Council Meeting

23 May 2024

Present

Dr Arjun Dhillon (Chair), Dr George Fernie (Vice-Chair), Dr Neil Bhatia, Dr Chris Bunch, Prof Martin Crook, Helen Dyer, Christopher Fincken, Mr Adrian Marchbank, Dr Erum Nomani, David Riley

Guests

Nicola Hamilton (Head of Understanding Patient Data), John Hodson (Cyber Security Senior Consultant, Data Security Centre, NHS England)

Observers

Raz Edwards, Colin Harper, Dr Alastair Moore, Dr Jonathan Osborn, Dr Michael Quinn, Sophie Reed, Dr Mark Speller, Fiona Sternberg, Debbie Topping, Alex Wilson

Secretariat

Ryan Avison, Helen Bauckham

Apologies

Rhidian Hurle, Allison Newell, Dr Matt Noble, Surgeon Commander Jason Smith

Declarations of interest

Can be found on register of interests. No other new interests were declared.

Notes of previous meeting and matters arising

Council reviewed the notes of the 20 March 2024 Council meeting and accepted them as an accurate record. There were no matters arising.

Action log

The UKCGC Chair and Council members reviewed the action log. An update was provided by the Chair on the four open actions.

Chair and Vice Chair’s report

  1. Caldicott Guardian Conference 2024: The Caldicott Guardian annual conference took place on Tuesday 21 May 2024. The Chair thanked all speakers and also the Council members who supported the conference by attending in-person or online.

  2. UKCGC Bulletin: the UKCGC bulletin was distributed on 08 May 2024. The bulletin included information on upcoming UKCGC events, including the 2024 Caldicott Guardian conference, evening classes and breakfast clubs. You can view the newsletter here.

  3. Breakfast Clubs: The next breakfast club is on next Friday, 31 May 2024 at 8:00.

  4. Evening Classes: Helen Dyer is running a series of evening classes for Caldicott Guardians. The next evening class is on Tuesday, 11 June 2024 17:30 - 18:30 discussing “Information sharing to safeguard children and young people: how can Caldicott Guardians help?

Requests for advice to Council

Council discussed recent requests for advice. The Chair noted that requests were mostly routine questions where the secretariat signposted inquirers to the relevant guidance.

Updates from Understanding Patient Data

Nicola Hamilton, Head of Understanding Patient Data (UPD), attended the Council meeting to provide an update on UPD's current projects and future ambitions. UPD provides research and resources for anyone looking for clear, jargon-free explanations of how patient data is used.

Nicola presented an overview of UPD's activities and work programmes, highlighting both their leadership roles and collaborative efforts. She shared insights into recent engagement exercises and key partnerships over the past few years.

Nicola also outlined UPD's forward-looking priorities, focusing on projects related to Secure Data Environments (SDEs), Population Health Management, and a follow-up Integrated Care System (ICS) data initiative.

During Nicola’s discussion with Council members, the Chair inquired how the UKCGC could support UPD’s projects and mission, emphasising the importance of putting patients at the centre of decision-making to ensure privacy and promote safe, ethical data sharing. Nicola expressed her gratitude for the UKCGC's support and mentioned that she would reach out if there were specific ways they could assist.

Council members thanked Nicola for her presentation and expressed their willingness to continue engaging with UPD to work together on shared goals.

DSP Toolkit Update

John Hodson (Cyber Security Senior Consultant, Data Security Centre, NHS England) attended the UKCGC meeting to discuss with Council members the plan to implement the National Cyber Security Centre’s Cyber Assessment Framework (CAF) within the Data Security and Protection Toolkit (DSPT). He outlined how the health and care CAF, integrated into the DSPT, builds on the success of the National Data Guardian’s (NDG) 10 data security standards, and offers an outcomes-based model to help measure and mitigate risks. John explained the proposal to evolve the existing standards, rather than fully withdrawing NDG standards.

John explained that the DSPT will adopt the CAF overlay in September 2024. This change will affect Category 1 organisations (NHS Trusts, Commissioning Support Units, Arm’s Length Bodies, and Integrated Care Boards), presenting a new interface with CAF-aligned requirements focused on objectives, principles, and outcomes. John assured Council members that whilst expectations for cyber security and information governance controls will remain largely consistent with the current DSPT, certain areas will see heightened standards deemed necessary by NHSE and DHSC. John shared details for guidance and webinars that will be made available to assist organisations in understanding the new CAF-aligned DSPT.

Council members thanked John for attending the meeting to provide updates on the DSPT and plans for CAF implementation. Council offered to continue supporting the DSPT team and welcome John back to Council to provide further updates.

Action: UKCGC Chair and Vice-chair to arrange a follow-up meeting with John to discuss and consider how to get Caldicott Guardians more involved in DSPT.

Other Business

No other business.

Next meeting

The next meeting will be held virtually on 16 July 2024 from 13:00-16:30pm.