The content of this website is intended for healthcare professionals only

New measures proposed to bolster security of health and care information

Plans include development of a new consent/opt-out data sharing option

Caroline White

Wednesday, 06 July 2016

New proposals to strengthen the security of health and care information and help people make informed choices about how their data is used, have been set out by the National Data Guardian, Dame Fiona Caldicott, today.

The recommendations follow in the wake of a Care Quality Commission (CQC) review, commissioned by health secretary Jeremy Hunt, which looked at existing levels of data security across the NHS.

The proposals include plans to develop a new consent/opt-out data sharing option.

Both reports found a strong commitment among staff and organisations to keep data secure and that the public largely trusts the NHS to do this, but both reports have also pinpointed areas where more can be done.

The reviews make several complementary recommendations to ensure that the drive for improved patient safety and high quality services is supported by accurate information, available to the right people at the right time, while maintaining respect for confidentiality.

Both reports recommend that leaders of every organisation should demonstrate clear accountability and responsibility for data security, just as they do for clinical and financial matters; and the provision of internal and external scrutiny of whether the new data standards are being implemented.

The National Data Guardian review also recommends 10 new data security standards to apply to all organisations that hold health or care information and a much more extensive dialogue with the public about how their health and care information is used and the benefits of data sharing.

The review underlines that information is essential to support excellent care as well as for a range of beneficial purposes such as helping researchers to develop life-saving medicine or regulators to see when things are going wrong promptly. But there is currently little public awareness of how information is used.

The National Data Guardian review says there should be a new opt-out to make it clear to patients how their health and care information can be used and in what circumstances they can opt out of it being shared for purposes other than their direct care. It found that people tend to support their health and care information being used where they can see the benefit, but want to be given a choice about that.

Whether people opt out or not, they should be reassured that their health and care information will only ever be used if the law allows and never for marketing or insurance, unless they consent separately to this, it says.

The Department of Health has today provisionally accepted the recommendations and confirmed that there will be a public consultation and further testing of the recommendations put forward by the National Data Guardian.

Dame Fiona Caldicott, said that her recommendations centred on trust.

“Building public trust for the use of health and care data means giving people confidence that their private information is kept secure and used in their interests,” she said.

And she added: “Citizens have a right to know how their data is safeguarded. They should be included in conversations about the potential benefits that responsible use of their information can bring. They must be offered a clear choice about whether they want to allow their information to be part of this.”

David Behan, Chief Executive of the CQC, commented: “The ability of NHS organisations to access and share patient information is crucial to the delivery of safe, effective care. But without robust processes, there’s a risk that information may be compromised, may not be accessible when it’s needed, or may not be kept confidential.”

CQC has set out six recommendations aimed at improving arrangements for protecting personal data, and assuring the new standards proposed by the National Data Guardian. These recommendations focus on three main themes: people, processes and technology.

“Ultimately, however, it is for NHS leaders to demonstrate clear ownership and responsibility for data security, just as they do for clinical and financial management and accountability,” he said.

Professor Nigel Mathers, Honorary Secretary for the Royal College of GPs, said: “The NHS must be beyond reproach when it comes to the use of patient data for any purpose, so Dame Fiona is right to say that further steps must be taken to build public trust for the use of their information and we welcome her call for a much fuller conversation with the public.

“GPs are the most trusted healthcare professionals in the NHS, and it is important that this trust extends to the way in which we use information about our patients’ health.

"What is essential is that patients understand how and when information about their health - anonymised or not - is being used, and that they are confident it will be kept secure. This way, the trust patients have in their GP will be maintained."

Registered in England and Wales. Reg No. 2530185. c/o Wilmington plc, 5th Floor, 10 Whitechapel High Street, London E1 8QS. Reg No. 30158470