The Caldicott Guardian NHS Connecting for Health

Document Sample
The Caldicott Guardian NHS Connecting for Health Powered By Docstoc
					The Caldicott Guardian
The newsletter for the Caldicott community in health and social care

                                           2 - Editorial
                                           Oil slicks and Information Governance

                                           4 - Articles
   Welcome to edition                      Version 8 of the IG Toolkit
   13 of The Caldicott                     New powers for the Information Commissioner
                                           Information Governance milestones
   Guardian                                The Summary Care Record: Caldicott Compliance
                                           The Royal College of Physicians: IG Training Tool
   This issue has been much                modules for clinicians
   delayed due to
                                           13 - Security corner
   circumstances outside of our            Access considerations for movers and leavers
   control, but we hope you find
   it interesting and informative,         15 - Caldicott issues
   and worth the wait! Click the           Pseudonymisation and new safe havens
                                           Sharing without consent for an independent inquiry
   blue text on the right to go
   directly to the information             17 - News and updates
   you want.                               New Council members appointed
                                           Decommissioning ContactPoint
   If you have any specific                The Royal College of Radiologists: Teleradiology
   issues that you would like to           Conference: Confidentiality and Information Governance
   see covered in the
   newsletter and particularly if          21 - Consultations
   you would like to contribute            Scottish Government: Consultation on proposals for a
   an article please contact the           new Public Records (Scotland) Bill
                                           Scottish Government: Consultation on Extending the
   Council‟s Secretariat, details          Coverage of the Freedom of Information (Scotland) Act
   are in the Contacts section             2002
   of the newsletter.                      Ministry of Justice: Call for evidence on the data
                                           protection legislative framework

                                           22 - Contact us
                          July 2010        Contact the Council or the IG Policy team in the DH
                                           Informatics Directorate

Editorial: Steve Hinde - Member of the UK Council of Caldicott Guardians
Oil slicks and Information Governance

You may think that the BP disaster in the Gulf
of Mexico has no relevance to Caldicott                   The group generally restricts its
Guardians but I think there are four important            purchase of insurance to situations
lessons that we can draw from the incident,               where this is required for legal or
what happened before and the reaction to it.              contractual reasons. This is because
                                                          external insurance is not considered an
First: the outsourcing of a service or process            economic means of financing losses for
is just that. Responsibility for the service or           the group. Losses are therefore borne as
process cannot be outsourced. Neither can                 they arise, rather than being spread over
reputation. Do you know what services and                 time through insurance premiums with
data have been outsourced? Do you have                    attendant transaction costs. This position
processes to review the Information                       is reviewed periodically.
Governance of the outsource partner? Before
the contract was signed? During its
operation? It‟s your responsibility under the            BP took this approach in 1991 and has not
Data Protection Act. It is you who will be               bought insurance for any exposures of above
subject to a penalty from the Information                $10m since. The reasons given at the time
Commissioner‟s Office in the event of a                  included that insurance premiums paid during
breach, and it is your reputation that is at risk.       the 1980s had far exceeded insurance losses
                                                         recovered, that BP knew its risks better than
Second: the need for proper risk assessment              any insurance underwriter, and that the risks
before a new system or process is introduced             were bearable by BP. The “self-insurance”
and, perhaps more importantly, for the                   strategy paid off during the 1990s but in this
duration. All too often where a risk                     decade there has been a litany of events
assessment is made, it is never reviewed                 starting with three in Scotland in 2000. The
thereafter. Circumstances, threat vectors and            current incident brings the total to four in the
risk appetites change for organisations,                 US with two in the Gulf of Mexico. Analysts
regulators and the public over time, especially          predict the final bill for BP will be $49 billion!!
after incidents elsewhere. Think Alder Hey
and Bristol Royal Infirmary. Think Soham or              One reason for this series of lapses may be
Baby P.                                                  that, in not having to undergo the process and
Risk assessment is a requirement of the IG               rigour of presenting and justifying its risk
Toolkit. BP demonstrates the need to                     management programme and performance to
continually re-assess risk assessments                   insurance underwriters each year, BP has not
regularly and effectively.                               benefited from having sufficient external
                                                         expert advice on risk management – one of
Take a look at a paragraph from BP’s                     the non-financial benefits of buying
Annual Report and Accounts                               commercial insurance.

