Council meeting
16th August 2018
Members
Dr Chris Bunch (Chair), Sandra Lomax (Vice-chair), Dr Cait Taylor, Carey Bloomer, Helen Dyer, Air Vice Marshall Reid, Tim Kendall, Kirsty Licence (dial in), Mr Adrian Marchbank, Dr Fenella Wrigley, Gill Bennett, Christopher Fincken, Alison Walne, Dr Arjun Dhillon, Faouzi Alam
Observers
Ross Thornton, Prof. Simon Barton, Dale Philipson
Guests
Adam Lewis, Ged Devereux, David Reeves, Bella Travers
Conflicts of interest from Christopher Fincken and Sandra Lomax (as training providers) were noted.
Chairman and Vice-Chair’s reports
The Chairman has represented the Council at the NHS/IGA GDPR working party, a working party revising the NHS Code of Confidentiality, the Local Health and Care Record Exemplars (LHCRE) Information Governance Strategy Group, which is developing an information governance framework for the LHCREs, and the National Data Guardian’s Panel. He has also participated in a webinar on the National Data Optout run by the Royal College of General Practitioners, and a workshop on ‘Winter and Beyond’ which considered how information technology might be better deployed to ease winter pressures.
The Vice Chair updated council members on further engagement with the Police, exploring how the Council can support progress in this area.
Review of UKCGC Priorities
The Council discussed its priorities for the coming year, these included:
Training. The potential to engage with other training organisations such as Skills for Care, Health Education England and the NHS Digital Data Security and Protection Toolkit team to ensure that Caldicott Guardians have access to appropriate training opportunities and materials.
Information Governance Roles. There are now several formal information governance-related roles such as Caldicott Guardians, and Data Protection Officers and other less formal roles such as information governance leads, privacy officers etc. There is some overlap between these with potential for confusion, and it is not clear that all roles are required in every organisation, nor whether one person can assume several roles. This is an area where the Council could help to clarify the differences in responsibility and accountability.
Information Sharing. There remain significant challenges to effective information sharing across health and care (lack of information sharing has been cited in a number of coroners’ cases), despite the introduction of the 7th Caldicott principle. A widespread perception persists that ‘information governance’ and Caldicott Guardians have been a block rather than a facilitator to information sharing. Council agreed that further evidence of this would be helpful, and that an active campaign to reverse this perception should be considered, perhaps in conjunction with the National Data Guardian.
Evidence to inform and support Council’s priorities: Council agreed that it would be valuable to attach measurable objectives to its priorities ,and to investigate what data may be available to support trend analysis and track improvements, and potentially to develop a dashboard. The NHS Improvement representative Alison Walne kindly offered to investigate what may be possible and how they could support this work.
Communications: Council discussed increasing communications in the wider network of Caldicott Guardians across health and care. This would be supported by the establishment of the mailing list and continued growth of the Caldicott Guardian digital forums.
Requests for advice
Council discussed recent requests for advice that have been received by the UKCGC mailbox or raised on the digital forum. Topics included data sharing with official solicitors and “litigation friends”, access to a relative’s records in a care home, breaches of confidentiality, requests for information after death, subject access requests in clinical genetics (family trees), falsification of records and disclosure of records.
Caldicott Guardians and supporting staff may contact the Council for advice by email to the Secretariat, via the Council website support page, or by posting to the Digital Health Networks Caldicott Guardians’ online forum.
NHS Digital Citizen Identity
The NHS Digital senior product owner for the Citizen Identity programme, Adam Lewis, gave a presentation on a identity verification and authentication standard for digital health and care services. This standard proposes a consistent approach to identity across digital health and care services. Version 1 of the identity service using this standard has been released, and there are approximately 60 health and care digital services that have registered an interest.
Council asked to see the Data Privacy Impact Assessment (DPIA) for the service and the associated terms and conditions, for example for how long does the service retain photos used for verification (passport / driving licence) and audit purposes? There was also discussion of the broader context of the service, and how this may align with other NHS identity services such as the Care Identity Service (CIS) that provides smartcards to NHS colleagues.
Fire and health working in partnership
Ged Devereux, the Strategic Health Lead for the National Fire Chiefs Council presented an overview of a programme for preventing fire, and improving health & wellbeing programme. Fire and Rescue Services (FRS) are currently engaged with 41 of the 44 Sustainability and Transformation Partnerships (STPs), and are in the process of implementing ‘safe and well’ visits as part of safe and well programmes. To support this initiative, a number of local data sharing agreements have been established. Council expressed its strong support for this scheme.
NIS regulations 2018
Bella Travers from the Department of Health and Social Care Cyber Security team gave a presentation on the Network and Information Systems (NIS) regulations 2018. The latest version of the regulations have been circulated to Council members for information.
Any other business
No further items were raised.