Direct Debit information data loss

The request was successful.

Dear NHS Business Services Authority,

Please could I ask for a full explanation of the recent issue with NHSBA loosing all the direct debit information from the system and having to re-submit this information.

I would be kindly interested in when this was identified and by whom i.e a customer/staff member, and what was the cause of the data loss, including the specifics of how this has caused the data loss, and can this data loss be proved where this information has gone to.
Finally what assurances are in place for those who's data has been lost and what assurance going forward this will not happen again.

Yours faithfully,

Mr J Greenwood

FOIRequests Nhsbsa (NHS BUSINESS SERVICES AUTHORITY),

Thank you for your email

If your request relates to:

·         Your own personal information, or someone you legally
represent,then this will be processed as a Data Protection Subject Access
Request.  The request will be processed as detailed at
[1]http://www.nhsbsa.nhs.uk/DataProtection....

·         ‘Business as usual’ then this will be forwarded to the relevant
team who will contact you.  For example, you require an application form
or an NHS Pension estimate

·         You exercising a legal power relating to your organisation or
legal role then this will be responded to under the terms of that
legislation.

·         Anything else. This will be dealt with under the Freedom of
Information Act.  The request will be processed as shown at
[2]http://www.nhsbsa.nhs.uk/FreedomOfInform...

show quoted sections

References

Visible links
1. http://www.nhsbsa.nhs.uk/DataProtection....
2. http://www.nhsbsa.nhs.uk/FreedomOfInform...

FOIRequests Nhsbsa (NHS BUSINESS SERVICES AUTHORITY),

1 Attachment

Dear Mr Greenwood

 

I refer to your request under the Freedom of Information Act, which I
received on 26 August 2016 for information about the following:

 

‘Please could I ask for a full explanation of the recent issue with NHSBA
loosing all the direct debit information from the system and having to
re-submit this information. I would be kindly interested in when this was
identified and by whom i.e a customer/staff member, and what was the cause
of the data loss, including the specifics of how this has caused the data
loss, and can this data loss be proved where this information has gone to.
Finally what assurances are in place for those who's data has been lost
and what assurance going forward this will not happen again. Yours
faithfully,’

 

 

Summary of Response

 

I am writing to advise you that following a search of our paper and
electronic records, I have established that the information you requested
is not held by the NHS Business Services Authority.

 

At no point has data been lost.

 

Direct Debit PPC Auto Renewals

 

A business process issue was identified in mid-May when we received an
extremely high number of rejections of Direct Debit payments from BACS.

 

Upon investigation we discovered our new third party provider, which we
transferred to in January 2016 from our previous solution (we had this
since the start in June 2007), was sending to BACS a transaction code “19”
which instructs the customer’s bank to pay us a final payment. No other
payments can be taken after this. The previous solution had a bespoke
capability to never send a transaction code “19” so continuous payment was
possible.

 

Initially work was required to cancel all the accounts and send letters to
those affected. This included all accounts automatically renewed since
January 2016 and are about to/had a failed payment 26,358 accounts were
affected. System changes were also necessary to prevent any further Direct
Debit auto renewals built into the standard reminder letter process until
the process could be redeveloped.

 

Therefore since mid-June we have been working with BACS and our banking
sponsor to re-design the auto renewal process. This was delivered very
recently on 16th August after significant and fundamental changes to the
automated process. The auto renewal process provides significant cost
savings to the business as well as providing the customer with a
transparent service and therefore considered a high priority change.

 

Over 650,000 active accounts and up to 6 month old accounts were
transferred to the new solution. The data was sent encrypted to the
provider who is BACS accredited and who imported the data into the new
system. The NHSBSA performed an analysis of this data which checked every
account automatically and to pin point any irregularities that had
occurred during the import. This had been tested with a full anonymised
data set from production 5x times to assure the process and both
organisations were involved in verifying the test results.

 

Please note that this response will be published on our Freedom of
Information disclosure log at:

 

[1]https://apps.nhsbsa.nhs.uk/FOI/foiReques...

 

Your personal details will be removed from the published response.

