NHSCFA Data Strategy

The NHSCFA's 2020-2023 data strategy sets out our approach to emphasise standards of good practice regarding all aspects concerning the gathering, use, storage and retention of data.


This is a concise version of the longer NHSCFA Data Strategy. It has been abridged to make it more accessible to a wider audience. The original document is available on request (please contact generalenquiries@nhscfa.gov.uk)


The purpose of this document is to outline the objectives of the NHS Counter Fraud Authority (NHSCFA) Data Strategy and describe the approaches that supports, and will continue to support, the organisation and its aims through the strategic application and exploitation of data over the next 3 years (2021/22 - 2024/25).

This strategy additionally acts as a continuation of the 2018/19 – 2020/21 Data Strategy and seeks to build on the success of the aims and objectives contained within that strategy.

Data use underpins almost every function and activity of the NHSCFA and this strategy is designed as an overarching document for internal and external audiences (including, but not limited to, other stakeholders across the NHS, the wider public sector and the general public) to articulate the direction and approach that will be adopted over the next three years.

NHSCFA intends to use this strategy to emphasise standards of good practice regarding all aspects concerning the gathering, use, storage and retention of data. The objectives of this strategy reinforce our commitment to the general public who, as recipients of NHS treatment or as employees of the NHS itself, have a right to know how their personal data is being used and to be assured it is being properly handled. NHSCFA recognises these obligations and, through this strategy and its delivery, will uphold these principles throughout all activity.


This strategy was developed to be aligned of the current environment of rapid change concerning data use that is taking place in the public sector. In November 2020 the UK Government launched a data strategy for the NHS, aiming to streamline processes concerning data use, including a reduction in duplicate data requests and improvements to the ways data is collected and shared across the public sector.

Alongside the above strategy the Secretary of State for Health and Social Care tasked NHSX with bringing together key national organisations that use health and care data into a ‘Data Alliance Partnership’. This group brings together key stakeholders across the NHS, including (alongside NHSCFA) a number of key arm lengths bodies. The purpose of this group is to agree principles on data collection, sharing and use to minimise the burden of data collection and processing. It will facilitate increased access to data, by making aggregate/anonymised data accessible by default, for legitimate purposes and within existing legislation.

Finally, the timing of this strategy coincides with the maturation of the Government Counter Fraud Function and associated standards which are being implemented and trialled across government. These were created to develop a common structure for developing counter fraud capability, promote innovation and increase the knowledge of fraud risks. NHSCFA has supported development of the Counter Fraud Standard and Analysis Standard and is instrumental in supporting adoption of the former throughout the wider NHS and applying the latter in its own practice. Themes concerning robust data use are cited throughout each of these standards, and the components of this Strategy aligns itself with these principles.


This strategy will utilise the following definitions of keys terms, as applied across the assurance landscape of the wider NHSCFA (for example, within the NHS Data Quality Policy) to ensure consistency and a common understanding when they are applied.

Data: a collection of facts from which information is constructed via processing or interpretation.

Information: the result of processing, gathering, manipulating, and organising data in a way that adds to the knowledge of the receiver.

Data Quality: a measure of the degree of usefulness of data for a specific purpose.


All the business units within the NHSCFA process data in some shape or form as part of their functions and this use would fall within a wide scope of practice and could take the form of any type of written or electronic record. Given this wide context it would be impractical and unnecessary to make considerations for all projects and business as usual (BAU) tasks within the organisation in which data plays some role.

For the purposes of this NHSCFA Data Strategy, whilst the principles outlined would be considered universal (as aspects of best practice), the key consideration in terms of constitutes “data” applies to both structured and unstructured data, however they are limited to circumstances where:

  • Data forms the mainstay of the project and utilisation is critical for its success and its robustness drives and supports the desired outcome.
  • The data can be considered “bulk data” due to its size, volume or magnitude or the variety of content within it, or the manner in which it is collectively summarised or otherwise portrayed in terms of output. This is not defined by any quantitative sense, but simply where this is significant enough to be a key characteristic of the data.
  • The data gathered/used pertains to some form of analytical or thematic measuring exercise within a clear and direct counter fraud objective.

Examples of data outside of this scope therefore includes (but is not limited to) HR and personal records for NHSCFA staff, IT maintenance / performance data, email contents and correspondence, individual records or qualitative records or reports of any form.