                                                         The Caldicott Guardian newsletter
The Caldicott Guardian newsletter

Early on in my internal audit career I                     public outrage and a demand that lessons
remember the Organisation & Methods                        should be learned and compensation paid.
Department coming to a similar conclusion to               Subsequently, there was US pressure on the
BP‟s regarding car insurance. The company                  Indian government to stop the court case for
switched to third party only. The author of the            compensation.
report was much feted by management for his
insight and the savings to the group. Within a             The judge continued with the case which has
month, the report author had written off two               just ended after 25 years without the
brand new cars, which more than wiped out                  participation of Union Carbide! One elderly
the savings on insurance premiums.                         lady, who was partially blinded, has been in
                                                           poor health since the explosion and lost most
Third: the need for Crisis Management to                   of her family has just been told she will now
manage the incident and recovery, and to                   receive her share of the compensation – just
manage the media. Both are important. The                  £3! Try typing “I hate Union Carbide” into
BP incident has demonstrated that poor                     Google. You will get just eight matches. Type
handling of the media may result, rightly or               “I hate BP” and you will get 65,500.
wrongly, in a perception of inadequate
management of the response to the incident.                The poor media image has resulted in a
In addition, there has been a succession of                perception that BP has not been effective in
PR clangers. Not all CEOs are very good at                 its response to the explosion and leak.
public relations, as so aptly evidenced by                 Perception may not be reality. There is a
Tony Hayward. Saying the amount of oil                     public perception of impact on fishing, but
leaking into the Gulf was miniscule in                     some fishermen have discovered that they
comparison to the volume of water in the Gulf              can make far more money by hiring their
may be factually accurate, but it shows a                  boats to BP for the cleanup than in fishing.
gross misunderstanding of the concerns of                  Thus the shortage of shrimps may have more
the public living on the Gulf. It might be                 to do with the indirect effects of the oil spill
miniscule but a little is a lot if it is all on your       than direct impact on the shrimping waters.
                                                           And fourth, if you are going to have an
BP has received a very bad press in the US                 incident, try to have it at the optimum point in
bordering on hatred. Compare this to the                   the political cycle. Before the mid-term
biggest corporate catastrophe of all time, the             elections, when the President‟s ratings are
Union Carbide (now Dow Chemical) gas leak                  falling, is not the best time. Particularly when
at Bhopal in which thousands of people died                during the last major disaster in the area -
and hundreds of thousands have suffered                    Hurricane Katrina - the then President
poor health ever since. There was a similar                reacted slowly and ineffectively. Oil incites
                                                           much angst and comment in the media.

                                                           So too does the loss or disclosure of
                                                           personal information.


The Information Governance Toolkit - Version 8 is here!
The IG Toolkit is now in its 8th year and has             You can also download the IG Toolkit v8
evolved to the point where it is being used by            Change Note (Excel 358Kb) which provides
over 20,000 organisations and increasing                  details of changes to the requirements.
                                                          Submission deadlines
                                                          The final submission deadline for version 8
                                                          assessments for all organisations is 31
                                                          March 2011.

                                                          Trusts and Strategic Health Authorities are
                                                          additionally subject to 3-stage reporting.
                                                          However, for version 8, the Baseline and
                                                          Performance Update submission dates are
                                                          both 31 October 2010, effectively creating a
                                                          two-stage assessment. This is to allow
                                                          organisations time to acquaint themselves
It was decided that a major overhaul was                  with the new evidence-based approach.
needed for version 8, so back in July last year
a consultation process was started with users             Therefore, by 31 October 2010, Trusts and
from all backgrounds, from Strategic Health               SHAs should click the Submit Baseline button
Authorities and NHS trusts through to general             and then immediately click the Submit
practices, pharmacists and commercial third               Performance Update button on the
parties. 300 questionnaires, 20 workshops                 Assessment Summary page.
and 2 phases of user testing later, version 8
is ready!                                                 At any point, your next deadline (and the time
                                                          remaining) is shown in the At a Glance
Significant changes have been made to                     section on the Home Page and also on the
virtually all parts of the system (in line with the       Assessment Summary page.
suggestions and views gathered), including a
major consolidation of the IG requirements                  Feedback
themselves.                                                 Please send any feedback on the
                                                            new changes to the dedicated
A key improvement was to make the system                    feedback mailbox
more intuitive, so you should be able to get       (this
started without having to read any further                  mailbox is for feedback only and it
(although there is a Quick Start Guide for you              will close on 31 July 2010.
to refer to). If, however, you want a summary               For general enquiries, use the
of the key changes then please read the IG                  Contact Us page on the website).
Toolkit v8 Release Note (PDF 620Kb).

                                                          The Caldicott Guardian newsletter
The Caldicott Guardian newsletter

Consolidated and reduced requirement set

The requirement set has been consolidated                                                                                                                      Some were existing requirements which now
and/or merged duplicate or obsolete                                                                                                                            also apply to additional organisation types;
requirements have been removed. Some new                                                                                                                       two requirements are completely new to the
requirements have also been added.                                                                                                                             IG Toolkit (8-323 and 8-324).

                                                                                                                          Mental Health Trust

                                                                                                                                                                                                            Primary Care Trust
                                                                                                                                                               Services Authority
                                               Commercial Third
                             Ambulance Trust

                                                                                    Eye Care service

                                                                                                       General Practice

                                                                                                                                                                                                                                                                               Strategic Health
                                                                  Dental Practice

                                                                                                                                                                                                                                                 Secondary Use
                                                                                                                                                NHS Business

                                                                                                                                                               NHS Business

                                                                                                                                                                                                                                 Prison Health

               Acute Trust

                                                                                                                                                                                                                                                                 Social Care
                                                                                                                                                                                    NHS Direct
Number of



V7               62             47              17                N/A               N/A                   14                  62                 27             50                    52          17            54                  16            17               51           36

V8               45             35              17                   16                16                 13                  45                 29             34                    38          16            41                  18            30               40           28

+/-            -17            -12                 0               N/A               N/A                     -1             -17                   +2            -16                  -14            -1        -13                   +2            +13             -11             -8

