Feeds

Caldicott: NHS workers should 'have the confidence to share information'

'As important as duty to protect patient confidentiality'

High performance access to file storage

Dame Fiona Caldicott, who is scrutinising the government's plan to hand NHS patient records to private companies, today gave the proposals the thumbs-up - with a few caveats, naturally.

The noted psychiatrist's review [PDF] of the data-sharing scheme was published just minutes ago.

Her report, drafted in March, follows Health Secretary Jeremy Hunt's announcement that he wants a "paperless" NHS by 2018, one that will allow the private sector to access confidential digital medical records provided "permission" has been given.

Earlier this month, a Health and Social Care Information Centre (HSCIC) was created under the 2012 Health and Social Act, clearing the way for Hunt's data-swapping dream in the cloud to become reality. The centre has the power to force health bodies to hand over "any information" that it deems "necessary or expedient".

The idea being that the HSCIC would be able to supposedly improve the quality of information available across the health sector.

Understandably, civil liberty campaigners strongly oppose such a move. And the Information Commissioner's Office has already cagily implied to The Register that it was concerned about the HSCIC's data-sharing powers. It told us earlier this month:

The Health and Social Care Information Centre (HSCIC), replaces the NHS Information Centre, and carries out many of the same functions. HSIC will be responsible for receiving information from health care providers (Foundation Trusts, GP surgeries, care homes etc.) and will be providing information to other health care bodies, such as NHS England and the new Clinical Commissioning Groups.

Section 259 of the Health and Social Care Act allows HSCIC to require and request information from health care providers and we are currently considering the extent to which this power exempts personal data from the non-disclosure provisions of the DPA (s35 DPA). This in turn has an impact on the obligations placed upon the organisations (data controllers) who are being asked to supply the information to the HSCIC.

We are working through this issue with NHS England the HSCIC and others and expect it to be resolved in the coming weeks.

And now, in the aftermath of the publication of Dame Caldicott's report, Hunt is expected to concede that patients should have the right to opt out of his NHS data-sharing plans. In essence, she has agreed that the NHS should have powers to more widely share data, but cautioned that such a move must be done in a measured way.

Dame Caldicott chaired a review of the use of patient-identifiable data between 1996 and 1997, and detailed six principles for the protection of people's confidentiality. This morning she added a seventh principle for information governance in the NHS that states:

The duty to share information can be as important as the duty to protect patient confidentiality. Health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by these principles.

They should be supported by the policies of their employers, regulators and professional bodies.

The Oxford pro vice-chancellor's additional principle came in light of "concerns about identifiable information being sought excessively and used inappropriately".

Her review's recommendations hope to safeguard such potential abuse of NHS data. It advised:

The Review Panel concludes that individuals should have the same level of protection under the law whether personal confidential data is shared between health service bodies, or whether the sharing is between a health service body and a non-health service body.

The Review Panel also recommends that the Department of Health commission a standard template common across the health and social care system for setting up data sharing agreements, to prevent unnecessary duplication of effort.

It added that "practical arrangements" should be put in place "to secure the safety of records when a provider’s contract comes to an end and sets out the protections and safeguards which exist to prevent inappropriate sharing of patient’s information with organisations such as insurers".

GPs have privately expressed concerns about the Tory-led Coalition's plans, which were first floated in late 2011 when Prime Minster David Cameron said he wanted to make anonymised versions of medical records available to researchers and the private sector. A similar push to open up the National Pupil Database is also being trumpeted by the government.

The PM previously promised that the government's data grab would "not threaten privacy". He added: "It doesn't mean anyone can look at your health records, but it does mean using anonymous data to make new medical breakthroughs.

"The end result will be that every willing patient is a research patient and every time you use the NHS you are playing a part in the fight against disease at home and around the world." ®

High performance access to file storage

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Big Content goes after Kim Dotcom
Six studios sling sueballs at dead download destination
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
Singapore decides 'three strikes' laws are too intrusive
When even a prurient island nation thinks an idea is dodgy it has problems
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Banks slap Olympus with £160 MEEELLION lawsuit
Scandal hit camera maker just can't shake off its past
France bans managers from contacting workers outside business hours
«Email? Mais non ... il est plus tard que six heures du soir!»
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.