This strategy recognises the challenges for the NHSCFA and wider NHS in terms of data and, in identifying these challenges, had determined the priorities on how we must respond to them that are contained within this document. Whilst it would be impractical to list all of them, or do justice to the nuances of each, below is a summary of the obstacles that must be mitigated or overcome.

Silos of Data / Data Access

The scale of the NHS has resulted in decentralisation of data across a variety of NHS organisations. There is a limited amount of data that are gathered and held centrally and even fewer that NHSCFA has direct ownership of or access to.

The impact of this is twofold:

  • Inconsistency in the format, quality, and structure of data.
  • A need to select appropriate data sources and to request and receive access to them in an effective and efficient manner.

Reliance on personal data

NHS fraud is linked to NHS activity and this necessitates data that concerns NHS staff and NHS patients. NHSCFA must act within a legal and ethical framework to maintain the confidence of the general public that their data will not be misused or misapplied in a manner that is inappropriate, disproportionate or used beyond its intended purpose or for longer than necessary.

These considerations must commence with a review of alternatives to using personal data, for example through pseudonymisation and anonymisation, but where this cannot be applied must be led by application of guiding principles for legal and ethical data management.

Projects that require NHSCFA to access personally identifiable information therefore demand further deliberations and deliverables to a) evidence the need for the data share b) ensure robust management of the data itself c) ensure that applications of the findings are stringent and d) that data retention is clearly defined and adhered to. It is also vital to maintain a clear and efficient process for reporting suspected or actual data breaches and notification of data subjects if this were to occur.

Complexity of fraud and fraud data

  • NHS data can be constituted from records as varied as treatment data, medicine dispensing and records of procurement – all of which are complex by nature. Additionally, familiarity in terms of business processes and the underlying processes in relation to data capture is critical in terms of giving data the context that allows meaningful analysis.
  • Fraud itself is also often characterised by a degree of deception or misdirection that isn’t necessarily recognisable from the onset. Application of the term ‘fraud’ can only be applied after a court determines it to be the case, and that even suspected fraud can only be substantiated after individual scrutiny. Within the context of data itself, administrative errors, missing data and poor records keeping can also provide a misleading set of outliers that may, on the outset, give a false indication of fraud. As such, caution must be applied in terms of how findings drawn from data are identified and applied.

Rapidly changing technology

The changing landscape in the last decade has seen a dramatic acceleration in the development and adoption of new data technologies. This rapid technological change is affecting almost every area of the economy, society and culture. Innovations have been implemented throughout the NHS concerning the treatment of patients and the underlying mechanisms that support activity.

Additionally, fraud is characterised by its own adoption of new technologies and these have kept pace with the above, utilising new ways to deceive and bypass checks. Examples of this in recent years are the adoption of emails and telephone scams and the creation of techniques such as ‘phishing’ and ‘smishing’ (efforts by fraudsters attempt to get hold of sensitive information via an email or SMS text by pretending to be a trustworthy source)

Rapid technological change has created new resources and tools for addressing fraud, for example, technologies like big data, the Internet of things, machine learning, artificial intelligence. These are complex and require investment in technologies and skillsets to utilise - but also need to be made accessible to the wider audience in terms of how they work and what findings drawn from them mean.

COVID-19 Pandemic

Whilst this does not impact directly on the strategy itself, it would be impossible to discount the impact of the COVID-19 pandemic entirely given the far-reaching consequences of the pandemic and the issues raised by lockdown and the NHS response. The impact will be found in most datasets and additionally the lockdown and working from home arrangements have placed unique requirements on access to data and a changing reliance on skillsets, technology etc.


The NHSCFA regards data as a corporate asset and therefore the concept behind developing a data strategy is to ensure effective and efficient use of this asset. This applies to the entirety of how data resources are gathered, posi­tioned and used in such a way that they can meet the organisations counter fraud remit.

The key vision for this strategy therefore is to influence the continued development of data and data utilisation within NHSCFA, creating an empowered organisation whose people can use data to support decision making, maximising knowledge, productivity and innovation in the fight against NHS fraud.

This approach will additionally ensure that the necessary standards are applied to support the wider strategy of NHSCFA and ensure compliance with the law, best practice and the expectations of our stakeholders and the general public.