New powers for the Information Commissioner
In May 2010 the Information Commissioner‟s                                                                                                                     more important that organisations ensure their
Office (ICO) revealed that the NHS continues                                                                                                                   staff are trained in and comply with measures
to have the highest number of reported data                                                                                                                    to protect personal information. The new
breaches - over 300 out of the 1007 breaches                                                                                                                   powers, which came into force on 6 April
involving people‟s personal information. Many                                                                                                                  2010, are designed to deter data breaches
of the 300 breaches affected dozens or                                                                                                                         and enable the Commissioner to order
hundreds of people meaning that 1000‟s of                                                                                                                      organisations to pay up to £500,000 as a
people have had their personal information put                                                                                                                 penalty for serious breaches of the Data
at risk. Please download the ICO press                                                                                                                         Protection Act 1998.
release for more information.
                                                                                                                                                               Most NHS organisations are already obliged
The vast majority of mistakes were due to                                                                                                                      to inform the ICO when a data breach occurs.
human error rather than to technological                                                                                                                       The power to impose a monetary penalty is
problems and the Commissioner emphasised                                                                                                                       part of the ICO‟s overall regulatory toolkit
the importance of staff training and monitoring                                                                                                                which includes the power to serve an
staff compliance with procedures and                                                                                                                           enforcement notice and the power to
processes.                                                                                                                                                     prosecute those involved in the unlawful trade
                                                                                                                                                               in confidential personal data. The ICO has
In the light of the Commissioner‟s new powers                                                                                                                  produced specialist guidance about how it
to impose monetary penalties it is now even                                                                                                                    proposes to use this new power.


Information Governance milestones

                                                    the many pharmacies who contacted the
                                                    helpdesk was very positive.

                                                    The year has also seen a significant uptake in
                                                    the number of users registered on the NHS
                                                    Information Governance Training Tool. In
                                                    fact, the IG Training Tool now has over
                                                    12,000 organisations with 80,000 plus
                                                    registered users. There are 21 e-learning
                                                    modules which are tracked, tested via
                                                    assessments with certificates issued for those
The year 2009/2010 has been a particular            who obtain 80% or more on the assessment.
challenge for the IG Policy team of                 It also contains 93 items of trainer materials
Department of Health (DH) Informatics, as the       which can be used to support bespoke face to
pharmacy community has joined the wider             face training and group sessions.
NHS in demonstrating their Information
Governance assurances via the Information           Last but not least, we‟re all quite excited
Governance Toolkit. More than eleven                about the work we‟ve been involved with
thousand separate businesses make up this           throughout the year with our consultant
community, and details of each of these were        partner Tony Heap. Tony has been busy all
collected from local Primary Care Trusts            year with the extensive development of the IG
(PCTs) and used to pre-register on the IG           Toolkit (the creatively titled „version 8‟), and
Toolkit.                                            going up and down the country asking users
                                                    of the Toolkit how it could be improved, whilst
In collaboration with the Pharmaceutical            members of the IG Policy team have been re-
Services Negotiating Committee, the Royal           drafting all the existing requirements into a
Pharmaceutical Society of Great Britain and         format which will make it easier to manage in
colleagues in DH Pharmacy Policy, a                 future releases.
package of materials including a
comprehensive guidance and companion                In version 7 there were over a thousand
training leaflet was developed. An email and        separate documents to manage, and that
telephone helpdesk service was established          number has decreased to less than 80.
to provide support and advice. This was             Version 8 has just been launched and you
promoted by local PCT pharmacy leads,               can find out more about it in the version 8
online and within the paper materials               article on page 4 but make sure you visit the
distributed to each pharmacy. Feedback from         site to see the changes in action.

                                                    The Caldicott Guardian newsletter
The Caldicott Guardian newsletter

The Summary Care Record – Caldicott Compliance
Dr. Emyr Wyn Jones DM FRCP, Secondary Care Clinical Lead
Summary Care Record - National Implementation, NHS Care Records Service, NHS Connecting
for Health

NHS Connecting for Health is introducing               confidentiality should be ensured, whilst
Summary Care Records (SCRs) for patients               ensuring that information is made available
in the NHS across England. The SCR is                  for clinical decision making by those who
created by uploading data from GP systems              need to know.
to the central technical infrastructure known
as the National Spine. The SCR currently               These safeguards are entirely consistent with
includes, as a minimum, a core patient data            the recommendations of the Caldicott
set which includes information on                      committee on confidentiality and appropriate
medications, allergies and previous adverse            use of patient identifiable information - that
reactions to medications. A GP can also                every use or flow of patient-identifiable
choose to enrich a patient‟s SCR by adding             information should be regularly justified and
further information, if it is thought that there       routinely tested against the six “Caldicott
would be particular benefit to the patient and         Principles”:
to healthcare providers responsible for their
care, for example end of life care plans.              Principle 1 - Justify the purpose(s) for
                                                       using confidential information
In future, it is possible that information from        The SCR is no different from any other
other sources will be added to the SCR - for           component of a patient‟s medical record in
example, details of GP „Out of Hours‟                  that it contains potentially sensitive
consultations or of attendances at Hospital            information, which has been provided by the
Emergency Departments. This is dependent               patient or their representative in strict
on development and deployment of                       confidence to the doctor (or other heath
appropriate technical solutions and also on            professional), for the sole purpose of
the outcome of a review of the scope of the            allowing the provision of healthcare to that
SCR which has been commissioned by the                 patient. There is an absolute obligation
Minister of State for Health.                          under the Common Law of Confidentiality
                                                       that the information must only be used for
Some patients and clinical professionals, and          that explicit purpose and for no other
their representative organisations, have               purpose unless the patient has given fully
expressed concerns that holding sensitive              informed consent for the other use, or unless
personal information on a large central                there is an over-riding public interest reason
electronic database opens up the possibility           for disclosure.
of data being accessed inappropriately and
used for purposes other than the provision of          Therefore, apart from disclosure in the case
personal healthcare. Technical safeguards              of over-riding public interest or when access
have already been put in place to protect the          is required by statute or court order, the only
security of this electronically held data and          justifiable uses of identifiable information
the SCR programme has also introduced                  contained in the SCR are to facilitate the
significant Information Governance                     provision of healthcare to that individual.
processes so that maintenance of                       This includes use of the information to audit


the quality of care delivered; facilitate the         A necessary over-ride is in place to take into
administrative tasks associated with                  account clinical circumstances when the
provision of healthcare, including                    patient may not be capable of consenting, for
communication and correspondence                      example when the patient is unconscious or
between health professionals; identification          is considered not to have capacity to give
of resources, including finance to ensure             consent because of confusion, intoxication or
appropriate provision; and the arrangement            for other reasons. The clinician may then
of appointments with healthcare                       decide, in the patient‟s best interest, to view
professionals.                                        the SCR without obtaining PTV.

