xmlns:atom="http://www.w3.org/2005/Atom"

Statutory Instruments

2008 No. 1148

National Health Service, England

The National Health Service Delegation of Functions to the NHS Business Services Authority (Awdurdod Gwasanaethau Busnes y GIG) (Counter Fraud and Security Management) Regulations 2008

Made

21st April 2008

Laid before Parliament

25th April 2008

Coming into force

26th May 2008

The Secretary of State for Health makes the following Regulations in exercise of the powers conferred by sections 7(1), 199(2) to (5), 209(4) and 273(4) of the National Health Service Act 2006(1).

Citation, commencement, application and interpretation

1.—(1) These Regulations may be cited as the National Health Service Delegation of Functions to the NHS Business Services Authority (Awdurdod Gwasanaethau Busnes y GIG) (Counter Fraud and Security Management) Regulations 2008 and shall come into force on 26th May 2008.

(2) These Regulations apply in relation to England.

(3) In these Regulations—

“the Act” means the National Health Service Act 2006;

“accredited Counter Fraud Specialist” means a person accredited by the Counter Fraud Professional Accreditation Board(2);

“accredited Security Management Specialist” means a person accredited by the Security Management Professional Accreditation Board(3);

“authorised officer” shall be construed in accordance with regulation 2(2);

“the Authority” means the NHS Business Services Authority (Awdurdod Gwasanaethau Busnes y GIG)(4);

“the CFSMS” means the Counter Fraud and Security Management Service Division of the Authority;

“the delegated functions” means the functions delegated to the Authority under regulation 2;

“designated officer” shall be construed in accordance with regulation 9.

Delegation of functions

2.—(1) Subject to paragraph (2), the functions of the Secretary of State under sections 197 (notice requiring production of documents) and 198 (production of documents) of the Act (in these Regulations referred to as “the delegated functions”) are to be exercisable by the Authority.

(2) The delegated functions must be exercised on behalf of the Authority by senior officers of the CFSMS authorised in accordance with regulation 3(1) (in these Regulations referred to as “authorised officers”)(5).

(3) A senior officer is specified as an officer of the CFSMS who is—

(a)of a grade within or above Agenda for Change pay band 7(6), and

(b)either an accredited Counter Fraud Specialist or an accredited Security Management Specialist.

Authorising senior officers

3.—(1) Subject to regulation 4, the Authority shall authorise such senior officers of the CFSMS as are required to act on its behalf in the exercise of the delegated functions.

(2) The Authority may revoke an authorisation made in accordance with paragraph (1) if it is satisfied having regard to all relevant circumstances that it is appropriate to do so.

(3) The functions of the Authority under paragraphs (1) and (2) shall be exercised on its behalf by an officer of the CFSMS of a grade above Agenda for Change pay band 8b.

Fitness of authorised officers

4.  An officer of the CFSMS shall not be authorised as an authorised officer unless the officer granting the authorisation on behalf of the Authority is satisfied that the officer to be authorised has the knowledge, skills and experience necessary to exercise the delegated functions and—

(a)if the delegated functions are to be exercised in relation to counter fraud, the officer is an accredited Counter Fraud Specialist; or

(b)if the delegated functions are to be exercised in relation to security management, the officer is an accredited Security Management Specialist.

Records of authorised officers

5.—(1) The Authority must establish and maintain a record in respect of all authorised officers.

(2) The record referred to in paragraph (1) must include—

(a)the name of the authorised officer;

(b)a statement as to whether the authorised officer is an accredited Counter Fraud Specialist or an accredited Security Management Specialist;

(c)the name of the officer who granted the authorisation;

(d)the date that the authorisation was granted; and

(e)where appropriate, the date on which the authorisation was revoked.

Statement of authority

6.—(1) The Authority must issue an authorised officer with a written statement providing evidence of that officer’s authority to act in the exercise of the delegated functions.

(2) The statement issued under paragraph (1) must include—

(a)the name and business address of the authorised officer;

(b)a statement that the officer is authorised to act in the exercise of the delegated functions which must include the date on which the officer was authorised to exercise the delegated functions;

(c)the signature of the officer who authorised the officer to exercise the delegated functions;

(d)the name and logo of the Authority; and

(e)a reference to Part 10 of the Act.

Production of statement

7.  An authorised officer exercising the delegated functions must produce the statement issued to that officer in accordance with regulation 6, or a copy of it—

(a)at the time of serving a notice under section 197(2) of the Act; or

(b)when requiring a person under section 198(6) of the Act to state, to the best of his knowledge and belief, where documents are.

Requirement for specific authorisations in relation to personal records

8.—(1) An authorised officer must obtain a specific authorisation from a designated officer (other than that authorised officer) before acting in the exercise of the delegated functions in relation to personal records.

(2) A specific authorisation must be applied for in relation to each personal record or group of personal records sought in an individual investigation.

(3) A specific authorisation given under paragraph (1) shall apply only to the personal record or group of personal records in respect of which the application for that authorisation was made.

(4) An authorised officer must comply with any conditions imposed by a specific authorisation in relation to personal records.

Designated officers

9.—(1) The Authority shall appoint designated officers for the purpose of granting specific authorisations in relation to personal records.

(2) A designated officer must be an authorised officer of the CFSMS of a grade within or above Agenda for Change pay band 8b.

(3) The functions of the Authority under paragraph (1) shall be exercised on its behalf by an officer of the CFSMS of a grade above Agenda for Change pay band 8b.