Strategic Aims

The vision described above will be achieved through the following strategic aims:

  • Strategic Aim 1 - Standardise approaches to different data sources gathered utilised by NHSCFA through the creation of an Integrated Data Assurance Framework.
  • Strategic Aim 2 - Creation of organisational data hub, making data accessible, effective, efficient, and able to support decision making at all levels.
  • Strategic Aim 3 - Creation of a pro-data culture.
  • Strategic Aim 4 - Identify new analytical opportunities through the development of data projects.
  • Strategic Aim 5 - A clear, transparent, and ethical approach to accessing and using data.
  • Strategic Aim 6 - Promote data analytics within the NHSCFA across the public sector, nationally and internationally.
  • Strategic Aim 7 - Promote and support wider NHSCFA strategies.

Each of these aims will be explored in further detail below.

Standardise approaches to different data sources gathered and utilised by NHSCFA through the creation of an Integrated Data Assurance Framework

Throughout the delivery of this strategy NHSCFA will develop and maintain a process to build on existing good practice within Business Units and ensure clarity and transparency of all key performance indicators (“KPI”s) within the organisation.

This will be provided through a variety of methods, namely:

  • Project-centric engagement.
  • Central oversight and review.
  • Record keeping and project documentation.

Data Strategy Group

In particular, the vision for this strategy outlines a drive to create and maintain a formal Data Strategy Group, formed in order to provide a central oversight function for ongoing, completed, and proposed data projects. It will:

  • Monitor alignment to this Data Strategy and the NHSCFA Corporate Strategy
  • Provide oversight of ethical use of data, advise on measurement methodologies and external approval.
  • Provide an environment to consider and develop thinking about future analytical approaches

This in turn will encourage and support project-based work and ensure appropriate record-keeping, ultimately upholding all data use across NHSCFA to the same high standards as outlined throughout this strategy. Assurance documentation will be required for all data use within the scope of this Strategy, produced to match the nature of the project.

Commencing in Year One of this Strategy, the Data Strategy Group will determine, alongside its own Terms of Reference (“ToR”), the requirements and arrangements for record-keeping and the group’s review process for assurance and validation of metrics.

Creation of organisational data hub, making data accessible, effective, efficient, and able to support decision making at all levels

A key objective of the previous Data Strategy was the establishment of a digital platform for delivery of business insight across the organisation. NHSCFA have developed, through the use of this platform, the ability to develop and release bespoke reports available to both internal and external audiences.

The intention of this current strategy is therefore to build on and develop this existing capability further through development of a data hub that spans the full extent of the organisation in terms of reach and content, and provides visual representation of quantifiable key metrics for organisational activity. This will be called the NHSCFA Corporate Dashboard Suite (“CDS”).

Development of this platform will provide a centralised model to visually utilise the organisation’s key data assets providing an interactive online hub for monitoring ongoing performance. It will be a robust, accurate system for facilitating up to date data-based decision-making, providing the go-to tool for representing a wealth of data drawn from across the organisation.

The NHSCFA Corporate Dashboard Suite (CDS)

The Corporate Dashboard Suite will act as an online platform for data access. It will consist of a series of managerial reports which visualise key organisational metrics at an appropriate level of detail for each level of reporting. It will also be possible to add and replace metrics as they are superseded and more suitable or useful ones are made available.

The frequency of reporting will be designed for regular update – although this will be metric dependent, it is envisaged it will be monthly and have visibility across the organisation with options for user group and/or row-level permissions to be enabled to provide a unique user experience (dependant on the level of access required and the sensitivity of certain metrics).

Creation of a pro-data culture

Alongside the development of the CDS as the tool to make data accessible it will be necessary to promote the use of data as a means to support activity. Individual and collective ownership and accountability are an important part of performance management, which makes development of a pro-data culture key to drive improvement.

This will be instilled through the following elements:

Ease of access

By utilising the CDS as the main NHSCFA electronic platform to host data products it will be accessible for any user accessing the NHSCFA network using links that will be made available via NHSCFA intranet. External audiences will not have direct access to CDS but will benefit from access to bespoke content that can be granted via the NHSCFA extranet.

Engagement and promotion

To ensure the success of the rolling program and benefit from the expertise and insight drawn from each team, we will engage widely with people across NHSCFA to communicate the opportunity and potential of data and build collective ownership for its implementation and use.