Use of identifiable information for purposes          That action will be automatically logged and
other than the delivery of safe and timely            reported to the organisation‟s nominated
healthcare is not justified, unless the patient       Privacy Officer who may then investigate to
has given informed consent. This applies to           ensure that the access without consent was
the use of identifiable information for               justified on the grounds of providing best
epidemiological and research studies, unless          clinical care.
exemption from the need for informed
consent has been given following application          This emergency access facility to view the
to the Ethics and Confidentiality Committee           SCR without first obtaining PTV can also be
of the National Information Governance                utilised when access to the record is
Board for Health and Social Care (NIGB).              considered to be required in the Public
                                                      Interest or on the rare occasions when
A further safeguard which has been put in             access is required by statute or court order.
place to ensure that clinicians comply with           Each request of this sort will be reviewed first
consent requirements when accessing the               by the organisation‟s IG team and Caldicott
SCR is the necessity to seek Permission to            Guardian before information is released.
View (PTV) from the patient when the SCR is
to be viewed. This is consistent with the NHS         Principle 2 - Only use confidential
Care Record Guarantee for England, which              information when absolutely necessary
states that:                                          As with all patient data, whether held on
                                                      paper records or electronically, identifiable
  “We will ask your permission if we need             information contained in the SCR should only
  to look at information in your Summary              be used and shared when absolutely
  Care Record. When this is not                       necessary. There are clinical situations
  possible, for example in an emergency               where appropriate care can be provided
  when you are unconscious, we will tell              safely and appropriately without having to
  you later...”                                       access the core clinical data contained in the
                                                      SCR. Clinicians need to make reasoned
                                                      judgments as to whether accessing core data
This requirement is automatically prompted
                                                      held on the SCR is necessary in order to
on the computer screen when trying to
                                                      safely meet the immediate needs of the
access an SCR and the clinician is asked to
record that the PTV has been sought and
consent given.

                                                           The Caldicott Guardian newsletter
The Caldicott Guardian newsletter

Principle 3 - Use the minimum                          defined to ensure that only clinical staff who
confidential information that is required              have a need to know can have access to the
Caldicott principles are applicable to                 information contained in the SCR.
identifiable patient or service user
information. If the information is not                 Additional controls are incorporated into SCR
identifiable then these constraints on sharing         viewing by creating Role Based Access
and on use of the information are not                  Controls (RBACs), which limit the extent and
applicable. The easiest safeguard for the use          nature of the information which can be
of clinical information, including that held on        accessed by individual members of staff,
the SCR, for any purpose other than the                depending on their specific roles and the
direct provision of healthcare to the individual       requirements to enable them to carry out
patient, is to anonymise it. If anonymisation          their professional duties. Thus, nursing staff
is not feasible, then Caldicott principle 3            may require a different level of access to
should be applied and the minimum                      sensitive clinical information when compared
identifiable information should be used or             with doctors, for example. These RBACs are
shared. This may involve some form of                  applied to a healthcare professional‟s
pseudonymisation or use of the NHS number              Smartcard by the local registration authority
or other single unique identifier, without             once approval is granted by the originating
disclosing more easily identifiable information        organisation.
such as name, address or date of birth.
                                                       Principle 5 - Everyone must understand
Principle 4 - Access should be on a strict             his or her responsibilities
need-to-know basis                                     Doctors, nurses and other health
Identifiable, clinical information should be           professionals understand the value that
shared only on a “need to know” basis.                 patients put on confidentiality. This
Therefore, the only people who should have             understanding underpins the nature of the
access to clinical data contained in the SCR           relationship between patient and
should be those directly involved in the               professional. They know that they are bound
patient‟s care. Staff can only be given                by their professional codes of practice and
permission to access patients‟ SCRs after              are accountable to their professional
their local Registration Authority agent has           regulatory bodies for conduct and
verified their identity and role and issued a          performance and this includes the way they
Smartcard, which when used with an                     deal with information given in confidence.
individual‟s password, allows an audit trail to        This includes information contained in a
be created, recording every instance when              patient‟s SCR.
the SCR has been viewed.
                                                       Similar principles apply to the relationship
 The need to seek explicit Permission to               between Social Care professionals and
View (PTV), as detailed above, can be                  service users. These principles are as
applied to work groups - groups of clinical            relevant to information contained in the SCR
staff who might be working together in a               as they are to any other source of clinical or
particular care setting to deliver care to the         care information.
patient. These work groups can be pre-


