40
14
Information: To share or not to share? The Information Governance Review
If data clearly identifies individuals, it must not be processed without a clear legal basis. If
data is anonymised in line with the ICO’s anonymisation code, it can be freely processed
and publicly disclosed. However, there is a third class of data, which is of great interest to
researchers, that on its own does not identify individuals, but could do so if it were to be
linked to other information. This ‘grey area’ includes data that has been de-identified by
the use of pseudonyms or coded references, but could be re-identified when combined
with other data.
The Review Panel looked at solutions that allow such linkages to take place for the benefit
of science without putting individuals’ confidentiality at risk.
We recommend that the linkage of de-identified but still potentially identifiable
information from more than one organisation should be done in specialist, well-governed,
independently scrutinised environments known as ‘accredited safe havens’. Chapter 6
proposes national minimum standards for safe havens, supported by a system of external
independent audit and other requirements to give the public confidence.
The Health and Social Care Act 2012 provides for the Information Centre for Health and
Social Care (the Information Centre) to become a safe haven. Chapter 6 considers whether
it will have capacity to deal with the amount of data linkage that will be needed in the
new health and social care system, or whether other safe havens should be established.
The chapter also looks at how researchers can set about identifying people with particular
characteristics to invite them to take part in clinical trials.
Chapter 7: Commissioning
Commissioners cannot organise the improvement of services unless they know quite a lot
about the people using them. For example, they may want to build new care pathways
that are better suited to people’s needs. However, knowing about service users need not
necessarily require commissioners to know their identities. The arrangements for NHS and
local authority commissioners to extract information were in a state of rapid, comprehensive
change during the period of this Review, as the NHS Commissioning Board, clinical
commissioning groups, Public Health England and local authorities prepared to take on the
responsibilities set out for them in the Health and Social Care Act 2012. The chapter
focuses primarily on the challenge facing NHS commissioners, however the Review Panel
conclude that commissioners in local authorities and Public Health England must adhere to
the same standards, guidance and good practice and be subject to the same penalties for
poor practice as the NHS when commissioning services.
The Review Panel found a lack of consensus on the need for identifiable data to be used
for commissioning purposes. However, after doing detailed work with primary care trusts,
clusters and the NHS Commissioning Board, the Review Panel concluded that all the
objectives set for commissioning over the years ahead can be achieved without compromising
patients’ confidentiality or the public’s trust in the health and social care system.
41
15
Executive summary
The NHS Commissioning Board suggested that the use of personal confidential data for
commissioning purposes would be legitimate because it would form part of a ‘consent deal’
between the NHS and service users. The Review Panel does not support such a proposition.
There is no evidence that the public is more likely to trust commissioners to handle
personal confidential data than other groups of professionals who have learned how to
work within the existing law.
The Review Panel found that commissioners do not need dispensation from confidentiality,
human rights and data protection law since, with little effort, they can operate perfectly
well within it. For example, there are situations in which the commissioner will need
personal confidential data to help people deal with individual care problems. It might be to
help someone who is requesting NHS funding for ‘continuing care’ after leaving hospital, or
an ‘individual funding request’ for drugs that are not generally available on the NHS in that
area. In such cases it is entirely reasonable for the NHS to ask for the patient’s explicit
consent for NHS staff handling the case to be able to look at the patient’s personal
confidential data.
In other situations, local commissioners may be able to use safe havens, within which the
personal information they want to assess may be anonymised without risk of anyone’s
sensitive data being disclosed. For example a clinical commissioning group might want to
consider individual cases in order to monitor health inequalities, but it can do this using
anonymised information.
The Review Panel deliberated with the NHS Commissioning Board and other organisations
about a proposal for up to 10 Data Management Information Centres (DMICs) to act as safe
havens where confidential private data would be anonymised so that it could safely be
made available to local commissioners.
This chapter considers how staff in the DMICs might process data lawfully through
integration with the Information Centre to ensure that their activities are sanctioned by
statute and to maintain public trust in the security of personal information.
The Review Panel recommends that members of the NHS Commissioning Board, Clinical
Commissioning Groups and members and officers in local authorities, should ensure their
organisation complies with the legal and statutory framework for information governance,
with boards, or equivalent bodies being formally responsible for their organisation’s
standards and practice on information governance.
