Article Text
Statistics from Altmetric.com
Report from the National Data Guardian for Health and Care
In July, the National Data Guardian (NDG) for health and care in England, Dame Fiona Caldicott, published her Review of Data Security, Consent and Opt-Outs.1 The role of NDG was created in 2014 to advise and challenge the health and care system to help ensure that citizens' personal confidential information is safeguarded securely and used properly.
The review makes 20 recommendations to the Department of Health, including proposals for 10 new data security standards for the National Health Service (NHS) and social care, a method for testing compliance against the standards and a new ‘eight-point’ model for consent and opt-out for sharing personal confidential information for purposes beyond an individual's direct care.
Data security
The review heard that 41% of all breaches reported to the UK Information Commissioner's Office (ICO) were from the health sector.2 The review concluded that the breaches were caused by people, process and technology and have based the recommendations and standards around these three themes.
Dame Fiona proposes 10 data security standards that would apply in every health and care organisation which handles personal confidential information. These include measures which will protect systems against data breaches and ensure that organisations are as prepared as they can be to meet the challenges of the digital age and the growing threat from cyber-attacks.
Strong leadership was considered to be crucial to data security. The 10 data security standards are therefore clustered under three leadership obligations:
People: ensure staff are equipped to handle information respectfully and safely, according to the Caldicott Principles.i
Process: ensure the organisation proactively prevents data security breaches and responds appropriately to incidents or near misses.
Technology: ensure technology is secure and up to date.
Consent/opt-out of information sharing in health and social care
The review makes nine recommendations in relation to consent and opt-out. One of the recommendations puts forward a new ‘eight-point’ …
Footnotes
Competing interests None declared.
Provenance and peer review Not commissioned; internally peer reviewed.
↵i There are seven Caldicott Principles which apply to the handling of health data, see—Department of Health (2013) Information: to share or not to share p. 5.
↵ii The Information Commissioner's Office has a code of practice which sets out how data might be sufficiently anonymised that it may be used in controlled circumstances without breaching privacy.
↵iii NHS Digital (formerly the Health and Social Care Information Centre) is the focal point of heath information collection and analysis in England.
Read the full text or download the PDF:
Other content recommended for you
- Dissenting from care.data: an analysis of opt-out forms
- Ethics briefing
- A cross-sectional study of all clinicians’ conflict of interest disclosures to NHS hospital employers in England 2015-2016
- Navigating data governance associated with real-world data for public benefit: an overview in the UK and future considerations
- Disclosure of payments by pharmaceutical companies to healthcare professionals in the UK: analysis of the Association of the British Pharmaceutical Industry’s Disclosure UK database, 2015 and 2016 cohorts
- Assisted dying
- Briefing: Why do we need a mandatory register of doctors’ interests?
- GMC says it can’t force doctors to disclose payments from drug companies
- The whistleblowing drama behind Astellas’s suspension from the ABPI
- Abortion—Northern Ireland (NI)