust who is responsible for protecting the confidentiality of people’s health and care information and making sure it is used properly. When sharing survey results with staff, they must adhere to the same principles as described above.

Your name and full address are only used to send you the questionnaire and are never linked to the survey responses. Only the trust, and if used, approved contractor, will hold your name and address information. This is not shared with CQC or the Survey Coordination Centres. CQC, Survey Coordination Centres and the approved contractor also receive information on gender, age, postcode, ethnicity and Clinical Commissioning Group (CCG) of people selected to take part in the survey.

Other information we receive varies by survey:

• Acute Inpatient: Year of birth, date of admission, date of discharge, length of stay, treatment function code, ICD10 code, treatment centre admission, site code of admission, site code of discharge, and whether you had COVID-19 during your hospital visit.
• Children and young people: child/young person’s month and year of birth, date of admission, date of discharge, length of stay, main speciality (of consultant), treatment function code, treatment centre admission, route of admission, site code of admission, site code of discharge.
• Community mental health: Year of birth, date of last contact, Care Programme Approach (CPA) status, Care Cluster Code.
• Maternity: Mother’s year of birth, date of delivery, place of delivery, NHS site code, postcode, and whether the trust provided your ante-natal and post-natal care.
• Urgent and Emergency Care: Year of birth, date and time of attendance, NHS Site code, Department type (Type 1 or Type 3), and whether you were treated in an area dedicated to COVID-19 or a non-COVID-19 area.

This information helps us to ensure that the people who respond to the survey match the expected profile for each trust. We also use this information to undertake additional analysis to understand how peoples’ experiences of care may differ.

In some cases, it may be possible to identify people from this data, but we would never attempt to do so. We recognise that this data is sensitive and private and we ensure that it is kept secure. We do this by having processes in place to ensure that responses are kept confidential (please see ‘Are my responses confidential?’ above for more detail) and by ensuring that data is transferred and stored securely (please see ‘How do you ensure that my data is held securely?’ below for more detail).

Under the General Data Protection Regulation (GDPR), CQC and the individual trusts are responsible as data controllers for the processing of personal data for the purposes of surveys in the NHS Patient Survey Programme.

CQC considers that the lawful basis for the processing data for the NHS Patient Survey Programme is Article 6(1) (e) of the GDPR: ‘processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.’

The NHS Patient Survey Programme also includes some special categories of personal data. This is data that under the GDPR is considered more sensitive and needs more protection, examples include, ethnicity and health information.

CQC considers that the lawful basis for the processing special categories of data is Article 9(2)(h): ‘processing is necessary for the purposes of […] the management of health or social care systems and services’ CQC and the Survey Coordination Centres obtain section 251 approval for each survey from the Confidentiality Advisory Group (CAG) at the Health Research Authority (HRA). This provides a legal basis for patient information to be used to carry out the survey, where this would otherwise be prohibited by the common law duty of confidentiality.

We also obtain ethical approval for each survey.

No. The national data opt-out does not currently apply to the surveys running under the NHS Patient Survey Programme. Should you wish to opt out please read the covering letter that you received with your questionnaire for instructions in how to opt out.

CQC take data security very seriously and have a number of policies, procedures and processes in place to help ensure information is protected.

All data is collected and handled securely in line with relevant legislation including the General Data Protection Regulation (GDPR), Data Protection Act 2018 and the NHS Code of Practice on Confidentiality (2003).

These precautions include appropriate physical security of our offices, controlled access to computer systems, use of secure, encrypted internet connections and use of restricted files accessible to authorised staff only.

CQC have implemented the following roles with responsibilities for Information Governance:

• The Caldicott Guardian ensures that CQC handles information about people who use services in an ethical and lawful way.
• The Senior Information Risk Owner (SIRO) ensures that risks relating to information are identified and properly managed.
• The Data Protection Officer (DPO) monitors and advises on compliance with data protection law.

All staff are required to undertake annual information governance training.

Data security is embedded in the contracts of organisations with which we work to implement the NHS Patient Survey Programme.

The Survey Coordination Centres and Approved Contractors have been through a competitive procurement process as part of which they provided information about their processes for ensuring the confidentiality and security of personal information.

They are compliant with the Data Security and Protection Toolkit which enables organisations to demonstrate that the way they hold and process information meets Information Governance policies and standards.

Detailed instructions are provided both for trusts and contractors on how to undertake the surveys. This includes guidelines on the use and security of the data.

When information is no longer required it is destroyed. Once the mailing process for the survey is complete, name and address information is destroyed. Paper copies of the questionnaire are destroyed once data checks and analysis are complete.