Chapter 8: Public health
Healthcare professionals who are responsible for health protection sometimes need to know
personal confidential data about specific individuals. For example during an outbreak of an
infectious disease, public health staff may need to identify individuals who are at risk.
This side of public health resembles the direct care of patients and service users that was
considered in chapter 3. While engaged in this work, healthcare professionals can be
considered to have a legitimate relationship with people in the communities they serve. It
38
16
Information: To share or not to share? The Information Governance Review
would be impractical for them to ask everyone at risk from an infectious disease to give
specific consent for staff to provide appropriate information and care. Preventing the
spread of infection is in the public interest and therefore the use of personal confidential
data for this purpose has been provided with statutory support.
This justification for accessing personal confidential data does not apply to other aspects of
public health work. Health improvement programmes can provide value to the community
by contributing to longer life expectancy, healthier lifestyles and reduced inequalities in
health, but they cannot be considered equivalent to the direct care of patients.
Most health improvement activities in public health do not require personal confidential
data about individuals. However, understanding the complex relationships that exist
between the environment, personal behaviours and disease requires information that can
only be derived by linking data from several different sources. This side of public health
resembles research and the Review Panel considers that the rules and procedures that have
developed to provide the information governance for research can usefully be applied to
public health intelligence.
A third dimension of public health is to assist people planning healthcare services to
understand the health needs of the local population. This activity resembles
commissioning. Although some patient level detail is needed, patients themselves do not
need to be identified.
There is a lack of regulatory coherence across the public health arena. Some registries,
including cancer registries, have statutory regulatory powers; others operate on a basis of
consent. The Review Panel suggests detailed and consistent remedies.
Chapter 9: Education and training
Across the health and social care system, most staff are required to undertake annual
training in information governance. The commitment to training is important and the
associated training budget is a welcome enabler. However, the Review Panel discovered that
the mandatory training is often a ‘tick-box exercise’. One nurse told us the experience was
equivalent to an annual ‘sheep dip’, which staff could go through without thinking.
There needs to be a fundamental cultural shift in the approach to learning about
information governance. Health and social care professionals should be educated and not
simply trained in effective policies and processes for sharing of information.
They should have formal information governance education focused on their roles, and this
should be at both undergraduate and postgraduate level. This education should include a
professional component explaining why there may be a duty to share information in the
interests of the patient, as well as the legal aspects of the common law of confidentiality,
the Data Protection Act and Human Rights Act.
42
17
Executive summary
Networks of information governance leads should be strengthened and extended to foster
greater mutual learning from experience across the health and social care system. In
addition to the standard training and education, Caldicott Guardians need to demonstrate
continuous professional development in information governance on an annual basis.
The chapter proposes education and training for non-registered staff and continuous
professional development for senior managers to ensure they understand the practical
information governance challenges their staff face.
It notes that information governance is often the responsibility of one person within an
organisation, who may feel isolated. In many cases, the role is filled by inexperienced or
relatively junior staff, or is one role among many that an individual must perform. The
Review Panel concluded that information governance specialists should work together to
establish a community of practice that could improve knowledge to solve practical
challenges, develop trust in the information governance function and remove isolation.
Chapter 10: Children and families
The safeguarding of children is a well-established system, underpinned by legislation,
which requires professionals to share information about a child whenever there is cause
for concern.
Arrangements for sharing require constant vigilance by the relevant professionals. It has
become clear, however, that professionals dealing with children and families encounter
particular issues of information governance that are not covered elsewhere in this report.
This chapter deals with a series of dilemmas involving children.
It references work done by the Royal College of General Practitioners to address the vexed
issue of when automatic parental access to the child’s medical record should be turned off
and when the child’s automatic access should be activated upon their reaching sufficient
maturity.
Other dilemmas include the extent to which individual members of a family should have
access to the ‘family records’. These records have become an important dimension of
children’s social care following the Munro Review. The question is how to provide
information to each individual family member without compromising the confidentiality
of other family members.
In order to provide effective care for children, information often needs to be shared
beyond the normal boundaries of health and social care services, in particular taking in
organisations such as schools. The Review Panel concludes that there would be clear
benefits if a single, common approach to sharing information for children and young people
could be adopted. The Department of Health should work with the Department for
Education to investigate jointly ways to improve the safe sharing of information between
health and social care services and schools and other services relevant to children and
young people, through the adoption of common standards and procedures for sharing
information. The departments should involve external regulators in this work including the
Care Quality Commission and Ofsted.
