latest health care news


Case for data sharing ‘still needs to be made to the public’, says Caldicott

NHS data security should be reviewed and strengthened by organisation leaders to a level similar to those assuring financial integrity and accountability, and much more must be done to improve public trust with regards to data sharing, Dame Fiona Caldicott has said.

In her third review into Data Security, the National Data Guardian (NDG) has recommended 10 new data security standards for health and social care organisations, as well as a new consent/opt-out model for patient data.

Dame Fiona said that one of the reasons she decided to undertake the review was that there has been little positive change in the use of data across health and social care since her 2013 Review “and this has been frustrating to see”.


Dame Fiona said that a redesigned Information Governance (IG) toolkit should be developed to embed the new standards, and NHS England should change its standard financial contracts to require organisations to take account of the data security standards.

Additionally, annual role-appropriate training should be mandatory for all who work in health and social care, with bespoke additional training for people in leadership roles, such as Caldicott Guardians, SIROs and board members.

Trusts and CCGs should use appropriate tools to identify unused and dormant accounts, unsupported systems and software, poorly maintained access permissions or default passwords.

Case for data sharing still needs to be made

With regards to data sharing, Dame Fiona said the case “still needs to be made to the public”. She added that there should be a new consent/opt-out model to allow people to opt out of their personal confidential data being used for purposes beyond their direct care. This would apply unless there is a mandatory legal requirement or an overriding public interest.

The NDG also said the government should consider introducing stronger sanctions to protect anonymised data. This should include criminal penalties for deliberate and negligent re-identification of individuals.

Although the report’s remit does not cover the implementation of the standards, Dame Fiona said there should be a full and comprehensive public consultation, and a key “aspect of this work must be a dialogue with the public”.

She added: “My recommendations centre on trust. Building public trust for the use of health and care data means giving people confidence that their private information is kept secure and used in their interests.

“Citizens have a right to know how their data is safeguarded. They should be included in conversations about the potential benefits that responsible use of their information can bring.

“They must be offered a clear choice about whether they want to allow their information to be part of this. I would encourage everyone to get involved in the consultation about the proposals that I am putting to government today.”

The Department of Health has provisionally accepted the recommendations and confirmed that there will be a public consultation and further testing of the recommendations put forward by Dame Fiona.

The NDG, who carried out the work alongside the CQC – which was asked to review the current approaches to data security in NHS organisations that provide services – added the regulator should amend its inspection framework to include assurance that appropriate internal and external validation against the new data security standards have been carried out, and make sure that inspectors involved are appropriately trained.

Additionally, HSCIC should use the redesigned IG Toolkit to inform CQC of ‘at risk’ organisations, and the CQC should use this information to prioritise action.

Both Dame Fiona’s and the CQC reports describe their finding of strong commitment among staff and organisations to keep data secure and that the public largely trusts the NHS to do so,  and have made a number of complementary recommendations to ensure that the drive for improved patient safety and high-quality services.

David Behan, chief executive of the CQC, said: “CQC has set out six recommendations aimed at improving arrangements for protecting personal data, and assuring the new standards proposed by the National Data Guardian.

“These recommendations focus on three key themes that are fundamental to the secure handling of data: people, processes and technology. Ultimately, however, it is for NHS leaders to demonstrate clear ownership and responsibility for data security, just as they do for clinical and financial management and accountability.”


Linda   06/07/2016 at 12:31

Its not just lay public that are yet to be convinced. I am not confident of data security if Govt involved I do NHS sharing for my benefit but not for govt scheme.

John O'brien   06/07/2016 at 14:59

An excellent report which does not recognise reality and human negligence. In January 2015 I made a subject access request for my medical records under the provisions of the 1998 Data Protection Act. It took East Surrey Hospital until August 27 to provide that information. Since then I have obtained medical reports from my GP and three other health service providers. My GP has my records held on computer, East Surrey Hospital still uses handwritten records. The other service providers printed off hard copies of both computer records. and had written records. I had reports on my records from two consultants which contradicted each other. I also had reports from two GP.s both of which contradicted the opinions of the consultants. It is quite clear that until the NHS provides a competent and accessible record keeping system across the entire service the concept is just a pipe dream. But please keep trying as I hope you may get there in the end.. As far as security goes there are many encryption systems used by retailers and banks which ensure security of financial data . It is time the NHS moved on from using fax as a means of communication and used encrypted system to transmit data. Everybody does it especially when they shop online !

Add your comment

national health executive tv

more videos >

featured articles

View all News

last word

Haseeb Ahmad: ‘We all have a role to play in getting innovations quicker’

Haseeb Ahmad: ‘We all have a role to play in getting innovations quicker’

Haseeb Ahmad, president of the Association of the British Pharmaceutical Industry (ABPI), sits down with National Health Executive as part of our Last Word Q&A series. Would you talk us throu more > more last word articles >

health service focus

View all News


NHS England dementia director prescribes rugby for mental health and dementia patients

23/09/2019NHS England dementia director prescribes rugby for mental health and dementia patients

Reason to celebrate as NHS says watching rugby can be good for your mental ... more >
Peter Kyle MP: It’s time to say thank you this Public Service Day

21/06/2019Peter Kyle MP: It’s time to say thank you this Public Service Day

Taking time to say thank you is one of the hidden pillars of a society. Bei... more >


Matt Hancock says GP recruitment is on the rise to support ‘bedrock of the NHS’

24/10/2019Matt Hancock says GP recruitment is on the rise to support ‘bedrock of the NHS’

Today, speaking at the Royal College of General Practitioners (RCGP) annual... more >

the scalpel's daily blog

Covid-19 can signal a new deal with the public on health

28/08/2020Covid-19 can signal a new deal with the public on health

Danny Mortimer, Chief Executive, NHS Employers & Deputy Chief Executive, NHS Confederation The common enemy of coronavirus united the public side by side wi... more >
read more blog posts from 'the scalpel' >