The development of the CDS will necessitate a rolling period of workshops and engagement to develop an understanding of the possibilities of data but also to demonstrate the manner it can assist each business unit. This will be a two-way process which in turn also identifies the most appropriate metrics.

The workshops will incorporate discussions on how to best use the identified data to drive initiatives and progress and will highlight to all attendees that data democratisation is an evolution where each metric can assist users to gain insight and that sharing data ultimately provide appropriate oversight at all levels and the evidence to make the right decisions.

Assurance and confidence

The process that will lead to data democratisation within NHSCFA will be coordinated alongside the continued development of strong governance arrangements to ensure the data is carefully managed and that all users can have confidence in both the data that is available but also in the restrictions and controls that are in place.

Review and challenge

Within the development of a pro-date culture, the provision of data for any form of one-off or regular reporting within NHSCFA will be only the start of a longer process. This is particularly the case given any findings which may be drawn from it, the desire for amended or additional data services and the desire to re-measure to determine the impact of change can themselves change over time.

Within each data product and related project there must be a basis to ensure that considerations for the future are met. This may be, for example, small amendments to the existing data product or, where the requirements are new or sizable, to recommence the cycle and build on the basis of existing work by establishing new aims and ToR.

The Data Strategy Group will therefore provide a basis for the group to act in the stead of a “critical friend” throughout the life of each of the data processes, ensuring that where issues are raised they can be discussed either at the group, or directed to in-house or external expertise to provide further assistance. This will ensure that there is a basis for challenge and opportunities to remove blockages whilst also maintaining records keeping in support of the above.

Development of skillsets and inhouse expertise

As a key driver of any data reliant organisation, NHSCFA will ensure that we have the in-house expertise to deliver the most technically advanced and appropriate ways of processing data.

Developing and continuing to maintain this in-house expertise will allow the NHSCFA to develop business value from skill sets which can be applied by both formal job roles and informal duties to ensure the adequate provision of skills to specific tasks.

Identify new analytical opportunities through the development of data projects

Use of identified fraud mechanisms to prompt problem-centric project development

There is a risk associated with any form of untargeted analytics – i.e. an analysis project that commences without clear direction or proposed methodology or that does not seek to establish or refute an anticipated finding or outcome. Analytics without focus gives no clear direction, which in turn can cause issues with justifying data access and lacks a clear approach to transformation or exploration of data.

To prevent this risk, NHSCFA will continue to develop and evolve a problem centric approach to analytical projects. By utilising our knowledge of fraud mechanism that are already identified as a basis for commencing projects it will allow activity to be directed and appropriately scoped from the outset.

This will be achieved by making use of the numerous enriched data sources that NHSCFA owns or has access to that can highlight or identify individual examples of fraud risk, including (but not limited to):

  • Closed and ongoing fraud investigations.
  • Local proactive exercises.
  • Referrals made to the NHSCFA through the LCFS community and from the general public.
  • The findings of the NHSCFA horizon scanning group.
  • Fraud risks highlighted by stakeholders that are internal or external to the NHS and wider public sector.

Applying a flexible and agile approach to data use, with opportunities to pivot to garner the greatest benefits

Within the scope of this strategy, each data project commences with a clearly identified counter fraud purpose and objectives derived from our knowledge of fraud, with an identified final outcome or product that will support our organisational goals. However, there may be circumstances where obstacles, bottlenecks and delays compromise the success of this delivery.

In circumstances where these factors hamper or prevent the delivery of the originally desired outcome, it may be necessary to pivot – to adapt, amend or otherwise completely re-write the project in order to meet either the original or updated goal.

This strategy cannot account for all circumstances where a pivot may be necessary, nor each of the project management considerations that may apply. However, in relation to data projects specifically, the following characteristics will be necessary:

  • Identifying where pivots are necessary and committing to the need for change as soon as it proves necessary.
  • Finding a suitable alternative.
  • Revisiting KPI’s, technical appendices and their related assurance.

The Data Strategy Group, through its role as a critical friend with oversight of the assurance of methodologies, will provide a forum to highlight and discuss risks, alternative approaches or pivoting where necessary, and to identify project obstacles requiring escalation.

Engagement across the NHS and wider public sector

The nature of fraud is inherently complex. Those unfamiliar with the nuances of the data they are working on may produce findings that inadvertently are ambiguous or misleading.