 

If you are unhappy with the service you have received in relation to your
request and wish to make a complaint or request a review of my decision,
please write to:

 

Chris Gooday

Information Governance Manager

NHS Business Services Authority

Stella House

Goldcrest Way

Newburn Riverside Business Park

Newcastle upon Tyne

NE15 8NY

 

Details of how we will handle your review request are available on our
website at:

 

[2]http://www.nhsbsa.nhs.uk/Documents/NHSBS...

 

If you are not content with the outcome of your complaint, you may apply
directly to the Information Commissioner’s Office (ICO) for a decision.
Please note that generally, the ICO cannot make a decision unless you have
exhausted the NHS Business Services Authority’s complaints procedure.

 

The Information Commissioner can be contacted at:

 

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Tel:  01625 545 745

Fax: 01625 524 510

Email: [3][email address]

 

We would also value your feedback regarding the way in which your request
was handled. You can provide us with direct feedback on our website at the
following address:

 

[4]https://www.ppa.org.uk/FOI_survey_form/d...

 

Any feedback you provide will be strictly anonymous and much appreciated.

 

 

Regards

 

Chris Dunn

Information Governance Assistant

Corporate Governance

Tel 0191 2035352

Internal tel 500 5352

Fax 0191 264 5281

[5]www.nhsbsa.nhs.uk

[6]Description: Description: Description: NHSBSA Header (356K)

Stella House, Goldcrest Way, Newburn Riverside Business Park, Newcastle
upon Tyne NE15 8NY

 

Please read our email disclaimer online at:
[7]http://www.nhsbsa.nhs.uk/email.

To reduce our environmental footprint, please only print when necessary.

 

show quoted sections

References

Visible links
1. https://apps.nhsbsa.nhs.uk/FOI/foiReques...
2. http://www.nhsbsa.nhs.uk/Documents/NHSBS...
3. mailto:[email address]
4. https://www.ppa.org.uk/FOI_survey_form/d...
5. http://www.nhsbsa.nhs.uk/
7. http://www.nhsbsa.nhs.uk/email

FOIRequests Nhsbsa (NHS BUSINESS SERVICES AUTHORITY),

1 Attachment

Dear Mr Greenwood

 

Further to my below response, it has been brought to my attention that,
while it is true that there had been no data loss, the explanation was
incorrect. Please see the below amended response:

 

Response Summary

 

At no point has any customer data been lost.

 

On the 17th May 2016 it was identified that a system issue was preventing
automatic renewals of NHS Prescription Prepayment Certificates (PPC) to
take place. The auto-renewals were reinstated on 16th August 2016. During
the period without auto-renewals being in place, customers were required
to make new applications which is in line with BACS guidance. The issue is
now resolved and the auto-renewal process is functioning as expected.

 

Please accept my apologies for the inaccurate response which was provided
to you.

 

Please note that this response will be published on our Freedom of
Information disclosure log at:

 

[1]https://apps.nhsbsa.nhs.uk/FOI/foiReques...  

 

Your personal details will be removed from the published response.

 

Regards

 

Chris Dunn

Information Governance Assistant

Corporate Governance

Tel 0191 2035352

Internal tel 500 5352

Fax 0191 264 5281

[2]www.nhsbsa.nhs.uk

[3]Description: Description: Description: NHSBSA Header (356K)

Stella House, Goldcrest Way, Newburn Riverside Business Park, Newcastle
upon Tyne NE15 8NY

 

Please read our email disclaimer online at:
[4]http://www.nhsbsa.nhs.uk/email.

To reduce our environmental footprint, please only print when necessary.

 

 

 

 

From: FOIRequests Nhsbsa (NHS BUSINESS SERVICES AUTHORITY)
Sent: 19 September 2016 16:24
To: '[FOI #354840 email]'
Cc: Gooday Chris (NHS BUSINESS SERVICES AUTHORITY)
Subject: FOI Request Final Response 6415

 

Dear Mr Greenwood

 

I refer to your request under the Freedom of Information Act, which I
received on 26 August 2016 for information about the following:

 

‘Please could I ask for a full explanation of the recent issue with NHSBA
loosing all the direct debit information from the system and having to
re-submit this information. I would be kindly interested in when this was
identified and by whom i.e a customer/staff member, and what was the cause
of the data loss, including the specifics of how this has caused the data
loss, and can this data loss be proved where this information has gone to.
Finally what assurances are in place for those who's data has been lost
and what assurance going forward this will not happen again. Yours
faithfully,’

 

 

Summary of Response

 

I am writing to advise you that following a search of our paper and
electronic records, I have established that the information you requested
is not held by the NHS Business Services Authority.

