Data quality policy

How we ensure the quality of our data.

Published: 28 July 2022

Version: 4.0



The NHS Counter Fraud Authority (NHSCFA) recognises that all of its decisions, whether operational, managerial or financial needs to be based on information which is of the highest quality. Data quality is crucial and the availability of complete, accurate, relevant and timely data is important in supporting the organisation’s business functions, governance and accountability.


The purpose of this document is to set out a clear policy framework for maintaining and increasing high levels of data quality within the NHSCFA and to ensure that its importance within the organisation is disseminated to all staff.

It will describe the meaning of data quality, who is responsible for its maintenance and how continued improvements can be made.

Structure and scope

This policy is intended to cover the collection, recording, validation, further processing and reporting of all information generated and used within or reported externally by NHSCFA. It describes the necessary features of systems to manage such information and the supporting administrative, reporting and training arrangements to ensure information is of consistently high quality.

Written procedures will be available to assist all NHSCFA staff involved in collecting and recording data. These procedures will be kept up-to-date and where appropriate will also contain information relating to national data definitions.

Processes will be established to ensure compliance with the procedures, which will include sample checks to audit compliance.

It should be noted that all collection, storage, processing and reporting of personal information is governed by detailed legal requirements under the General Data Protection Regulation (GDPR) 2016, the Data Protection Act (DPA) 2018 and associated standards, such as the Caldicott 2 guidelines and Health and Social Care Act 2012.

As the NHSCFA processes a wide range of information for a variety of uses, this policy does not provide detailed guidance for specific data items or individual areas of application. Instead, it concentrates on general principles of completeness, accuracy, ongoing validity, consistency of definitions and compatibility of data items and signposts where specific procedures or further guidelines need to exist.

This policy should be read in conjunction with the following policies:


The Data Quality Policy underpins the NHSCFA’s objective to record and present data of the highest possible quality, so that all users of the information can be confident about its accuracy.


Data: is a collection of facts from which information is constructed via processing or interpretation.

Information: is the result of processing, gathering, manipulating and organising data in a way that adds to the knowledge of the receiver.

Data Quality: is a measure of the degree of usefulness of data for a specific purpose.

Data quality

Importance of Data Quality

Having accurate, relevant information that is accessible at the appropriate times, is essential to every business decision and to the success of the services being provided. Therefore, it is essential that all NHSCFA staff recognise the importance of data quality and their responsibilities in this area.

Quality information is essential for:

  • management and strategic planning, requiring accurate information to provide appropriate allocation of resources and future service delivery
  • providing information for other NHS organisations and stakeholders - these organisations are dependent on the information we provide and they need to have confidence in its quality
  • providing a foundation on which future investments will be based, such as new IT infrastructure/software
  • enabling local and national benchmarking
  • budget monitoring and financial planning to support service delivery
  • avoiding unnecessary Subject Rights Requests to rectify incorrect personal data.

It is also important to ensure that the data quality is of a high standard in order to comply with the GDPR 2016 and the DPA 2018 principle of ensuring data is ‘accurate and up-to-date’.

GDPR also contains a new principle of accountability for data controllers and processors and introduces new rights for data subjects, one of which is the right to have incorrect personal data amended.

Data Standards

The standards for good data quality are reflected in the criteria below. Data needs to be:

  • complete (captured in full)
  • accurate (the proximity of the data to the exact or true values)
  • relevant (the degree to which the data meets current and potential user’s needs)
  • accessible (data must be retrievable in order to be used and to assess its quality)
  • timely (recorded and available as soon after the event as possible)
  • valid (within an agreed format that conforms to recognised national/local standards)
  • defined (understood by all staff who need to know and reflected in procedural documents)
  • appropriately recorded (in both paper and electronic records)
  • processed in accordance with any existing data sharing agreement or data processing agreement.

The use of data standards within systems can greatly improve data quality. These can be incorporated into systems either using electronic validation programmes which are conformant with NHS standards, e.g. drop down menus, or manually generated lists for services that do not yet have computer facilities. Either method requires the list to be generated from nationally or locally agreed standards and definitions, e.g. for GP practice codes, ethnicity, etc. These must be controlled, maintained and updated in accordance with any changes that may occur.

NHS Data Model and Dictionary

The NHS Data Model and Dictionary gives common definitions and guidance to support the sharing, exchange and comparison of information across the NHS. The common definitions, known as data standards, are used in commissioning and make up the base currency of Commissioning Data Sets.

On the monitoring side, they support comparative data analysis, preparation of performance tables, and data returned to the Department of Health and Social Care. NHS data standards are presented as a logical data model, ensuring that the standards are consistent and integrated across all NHS business areas.

Information Standards Notices (ISNs)

The NHS communicates key changes to data standards and deadlines affecting changes are made through ISNs. These changes must be monitored by Information Asset Owners (IAOs) to ensure that data and information systems to which ISNs apply are in compliance with the standards they specify.

Where no National Standards Exist

In certain situations there will be no applicable NHS national standards. In these instances whilst remote, the NHSCFA will agree local standards as part of any sharing/contracting process. It is important that any local standards are subject to annual reviews within NHSCFA as there will be no automatic input received from national sources. This process will ensure their validity and continued relevance.

Data Validation

Importance of validation

Validation encompasses the processes that are required to ensure that the information being recorded is of good quality. These processes deal with data that is being added continuously and also can be used on historical data to improve its quality.