It is not practicable for NHSCFA to develop and maintain expertise in the nuances of data and associated fraud risks, that span across countless systems within the NHS, nor the business practices behind them.

Engagement with domain experts allows NHSCFA to benefit from the knowledge of individuals whose background or training in the disciplines and domain areas in which they are presently deployed gives them unique insight into the content and format of data. This in turn assists with data utilisation, interpretation, and findings, and identifying new fraud risks.

Utilisation of new technologies and new techniques for outlier detection

A process of constant change and development has occurred over the course of the previous Data Strategy and is projected to continue for the duration of this strategy and beyond. This change is characterised by (although not limited to):

  • Rapidly moving technologies as new software and hardware solutions enter the market.
  • The development and growth of existing technologies.
  • A rise in prominence of open source applications.
  • Abundance of data and data gathering mechanisms (for example, though the increased digitisation of records).
  • Advances in capacity of storage and processing. In particular, cloud computing overtaking traditional on-site storage.
  • A workforce across the NHSCFA, and NHS itself, which is increasingly connected, with the ability to produce, share and utilise data.

NHSCFA will remain cognisant to ongoing changes and will, wherever possible, utilise the opportunities that they offer. In line with the aims of the NHSCFA Digital Strategy and the considerations of cost versus benefit, NHSCFA will ensure it remains at the forefront of technological advances.

A clear, transparent, and ethical approach to accessing and using data

The widespread use of data in the modern world raises a number of ethical issues. The scale and ease with which data can be accessed, analysed, and disseminated means it is now possible use data in a manner that was impossible a few years ago. This alongside substantial revision of the laws concerning data use has transformed the considerations of ethics and their role substantially.

Unlike legal provision, which is defined in statute, there is less clarity in terms of ethical considerations to prescribe what should be done in each specific circumstances. Whilst this will require individual consideration in each case, the organisation will adhere to the following principles:

  • Continual respect for personal data. NHS fraud is linked to NHS data concerning NHS activity, which is intrinsically linked to NHS staff and NHS patients. Without it, NHSCFA lacks a vital tool for counter fraud activity and a fundamental means to address healthcare fraud. However, NHSCFA will ensure that - alongside full compliance with legal requirements – all considerations of data use are made in accordance to respect to privacy of all data subject, ensuring personal data is only applied where necessary and that pseudonymisation and anonymisation is used wherever possible.
  • Data usage will be as transparent as possible and subject to oversight. Whilst NHS counter fraud activity will necessarily require a degree of secrecy to maintain the integrity of intelligence and investigations, clear records management processes will be in effect to safeguard concerns, provide assurance and ensure an audit trail.
  • Contextual recognition for data. Published findings drawn from data will be subject to human review and there will be clear terminology to determine its meaning and caveats and limitations will be clearly outlined. Outliers drawn from analysis will be deemed as such and not determined as “fraud” or used in related fraud metrics (including performance metrics) except in approved circumstances. This will account for administrative errors and other exceptional circumstances which may not be indicative of fraud.
  • Data should not institutionalise unfair biases nor promote profiling. It is recognised that uncontrolled automated decision making may expose individuals to profiling and risks of discrimination. In extreme examples it may lead to targeting of certain groups and demographics and subject them to abuse and stereotyping. NHSCFA will always ensure that such decision making is prevented by limiting and controlling automated decision making and adhering to ethical principles.
  • Access of data. NHSCFA will ensure that data is available to be used to support decision making. This will be achieved by enabling easier access and introducing processes that encourage greater usage of our data services to expand the range of data that is available throughout the organisation and to stakeholders.
  • Accessibility of data. NHSCFA wants as many people as possible to be able to benefit from data platforms and data services. It will therefore develop and maintain options to allow customisation and interactivity for all users wherever possible. For example, through the ability to change colours, contrast levels, fonts, and zoom levels within products whilst maintaining compatibility with screen resolution. NHSCFA will also provide a means to contact the organisation and request further information and assistance.

Accessing and using external data

The general purpose of the Data Strategy Group is to ensure that the NHSCFA has a collective understanding of the data requirements of business users within the organisation. To this end it will also assist in facilitating requests for bulk data from external organisations.

This will enable NHSCFA business units to influence the nature and purpose of requests for bulk data, and oversee the direction of data service requests, whilst ensuring appropriate consideration concerning their appropriateness, proportionality and necessity; particularly when this relates to personally identifiable information.

