Caldicott review: information governance in the health and care system

Information: To Share Or Not To Share? The Information Governance Review
The Caldicott2 Review, 26 April 2013

• An independent review of information sharing to ensure that there is an appropriate balance between the protection of patient information and the use and sharing of information to improve patient care.
• Update of the 1997 report
• Chapter 7 deals with the challenge facing NHS commissioners, and concludes that "commissioners in local authorities and Public Health England must adhere to the same standards, guidance and good practice and be subject to the same penalties for poor practice as the NHS when commissioning services." The Review Panel does not support the proposition that access to personal confidential data for commissioning purposes would be legitimate as suggested by the NHS Commissioning Board.
• The review found widespread support for the original Caldicott principles but has updated them and added an addition principle.
• 1. Justify the purpose(s)
• 2. Don’t use personal confidential data unless it is absolutely necessary
• 3. Use the minimum necessary personal confidential data
• 4. Access to personal confidential data should be on a strict need-to-know basis
• 5. Everyone with access to personal confidential data should be aware of their
• 6. Comply with the law
• 7. The duty to share information can be as important as the duty to protect patient confidentiality.

Read response from the Health Secretary here including the announcement that:

"any patient that does not want personal data held in their GP record to be shared with the Health and Social Care Information Centre will have their objection respected" and "where personal data has already been shared from a GP practice to the Information Centre, a patient will still be able to have the identifiable information removed"

Read the response from the Nuffield Trust here including the implications for CCGs

"As well as emphasising situations in which one might legitimately share personal confidential data, the Review also notes several instances in which it would be inappropriate. The most significant is in the service of commissioning, say by NHS England or a clinical commissioning group (CCG)."

 "Thus, if a CCG , wishes to link personal confidential data from say, primary and secondary care, for the purposes of risk-stratification or predictive risk analysis, it will have to go through an 'accredited safe haven'."