 

At no point has data been lost.

 

Direct Debit PPC Auto Renewals

 

A business process issue was identified in mid-May when we received an
extremely high number of rejections of Direct Debit payments from BACS.

 

Upon investigation we discovered our new third party provider, which we
transferred to in January 2016 from our previous solution (we had this
since the start in June 2007), was sending to BACS a transaction code “19”
which instructs the customer’s bank to pay us a final payment. No other
payments can be taken after this. The previous solution had a bespoke
capability to never send a transaction code “19” so continuous payment was
possible.

 

Initially work was required to cancel all the accounts and send letters to
those affected. This included all accounts automatically renewed since
January 2016 and are about to/had a failed payment 26,358 accounts were
affected. System changes were also necessary to prevent any further Direct
Debit auto renewals built into the standard reminder letter process until
the process could be redeveloped.

 

Therefore since mid-June we have been working with BACS and our banking
sponsor to re-design the auto renewal process. This was delivered very
recently on 16th August after significant and fundamental changes to the
automated process. The auto renewal process provides significant cost
savings to the business as well as providing the customer with a
transparent service and therefore considered a high priority change.

 

Over 650,000 active accounts and up to 6 month old accounts were
transferred to the new solution. The data was sent encrypted to the
provider who is BACS accredited and who imported the data into the new
system. The NHSBSA performed an analysis of this data which checked every
account automatically and to pin point any irregularities that had
occurred during the import. This had been tested with a full anonymised
data set from production 5x times to assure the process and both
organisations were involved in verifying the test results.

 

Please note that this response will be published on our Freedom of
Information disclosure log at:

 

[5]https://apps.nhsbsa.nhs.uk/FOI/foiReques...

 

Your personal details will be removed from the published response.

 

If you are unhappy with the service you have received in relation to your
request and wish to make a complaint or request a review of my decision,
please write to:

 

Chris Gooday

Information Governance Manager

NHS Business Services Authority

Stella House

Goldcrest Way

Newburn Riverside Business Park

Newcastle upon Tyne

NE15 8NY

 

Details of how we will handle your review request are available on our
website at:

 

[6]http://www.nhsbsa.nhs.uk/Documents/NHSBS...

 

If you are not content with the outcome of your complaint, you may apply
directly to the Information Commissioner’s Office (ICO) for a decision.
Please note that generally, the ICO cannot make a decision unless you have
exhausted the NHS Business Services Authority’s complaints procedure.

 

The Information Commissioner can be contacted at:

 

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Tel:  01625 545 745

Fax: 01625 524 510

Email: [7][email address]

 

We would also value your feedback regarding the way in which your request
was handled. You can provide us with direct feedback on our website at the
following address:

 

[8]https://www.ppa.org.uk/FOI_survey_form/d...

 

Any feedback you provide will be strictly anonymous and much appreciated.

 

 

Regards

 

Chris Dunn

Information Governance Assistant

Corporate Governance

Tel 0191 2035352

Internal tel 500 5352

Fax 0191 264 5281

[9]www.nhsbsa.nhs.uk

[10]Description: Description: Description: NHSBSA Header (356K)

Stella House, Goldcrest Way, Newburn Riverside Business Park, Newcastle
upon Tyne NE15 8NY

 

Please read our email disclaimer online at:
[11]http://www.nhsbsa.nhs.uk/email.

To reduce our environmental footprint, please only print when necessary.

 

show quoted sections

References

Visible links
1. https://apps.nhsbsa.nhs.uk/FOI/foiReques...
2. http://www.nhsbsa.nhs.uk/
4. http://www.nhsbsa.nhs.uk/email
5. https://apps.nhsbsa.nhs.uk/FOI/foiReques...
6. http://www.nhsbsa.nhs.uk/Documents/NHSBS...
7. mailto:[email address]
8. https://www.ppa.org.uk/FOI_survey_form/d...
9. http://www.nhsbsa.nhs.uk/
11. http://www.nhsbsa.nhs.uk/email