The group will also ensure creation and use of appropriate documentation in terms of recording the purpose, format, and scope that personal data is sought, stored, and applied from external sources. For example (but not limited to):

  • Data Privacy Impact Assessments (DPIA’s) that identify the salient issues in terms of personal data within a particular data gathering and analysis exercise.
  • Memorandums of Understanding (MOUs) and Information Sharing Agreements (ISAs) that formulate and formalise the protocol and means for sharing of data between NHS organisations and clarify the roles of data controllers and processors, as well as documenting the agreement on the specifics of the purposes it is gathered for and how it is used, stored and retained.

Gateways for sharing data

NHSCFA already benefits from a framework for accessing and sharing data. In particular, the directions that were produced on creation of NHSCFA in 2017 provide a basis for cooperative data shares within the NHS and highlight the role of data shares to support counter fraud work.

This framework will be further developed with a view for placing a means of escalation in circumstances of non-compliance and to determine mutual expectations between NHSCFA and its stakeholders for data provision at the earliest point to prevent obstacles and delays within data projects.

NHSCFA will seek to build and develop these further through development of robust MOUs and ISA’s that support both frequent and one-off data shares across the NHS and, where necessary, further across the public and private sector.

These requirements are also subject to the legal requirements that take precedence concerning the protection of personal information and which manage legal data shares and manage issues of confidentiality. NHSCFA already comply fully with these to support all elements use of data use, including access, retention, and application. In particular, where personal data usage is necessary and proportionate and consistent with the public interest in the context of detecting and preventing fraud against the public funding of the NHS.

Alongside compliance with these laws NHSCFA will work in partnership with the Cabinet Office and other stakeholders to explore and develop the appropriate means to safeguard NHSCFA data use and provide legal gateways to support data shares. Ensuring that any changes to the law, are developed to consider large scale data shares alongside those which are specific to individual investigations.

Promote data analytics within the NHSCFA across the public sector, nationally and internationally

On several occasions in recent years the NHSCFA approach to data has been demonstrated to audiences within the NHS and across the wider public sector. Opportunities have included engagement on a national and international stage.

The benefits of collaboration come in many forms and these opportunities allow for networking, sharing of ideas and access to experts and domain knowledge that is not usually encountered within the typical workstreams of the NHSCFA.

The NHSCFA brand itself also benefits from promotion of its activity and success and this, in turn, contributes to the wider aims of building and maintain a counter fraud deterrence whilst being recognised for pioneering counter fraud initiatives that deliver real savings for the NHS by spearheading the fight against fraud.

Promote and support wider NHSCFA Strategies

This Data Strategy does not exist in isolation. It operates to support the delivery of the central corporate NHSCFA Strategy whilst also working in unison with other strategies of a similar nature that outline approaches and directions for key elements, which pertain to this Data Strategy, necessary for delivery of the NHSCFA counter fraud agenda.

Whilst it would be impractical to cite all examples of overlap, it is necessary to highlight the following areas of significance.

Support of NHSCFA Strategy 2020-23

The NHSCFA Strategy lays out the NHSCFA vision to lead and proactively support the NHS to understand, find, prevent, and respond to fraud. Within this strategy, and in terms of its methodology to deliver on its objectives, it outlines several key actions that pertain to data, namely:

  • Build and deliver data analytical capability and approaches internally and with strategic partners for fraud detection and prevention.
  • Deliver intelligence assessments and data on fraud threats, vulnerabilities, and enablers.
  • Collect counter fraud financial and activity data in order to monitor and influence meaningful system change.

It further directs the following key measures concerning data, which in turn have been detailed within this strategy and are cross referenced below:

  • Development and application of robust analytical techniques to highlight anomalies or patterns in behaviour indicative of fraud.
  • Identify and introduce innovative approaches for use of data within the counter fraud area by using machine learning and associated tools by 2023 (See section 10.12).
  • Work with partners to pilot exercises to understand more about data and its vulnerabilities focusing on addressing problem questions using data.

The NHSCFA Strategy also highlights a key measure concerning the need to Identify and introduce innovative approaches (see above) that specifically cites the development and use within the counter fraud area of using machine learning and associated tools by 2023. This is consistent with the general approach of this Data Strategy to innovate and will be a specific deliverable that will be sought.