Health and Social Care organisations are               records, including the SCR, should have an
required to comply with recommendations in             understanding of the law with regard to data
the Caldicott report on the confidentiality of         protection, confidentiality and security and
patient and service user-identifiable                  should be contractually required to comply
information. This includes an understanding            with their employing organisation‟s
of when it is appropriate to share confidential        Information Governance protocols and
information. Sharing must be justified on a            procedures, or be subject to formal
“need to know” basis and only minimal                  disciplinary procedures.
identifiable information can be used, with
anonymisation being the norm unless there              Employees should know the identity of their
is a need for identification in order to meet          employing organisation‟s Caldicott Guardian
the purpose for which the information was              who should act as the “Conscience of the
provided in the first place. Health and Social         Organisation” providing advice and direction
Care workers are bound by their contracts of           on questions of when it is appropriate to
employment which should include privacy                share confidential information.
and confidentiality clauses.
Everyone who works for the NHS (or for                 There is particular public and professional
organisations delivering services under                anxiety about the implementation of the
contract to the NHS) has to comply with the            Summary Care Record (SCR) Programme in
NHS Care Record Guarantee for England,                 England because of the fact that sensitive
which was first published in 2005 and is               and confidential information is to be held on
regularly reviewed by the National                     a national electronic database (the national
Information Governance Board (NIGB) to                 “Spine”). This raises a set of concerns about
ensure that it remains clear and that it               the potential for information to be
reflects current law and best practice. It sets        inadvertently or illegally accessed through
out the rules that govern how patient                  hacking or other electronic breaches of
information is used in the NHS and what                security. Also, and importantly in the public
control the patient has over this. It covers           mind, is the concern that a national database
people‟s access to their own records;                  of personal information might be used by
controls on other‟s access; how access will            governments and those in power for malign
be monitored; options people have to further           purposes of controlling or otherwise policing
limit access; access in an emergency and               or manipulating the population for political or
what happens when someone cannot make                  other purposes – a fear of “The Big Brother
decisions for themselves.                              State”.

Principle 6 - Understand and comply with               As far as the first of these anxieties is
the law                                                concerned, the Information Governance and
The law is very clear on the need for Data             data security controls that the National
Protection and Human Rights and anyone                 Programme, within NHS Connecting for
who uses or discloses confidential health or           Health, has put in place are significant and
other personal information without consent             considered more robust than most
can be held liable in law for their actions.           commercial systems in place for protecting
                                                       data security, for instance in the banking
The Information Commissioner has                       sector. Added to that, the protocols for
confirmed that the proposals for the roll out          obtaining consent and permission to view the
of the SCR comply with the requirements of             SCR are well defined with audit trails and
the Data Protection Act 1998 (DPA). All                procedures for identifying breaches and
individuals who have access to health                  taking appropriate follow up action.

                                                            The Caldicott Guardian newsletter
The Caldicott Guardian newsletter

These processes and protocols are entirely
consistent with the six Caldicott Principles           As far as the second public anxiety about the
and it is essential that Caldicott Guardians in        uses that centrally held information can be
health and Social Care organisations should            used, reassurance about this is dependent
be aware of the Information governance                 on the accountability of government and its
controls that are built into the SCR                   component parts and the public and the
implementation process. Caldicott                      professions have to be reliant on the trust
Guardians need to be in a position to provide          that has to exist within a truly democratic
reassurance and informed opinion when their            society.
advice is sought in relation to accessing the


1.   Department of Health and the UK Council of Caldicott Guardians, 2010. The Caldicott
     Guardian Manual. Department of Health. Available at:

2.   Clay, R., 2009. Summary Care Record Scope. NHS Connecting for Health. Available at:

3.   NHS Connecting for Health, 2009. Information Governance and the Summary Care Record.
     NHS Connecting for Health. Available at:

4.   BMA Press Office, 2010. BMA calls for roll-out of electronic records to be suspended, British
     Medical Association, 10 March 2010. Available at:

5.   National Information Governance Board for Health and Social Care (NIGB), 2009. NHS Care
     Record Guarantee for England. NIGB. Available at:

6.   NHS Connecting for Health, Summary Care Records web pages:


The Royal College of Physicians: IG Training Tool modules for hospital
record keeping

                                                    patients, and is based on the RCP Generic
                                                    Record Keeping Standards for hospital
                                                    admission clerking, inpatient handover and
                                                    hospital discharge.

                                                    A further module on secure handling of
                                                    confidential information is in development.
                                                    Although primarily aimed at medical students
                                                    and junior doctors, it is suitable for students
                                                    and the newly qualified from any of the
                                                    health and social care professions. The
                                                    module aims to raise awareness of the
As part of the commitment to support the            potential risks to confidential information and
NHS and associated partners with the                provide the target audience with useful
promotion of effective Information                  knowledge on reducing the risks and
Governance, the IG Policy team worked for           ensuring that confidential information is
several months with the Royal College of            protected.
Physicians (RCP) and NHS clinicians to
create two e-learning modules on clinical           The modules are available in the IG Training
record keeping standards.                           Tool which can be accessed at:
1. The importance of good clinical record           ol
   keeping addresses the general principles
   of good record keeping and is relevant to        Further information about the RCP Generic
   any clinician who writes in the health           Record Keeping Standards is available at:
2. Record keeping standards for hospital
   inpatients is targeted specifically at
   doctors and specialist nurses who clerk

                                                         The Caldicott Guardian newsletter
The Caldicott Guardian newsletter

Security Corner: Access considerations for movers and leavers

Caldicott Guardians will want to be aware of the potential information governance issues
that may arise where inactive or unnecessarily privileged information system user
accounts may exist.

