Feeds

Caldicott: NHS workers should 'have the confidence to share information'

'As important as duty to protect patient confidentiality'

Beginner's guide to SSL certificates

Dame Fiona Caldicott, who is scrutinising the government's plan to hand NHS patient records to private companies, today gave the proposals the thumbs-up - with a few caveats, naturally.

The noted psychiatrist's review [PDF] of the data-sharing scheme was published just minutes ago.

Her report, drafted in March, follows Health Secretary Jeremy Hunt's announcement that he wants a "paperless" NHS by 2018, one that will allow the private sector to access confidential digital medical records provided "permission" has been given.

Earlier this month, a Health and Social Care Information Centre (HSCIC) was created under the 2012 Health and Social Act, clearing the way for Hunt's data-swapping dream in the cloud to become reality. The centre has the power to force health bodies to hand over "any information" that it deems "necessary or expedient".

The idea being that the HSCIC would be able to supposedly improve the quality of information available across the health sector.

Understandably, civil liberty campaigners strongly oppose such a move. And the Information Commissioner's Office has already cagily implied to The Register that it was concerned about the HSCIC's data-sharing powers. It told us earlier this month:

The Health and Social Care Information Centre (HSCIC), replaces the NHS Information Centre, and carries out many of the same functions. HSIC will be responsible for receiving information from health care providers (Foundation Trusts, GP surgeries, care homes etc.) and will be providing information to other health care bodies, such as NHS England and the new Clinical Commissioning Groups.

Section 259 of the Health and Social Care Act allows HSCIC to require and request information from health care providers and we are currently considering the extent to which this power exempts personal data from the non-disclosure provisions of the DPA (s35 DPA). This in turn has an impact on the obligations placed upon the organisations (data controllers) who are being asked to supply the information to the HSCIC.

We are working through this issue with NHS England the HSCIC and others and expect it to be resolved in the coming weeks.

And now, in the aftermath of the publication of Dame Caldicott's report, Hunt is expected to concede that patients should have the right to opt out of his NHS data-sharing plans. In essence, she has agreed that the NHS should have powers to more widely share data, but cautioned that such a move must be done in a measured way.

Dame Caldicott chaired a review of the use of patient-identifiable data between 1996 and 1997, and detailed six principles for the protection of people's confidentiality. This morning she added a seventh principle for information governance in the NHS that states:

The duty to share information can be as important as the duty to protect patient confidentiality. Health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by these principles.

They should be supported by the policies of their employers, regulators and professional bodies.

The Oxford pro vice-chancellor's additional principle came in light of "concerns about identifiable information being sought excessively and used inappropriately".

Her review's recommendations hope to safeguard such potential abuse of NHS data. It advised:

The Review Panel concludes that individuals should have the same level of protection under the law whether personal confidential data is shared between health service bodies, or whether the sharing is between a health service body and a non-health service body.

The Review Panel also recommends that the Department of Health commission a standard template common across the health and social care system for setting up data sharing agreements, to prevent unnecessary duplication of effort.

It added that "practical arrangements" should be put in place "to secure the safety of records when a provider’s contract comes to an end and sets out the protections and safeguards which exist to prevent inappropriate sharing of patient’s information with organisations such as insurers".

GPs have privately expressed concerns about the Tory-led Coalition's plans, which were first floated in late 2011 when Prime Minster David Cameron said he wanted to make anonymised versions of medical records available to researchers and the private sector. A similar push to open up the National Pupil Database is also being trumpeted by the government.

The PM previously promised that the government's data grab would "not threaten privacy". He added: "It doesn't mean anyone can look at your health records, but it does mean using anonymous data to make new medical breakthroughs.

"The end result will be that every willing patient is a research patient and every time you use the NHS you are playing a part in the fight against disease at home and around the world." ®

Security for virtualized datacentres

More from The Register

next story
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Spies, avert eyes! Tim Berners-Lee demands a UK digital bill of rights
Lobbies tetchy MPs 'to end indiscriminate online surveillance'
How the FLAC do I tell MP3s from lossless audio?
Can you hear the difference? Can anyone?
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.