Procedure for specific authorisations

10.—(1) An authorised officer seeking a specific authorisation in relation to personal records must complete a form provided to that authorised officer for that purpose by a designated officer.

(2) A designated officer must consider the application having regard to all relevant matters and in particular—

(a)the description of the documents sought;

(b)the reasons for the application;

(c)whether or not each of the documents sought are necessary for the purposes of the exercise of the delegated functions; and

(d)the description of the proposed arrangements for the safeguarding of the documents whilst in the possession or under the control of the Authority.

(3) Where the personal records sought relate to the exercise of counter fraud functions the designated officer considering the application for a specific authorisation must be an accredited Counter Fraud Specialist.

(4) Where the personal records sought relate to the exercise of security management functions the designated officer considering the application for a specific authorisation must be an accredited Security Management Specialist.

Records of specific authorisations in relation to personal records

11.  The Authority must establish and maintain records of all applications for specific authorisations in relation to personal records including details of whether or not the specific authorisation was granted.

Production of evidence of specific authorisation in relation to personal records

12.  Where an authorised officer has a specific authorisation to act in the exercise of the delegated functions in relation to personal records, that officer must, in addition to producing the statement issued to that officer in accordance with regulation 6, or a copy of it, produce evidence of that specific authorisation—

(a)at the time of serving a notice under section 197(2) of the Act; or

(b)when requiring a person under section 198(6) of the Act to state, to the best of that person’s knowledge and belief, where documents are.

Content of notices

13.  A notice to be served under section 197 of the Act by the Authority must in addition to meeting the requirements of section 197(4) and (6) of the Act, include—

(a)the name and address of the NHS body, statutory health provider, health service provider or NHS contractor (as the case may be), whom the Authority has reasonable grounds to suspect has possession or control of the documents sought;

(b)the job title and, if known, the name of the person who the Authority believes is accountable for the documents;

(c)a reference to Part 10 of the Act;

(d)details of the arrangements for the production of the documents including the place at which the documents are to be produced;

(e)notification of the penalties for failing to comply with a notice;

(f)the name, business address and signature of the authorised officer serving the notice; and

(g)the name and logo of the Authority.

Signed by authority of the Secretary of State for Health.

Ann Keen

Parliamentary Under-Secretary of State,

Department of Health

21st April 2008

EXPLANATORY NOTE

(This note is not part of the Regulations)

These Regulations delegate the functions of the Secretary of State in Part 10 of the National Health Service Act 2006 (c.41) (“the Act”) in relation to the compulsory disclosure of documents for the purposes of the Secretary of State’s counter fraud or security management functions, to the NHS Business Services Authority (Awdurdod Gwasanaethau Busnes y GIG), (“the Authority”), a Special Health Authority established under section 28 of the Act.

Regulation 2 delegates these functions to the Authority and provides that they must be exercised by senior officers the Counter Fraud and Security Management Service Division of the Authority (“the CFSMS”).

Regulations 3 and 4 make provision for individual senior officers of the CFSMS to be authorised to exercise these delegated functions.

Regulation 5 obliges the Authority to establish and maintain records of the officers who have been authorised to exercise these functions.

Regulation 6 provides that such authorised officers must be issued with statement providing evidence of their authorisation as authorised officer and makes provision for the content of that statement and regulation 7 sets out when authorised officers must produce that statement or a copy of that statement.

Regulations 8 to 11 make provision in relation to personal records. Regulation 8 obliges an authorised officer to obtain a specific authorisation before the exercise of the functions with respect to personal records. Regulation 9 provides for the appointment of designated officers to grant such specific authorisations and regulation 10 sets out the procedure for a specific authorisation. Regulation 11 obliges the Authority to establish and maintain records of all applications for specific authorisations whether or not they have been granted.

Regulation 12 provides that where an authorised officer is serving a notice under section 197(2) of the Act or requesting information from a person under section 198(6) of the Act in relation to information from personal records, in addition to producing the statement issued in accordance with regulation 6, or a copy of it, he must also produce evidence of a specific authorisation.

Regulation 13 sets out requirements for the content of a notice for the production of documents.

A full impact assessment has not been produced for these Regulations as they have no impact on the costs of business, charities or voluntary bodies.

(2)

The Counter Fraud Professional Accreditation Board is a non-statutory regulatory body financed and run by representatives from the Department of Work and Pensions and its agencies, the Department of Health, the Local Government Association, the Abbey Bank, HM Revenue and Customs, UK Passport Agency and the Charity Commission. Its purposes are to ensure the delivery of professional, accredited counter fraud training and academic study and that, once qualified, those who are accredited maintain their professional standards.

(3)

The Security Management Professional Accreditation Board is a non-statutory regulatory body financed and run by the Department of Health whose purpose is to ensure the delivery of professional, accredited security management training and academic study and that, once qualified, those who are accredited maintain their professional standards.

(4)

Established by S.I. 2005/2414.

(5)

Officers who are authorised officers for the purpose of these Regulations will be authorised officers for the purpose of Part 10 of the Act by virtue of section 210(5) of the Act.

(6)

Agenda for Change paybands are as set out in “Agenda for Change, NHS Terms and Conditions of Service Handbook” published in January 2005. This was published by the Department of Health ( http://www.dh.gov.uk/en/Publicationsandstatistics/Publications/PublicationsPolicyAndGuidance/DH_4095947 ).