TY - JOUR T1 - Report from the national data guardian for health and care JF - Journal of Medical Ethics JO - J Med Ethics SP - 690 LP - 692 DO - 10.1136/medethics-2016-103887 VL - 42 IS - 10 AU - Sophie Brannan AU - Ruth Campbell AU - Martin Davies AU - Veronica English AU - Rebecca Mussell AU - Julian C Sheather Y1 - 2016/10/01 UR - http://jme.bmj.com/content/42/10/690.abstract N2 - In July, the National Data Guardian (NDG) for health and care in England, Dame Fiona Caldicott, published her Review of Data Security, Consent and Opt-Outs.1 The role of NDG was created in 2014 to advise and challenge the health and care system to help ensure that citizens' personal confidential information is safeguarded securely and used properly.The review makes 20 recommendations to the Department of Health, including proposals for 10 new data security standards for the National Health Service (NHS) and social care, a method for testing compliance against the standards and a new ‘eight-point’ model for consent and opt-out for sharing personal confidential information for purposes beyond an individual's direct care.Data securityThe review heard that 41% of all breaches reported to the UK Information Commissioner's Office (ICO) were from the health sector.2 The review concluded that the breaches were caused by people, process and technology and have based the recommendations and standards around these three themes.Dame Fiona proposes 10 data security standards that would apply in every health and care organisation which handles personal confidential information. These include measures which will protect systems against data breaches and ensure that organisations are as prepared as they can be to meet the challenges of the digital age and the growing threat from cyber-attacks.Strong leadership was considered to be crucial to data security. The 10 data security standards are therefore clustered under three leadership obligations: People: ensure staff are equipped to handle information respectfully and safely, according to the Caldicott Principles.iProcess: ensure the organisation proactively prevents data security breaches and responds appropriately to incidents or near misses.Technology: ensure technology is secure and up to date.Consent/opt-out of information sharing in health and social careThe review makes nine recommendations in relation to consent and opt-out. One of the recommendations puts forward a new ‘eight-point’ … ER -