Feeds

Caldicott: NHS workers should 'have the confidence to share information'

'As important as duty to protect patient confidentiality'

Beginner's guide to SSL certificates

Dame Fiona Caldicott, who is scrutinising the government's plan to hand NHS patient records to private companies, today gave the proposals the thumbs-up - with a few caveats, naturally.

The noted psychiatrist's review [PDF] of the data-sharing scheme was published just minutes ago.

Her report, drafted in March, follows Health Secretary Jeremy Hunt's announcement that he wants a "paperless" NHS by 2018, one that will allow the private sector to access confidential digital medical records provided "permission" has been given.

Earlier this month, a Health and Social Care Information Centre (HSCIC) was created under the 2012 Health and Social Act, clearing the way for Hunt's data-swapping dream in the cloud to become reality. The centre has the power to force health bodies to hand over "any information" that it deems "necessary or expedient".

The idea being that the HSCIC would be able to supposedly improve the quality of information available across the health sector.

Understandably, civil liberty campaigners strongly oppose such a move. And the Information Commissioner's Office has already cagily implied to The Register that it was concerned about the HSCIC's data-sharing powers. It told us earlier this month:

The Health and Social Care Information Centre (HSCIC), replaces the NHS Information Centre, and carries out many of the same functions. HSIC will be responsible for receiving information from health care providers (Foundation Trusts, GP surgeries, care homes etc.) and will be providing information to other health care bodies, such as NHS England and the new Clinical Commissioning Groups.

Section 259 of the Health and Social Care Act allows HSCIC to require and request information from health care providers and we are currently considering the extent to which this power exempts personal data from the non-disclosure provisions of the DPA (s35 DPA). This in turn has an impact on the obligations placed upon the organisations (data controllers) who are being asked to supply the information to the HSCIC.

We are working through this issue with NHS England the HSCIC and others and expect it to be resolved in the coming weeks.

And now, in the aftermath of the publication of Dame Caldicott's report, Hunt is expected to concede that patients should have the right to opt out of his NHS data-sharing plans. In essence, she has agreed that the NHS should have powers to more widely share data, but cautioned that such a move must be done in a measured way.

Dame Caldicott chaired a review of the use of patient-identifiable data between 1996 and 1997, and detailed six principles for the protection of people's confidentiality. This morning she added a seventh principle for information governance in the NHS that states:

The duty to share information can be as important as the duty to protect patient confidentiality. Health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by these principles.

They should be supported by the policies of their employers, regulators and professional bodies.

The Oxford pro vice-chancellor's additional principle came in light of "concerns about identifiable information being sought excessively and used inappropriately".

Her review's recommendations hope to safeguard such potential abuse of NHS data. It advised:

The Review Panel concludes that individuals should have the same level of protection under the law whether personal confidential data is shared between health service bodies, or whether the sharing is between a health service body and a non-health service body.

The Review Panel also recommends that the Department of Health commission a standard template common across the health and social care system for setting up data sharing agreements, to prevent unnecessary duplication of effort.

It added that "practical arrangements" should be put in place "to secure the safety of records when a provider’s contract comes to an end and sets out the protections and safeguards which exist to prevent inappropriate sharing of patient’s information with organisations such as insurers".

GPs have privately expressed concerns about the Tory-led Coalition's plans, which were first floated in late 2011 when Prime Minster David Cameron said he wanted to make anonymised versions of medical records available to researchers and the private sector. A similar push to open up the National Pupil Database is also being trumpeted by the government.

The PM previously promised that the government's data grab would "not threaten privacy". He added: "It doesn't mean anyone can look at your health records, but it does mean using anonymous data to make new medical breakthroughs.

"The end result will be that every willing patient is a research patient and every time you use the NHS you are playing a part in the fight against disease at home and around the world." ®

Beginner's guide to SSL certificates

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Simplify SSL certificate management across the enterprise
Simple steps to take control of SSL across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these Certificates.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.