26 November 2014 00:12


News
Twitter RSS Newsletter Send to a friend
8

Caldicott2 report treads fine line

26 April 2013   Lis Evenstad

Dame Fiona Caldicott

Information should be shared across health and social care when it is in patients’ best interests, but patients should be able to see an audit trail of everyone who has accessed their personal data.

These are the key recommendations of the Caldicott2 review, which reported this morning. 'Information: to share or not to share', was launched today at the ICO Conference Centre in London, and sets out 26 recommendations for the NHS.

The review, led by Dame Fiona Caldicott, who also led the Caldicott Committee that put in place most of the NHS’ existing information governance structures in the mid-1990s, also says patients should also have better access to their own information, including their records and correspondence about them.

“The review panel thinks this right of access should cover hospital records, community records and personal confidential data held by all organisations within the health and social care system,” says the report.

“It recommends that all communications between different health and social care teams should be copied to the patient or service user. There should be ‘no surprises’ for the patient about who has had access.”

The Caldicott2 review was set up in response to a recommendation in a 2011 NHS Future Forum report looking at the government’s plans to reorganise and reform the health service.

It noted that as the NHS moves towards a paperless future, the increased use of technology has led to concerns about the security of information and breaches of confidentiality.

On the other hand, it asked whether concerns about confidentiality have stifled information sharing, even when this can make services more accessible and efficient for patients.

The Caldicott review recognises that patient’s should be allowed to ‘opt out’ of their information being shared, but says it is important to strike a balance between patient confidentiality and information sharing.

Although education on information governance is a requirement for healthcare professionals, it says many are ‘insecure’ about the rules, which sometimes leads to data, which should be shared, not being shared.

“The review panel discovered that the mandatory training is often a ‘tick-box exercise’. Health and social care professionals should be educated and not simply trained in effective policies and processes for sharing of information.

“This education should include a professional component explaining why there may be a duty to share information in the interests of the patient, as well as the legal aspects of the common law of confidentiality, the Data Protection Act and Human Rights Act.”

The final recommendation adds that health secretary Jeremy Hunt should oversee the use of the recommendations in practice.

“The Secretary of State for Health should maintain oversight of the recommendations from the Information Governance Review and should publish an assessment of the implementation of those recommendations within 12 months of the publication of the review’s final report,” it says.

As EHI reported earlier this month, the review also adds a new Caldicott principle:”The duty to share information can be as important as the duty to protect patient confidentiality.”

“Our overarching aim has been to ensure that there is an appropriate balance between the protection of the patient or user’s information, and the use and sharing of such information to improve care,” says Dame Fiona Caldicott in the foreword of the report.

Mark Davies, medical director at the Health and Social Care Information Centre, told EHI:  "The HSCIC welcomes the report and sees it as a significant step towards more appropriate data sharing  which will have real impact on patient care." 

Link

Caldicott2 Review


Related Articles:

10 News: Caldicott recommends 'duty to share' | 11 April 2013
2 Insight: EHI Live interview: Dame Fiona Caldicott | 22 October 2012
Last updated: 29 April 2013 16:03

© 2013 EHealth Media.


Follow

The balance is between security of life and security of "privacy"

Richard Fitton 81 weeks ago

There is a balance between staying alive and staying known. If you want no one to know any thing about you you will stay at home and never go outside. If you want to see a specialist about infertility, breast augmentation, venereal disease, psychiatric problem, there is a chance that some one you know will see you there. If you wear a bag over your head so that some one will not notice you - it will not work.

If you have kidney failure, haemophilia, recurring strokes, cancer, you want as many people to have the required information as possible and the chances of anonymity decrease. Patients holding access to their records and watchig who has seen them are two very powerful tools to aid privacy and safety of life.

Can people look at audit trails? Yes we look at Tesco's receipts, TV guides, on line shopping, bank statements, football results, and we spend 20 hours a week watching tv. Life is important to and important for most humans and they should spend a little more time workiong on and being interested in their own health and health records - and in that of their dependants and when requested - friends.

Here are the fundamental human right issues. Modern society is favouring more citizen rights but that incurs responsibility and work too!

chiiudesiyxbhttp://www.echr.coe.int/ECHR/EN/Header/Basic Texts/The Convention and additional protocols/The European Convention on Human Rights/

SECTION I

RIGHTS AND FREEDOMS

ARTICLE 2

Right to life

1. Everyone%u219s right to life shall be protected by law.

ARTICLE 8

Right to respect for private and family life

1. Everyone has the right to respect for his private and family

life, his home and his correspondence.

2. There shall be no interference by a public authority with the

exercise of this right except such as is in accordance with the

law and is necessary in a democratic society in the interests of

national security, public safety or the economic well-being of the

country, for the prevention of disorder or crime, for the protection

of health or morals, or for the protection of the rights and freedoms

of others.

ARTICLE 10

Freedom of expression

1. Everyone has the right to freedom of expression. This right

shall include freedom to hold opinions and to receive and impart

information and ideas without interference by public authority

and regardless of frontiers. This Article shall not prevent States

from requiring the licensing of broadcasting, television or cinema

enterprises.


Reply
Flag
 
Like

This comment is:

Email address:

Submit

Follow

Post

 

Richard Fitton
Expertise:
Clinician
Sector:
Other
Approved posts:
74
Likes:
0
My EHI score:
74
Reward badges:

pARAnoiD GuARdiAn

Infoman 81 weeks ago

I've read the report and being paranoid about my org will be sued refer all my staff to section 3.3 and recomendation 2.

