Health and Social Care (HSC) organisations are required by law to protect the public funds for which they are responsible and may share information provided to them with other bodies responsible for auditing or administering public funds in order to prevent and detect fraud.

The Comptroller and Auditor General audits the accounts of Health and Social Care. The Comptroller and Auditor General is also responsible for carrying out data matching exercises under his powers in Articles 4A to 4G of the Audit and Accountablity (Northern Ireland) Order 2003.

Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows fraudulent claims and payments to be identified. Where a match is found it indicates that there may be an inconsistency that requires further investigation. No assumption can be made as to whether there is fraud, error or another explanation until an investigation is carried out.

The Comptroller and Auditor General currently requires HSC to participate in a data matching exercise to assist in the prevention and detection of fraud. All HSC organisations are required to provide particular sets of data to the Comptroller and Auditor General for matching.

The use of data by the Comptroller and Auditor General in a data matching exercise is carried out with statutory authority. It does not require the consent of the individuals concerned under the Data Protection Act 1998.

Data matching by the Comptroller and Auditor General is subject to a Code of Practice. This may be found at www.niauditoffice.gov.uk

For further information on the Comptroller and Auditor General's legal powers and the reasons why he matches particular information, see the Level 3 notice on the NIAO website at www.niauditoffice.gov.uk.

NFI Report (2018)

NFI Report (2016)

NFI Report (2014)

NFI Report (2012)