Putting Barnsley people first...
Invoice validation
Invoice Validation
Data Controller(s) |
NHS Barnsley CCG |
Purpose |
Invoice validation is part of the process by which providers of care or services get paid for the work they do. Invoices, with supporting information, are submitted to the CCG of their service for payment, but before payment can be released, the CCG needs to ensure that the activity claimed for each patient is their responsibility. These invoices are validated within a special secure area known as a Controlled Environment for Finance (CEF), hosted on our behalf by NHS Rotherham CCG, to ensure that the right amount of money is paid, by the right organisation, for the treatment provided. The process followed ensures that only the minimum amount of information about individuals is used by a very limited number of people and is designed to protect confidentiality. |
Type of information Used |
Identifiable (NHS number, date of birth or postcode) and Special Category (health information) |
Legal basis |
UK GDPR Article 6(1)(e) – processing is necessary for the performance of a task carried out in the exercise of official authority vested in the controller. UK GDPR Article 9(2)(h) processing is necessary for the purposes of the provision of health or social care or treatment or the management of health or social care systems and services. A section 251 approval (CAG 7-07(a)(b)(c)/2013) from the Secretary of State, through the Confidentiality Advisory Group of the Health Research Authority, enables the CCG to process identifiable information for the purpose of invoice validation within a Controlled Environment for Finance. |
How we collect (the source) and use the information |
Organisations that provide treatment submit their invoices to the CCG for payment. The nominated secure area (Controlled Environment for Finance) receives additional information, including the NHS Number, or occasionally date of birth and postcode, from the organisation that provided the treatment. NHS Digital sends information into the secure area, including the NHS number and details of the treatment received. The information is then validated ensuring that any discrepancies are investigated and resolved between the Controlled Environment for Finance and the organisation that submitted the invoice. The invoices will be paid when the validation is completed. The CCG does not receive any identifiable information for purposes of invoice validation, however we do receive aggregated reports to help us manage our finances. |
Data Processors |
NHS Rotherham CCG who operate the Controlled Environment for Finance as a shared service. NHS Shared Business Services - used by the Controlled Environment for Finance as a Data Processor |
Transfers of Data Overseas
|
NHS SBS carry out some of their processing activity in India. Where this occurs, it is governed by the use of approved Model Contract Clauses. |
Your Rights |
With regards to Invoice Validation under UK GDPR you have the right:
Invoice Validation has been granted an exemption from the National Data Opt-Out by the Confidentiality Advisory Group. |
How long we will keep the information |
Invoices are retained for 6 years after the end of the financial year to which they relate. |
Who we will share the information with (recipients) |
This information is not shared outside of the CCG. |