Support of NHSCFA Digital Strategy

The primary objective the NHSCFA Digital Strategy is to “ensure that the organisation strategy can be realised through technology and that technology investments are aligned with business needs”.

This is particularly the case for data, as the impact of, and reliance on, technology in shaping and directing fraud and the context of fraud provision are already expanded upon in this strategy.

In relation to data, the Digital Strategy commits to embedding the effective use of digital technology within the NHS to support the Data Strategy by:

  • Ensuring that the IT teams provide the most up-to-date technological infrastructure and applications.
  • Ensuring that the most technically advanced and appropriate ways of storing and processing large datasets are available.

Support of NHSCFA Information Governance Strategy

  • The entirety of the NHSCFA Information Governance Strategy concerns itself with use of data within the NHSCFA. It “describes the approach within which accountability, standards, policies and procedures are developed and implemented, to ensure that all information created, obtained or received by the organisation is held and used appropriately”.
  • The strategy confirms NHSCFA’s “commitment to compliance with information rights legislation and confirms our commitment to good practice. It sets out an approach that will deliver all of the essential compliance elements, in a way that also actively enables and supports the delivery of the organisation’s corporate objectives and allow it to exploit new and emerging opportunities”.
  • The principles within this Data Strategy therefore expand upon the key elements within the Information Governance Strategy, in particular highlighting the processes and safeguards concerning data protection risks and the response in relation access to data. which are so fundamental to both strategies.

Support of the Information Security Policy

All users of NHSCFA information systems or information assets must comply with the Information Security Policy in order to maintain the security of NHSCFA information. It’s aims are to ensure the security of NHSCFA assets, primarily information assets. This aligns with the context of this strategy and its recognition of data as a corporate asset which must be protected.

NHSCFA 3 year Delivery Plan

This strategy is designed to outline the direction and approach for the next 3 years (2021/22 - 2024/25). Many of the preceding elements are designed to outline the generic approach and key considerations for delivery, however there are key essentials which are outlined as part of this 3-year process for delivery.

For the purposes of cross referencing each planned activity against the objectives of this strategy, each will be linked to the number of the corresponding strategic aim as recorded in strategic aims.

Year One (2021/22)

  • Approval of Data Strategy and presentation to Leadership Team, Senior Management Team and NHSCFA Board and promotion throughout the organisation.
  • Formation of Data Strategy Group and approval of Terms of Reference.
  • Approval of Technical Appendix and inclusion of appropriate documentation for all metrics henceforth.
  • Undertake a rolling programme of internal workshops and engagement to develop an understanding of the possibilities of data but also to demonstrate the manner it can assist each business unit.
  • Release of Corporate Dashboard Suite with three-phased delivery of reporting functions.:
    • Executive Dashboard
    • SMT Dashboard
    • LT Dashboard
  • Undertake annual PDP process to determine skills and direct the need for training to ensure skills remain relevant and appropriate.
  • Respond to opportunities to engage and promote the NHSCFA approach to data throughout the NHS, public sector and across the national and international stage.
  • Establish and maintain an ongoing list of data opportunities for proactive data projects, offering additional and alternative methodologies for each thematic fraud area.
  • As part of the legislation review directed by the Cabinet Office following the COVID-19, review legislation in relation to data access.

Year Two (2022/23)

  • Development of ISAs and DPIAs in line with Business Plan objectives.
  • Review Data Strategy Group and, if necessary, Terms of Reference.
  • Release CDS SMT and LT level reports.
  • Conduct review of Corporate Dashboard Suite metrics and, if necessary, release new reports.
  • Undertake annual PDP process to determine skills and direct the need for training to ensure skills remain relevant and appropriate.
  • Respond to opportunities to engage and promote the NHSCFA approach to data throughout the NHS, public sector and across the national and international stage.
  • Maintain an ongoing list of data opportunities for proactive data projects, offering additional and alternative methodologies for each thematic fraud area.

Year Three (2023/24)

Deliverables for this year will reflect a repeat of 2022/23. With a specific consideration in terms of delivery of a machine learning product in line with the NHSCFA Strategy.

  • Development of NHSCFA Data Strategy 2024/25 – 2027/28

Help us improve cfa.nhs.uk

Tell us what's happened so we can fix the problem. Please do not provide any personal, identifiable or sensitive information.


Thanks for the feedback!