41
18
Information: To share or not to share? The Information Governance Review
Government policy is increasingly seeking to use information to identify individuals or
groups of people, such as families, who may benefit from specific help or early
intervention. Generally, the aim of these interventions is to address problems these
individuals and groups may be facing before they can escalate, potentially causing harm to
themselves, their communities, or wider society. Identifying these people often requires
extensive sharing, linkage and analysis of personal confidential data.
The Review Panel concludes that significant lessons regarding data sharing might be
learned from public health and research communities. It suggests that the definitions of
‘prevention’ adopted in the influential study of public health by the Commission on Chronic
Illness could be adapted to cover social welfare interventions.
Chapter 11: New and emerging technologies
Increasing numbers of patients are benefiting from new technologies that permit ‘virtual
consultations’ with a clinician, using the telephone, emails or video links. There is also a
rapidly expanding range of medical devices that use software or other technologies to
record data about a patient when a clinician or other professional is not present. These
devices then make the information available to the professional.
The Review Panel found a lack of clarity about a patient’s right to access the record of
virtual consultations and uncertainty about how long records would be kept. It proposes
ground rules for ensuring patients have access to information about themselves. Providers
offering virtual consultation services should be able to share, when appropriate, relevant
digital information from the patient, with registered and regulated health or social care
professionals responsible for the patient’s care.
Medical devices permitting the monitoring of a patient’s condition from a remote location
present challenges, but do not raise new issues of information governance. The personal
confidential data gathered through these new processes and technologies must be treated
in exactly the same way as any other personal confidential data, and providers of these
services must adhere to the existing legislation and best practice.
The NHS Commissioning Board and clinical commissioning groups and local authorities
should ensure that services using these new technologies are conforming to best practice
with regard to information governance and will do so in the future.
Chapter 12: Data management
There are many good reasons why organisations in health and social care need good quality
data. Patients are at risk if clinicians base their decisions on inadequate data. Dangers
multiply if there is poor handover of information between care teams or conflicting advice
to patients from professionals. The Review Panel welcomes the focus that professional
bodies for health and social care are placing on data quality.
The issue is particularly relevant to this review because poor data is so often cited as the
reason why people running services want to reach for the files of individuals. To find out the
truth, they want information about real people that includes personal confidential data.
37
19
Executive summary
The best solution is not to give them dispensation to ignore or circumvent legal
requirements. It is to improve data quality standards. If data quality is sound, a pseudonym
may be used to link data and thus protect the identity of an individual.
The Review Panel endorses the First National Data Quality Report of the Quality
Information Committee of the National Quality Board, which seeks improvements in data
quality in the health and social care system.
The chapter summarises some important aspects of the Administrative Data Taskforce report
on improving access for research and policy published in 2012, with the Review Panel
endorsing a number of that report’s conclusions. It also examines the sharing of data to
safeguard children and adults and special considerations affecting data about ‘the unborn’.
The Review Panel calls for consistency in the information governance requirements for
providers. It recommends that every health and social care organisation should be required
to publish a declaration signed by the board or equivalent body, describing what personal
confidential data it discloses and to whom and for what purpose.
The chapter seeks to clarify the legal framework for sharing personal confidential data.
The Review Panel concludes that individuals should have the same level of protection
under the law whether personal confidential data is shared between health service bodies,
or whether the sharing is between a health service body and a non-health service body.
The Review Panel also recommends that the Department of Health commission a standard
template common across the health and social care system for setting up data sharing
agreements, to prevent unnecessary duplication of effort.
The chapter also suggests practical arrangements to secure the safety of records when a
provider’s contract comes to an end and sets out the protections and safeguards which
exist to prevent inappropriate sharing of patient’s information with organisations such
as insurers.
Chapter 13: System regulation and leadership
From an information governance perspective, there is currently no method of regulating
the health and social care system as a whole. The Review Panel saw an opportunity for the
Information Commissioner’s Office and the Care Quality Commission to work together in
ensuring the health and social care system is properly monitored and regulated in this
regard. The process should be balanced, proportionate and utilise the existing and
proposed duties within the health and social care system in England. This chapter sets out
three minimum components.
