Feeds

Caldicott: NHS workers should 'have the confidence to share information'

'As important as duty to protect patient confidentiality'

Next gen security for virtualised datacentres

Dame Fiona Caldicott, who is scrutinising the government's plan to hand NHS patient records to private companies, today gave the proposals the thumbs-up - with a few caveats, naturally.

The noted psychiatrist's review [PDF] of the data-sharing scheme was published just minutes ago.

Her report, drafted in March, follows Health Secretary Jeremy Hunt's announcement that he wants a "paperless" NHS by 2018, one that will allow the private sector to access confidential digital medical records provided "permission" has been given.

Earlier this month, a Health and Social Care Information Centre (HSCIC) was created under the 2012 Health and Social Act, clearing the way for Hunt's data-swapping dream in the cloud to become reality. The centre has the power to force health bodies to hand over "any information" that it deems "necessary or expedient".

The idea being that the HSCIC would be able to supposedly improve the quality of information available across the health sector.

Understandably, civil liberty campaigners strongly oppose such a move. And the Information Commissioner's Office has already cagily implied to The Register that it was concerned about the HSCIC's data-sharing powers. It told us earlier this month:

The Health and Social Care Information Centre (HSCIC), replaces the NHS Information Centre, and carries out many of the same functions. HSIC will be responsible for receiving information from health care providers (Foundation Trusts, GP surgeries, care homes etc.) and will be providing information to other health care bodies, such as NHS England and the new Clinical Commissioning Groups.

Section 259 of the Health and Social Care Act allows HSCIC to require and request information from health care providers and we are currently considering the extent to which this power exempts personal data from the non-disclosure provisions of the DPA (s35 DPA). This in turn has an impact on the obligations placed upon the organisations (data controllers) who are being asked to supply the information to the HSCIC.

We are working through this issue with NHS England the HSCIC and others and expect it to be resolved in the coming weeks.

And now, in the aftermath of the publication of Dame Caldicott's report, Hunt is expected to concede that patients should have the right to opt out of his NHS data-sharing plans. In essence, she has agreed that the NHS should have powers to more widely share data, but cautioned that such a move must be done in a measured way.

Dame Caldicott chaired a review of the use of patient-identifiable data between 1996 and 1997, and detailed six principles for the protection of people's confidentiality. This morning she added a seventh principle for information governance in the NHS that states:

The duty to share information can be as important as the duty to protect patient confidentiality. Health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by these principles.

They should be supported by the policies of their employers, regulators and professional bodies.

The Oxford pro vice-chancellor's additional principle came in light of "concerns about identifiable information being sought excessively and used inappropriately".

Her review's recommendations hope to safeguard such potential abuse of NHS data. It advised:

The Review Panel concludes that individuals should have the same level of protection under the law whether personal confidential data is shared between health service bodies, or whether the sharing is between a health service body and a non-health service body.

The Review Panel also recommends that the Department of Health commission a standard template common across the health and social care system for setting up data sharing agreements, to prevent unnecessary duplication of effort.

It added that "practical arrangements" should be put in place "to secure the safety of records when a provider’s contract comes to an end and sets out the protections and safeguards which exist to prevent inappropriate sharing of patient’s information with organisations such as insurers".

GPs have privately expressed concerns about the Tory-led Coalition's plans, which were first floated in late 2011 when Prime Minster David Cameron said he wanted to make anonymised versions of medical records available to researchers and the private sector. A similar push to open up the National Pupil Database is also being trumpeted by the government.

The PM previously promised that the government's data grab would "not threaten privacy". He added: "It doesn't mean anyone can look at your health records, but it does mean using anonymous data to make new medical breakthroughs.

"The end result will be that every willing patient is a research patient and every time you use the NHS you are playing a part in the fight against disease at home and around the world." ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Super Cali signs a kill-switch, campaigners say it's atrocious
Remote-death button bad news for crooks, protesters – and great news for hackers?
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
Don't even THINK about copyright violation, says Indian state
Pre-emptive arrest for pirates in Karnataka
The police are WRONG: Watching YouTube videos is NOT illegal
And our man Corfield is pretty bloody cross about it
Felony charges? Harsh! Alleged Anon hackers plead guilty to misdemeanours
US judge questions harsh sentence sought by prosecutors
prev story

Whitepapers

A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.