latest health care news

06.07.16

Case for data sharing ‘still needs to be made to the public’, says Caldicott

NHS data security should be reviewed and strengthened by organisation leaders to a level similar to those assuring financial integrity and accountability, and much more must be done to improve public trust with regards to data sharing, Dame Fiona Caldicott has said.

In her third review into Data Security, the National Data Guardian (NDG) has recommended 10 new data security standards for health and social care organisations, as well as a new consent/opt-out model for patient data.

Dame Fiona said that one of the reasons she decided to undertake the review was that there has been little positive change in the use of data across health and social care since her 2013 Review “and this has been frustrating to see”.

Standards

Dame Fiona said that a redesigned Information Governance (IG) toolkit should be developed to embed the new standards, and NHS England should change its standard financial contracts to require organisations to take account of the data security standards.

Additionally, annual role-appropriate training should be mandatory for all who work in health and social care, with bespoke additional training for people in leadership roles, such as Caldicott Guardians, SIROs and board members.

Trusts and CCGs should use appropriate tools to identify unused and dormant accounts, unsupported systems and software, poorly maintained access permissions or default passwords.

Case for data sharing still needs to be made

With regards to data sharing, Dame Fiona said the case “still needs to be made to the public”. She added that there should be a new consent/opt-out model to allow people to opt out of their personal confidential data being used for purposes beyond their direct care. This would apply unless there is a mandatory legal requirement or an overriding public interest.

The NDG also said the government should consider introducing stronger sanctions to protect anonymised data. This should include criminal penalties for deliberate and negligent re-identification of individuals.

Although the report’s remit does not cover the implementation of the standards, Dame Fiona said there should be a full and comprehensive public consultation, and a key “aspect of this work must be a dialogue with the public”.

She added: “My recommendations centre on trust. Building public trust for the use of health and care data means giving people confidence that their private information is kept secure and used in their interests.

“Citizens have a right to know how their data is safeguarded. They should be included in conversations about the potential benefits that responsible use of their information can bring.

“They must be offered a clear choice about whether they want to allow their information to be part of this. I would encourage everyone to get involved in the consultation about the proposals that I am putting to government today.”

The Department of Health has provisionally accepted the recommendations and confirmed that there will be a public consultation and further testing of the recommendations put forward by Dame Fiona.

The NDG, who carried out the work alongside the CQC – which was asked to review the current approaches to data security in NHS organisations that provide services – added the regulator should amend its inspection framework to include assurance that appropriate internal and external validation against the new data security standards have been carried out, and make sure that inspectors involved are appropriately trained.

Additionally, HSCIC should use the redesigned IG Toolkit to inform CQC of ‘at risk’ organisations, and the CQC should use this information to prioritise action.

Both Dame Fiona’s and the CQC reports describe their finding of strong commitment among staff and organisations to keep data secure and that the public largely trusts the NHS to do so,  and have made a number of complementary recommendations to ensure that the drive for improved patient safety and high-quality services.

David Behan, chief executive of the CQC, said: “CQC has set out six recommendations aimed at improving arrangements for protecting personal data, and assuring the new standards proposed by the National Data Guardian.

“These recommendations focus on three key themes that are fundamental to the secure handling of data: people, processes and technology. Ultimately, however, it is for NHS leaders to demonstrate clear ownership and responsibility for data security, just as they do for clinical and financial management and accountability.”

Comments

Linda   06/07/2016 at 12:31

Its not just lay public that are yet to be convinced. I am not confident of data security if Govt involved I do NHS sharing for my benefit but not for govt scheme.

John O'brien   06/07/2016 at 14:59

An excellent report which does not recognise reality and human negligence. In January 2015 I made a subject access request for my medical records under the provisions of the 1998 Data Protection Act. It took East Surrey Hospital until August 27 to provide that information. Since then I have obtained medical reports from my GP and three other health service providers. My GP has my records held on computer, East Surrey Hospital still uses handwritten records. The other service providers printed off hard copies of both computer records. and had written records. I had reports on my records from two consultants which contradicted each other. I also had reports from two GP.s both of which contradicted the opinions of the consultants. It is quite clear that until the NHS provides a competent and accessible record keeping system across the entire service the concept is just a pipe dream. But please keep trying as I hope you may get there in the end.. As far as security goes there are many encryption systems used by retailers and banks which ensure security of financial data . It is time the NHS moved on from using fax as a means of communication and used encrypted system to transmit data. Everybody does it especially when they shop online !

Add your comment

 

national health executive tv

more videos >

featured articles

View all News

last word

The Refugee Doctor Initiative

The Refugee Doctor Initiative

Terry John, co-chair of the BMA & BDA Refugee Doctors and Dentists Liaison Group and chair of the union’s international committee, talks about a brilliant initiative that is proving mutual more > more last word articles >

health service focus

View all News

comment

Make doing the right thing easy

11/10/2017Make doing the right thing easy

Kay Currie, professor of Nursing & Applied Healthcare Research, ‘... more >
STAR: an innovative app for speech therapy

11/10/2017STAR: an innovative app for speech therapy

Dr Stuart Cunningham, a senior lecturer in Human Communication Sciences at ... more >

interviews

Tackling infection prevention locally

04/10/2017Tackling infection prevention locally

Dr Emma Burnett, a lecturer and researcher in infection prevention at the U... more >
681 149x260 NHE Subscribe button

the scalpel's daily blog

A new paradigm for public health

10/11/2017A new paradigm for public health

Heather Henry RN MBA, Queens nurse and chair of the New NHS Alliance looks into the issue of health inequality in the NHS. Health inequality is like the many-headed hydr... more >
read more blog posts from 'the scalpel' >

healthcare events

events calendar

back

November 2017

forward
mon tue wed thu fri sat sun
30 31 1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 1 2 3
4 5 6 7 8 9 10

editor's comment

25/09/2017A hotbed of innovation

This edition of NHE comes hot on the heels of this year’s NHS Expo which, once again, proved to be a huge success at Manchester Central. A number of announcements were made during the event, with the health secretary naming the second wave of NHS digital pioneers, or ‘fast followers’, which follow the initial global digital exemplars who were revealed at the same show 12 months earlier.  Jeremy Hunt also stated that by the end of 2018 – the 70th birthday... read more >