The Review Panel calls on professional regulators to be involved more often in dealing with
cases of poor information sharing that disadvantage patients.
37
20
Information: To share or not to share? The Information Governance Review
The Information Centre is to become responsible for producing and maintaining a code of
practice on collecting, analysing, publishing or disclosing confidential information. It
should adopt the standards and good practice guidance contained within the green-boxed
sections of this report.
The Informatics Services Commissioning Group (ISCG) is responsible for providing advice on
commissioning informatics services across the health and social care system. It is proposed
that a sub-group of the ISCG is established to provide specialist expertise, advice and
support on information governance. The Review Panel welcomes this proposal.
The health and social care system should adopt an agreed set of terms and definitions for
information sharing that everyone, including the public, should be able to use and
understand.
Chapter 14: Conclusions and recommendations
In addition to the findings of individual chapters, the Review Panel reaches some
overarching conclusions. After consideration of what safeguards exist to protect people’s
confidential information and what means of redress are available if mistakes are made, the
final chapter sets out how redress should be managed by every organisation in the health
and social care system in England.
There was widespread support for the original Caldicott principles, which are as relevant
and appropriate for the health and social care system today as they were for the NHS in
1997. However, evidence received during the Review persuaded the Panel of the need for
some updating, and inclusion of an additional principle. The revised list of Caldicott
principles therefore reads:
1. Justify the purpose(s)
Every proposed use or transfer of personal confidential data within or from an organisation
should be clearly defined, scrutinised and documented, with continuing uses regularly
reviewed, by an appropriate guardian.
2. Don’t use personal confidential data unless it is absolutely necessary
Personal confidential data items should not be included unless it is essential for the
specified purpose(s) of that flow. The need for patients to be identified should be
considered at each stage of satisfying the purpose(s).
3. Use the minimum necessary personal confidential data
Where use of personal confidential data is considered to be essential, the inclusion of each
individual item of data should be considered and justified so that the minimum amount of
personal confidential data is transferred or accessible as is necessary for a given function
to be carried out.
28
21
Executive summary
4. Access to personal confidential data should be on a strict need-to-know basis
Only those individuals who need access to personal confidential data should have access to
it, and they should only have access to the data items that they need to see. This may
mean introducing access controls or splitting data flows where one data flow is used for
several purposes.
5. Everyone with access to personal confidential data should be aware of their
responsibilities
Action should be taken to ensure that those handling personal confidential data — both
clinical and non-clinical staff — are made fully aware of their responsibilities and
obligations to respect patient confidentiality.
6. Comply with the law
Every use of personal confidential data must be lawful. Someone in each organisation
handling personal confidential data should be responsible for ensuring that the organisation
complies with legal requirements.
7. The duty to share information can be as important as the duty to protect
patient confidentiality.
Health and social care professionals should have the confidence to share information in the
best interests of their patients within the framework set out by these principles. They
should be supported by the policies of their employers, regulators and professional bodies.
These principles should underpin information governance across the health and social care
services.
The Review Panel also concludes that the Secretary of State and the Department of Health
should oversee the implementation of the recommendations of this review, and report on
the progress made.
This section finishes by listing the full set of recommendations from the Information
Governance Review.
18
22
Information: To share or not to share? The Information Governance Review
A guide on using this report
This report is best read in sequence, as the principles, conclusions and information
governance concepts established in earlier chapters are relevant to later ones.
The recommendations from the Review Panel are embedded within each chapter to
provide context. A complete list is also contained in chapter 14, at the end of the
report for reference. Within each chapter, the key conclusions that the Review Panel
arrived at are highlighted in bold text.
Finally, there are a number of sections of text within green boxes throughout this
report. These contain suggested professional standards or good practice for
information governance endorsed by the Review Panel.
The guidance in this report is intended to help health and social care professionals
and staff in sharing information appropriately in their day-to-day activities. There
will however, always be exceptional and difficult circumstances where solutions are
not obvious. In these situations, professionals and staff should seek advice from
Caldicott Guardians or their professional bodies, and use their judgement to act in
the best interests of their patients and clients.
Documents you may be interested
Documents you may be interested
