Direct Debit information data loss
Dear NHS Business Services Authority,
Please could I ask for a full explanation of the recent issue with NHSBA loosing all the direct debit information from the system and having to re-submit this information.
I would be kindly interested in when this was identified and by whom i.e a customer/staff member, and what was the cause of the data loss, including the specifics of how this has caused the data loss, and can this data loss be proved where this information has gone to.
Finally what assurances are in place for those who's data has been lost and what assurance going forward this will not happen again.
Yours faithfully,
Mr J Greenwood
Thank you for your email
If your request relates to:
· Your own personal information, or someone you legally
represent,then this will be processed as a Data Protection Subject Access
Request. The request will be processed as detailed at
[1]http://www.nhsbsa.nhs.uk/DataProtection....
· ‘Business as usual’ then this will be forwarded to the relevant
team who will contact you. For example, you require an application form
or an NHS Pension estimate
· You exercising a legal power relating to your organisation or
legal role then this will be responded to under the terms of that
legislation.
· Anything else. This will be dealt with under the Freedom of
Information Act. The request will be processed as shown at
[2]http://www.nhsbsa.nhs.uk/FreedomOfInform...
References
Visible links
1. http://www.nhsbsa.nhs.uk/DataProtection....
2. http://www.nhsbsa.nhs.uk/FreedomOfInform...
Dear Mr Greenwood
I refer to your request under the Freedom of Information Act, which I
received on 26 August 2016 for information about the following:
‘Please could I ask for a full explanation of the recent issue with NHSBA
loosing all the direct debit information from the system and having to
re-submit this information. I would be kindly interested in when this was
identified and by whom i.e a customer/staff member, and what was the cause
of the data loss, including the specifics of how this has caused the data
loss, and can this data loss be proved where this information has gone to.
Finally what assurances are in place for those who's data has been lost
and what assurance going forward this will not happen again. Yours
faithfully,’
Summary of Response
I am writing to advise you that following a search of our paper and
electronic records, I have established that the information you requested
is not held by the NHS Business Services Authority.
At no point has data been lost.
Direct Debit PPC Auto Renewals
A business process issue was identified in mid-May when we received an
extremely high number of rejections of Direct Debit payments from BACS.
Upon investigation we discovered our new third party provider, which we
transferred to in January 2016 from our previous solution (we had this
since the start in June 2007), was sending to BACS a transaction code “19”
which instructs the customer’s bank to pay us a final payment. No other
payments can be taken after this. The previous solution had a bespoke
capability to never send a transaction code “19” so continuous payment was
possible.
Initially work was required to cancel all the accounts and send letters to
those affected. This included all accounts automatically renewed since
January 2016 and are about to/had a failed payment 26,358 accounts were
affected. System changes were also necessary to prevent any further Direct
Debit auto renewals built into the standard reminder letter process until
the process could be redeveloped.
Therefore since mid-June we have been working with BACS and our banking
sponsor to re-design the auto renewal process. This was delivered very
recently on 16th August after significant and fundamental changes to the
automated process. The auto renewal process provides significant cost
savings to the business as well as providing the customer with a
transparent service and therefore considered a high priority change.
Over 650,000 active accounts and up to 6 month old accounts were
transferred to the new solution. The data was sent encrypted to the
provider who is BACS accredited and who imported the data into the new
system. The NHSBSA performed an analysis of this data which checked every
account automatically and to pin point any irregularities that had
occurred during the import. This had been tested with a full anonymised
data set from production 5x times to assure the process and both
organisations were involved in verifying the test results.
Please note that this response will be published on our Freedom of
Information disclosure log at:
[1]https://apps.nhsbsa.nhs.uk/FOI/foiReques...
Your personal details will be removed from the published response.
If you are unhappy with the service you have received in relation to your
request and wish to make a complaint or request a review of my decision,
please write to:
Chris Gooday
Information Governance Manager
NHS Business Services Authority
Stella House
Goldcrest Way
Newburn Riverside Business Park
Newcastle upon Tyne
NE15 8NY
Details of how we will handle your review request are available on our
website at:
[2]http://www.nhsbsa.nhs.uk/Documents/NHSBS...