  The problem: Unused user accounts have                Disabling versus deleting: When a member
  the potential for unauthorised access to              of staff leaves their employment the
  patient systems and records. If misused, this         immediate response of many organisations is
  could lead to possible data leakage and loss          to delete the affected user‟s account.
  of Confidentiality, Integrity and Availability        However, in certain situations, consideration
  (CIA). Also, greater access to network                may be given to temporarily disabling the
  drives, applications etc than is necessary for        account; rather than deleting it. This
  a person‟s role can introduce risks and allow         response is possible for two main reasons.
  adverse impacts should an account be
  compromised by an attacker.                           Firstly: There are situations whereby a
                                                        person may temporarily leave an
  The potential risk and impact of accidental           organisation and then return to work for the
  damage to systems is greater the more                 same organisation in the same post. For
  access that is available.                             example, an employee on maternity leave or
                                                        perhaps someone who is taking a career

Accrued access: Effective access                        Secondly: Some operating systems remove
management means ensuring staff get                     entire access to resources, systems and
access only to the information and systems              infrastructure when an account is deleted. If
they require to do their job. It's not                  a member of staff leaves and is being
uncommon for individuals progressing                    replaced by a new employee, it is possible
through and up an organisation to carry their           the organisation may want the new employee
existing accrued "access" rights with them as           to have a similar level of access as their
they move, and here lies a big challenge.               predecessor.
While there's often a major driver to provision
access so that people can effectively take up           Where user accounts have been temporarily
new positions, there often isn't equivalent             disabled, regular reviews must be made to
consideration to review and reduce or                   ensure there have been no attempts to use
decommission unnecessary access rights                  such accounts and if so investigation must
when they are no longer required.                       be made.

The risks and security implications of system
access must therefore be fully understood by
all departments involved in staff movement
and an auditable process must be put in
place for staff movers as well as new starters
and leavers.


Security Corner

In summary
1. Organisations must consider carefully
   whether or not an account needs to be
   temporarily disabled or permanently
   deleted. However, when there is
   uncertainty the most appropriate option is
   likely to be deletion.

2. Watch for unnecessary accrued /
   accumulated systems access privilege of
   people moving within the organisation.
   Ensure that their access levels are
   reviewed and maintained appropriate for
   their position. Access privileges that are
   no longer required should be revoked.

3. Avoid simply renaming or reallocating a
   temporarily disabled account. Whilst this
   process is typically quick and easy there
   are a number of potential security and
   patient confidentiality issues that could

The Information Governance Policy team has
produced the NHS IG Checklist for Staff
Movers and Leavers that can be used for staff
who are leaving their NHS employment or
who are moving to another position within the

                                                     The Caldicott Guardian newsletter
The Caldicott Guardian newsletter

                                                      However the Pseudonymisation
                                                      Implementation Project (PIP) guidance
   Caldicott issues                                   requires that patient identifiable data is sent
   This section of the newsletter aims                to the PCT who should then pseudonymise
   to detail, in anonymised form, issues              the data in a new safe haven before further
   raised by the wider Caldicott                      use. The trust is not convinced that the PCT
   community and discussed by the UK                  has the same views on information
   Council of Caldicott Guardians. The                governance as the trust and has concerns
   responses expressed in this column                 that commissioning staff will gain access to
   do not constitute legal advice; they               identifiable data.
   are the considered opinion of the
   Council. If you require legal advice               Considerations
   you should consult your                            In reaching its decision the Council discussed
   organisation‟s legal advisors.                     secondary use of data by commissioners and
                                                      were in agreement that commissioning staff
   The Council welcome any queries                    should not have access to identifiable data.
   that promote similar discussion, so                The rationale behind the PIP guidance was
   please see this as your opportunity                also discussed, and the fact that there were
   to raise issues, obtain a response                 equally valid arguments for pseudonymising
   and assist the Council to build up a               the data before it leaves the provider
   body of answers to frequently asked                organisation. However, the decision to use
   questions and develop expertise                    „new safe havens‟ would also minimise risks
   across the community. This month                   to data and enable NHS work to proceed. As
   we look at the New Safe Havens                     the „new safe havens‟ have not yet been set
   required as part of                                up some Council members have refused
   pseudonymisation processes and                     commissioner requests for identifiable data
   sharing information in the absence of              and have supplied pseudonymised data only.
   patient consent.
                                                      The Council’s decision
                                                      The Council‟s advice is that identifiable data
                                                      should not be sent directly to commissioning
Pseudonymisation and new safe                         staff but rather, in line with page 7 of the PIP
                                                      guidance, each organisation should create a
                                                      „new safe haven' to receive identifiable data,
                                                      carry out data quality, linkage and derivation
An acute trust posed a question about the             tasks. Once the „new safe havens‟ are in
pseudonymisation processes required as part           place they will need robust governance
of the changes in Secondary Use in April              around them including security measures and
2011. The trust‟s initial intent was to               appropriate staff training with specific
pseudonymise all patient identifiable data            competencies for pseudonymising data so
before using it internally or sharing with PCT        that where necessary identifiers can be
colleagues.                                           restored.


