Newsletter: October 2022
Dear colleagues,
As autumn closes in and the evenings grow longer, summer feels like a distant memory. Since our last newsletter, there has been much change in our sector. In particular, July saw the move to integrated care systems (ICS), and we were very pleased and reassured to hear that all ICSs now have a Caldicott Guardian in place. We have advocated for this and look forward to supporting them in their roles.
There are various matters of note relevant to Caldicott Guardians that I want to draw your attention to this month. This includes news about upcoming UKCGC events that you might be interested in attending.
Before I sign off, I want to send my warmest thanks to Dr George Fernie for providing an interview for Insights: our series of interviews with Caldicott Guardians.
Warmest regards,
Dr Arjun Dhillon
UKCGC Chair
UKCGC updates
UKCGC priority setting exercise
We will conclude our priority-setting exercise at the next UKCGC meeting and look forward to sharing our priorities with you. Many thanks to those who wrote to us with views on what those priorities should be.
Home Office consultation on information sharing with police
The UKCGC formally responded to the Home Office consultation: ‘Police requests for third party material’. The consultation explored issues with police requests for personal records such as health, education, and social service records during criminal investigations. We are drafting advice for Caldicott Guardians about information sharing with the police and will let you know when this is published.
National Data Guardian annual report and priorities
The National Data Guardian (NDG) has published her annual report for 2021-22. It outlines the vast amount of work Dr Nicola Byrne and her team delivered in the last year. It also outlines her priorities for next year. The UKCGC works closely with the NDG, and our collaborative work is referenced throughout. We continue to support the NDG in 2022-23.
Upcoming UKCGC events
Workshop: Children and young people: information sharing and confidentiality
The next virtual UKCGC workshop takes place on 2 November, 15:30 - 17:30, and its target audience is Caldicott Guardians who work in organisations that have responsibilities for supporting children and families. It is open to any Caldicott Guardian who may have to deal with information sharing related to children and young people, including children's social care. Register online to book a place.
UKCGC breakfast club meetings (virtual)
Did you know there is a monthly, virtual ‘breakfast club’ meeting for Caldicott Guardians? It is held via MS Teams, usually between 08:00 – 09:00. They are informal and have no theme or agenda, but attendees can expect news updates, networking with other Caldicott Guardians, case study exploration, and the opportunity to raise matters they’d like help with. Places are open to those on the Caldicott Guardian register. To apply to attend a meeting, contact the breakfast club chair, Helen Dyer.
2022 breakfast club dates: 27 October, 25 November, and 30 December.
2023 breakfast club dates: 31 January, 24 February, 29 March, 26 April, 31 May, 30 June, 27 July, 29 August, 29 September, 25 October, 30 November, and 22 December.
Sector news relevant to Caldicott Guardians
NHS England’s operating framework
NHS England has published its operating framework. This sets out how it will operate in the new structure created by the Health and Care Act 2022: ‘The framework describes the roles that NHS England, integrated care boards (ICBs) and NHS providers will now play, working alongside our partners in the wider health and care system. It shows how accountabilities and responsibilities will be allocated to improve local health and care outcomes in a way that maximises taxpayer value for money.’
ICO strategic plan
In July, the Information Commissioner’s Office launched its new strategic plan: ICO25. This outlines the regulator’s strategy over the next three years, including how it hopes to achieve its purpose and objectives. The two short videos are worth viewing.
Patient access to GP records
As mentioned in our previous newsletter, the functionality allowing patients to view their prospective GP records comes into effect in November. We welcomed the team managing this change to a council meeting to update us on its plans. Guidance is available online.
EU-US Data Privacy Framework
The EU–US Data Privacy Framework has been released via a White House executive order. This follows issues with the previously proposed privacy shield. How this affects data processing in healthcare remains to be seen, but we are watching this area with interest.
Guidance: access to health and care records of the deceased
NHS England’s Transformation Directorate has issued guidance about access to the health and care records of deceased people. This may assist Caldicott Guardians who are supporting the families of the bereaved.