If you are not content with the outcome of your complaint, you may apply
directly to the Information Commissioner’s Office (ICO) for a decision.
Please note that generally, the ICO cannot make a decision unless you have
exhausted the NHS Business Services Authority’s complaints procedure.
The Information Commissioner can be contacted at:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 01625 545 745
Fax: 01625 524 510
Email: [3][email address]
We would also value your feedback regarding the way in which your request
was handled. You can provide us with direct feedback on our website at the
following address:
[4]https://www.ppa.org.uk/FOI_survey_form/d...
Any feedback you provide will be strictly anonymous and much appreciated.
Regards
Chris Dunn
Information Governance Assistant
Corporate Governance
Tel 0191 2035352
Internal tel 500 5352
Fax 0191 264 5281
[5]www.nhsbsa.nhs.uk
[6]Description: Description: Description: NHSBSA Header (356K)
Stella House, Goldcrest Way, Newburn Riverside Business Park, Newcastle
upon Tyne NE15 8NY
Please read our email disclaimer online at:
[7]http://www.nhsbsa.nhs.uk/email.
To reduce our environmental footprint, please only print when necessary.
References
Visible links
1. https://apps.nhsbsa.nhs.uk/FOI/foiReques...
2. http://www.nhsbsa.nhs.uk/Documents/NHSBS...
3. mailto:[email address]
4. https://www.ppa.org.uk/FOI_survey_form/d...
5. http://www.nhsbsa.nhs.uk/
7. http://www.nhsbsa.nhs.uk/email
Dear Mr Greenwood
Further to my below response, it has been brought to my attention that,
while it is true that there had been no data loss, the explanation was
incorrect. Please see the below amended response:
Response Summary
At no point has any customer data been lost.
On the 17th May 2016 it was identified that a system issue was preventing
automatic renewals of NHS Prescription Prepayment Certificates (PPC) to
take place. The auto-renewals were reinstated on 16th August 2016. During
the period without auto-renewals being in place, customers were required
to make new applications which is in line with BACS guidance. The issue is
now resolved and the auto-renewal process is functioning as expected.
Please accept my apologies for the inaccurate response which was provided
to you.
Please note that this response will be published on our Freedom of
Information disclosure log at:
[1]https://apps.nhsbsa.nhs.uk/FOI/foiReques...
Your personal details will be removed from the published response.
Regards
Chris Dunn
Information Governance Assistant
Corporate Governance
Tel 0191 2035352
Internal tel 500 5352
Fax 0191 264 5281
[2]www.nhsbsa.nhs.uk
[3]Description: Description: Description: NHSBSA Header (356K)
Stella House, Goldcrest Way, Newburn Riverside Business Park, Newcastle
upon Tyne NE15 8NY
Please read our email disclaimer online at:
[4]http://www.nhsbsa.nhs.uk/email.
To reduce our environmental footprint, please only print when necessary.
From: FOIRequests Nhsbsa (NHS BUSINESS SERVICES AUTHORITY)
Sent: 19 September 2016 16:24
To: '[FOI #354840 email]'
Cc: Gooday Chris (NHS BUSINESS SERVICES AUTHORITY)
Subject: FOI Request Final Response 6415
Dear Mr Greenwood
I refer to your request under the Freedom of Information Act, which I
received on 26 August 2016 for information about the following:
‘Please could I ask for a full explanation of the recent issue with NHSBA
loosing all the direct debit information from the system and having to
re-submit this information. I would be kindly interested in when this was
identified and by whom i.e a customer/staff member, and what was the cause
of the data loss, including the specifics of how this has caused the data
loss, and can this data loss be proved where this information has gone to.
Finally what assurances are in place for those who's data has been lost
and what assurance going forward this will not happen again. Yours
faithfully,’
Summary of Response
I am writing to advise you that following a search of our paper and
electronic records, I have established that the information you requested
is not held by the NHS Business Services Authority.
