NHS data watchdog calls for ‘no surprises’ rule in use of patient info
Consultation opened on addition of eighth principle for the health system’s use of data
The independent watchdog for the use of data across the NHS and social services has called for the enshrinement of a rule that there be “no surprises” for citizens in how their data is used.
The National Data Guardian for Health and Social Care (NDG) Dame Fiona Caldicott has opened a public consultation on plans to add an eighth tenet to the existing total of seven Caldicott Principles that govern how patient information should be handled and used.
The new rule would, she said, “emphasise the importance of there being no surprises for patients and service users with regard to how their confidential health and care data is used”.
Caldicott – whose role does not possess a regulatory function, but has statutory powers to formally guide and challenge the health and social care system – developed the principles that bear her name in 1997, having conducted a review of NHS information-handling practices.
They were launched as a set of six principles which all health-service organisations were asked to adopt: justify the purposes for using confidential information; don't use personal confidential data unless it is absolutely necessary; use the minimum necessary personal confidential data; access to personal confidential data should be on a strict need-to-know basis; everyone with access to personal confidential data should be aware of their responsibilities; and comply with the law.
Following the completion of a second review in 2013, a seventh principle was added: the duty to share information can be as important as the duty to protect patient confidentiality.
The proposed eighth rule is: “Inform the expectations of patients and service users about how their confidential information is to be used”
If this ‘no surprises’ rule is added, it would be the first new addition to the guidance in seven years.
Before it is adopted, Caldicott is asking citizens to respond online to a public consultation launched today and running until 3 September.
In addition to feedback on the proposed addition of an eighth principle, the consultation is also interested in hearing any suggested amendments to the existing seven.
Furthermore, the NDG wishes to receive views about the role of so-called Caldicott Guardians, whose remit is to “help their organisations to ensure that information is used legally, ethically and wisely in accordance with the principles”. There are currently 18,000 Caldicott Guardians working across bodies in health, social care, and related sectors.
Caldicott is asking the public to provide their “views on whether, under her statutory power to issue guidance, she should issue guidance proposing that all health and adult social care organisations in England should appoint a Caldicott Guardian”. The data watchdog also wishes to hear ideas for how such a proposal could be implemented “appropriately and proportionately” – particularly for smaller organisations.
Caldicott said: “I have long emphasised the importance of dialogue with the public about how confidential information is used by the health and care system. This is essential to ensure that people can trust that what they tell their doctor, social worker, nurse or other care professional is treated with appropriate respect and used beneficially. All those working in health and care have a part to play in that dialogue. I hope that our proposals will support this and look forward to hearing how they are received.”
Anyone wishing to take part in the consultation can do so here.
Thousands of citizens vaccinated as part of research schemes currently need to request a letter to demonstrate that they have been vaccinated
Campaign groups Foxglove and The Citizens to launch court case in two weeks if practice is not stopped
Commencement of GPDPR pushed back by two months
Department made first bulk data transfer to NHS England in February
It’s been one of the most challenging years for healthcare providers, but Salesforce sees lasting change from accelerated digital transformation
Higher Education institutions are some of the most consistently targeted organisations for cyberattacks. CrowdStrike explores the importance of the right cybersecurity measures.