National fraud initiative - level 2 fair processing notice
For the purposes of the Data Protection Act 1998, and fair processing notice requirements associated with the National Fraud Initiative, the data controller for NHS North of Tyne (working on behalf of Newcastle Primary Care Trust (PCT), North Tyneside PCT, and Northumberland Care Trust) is Ian Davison, associate director of informatics and project management.
The Audit Commission is an independent body responsible for promoting economy, efficiency and effectiveness in the use of public money. Its work covers local government, health, housing police, probation and fire & rescue services.
The Commission conducts national data matching exercises to assist in the prevention and detection of fraud.
Since 1996, the Commission has run the NFI every two years and has helped to identify fraud and overpayments totalling in excess of £400m.
This primary care organisation (PCO) is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.
The Audit Commission appoints the auditor to audit the accounts of this PCO. It is also responsible for carrying out data matching exercises.
Data matching involves comparing computer records held by one body against other computer records held by the same or another body. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found, it indicates that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.
The Audit Commission currently requires us to participate in a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Audit Commission for matching each exercise, and these are set out in the Audit Commission’s handbooks.
The use of data by the Audit Commission in a data matching exercise is carried out with statutory authority under its powers in Part 2A of the Audit Commission Act 1998. It does not require the consent of individuals concerned under the Data Protection Act 1998.
Data matching by the Audit Commission is subject to a Code of Practice. This may be found on the Audit Commission's website.
For further information on the Audit Commission’s legal powers and the reasons why it matches particular information, see the Level 3 Notice on the Audit Commission website or contact Peter Yetzes, Head of NFI on 0844 798 2222 or email nfiqueries@audit-commission.gov.uk