At no point has data been lost.
Direct Debit PPC Auto Renewals
A business process issue was identified in mid-May when we received an
extremely high number of rejections of Direct Debit payments from BACS.
Upon investigation we discovered our new third party provider, which we
transferred to in January 2016 from our previous solution (we had this
since the start in June 2007), was sending to BACS a transaction code “19”
which instructs the customer’s bank to pay us a final payment. No other
payments can be taken after this. The previous solution had a bespoke
capability to never send a transaction code “19” so continuous payment was
possible.
Initially work was required to cancel all the accounts and send letters to
those affected. This included all accounts automatically renewed since
January 2016 and are about to/had a failed payment 26,358 accounts were
affected. System changes were also necessary to prevent any further Direct
Debit auto renewals built into the standard reminder letter process until
the process could be redeveloped.
Therefore since mid-June we have been working with BACS and our banking
sponsor to re-design the auto renewal process. This was delivered very
recently on 16th August after significant and fundamental changes to the
automated process. The auto renewal process provides significant cost
savings to the business as well as providing the customer with a
transparent service and therefore considered a high priority change.
Over 650,000 active accounts and up to 6 month old accounts were
transferred to the new solution. The data was sent encrypted to the
provider who is BACS accredited and who imported the data into the new
system. The NHSBSA performed an analysis of this data which checked every
account automatically and to pin point any irregularities that had
occurred during the import. This had been tested with a full anonymised
data set from production 5x times to assure the process and both
organisations were involved in verifying the test results.
Please note that this response will be published on our Freedom of
Information disclosure log at:
[5]https://apps.nhsbsa.nhs.uk/FOI/foiReques...
Your personal details will be removed from the published response.
If you are unhappy with the service you have received in relation to your
request and wish to make a complaint or request a review of my decision,
please write to:
Chris Gooday
Information Governance Manager
NHS Business Services Authority
Stella House
Goldcrest Way
Newburn Riverside Business Park
Newcastle upon Tyne
NE15 8NY
Details of how we will handle your review request are available on our
website at:
[6]http://www.nhsbsa.nhs.uk/Documents/NHSBS...
If you are not content with the outcome of your complaint, you may apply
directly to the Information Commissioner’s Office (ICO) for a decision.
Please note that generally, the ICO cannot make a decision unless you have
exhausted the NHS Business Services Authority’s complaints procedure.
The Information Commissioner can be contacted at:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 01625 545 745
Fax: 01625 524 510
Email: [7][email address]
We would also value your feedback regarding the way in which your request
was handled. You can provide us with direct feedback on our website at the
following address:
[8]https://www.ppa.org.uk/FOI_survey_form/d...
Any feedback you provide will be strictly anonymous and much appreciated.
Regards
Chris Dunn
Information Governance Assistant
Corporate Governance
Tel 0191 2035352
Internal tel 500 5352
Fax 0191 264 5281
[9]www.nhsbsa.nhs.uk
[10]Description: Description: Description: NHSBSA Header (356K)
Stella House, Goldcrest Way, Newburn Riverside Business Park, Newcastle
upon Tyne NE15 8NY
Please read our email disclaimer online at:
[11]http://www.nhsbsa.nhs.uk/email.
To reduce our environmental footprint, please only print when necessary.
References
Visible links
1. https://apps.nhsbsa.nhs.uk/FOI/foiReques...
2. http://www.nhsbsa.nhs.uk/
4. http://www.nhsbsa.nhs.uk/email
5. https://apps.nhsbsa.nhs.uk/FOI/foiReques...
6. http://www.nhsbsa.nhs.uk/Documents/NHSBS...
7. mailto:[email address]
8. https://www.ppa.org.uk/FOI_survey_form/d...
9. http://www.nhsbsa.nhs.uk/
11. http://www.nhsbsa.nhs.uk/email
We work to defend the right to FOI for everyone
Help us protect your right to hold public authorities to account. Donate and support our work.
Donate Now