This post was written by Cynthia O’Donoghue.

The UK Department of Health has published a response supporting the Caldicott Review findings on information sharing of patient data across the health and care system.

The Department of Health supported each of the information sharing findings:

  • NHS England’s Information Strategy granting patients free access to their electronic care records and providing virtual consultations across health care offerings by 2015
  • Access to family records for a child’s social care remains in debate in light of the need to balance family privacy against concerns for child safety
  • Confidential patient data will be shared across the entire health care team (including social care workers) who have a direct relationship with the patient
  • The Information Governance Sub-Group is due to provide a standardized data sharing agreement to ensure patient data is processed fairly
  • Patients will be fully informed that their medical records could be anonymised and processed by data linking for research on health care improvement unless consent is withheld
  • NHS England will develop a standard system to manage patient consent
  • In the event of a data breach, patients will be given a full explanation of the cause and remedial action taken
  • All data breaches will be assessed against a standardized severity scale, reported and published in Annual Governance Statements
  • Caldicott Guardians should be appointed to ensure compliance
  • Information governance will be integrated into curricula and considered a core competency in undergraduate training

The Health and Social Care Information Centre has published a guide to confidentiality in health and social care with accompanying references which sets out five rules to help organisations assess how to share information consistent with a patient’s best interests:

  1. Information should be treated confidentially and respectfully
  2. Limit the sharing of information other then as when necessary for the effective care of the patient
  3. Information shared for the benefit of the community must be anonymised unless informed consent of the individual is given or otherwise required by law
  4. An individual’s right to object to sharing confidential information should be respected
  5. Policies, procedures and systems must be in place to ensure patient confidentiality

The Department encourages providers to audit and model their information sharing practices against the National Institute for Health and Care Excellence (NICE) clinical guidelines and use the Information Governance Toolkit to assess compliance with the Department’s governance standards and policies.