Sharing without consent for an independent inquiry
A trust had two in-patients who were involved          therapeutic relationship with the patient by
in a serious assault on a family member. One           going directly against B‟s wishes. Therefore,
(A) is charged with the offence but charges            if the records are required, the SHA will have
have not been taken forward against the                to pursue the necessary formal channels.
other (B).
                                                       The Council were asked for their opinion on

                                                          The line of reasoning set out by the
                                                           Caldicott Guardian is correct; and
                                                          The SHA would be able to obtain
                                                           disclosure via the Secretary of State, or
                                                           would this only be available via a court

                                                       The Council considered whether there were
                                                       any other grounds for disclosure, eg a
The Strategic Health Authority (SHA) is                statutory gateway or an overriding public
setting up an independent inquiry into the             interest. There was also discussion regarding
incident and they have requested the clinical          the necessity for an independent enquiry and
records of patient B. The mental state of              whether it formed part of a „lessons learned‟
patient B has improved with treatment and B            process. If so, there might be scope for it to
now undoubtedly has capacity to give or                be undertaken as a local critical incident
withhold consent on matters to do with                 review using an independent chair.
his/her care and treatment. B has declined to
give consent for the records to be disclosed           The Council’s decision
to the SHA's independent investigator.                 The Council were in agreement that if the
                                                       investigator could not formally justify why the
The investigator has informed the consultant           records were required, the Caldicott
in charge of the case that if necessary the            Guardian is correct to refuse the request. If
notes will be obtained through the Secretary           the investigator supplied a valid reason then
of State.                                              the public interest in disclosure could be
                                                       determined. As consent has been declined
The advice of the organisation‟s Caldicott             and without a statutory gateway or evidence
Guardian is that there are no grounds to act           of an overriding public interest in disclosure
against the patient's wishes, especially as            the correct route for the SHA was to obtain a
non-disclosure carries no risk to the safety of        court order, this would provide appropriate
any third parties. There is also concern about         protection for the patient and for both
the potential for damage to the delicate               organisations.

                                                       The Caldicott Guardian newsletter
The Caldicott Guardian newsletter

News and updates
New members appointed to the UK Council of Caldicott Guardians
Further to the call for representatives for the        Caldicott Guardian newsletter and
UK Council of Caldicott Guardians, the                 representing the Council on the National IG
following candidates have been confirmed as            Board and at external events.
new members by the Council at the beginning
of their meeting on 13th July 2010. As only            More information can be found at:
one nomination form was received from each   
of the sectors a vote was not necessary.               services/infogov/caldicott/

Strategic health authorities/regulatory                Eligibility to stand
bodies: Professor Yvonne Doyle, Regional               Candidates must be Caldicott Guardians
Director of Public Health, Southeast Coast             within the UK formally registered with NHS
SHA.                                                   Connecting for Health/ Department of Health.

Acute sector: Dr Simon Gabe, Consultant                If you are a Caldicott Guardian and are not
Gastroenterologist & Honorary Senior                   registered, please visit the Department of
Lecturer North West London Hospitals NHS               Health website at the address below then
Trust.                                                 download and complete the appropriate form
                                                       for your organisation type:
Mental health sector: Dr Dele Olajide,       
Consultant Psychiatrist, South London and              /Informationpolicy/Patientconfidentialityandcal
Maudsley NHS Foundation Trust.                         dicottguardians/DH_4100563

Primary care sector: Dr John Richmond,                 IMPORTANT: Please return the registration
Substance Misuse Specialist, Delphi Medical            certificate by post (not fax or scan) to the
Consultants Ltd.                                       address stated on the form.

Vacancies                                              Experience
Nominations are invited for the remaining              Candidates should be able to demonstrate a
vacancies in the constituencies set out below:         commitment to Caldicott Guardianship, to
                                                       protecting and appropriately sharing personal
     Ambulance services (1 vacancy)                   information, and be prepared to develop and
     Primary Care sector (1 vacancy)                  maintain links with their constituent sector
                                                       and with other national organisations to
Commitment                                             ensure that the work of the Council is broadly
The term of office runs for three years and the        disseminated.
commitment is to four meetings per year,
alternately held in London and Leeds.                  If you are interested and have good
                                                       independent judgment and the ability to work
The Council‟s work to date has encompassed             effectively as a member of a team whilst
reviewing papers, training materials and               being able to speak your mind, please contact
consultations, contributing to responses for           the Secretariat for a nomination form:
Caldicott queries, submitting articles for the


Decommissioning ContactPoint

Ministers have confirmed the arrangements for           undertake, and confirms funding and other
the closure and decommissioning of                      support available during this period.
                                                        The letter will be issued to Directors of
A Written Ministerial Statement has been                Children‟s Services to cascade to local
made informing Parliament that ContactPoint             authority heads of audit, heads of finance
will be shut down on 6 August. The                      and ContactPoint project sponsors.
Government is continuing to consider the                Implementation Coordinators will be
feasibility of a more proportionate approach to         contacting local authorities to go through
supporting frontline professionals to help              the letter and to respond to queries and
protect vulnerable children from harm.                  support them where necessary.

A letter to Directors of Children‟s Services and        The letter and the Written Ministerial
Chief Executives of ContactPoint National               Statement have been placed in the House
Partners sets out the timetable for shut down           Libraries are available on the Department
and decommissioning, provides guidance for              for Education website under the „In the
local authorities, National Partners and other          News‟ section at:
partners on the activities they need to       