Guidance: information sharing in the Prevent and Channel process
The Department for Health and Social Care has released guidance on information sharing in the Prevent and Channel process. This may be helpful to Guardians when making a referral or if they or the organisations they support are part of the Channel process.
Guidance: Data Security and Protection Toolkit assessment guides
NHS Digital has updated its Data Security and Protection Toolkit assessment guides. These 10 guides provide more information on the 10 data security standards, including suggestions and examples of how the standards might be achieved.
ICO anonymisation draft guidance: chapter 5 published for consultation
The Information Commissioner’s Office has the latest chapter of its draft anonymisation, pseudonymisation and privacy-enhancing technologies guidance for consultation. Chapter 5 looks at privacy-enhancing technologies in detail. The current feedback deadline is 31 December 2022, although they state this may change.
Data Protection and Digital Information Bill
You may wish to familiarise yourself with the Data Protection and Digital Information Bill currently going through Parliament. If it passes, the changes will likely impact data protection officers more than Caldicott Guardians, but it may still interest you. The Bill is presently paused (it has not yet had its second reading). It is expected to resume shortly. The House of Commons Library has produced a helpful research briefing.
Health Research Authority’s Confidentiality Advisory Group recruiting new members
The Health Research Authority’s Confidentiality Advisory Group (CAG) provides advice on patient data use for research and non-research purposes. It is currently recruiting volunteer expert members – especially researchers, IG professionals and people with experience in AI and large datasets. Find out more and how to apply.
Understanding Patient Data: resources to support better conversations about data
We recommend that those unfamiliar with the work of Understanding Patient Data (UPD) visit its website. UPD is well-respected for its efforts to make the way patient data is used more visible, understandable, and trustworthy for the public and health professionals. They provide quality resources to aid understanding and help support better conversations about data. This includes a recently published guide to the use of large-scale datasets, which comes with communications products that can be used in outreach with staff and patients.
Insights: a series of interviews with Caldicott Guardians
Dr George Fernie, First Senior Medical Reviewer for Scotland
Please could you introduce yourself and give a quick overview of your role?
My main role is as the first Senior Medical Reviewer for Scotland. This is a statutory position conferred on me by the Certification of Death (Scotland) Act 2011. As a senior member of Healthcare Improvement Scotland, whose purpose is to enable the people of Scotland to experience the best quality of health and social care, I was asked to take on the role of Caldicott Guardian because of a genuine long-term interest in information governance that began in my previous work for 17 years as a medicolegal adviser.
Why does what you do matter?
Using information to benefit patients and ensuring they have access to data to which they are entitled, based on Caldicott Principle 7: The duty to share information for individual care is as important as the duty to protect patient confidentiality.
What do you like best about your job?
What I like most is the overall variety, along with the intellectual challenge of interpreting the law for medical purposes.
What is your greatest work achievement?
Being involved in introducing a new national service and ensuring that the associated data protection safeguards were in place to support those families at a time of vulnerability when they had lost a loved one.
What are the key challenges that you face?
Both the Death Certification Review Service (DCRS) and the wider Healthcare Improvement Scotland responsibilities require real-time decision-making.
The job is often described as a ‘lonely role’. Do you experience this? How do you tackle it? What would you say to others who may be feeling this way?
This is a team sport where we all have much to learn from our colleagues. I’m fortunate to practise medicine and law in an incredibly supportive environment.
What key ways can we build public trust and be transparent with patients about how their data is used? How is this handled where you work?
It is important that we make sure we are explicit on how we use data in a readily understandable manner to comply with Caldicott principle 8: Inform patients and service users about how their confidential information is used.
How do you think Caldicott Guardians can best prepare their colleagues to share patient information appropriately and confidently?
Like many things in life, it is multifactorial. Being a successful Caldicott Guardian requires a true blend of knowledge, experience and analytical skills to function in the way required.
If you could give any advice to a new Caldicott Guardian, what would it be?
Don’t be afraid to ask a friend for help and advice. Other Caldicott Guardians are really happy to help.