After some contemplation and a few hours spent with the legal team I've confirmed that we can no longer allow complete case notes (whether paper or electronic) to be passed from dept to dept because there's no way to decide which bits are "relevent" when they are relevent or to whom they might be relevent.

I've decided we need to create mutliple case notes / records. One for each medical / health event.


Reply
Flag
 
Like

This comment is:

Email address:

Submit

Follow

Post

 

Infoman
Expertise:
Other professional
Sector:
Public sector
Approved posts:
128
Likes:
0
My EHI score:
128
Reward badges:

The road to sharing is unbroken tarmac not crazy paving

JacquesOuze 82 weeks ago

The findings and recommendations of the review are very welcome and the report contains plenty that is good and sensible. But I still read it with a sense of disappointment and frustration.

Although there has been an attempt to rebalance the rules in a way that gives greater emphasis to sharing information for the benefit of patients, the top-level message is still the same: information sharing is risky and severe punishment awaits those that get it wrong.

As you might expect from a review conducted by highly intelligent people, capable of handling complexity and nuance, they recommend that staff just need more education in understanding the complexity and nuance of the rules, rather than any simplification of those rules. I think that's the wrong approach.

What is required more than anything else, is a very clear, loud, simple statement to staff, that if they share information for the benefit of patients, they will be OK. Even if they get it wrong; even if the recipient didn't strictly need to know, even if somebody subsequently misuses that information. So long as it can't be proved that there was malice, negligence or other nefarious motivations behind the decision to share, then there should be a guarantee of safety.

It's not that I think that front line staff are too dim to engage with the complex detail of the rules, although a few undoubtedly will be. But they need to be free to get on with their job to the best of their ability without having to undertake a legalistic analysis every time they make sharing decisions.

It might be that any follow-on guidance that comes from professional bodies can achieve this clarity, although I seriously doubt it. But without a very clear high level message of safety, staff will still tend to play it safe and not take the risk of sharing, because that's easier than trying to apply complex rules to each specific case.


Reply
2 Replies
Flag
 +5
Like

This comment is:

Email address:

Submit

Follow

Post

 

Top 20
JacquesOuze
Expertise:
IT professional
Sector:
Public sector
Approved posts:
195
Likes:
0
My EHI score:
195
Reward badges:

Excellent comment

timbenson 81 weeks ago

This comment is spot on (including the headline). Problem with IG is that following due Process was made to appear more important than useful Outputs for patients, so diligent completion of an onerous Process, undertaken by specially trained personnel that prevented patients seeing their own digital data was treated as a success.


Reply
Flag
 
Like

This comment is:

Email address:

Submit

Follow

Post

 

Top 20
timbenson
Expertise:
Consultant
Sector:
Industry
Approved posts:
138
Likes:
0
My EHI score:
138
Reward badges:

Spot on

von Bismark 82 weeks ago

I think we have a big blind spot about the role the previous report played in medical/care failures since it came out.

Its sacrificing the many (99.9%) for the specialist interest groups / clinically paranoid few (0.1%)... (%s for illustration only).


Reply
Flag
 +1
Like

This comment is:

Email address:

Submit

Follow

Post

 

von Bismark
Expertise:
Consultant
Sector:
Public sector
Approved posts:
127
Likes:
0
My EHI score:
127
Reward badges:

The road to hell is paved with good intentions

von Bismark 82 weeks ago

Appendix 5, and the backing US web site need close attention for here one seems to find a list of what's now considered PID, 18 items, any one of which would appear to make a record PID, ON ITS OWN according to the US notes <Quote>:

"De-identifying Protected Health Information Under the Privacy Rule

Covered entities may use or disclose health information that is de-identified without restriction under the Privacy Rule. Covered entities seeking to release this health information must determine that the information has been de-identified using either statistical verification of de-identification or by removing certain pieces of information from each record as specified in the Rule.

The Privacy Rule allows a covered entity to de-identify data by removing *****all**** 18 elements that could be used to identify the individual or the individual's relatives, employers, or household members; these elements are enumerated in the Privacy Rule. The covered entity also must have no actual knowledge that the remaining information could be used alone or in combination with other information to identify the individual who is the subject of the information."


Reply
Flag
 
Like

This comment is:

Email address:

Submit

Follow

Post

 

von Bismark
Expertise:
Consultant
Sector:
Public sector
Approved posts:
127
Likes:
0
My EHI score:
127
Reward badges:

Audit Logs should be manditory for EHR vendors

timdunnfw 82 weeks ago

In a Survey we undertook of IG professionals across the NHS, 100% said Audit logs trails would help their role and 95.4% said that government should mandate vendors provide Audit logs


Reply
Flag
 
Like

This comment is:

Email address:

Submit

Follow

Post

 

New Poster
timdunnfw
Expertise:
IT professional
Sector:
Industry
Approved posts:
2
Likes:
0
My EHI score:
2
Reward badges:

And the link to the report is where?

von Bismark 82 weeks ago

As per title...

Does this affect secondary use as well? I would hope not, just think of the trees...


Reply
Flag
 
Like

This comment is:

Email address:

Submit

Follow

Post

 

von Bismark
Expertise:
Consultant
Sector:
Public sector
Approved posts:
127
Likes:
0
My EHI score:
127
Reward badges:
 
 
[1]

EHealth Media Limited
EHealth Insider is managed and maintained by EHealth Media © 2014
Registered Office: 11 Campana Road, London SW6 4AS
Registered No. 4214439 | Vat No. 774 4008 29
About us | Advertise | Terms and conditions | Privacy policy | Cookie policy | Contact us