Caldicott Review: Third time lucky
Dr Mark Davies, former medical director of the Health and Social Care Information Centre and GP of 20 years, reflects on the recent Caldicott review.
This month saw the publication of Dame Fiona Caldicott’s long-awaited review into data security in the NHS. This is the third time Dame Fiona has been asked to produce some recommendations on the subject and comes in the context of a fervent debate on the subject of health information.
It’s well-timed, much needed and built around a single notion – that of trust. People will trust what happens with their information when they can see what’s happening to it and when they control it. Dame Fiona’s paper is a powerful call for the introduction of a little more democracy in our clinical records.
It is not that data sharing has been tried and found wanting, it’s more that data sharing has been tried and found hard. I think we are all familiar with the backdrop to this publication, which includes a number of well-publicised data breaches and the public unease around the now scrapped Care.Data project.
The Five Year Forward View has set out the case for making the NHS sustainable by integrating care and moving to population-based healthcare systems – both of which require data sharing.
The people trying to deliver effective and safe care, either planning services or encouraging data sharing to co-ordinate our fragmented system, are crying out for a more pragmatic approach to information sharing. There are frightening levels of clinical risk in NHS Systems because of the lack of information sharing in different care settings. Ambulance drivers don’t know the GP thoughts on the patient’s condition, ED doctors aren’t aware of what the patient’s consultant is treating them with, and the poor patient hasn’t any visibility of what everyone else is saying about them. In a world of 21st century healthcare our communication can feel almost medieval.
Dame Fiona reminds us that the very foundation of the social contract of healthcare is confidentiality and we cannot afford to suggest that as a care system we don’t be see this as a basic tenet of how we work.
Thankfully one of her key themes is that the vast majority of people who work in the NHS take confidentiality very seriously. There is much said of training, audit, assurance and penalties which are ways of demonstrating how seriously this is taken. To quote the UK Council of Caldicott Guardians: “Information Governance should be as much as possible integrated into the broader governance of an organisation, and regarded as being as important as financial and clinical governance in organisational culture.”
There is a nagging suspicion among the general public that they don’t really know how the information in their clinical record is used. To address this, Dame Fiona talks of raising the public awareness and giving control with an opportunity to object to information being used for purposes other than their direct care.
This emphasis is both sensible and necessary but it is hard to achieve in the world of Big Brother suspicions of central government and financial institutions. There are two distinct purposes of information in addition to direct care – research and health planning. Whether there are separate objections to these two uses or they are bundled together in a single question is yet to be decided. We recently had experience of trying to reduce a complex social issue into a single question in the EU debate and I think we all recognise what was required was a more nuanced a granular assessment of views.
Interestingly, the proposed opt outs don’t apply to the flow of personal confidential data out of a GP surgery into NHS Digital. This is a highly contentious point and in many ways what did for Care.Data. The overwhelming majority of GPs take extremely seriously their responsibilities as a data controller of the cradle-to-grave-record that is the primary care clinical record. It will be interesting to see how that pans out – but I suspect it will be one of the more difficult areas of the recommendations.
Dame Fiona also puts to bed some myths – and this must be welcomed. For example, the fact that the majority of health service planning and management such as population health management, regulation or commissioning, can be done using data from which personal identifiers have been removed is well argued. The only exception is where bills have to be checked against particular patients. The work in East and North Hertfordshire CCG, which the report references, has shown that even here, confidential data is not required. The issue of invoice validation will be subject to further consideration by the Department of Health.
Dame Fiona calls for the adoption of modern technology standards around cyber security, training and software updates – “about time too!” I hear you cry. There is a clear acknowledgment that the information systems in a modern health system are as intrinsic as those in the operating theatres or the medication pipeline, and need to be treated with the same level of rigour and assurance.
But to return to the theme of trust, which may hold the key to effective information sharing – in the last year I have heard too often about the barrier that is IG and how the publication of Dame Fiona’s report is going to solve this. How much is this an excuse not to share? The report is here. I don’t think government departments are in a position to build trust in the current climate. That means it is up to those involved in commissioning, planning and delivering care. This is going to have to be done from the bottom up. Are you ready?
Have you got a story to tell? Would you like to become an NHE columnist? If so, click here.