Request

Under the Freedom of Information Act 2000, I request the following recorded information.

Timeframe: 1 January 2023 - 31 December 2023.

1. Data Processing or Service Agreements

Copies of any Data Processing Agreements (DPA), Service Level Agreements (SLA), or equivalent contractual arrangements between the NHS Business Services Authority and either:

• Belfast Health and Social Care Trust, or

• Business Services Organisation

that relate to the management, migration, reconciliation, or processing of cross-jurisdiction neurology patient records during 2023.

Where available, please include the scope of services or project description within those agreements.

2. Correspondence relating to dataset management

Copies of any recorded correspondence (including emails or briefing notes) between NHSBSA staff involved in data management-including teams based in Newcastle upon Tyne—and consultants from KPMG relating to:

• management of patient encounter-level datasets

• data reconciliation or dataset cleansing

• processing protocols relating to neurology patient records.

3. Standard operating procedures

Copies of any Standard Operating Procedures (SOPs), governance documents, or data-management guidance used by NHSBSA that relate to:

• the amendment, reconciliation, or correction of patient encounter records

• the handling of clinical dataset discrepancies

• the management of patient record updates within systems used for administrative or analytical purposes.

If any information is withheld, please specify the exemption relied upon.

If the request is considered likely to exceed the cost limit under Section 12, please provide advice and assistance under Section 16 to allow the request to be refined.

On 2 April 2026 you provided the following clarification:

I can confirm that our request relates specifically to neurology recall patients, including those reviewed as part of the Belfast Trust Neurology Recall.

For clarity, I am not requesting any identifiable or individual patient records.

My request concerns the handling, processing, and governance of datasets relating to this patient cohort, specifically where NHSBSA has accessed, processed, analysed, or otherwise interacted with patient encounter-level data.

By “patient encounter-level datasets,” I refer to datasets containing records of patient interactions (e.g. prescribing, investigations, referrals, or clinical activity), whether identifiable, pseudonymised, or aggregated. In particular, I am seeking information on:

• Whether NHSBSA has processed or recoded data relating to neurology recall patients

• The systems used to access or process such data

• Audit logging and access controls applied

• Monitoring or oversight mechanisms governing staff access and activity

• Any policies, guidance, or instructions relating to such processing This request is limited to governance, systems, and controls, and does not seek personal data.

Response

I am writing to advise you that following a search of our paper and electronic records, I have established that the information you requested is not held by the NHSBSA. The NHSBSA is not a NHS Trust organisation, rather we are a Special Health Authority providing back-office functions to the wider NHS. The authority is not patient-facing and we do not handle or process patient records or datasets relating to neurology recall patients. That is why we do not hold this information.