It is imperative that regular validation processes and data checks/audits are undertaken on data being recorded to assess its completeness, accuracy, relevance, accessibility and timeliness.

Validation methods

Validation can be accomplished using some or all of the following (non-exhaustive) methods:

  • Bulk exception reporting; which involves a large single process of data analysis to identify all areas within a dataset where quality issues exist and to enable the correction of this data. Bulk exception reporting can sometimes be used as an initial data quality tool as this will quickly highlight any areas of concern. However, further investigation may be required to identify more specific issues.
  • Regular spot checks/audits; which involves analysis of a random selection of records against source material, if available. Spot checks should be done on a regular ongoing basis to ensure the continuation of data quality. Other audits may take place on an annual basis, and where an external or internal audit of a system is planned, it should include data quality.
  • Data cross checking; which can also be performed on data and information held by different services and/or on separate systems.

Synchronising information systems

In situations where data is shared or is common between systems it is imperative that the source data be validated initially. Any modifications made to this data must then be replicated in other related systems, ensuring there are no inconsistencies between them. Synchronisation between systems is required to ensure that all data sources reflect the same information.

Timescales for validation

Where inconsistencies in data and information are identified these must be acted upon in a timely fashion and documented. Locally agreed deadlines will apply to the required corrections, but ideally wherever possible all amendments should be made within two months of the identification date.

Where a data subject is making a Subject Access Rights Request to correct or amend inaccurate data, the process must be completed and the data subject informed within 30 calendar days under data protection legislation.

Using source data

Staff involved with recording data need to ensure that it is performed in a timely manner and that the details being recorded are checked with the source at every available opportunity.

NHS Numbers

The NHS number is a unique way of identifying patients in NHS systems. With this in mind it, is imperative that this is recorded correctly in all systems where patient information is present.

The Personal Demographics Service (PDS) will be used to obtain verified NHS numbers i.e. NHS number status and as PDS has significant historic data it will enable record matching processes and support the resolution of data anomalies.

Duties and responsibilities

NHSCFA Board The Board is responsible for providing the organisation with strategic leadership, ensuring its accountability to parliament and the public on how the functions of NHSCFA are delivered
Chief Executive Officer Has overall responsibility for the strategic direction and operational management, including ensuring that the NHSCFA processes/documents comply with all legal, statutory and good practice guidance requirements.
Finance Director Lead member who has ultimate responsibility for data quality, who will report to the Board on data quality issues.
Information Asset Owners Are responsible for:
  • liaising with the Information Governance Lead to ensure that records management practices are in line with the organisation’s guidance and protocols on confidentiality
  • ensuring appropriate records audits are undertaken
  • ensuring appropriate information governance /confidentiality clauses are in third party contracts relating to records management such as secondary storage, disposal companies before the company is used.
  • ensuring appropriate consideration is given to records management within business continuity plans.
  • ensuring they obtain appropriate certifications of destruction
  • investigate and take relevant action on any potential breaches of this policy In relation to their information assets, supported by other applicable staff in line with existing procedures.
Information Governance Is responsible for overseeing the development and updating of this policy and to ensure that awareness of data quality is promoted across the NHSCFA.
Line Managers Ensure where appropriate, systems are in place to validate the completeness, accuracy, relevance and timeliness of data/information; ensuring that their staff are fully aware of their obligations in this area. See Information Asset Owners guidance.
All staff Including temporary and agency staff, are responsible for:
  • implementing and maintaining data quality and are obligated to maintain accurate information legally (GDPR/Data Protection Act), contractually (employment contract) and ethically (professional codes of practice)
  • compliance with relevant process documents. Failure to comply could result in disciplinary action being taken
  • co-operating with the development and implementation of policies and procedures as part of their normal duties and responsibilities
  • identifying the need for a change in policy or procedure as a result of becoming aware of changes in practice, changes to statutory requirements, revised professional or clinical standards, local/national directives and advising their line manager accordingly
  • identifying training needs in respect of policies and procedures and bringing them to the attention of their line manager. See also Induction programme documentation.
  • attending training / awareness sessions when provided


This policy is available to all staff. All managers are responsible for ensuring that relevant staff within NHSCFA have read and understood this document and are competent to carry out their duties in accordance with the processes described.


All staff working with information systems must be appropriately trained in data quality and the importance it commands. Staff will receive instruction and direction regarding data quality advice and information from a number of sources:

  • organisational policies and procedures
  • line manager
  • training (e.g. on induction, Information Governance training)
  • other communication methods (e.g. team brief/team meetings)
  • intranet

Legislation and statutory requirements:

  • Data Protection Act 2018
  • General Data Protection Regulations 2016.

Best practice recommendations:

  • NHS Digital Data Protection and Security Toolkit (data quality requirements)
  • NHS Care Record Guarantee (where applicable)

Monitoring and review


The Board will agree a method for monitoring the dissemination and implementation of this policy.


The Information Governance Lead will ensure that this policy document is reviewed in accordance with the timescale specified at the time of approval (at least biennially).

Staff who become aware of any change which may affect the policy should advise their line manager as soon as possible. The Board will then consider the need to review the policy or procedure outside of the agreed timescale for revision.


The Board will ensure that archived copies of superseded policy documents are retained in accordance with NHSX’s Records Management Code of Practice for Health and Social Care 2021.

Help us improve

Tell us what's happened so we can fix the problem. Please do not provide any personal, identifiable or sensitive information.


Thanks for the feedback!