                                                            The Caldicott Guardian newsletter
The Caldicott Guardian newsletter

Standards for the provision of teleradiology services in the United Kingdom
Teleradiology has huge potential for                  The standards can be divided into the
improving the efficiency of radiological              following areas:
services and increasing patient safety.
However, it also presents significant dangers              standards to ensure patient safety;
if its introduction is not guided by a set of              standards applicable to image and
standards to give it structure.                             report sharing in general, including
                                                            compliance with the duty of
We live in a large European community of 27                 confidentiality;
countries all of whom set their own                        standards applicable to a radiologist
regulations, have their own governance, and                 providing a reporting service through a
have their own rules for their medical                      teleradiology service provider;
professionals. Changing methods of                         standards applicable to a teleradiology
delivering diagnostic imaging services and                  service provider;
the increasing commercialisation of aspects                standards specific to a healthcare
of healthcare, including telemedicine and                   organisation using a teleradiology
teleradiology, means that there will be                     service;
increased fragmentation of where and how                   standards applicable to the provision
services are delivered. Increasingly, there                 of image viewing at home for the on-
will be a greater opportunity for radiologists              call radiologist.
from within and outside the European Union
(EU) to report on images for United Kingdom           Attention to the guidelines and standards
(UK) patients.                                        outlined above will ensure the sustainability
                                                      of local diagnostic imaging services and
The Royal College of Radiologists has                 maintain high-quality standards of reporting,
published Standards for the provision of              ensuring patient safety and confidentiality.
teleradiology services in the United Kingdom.         We hope that they will be of value to all NHS
                                                      organisations looking to outsource some part
These standards are the result of                     of their imaging services.
consultation with medical, lay and IT experts
and are essential to maintain high-quality            The Royal College of Radiologists is pleased
diagnostic imaging reporting within the UK in         to be able to offer you a complimentary copy
an ever-increasing commercially competitive           of Standards for the provision of
environment. The setting and acceptance of            teleradiology services in the United Kingdom.
such standards should be seen as part of the          To obtain your free print copy, please email
patient safety and quality, innovation,               your postal details to
productivity and prevention (QIPP) agenda.            or telephone 020 7299 1162.

                                                      Please allow 28 days for delivery.


Conference: Confidentiality and Information Governance - Implementing the
GMC and Care Quality Commission recommendations in health and social
care: Thursday 16 September 2010
This conference, endorsed by the UK                    developments in implementing the new
Council of Caldicott Guardians, is chaired             General Medical Council‟s (GMC) guidance
by Dr Andrew Harris Chair of the Ethics and            on Confidentiality.
Confidentiality Committee of the National
Information Governance Board for Health and            The GMC Confidentiality guidance came into
Social Care. Dr Harris will look at                    effect on 12 October 2009. The purpose of
developments since the Caldicott review and            this guidance is to help you identify the
the practicalities of sharing information and          relevant legal and ethical considerations, and
information risk. Other speakers include Mr.           to help you make decisions that respect
Ben Heal and Mr. Christopher Fincken,                  patients‟ privacy, autonomy and choices and
social care and acute sector representatives           that also benefit the wider community of
respectively of the UK Council of Caldicott            patients and the public.
                                                       The conference then continues to look at
                                                       effective information sharing and governance
                                                       using case studies from:

                                                            the social care perspective;
                                                            the police perspective;
                                                            sharing information for clinical audit,
                                                             quality improvement and
                                                            sharing information with the
                                                             independent and voluntary sector.

                                                       Information governance breaches are
                                                       currently a serious concern for NHS Trusts.
                                                       Without a comprehensive system in place you
                                                       may be opening yourself up to detrimental
                                                       consequences. The closing session highlights
                                                       solutions for overcoming difficult ethical
                                                       decisions and sharing information and
                                                       records with patients and carers. The
                                                       conference will provide a wealth of
Delegates will hear about Information                  information along with new ideas of how to
Governance and Confidentiality from the                improve both Confidentiality and effective
patient perspective. The conference                    data sharing in your organisation. Find out
continues with a focus on the practicalities of        more by downloading the brochure at
handling primary and secondary patient       
information including a legal update and

                                                   The Caldicott Guardian newsletter
The Caldicott Guardian newsletter


The Scottish Government:                           Ministry of Justice: Call for evidence
Consultation on proposals for a new                on the data protection legislative
Public Records (Scotland) Bill                     framework
The consultation seeks views on new                The Government has issued a Call for
legislation to improve record keeping              Evidence on current data protection law to
across the public sector in Scotland.              help inform the UK‟s position on
                                                   negotiations for a new EU data protection
Consultation closes: 4 August 2010                 instrument, which are expected to start in           early 2011. The Call for Evidence seeks
/22154359/0                                        evidence about how the European Data
                                                   Protection Directive 95/46/EC and the Data
The Scottish Government:                           Protection Act 1998 are working, and their
                                                   impact on individuals and organisations.
Consultation on Extending the
Coverage of the Freedom of                         At the same time as launching this Call for
Information (Scotland) Act 2002                    Evidence, the Government has published a
                                                   provisional post implementation review
The consultation seeks views on whether            impact assessment of the Data Protection
FOI legislation should be extended to              Act 1998, on which comments are also
cover private organisations that deliver a         welcome. This impact assessment
public service, such as the building and/or        complements the Call for Evidence and
maintaining of schools and hospitals;              publication of a full impact assessment is
privately managed prisons and prison               planned for the end of 2010.
escort services; the building, managing
and maintenance of trunk roads; trusts             Please note that the Call for Evidence is
created by local authorities for the               not a formal consultation, but an evidence
provision of leisure and culture; Glasgow          gathering exercise.
Housing Association and the Association of
Chief Police Officers in Scotland                  Call for Evidence closes: 6 October 2010
Consultation closes: 2 November 2010               evidence-060710.htm


Contact us
     To contact the UK Council of Caldicott Guardians, to suggest a topic or contribute an
      article for future issues of The Caldicott Guardian, please email the Secretariat at:

     For assistance with Information Governance issues, please send an email to: or telephone 01392 251289

     For assistance with Information Governance for community pharmacies, dental
      practices and eye care services please contact: or
      telephone 0113 394 6540

Caldicott web pages:

                                                     The Caldicott Guardian newsletter

Shared By: