To put some context on my discussion, I should explain that I am my Trust's Caldicott Guardian, and more recently I am gravitating towards a role that could reasonably described as a "de-facto" CCIO. I had never connected the two but at the CCIO Network launch, I was sat next to someone in the same situation (CCIO + CG) and he said that he knew of two others. My discussion has a few threads:
- Is it something that is desirable and should be encouraged (and incorporated into the JD)?
- Is it common (or am I am annomally!). Even if you have nothing else to say, let me know what your experience is.
- Are there any important downsides that I am missing (other than volume of work involved)
Having raised those questions, I should share my thoughts. To me it is something that is not unreasonable and could even be described as desirable. However, picking up two other recent threads, it ranks lower on the priority list than technical knowledge of IT and is probably on a par with being a medically qualified CCIO in terms of desirability.
What I would say is that the work of Caldicott Guardians is increasingly dealing with matters that are IT related. Things that I have had to deal with include patient identifiable data on Facebook, DPA implications of services like Dropbox, and data sent via unencrypted media. That leads on to recent Information Commisioner fines for e-mail miss-sending (Aneurin Bevan Health Board) and hard disk loss (Brighton) - any breech of the DPA where patient data is involved is also a breech of Caldicott Principles. Perhaps I have framed my question wrongly - will Caldicott Guardians soon need to be the CCIO also?