Disclosure: a key issue for Caldicott Guardians in 2004

  • 29 December 2003


The UK’s 1,000 plus Caldicott Guardians, champions for data protection in the NHS and social care, have a packed agenda for 2004 and a new group, the UK Council of Caldicott Guardians, to support them.  E-Health Insider talked to the NHS Information Authority’s guardian, DrJanine Brooks, who is helping to set up the council .


Speaking with Janine Brooks on the day after the verdicts in the Soham trial, there seemed no need to question why data protection champions need more support and access to education. The challenge of ensuring that their organisations not only guard privacy but also make appropriate disclosures is of great importance internally, and a growing matter of public concern.


The police and social services, rather than the NHS, were in the firing line when we all found out that Ian Huntley had been questioned about rapes and other sexual offences many times before he murdered Holly Wells and Jessica Chapman.  But recent history records cases such as the deaths of Victoria Climbie and Ainlee Walker where health professionals’ record keeping and information sharing has been criticised.


Yet another inquiry – this time conducted by Sir Michael Bichard – will look into the issues raised by the Soham case, but one suspects that practical initiatives, such as the formation of the new council for Caldicott Guardians may do as much, if not more, to improve practice.


Brooks points to a ‘desperate’ need to share good practice and feels much may also be learned by analysis of critical incidents in which staff have come close to breaching confidentiality or failing to disclose essential information to other agencies.


"Looking at things that were ‘near misses’ and looking at the learning that can come out of them really does need to be done at a fairly high level.  The Patient Safety Agency does some it, but they are not doing a lot of the patient confidentiality-type work.  Confidentiality incidents do tend to fall between stools," says Brooks.


These issues, along with many others raised under the general umbrella of information governance make it certain that the council will have plenty of work to do.  


Caldicott Guardians have a fairly short history.  They were first appointed in the NHS in March 1999 and then social care made parallel appointments.  Now every NHS organisation has a guardian and a few private healthcare organisations have followed suit. They were first appointed in England and Wales, but Scotland decided to adopt the system and appointed Caldicott Guardians, but with different guidance.


Brooks, with her national perspective as the NHSIA’s guardian, noticed some gaps.


“Ever since Caldicott Guardians were appointed there’s never really been a focus for them," she explained. "The initial letter came out and it said what we had to do and it said what you had to be [in order] to be appointed, but then to a large extent people were more or less left on their own."


Over time the guardians have banded together in some places to form regional groups, but Brooks says there is now a feeling that a national forum is needed. The NHSIA has stepped into the breach by helping the new group to find it feet, though the authority emphasises that it is playing an enabling, not a controlling role.


The authority already has a helpdesk offering advice on data protection and confidentiality and has taken the lead in work on information governance, so it has become a natural focus for guardians and others with data protection responsibilities.


"I was appointed here about 18 months ago and it became obvious fairly quickly that the [IA] board was supportive of looking at Caldicott Guardians more broadly within the NHS. Over time we built up a model of what we might like to be able to offer to guardians that culminated in the conference we had in October and at the conference we launched the UK Council of Caldicott Guardians," explains Brooks.


With space for 250 people, the conference was sold out two month ahead and at the event Brooks’ appeal for volunteers to help steer the setting up of formal structures for the new council yielded 33 names. In the New Year, the volunteers will meet to decide on how the council will be structured and run.


"The sort of roles I’m anticipating include quite a large training and education role and I’m looking at commissioning training, though there are some packages already available that the council can look at before we commission anything new," says Brooks.


A good training analysis with the current guardians is also likely to be done to find out exactly what the guardians feel they need with their varying levels of experience.


"There are also issues around sharing good practice and there isn’t anywhere at the moment where they can see good practice that’s being undertaken in one area of the country to replicate in another. 


"For example, sharing of information protocols – that was something all guardians were tasked to do – to develop protocols with their non-NHS partners about what information would be shared and for what purposes. In some areas one guardian has sorted out the protocols and others it has been a group.  Some protocols are with a single partner, perhaps social services, other protocols have been very ambitious and include police, the Crown Prosecution Service, schools, social care and private [sector].  So some have been very ambitious whereas others have been less ambitious, but it’s quite good to share that type of learning."


Brooks believes guardians could be helped in their work by improved performance monitoring too.


"We all undertake a Caldicott audit every year and so individually we know how we compare with ourselves the previous year, but we don’t know how we compare with a similar organisation. There’s no way that you can benchmark. I’m thinking PCT to PCT or acute trust to acute trust," says Brooks.


"You need to build these things up.  It’s happening where guardians have really got themselves together in a small network, in a locality, it can work really well. So it’s about looking at those kinds of things and perhaps trying to replicate them on a national level."


At a time when every NHS organisation seems to be declaring its desire to ‘partner with patients’ Brooks has a refreshingly practical take on what this might mean for the new group.


At a general level, she feels that a lot of minor breaches of confidence could be avoided if there was a greater awareness among staff that "patients are people and people are patients."


She also thinks that the problems around disclosure could also be tackled through a better understanding with patients.


"I guess what I want to tighten up is the area of disclosure and partnership sharing and we’ve seen a number of reports on this – one that immediately comes to mind is the Green Paper ‘Every Child Matters’ and talking about the wider sharing of information for the good of children at risk.  We need to agree correct protocols of disclosure to ensure that the right information is shared about the right person at the right time, but we don’t share inappropriately. It’s getting the balance right."

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Digital Health Coffee Time Briefing ☕

Digital Health Coffee Time Briefing ☕

Today's Coffee Time Briefing covers a tech-powered initiative for unpaid carers in Surrey and digital wayfinding tools at Warwick Hospital.
Airedale NHS FT postpones Oracle EPR go-live indefinitely

Airedale NHS FT postpones Oracle EPR go-live indefinitely

Airedale NHS Foundation Trust has postponed the go-live of its Oracle Health electronic patient record (EPR) system for a second time.
Synnovis attack led to at least five cases of ‘moderate’ patient harm

Synnovis attack led to at least five cases of ‘moderate’ patient harm

The Synnovis cyber attack led to at least 119 incidents of patient harm, including at least five cases of 'moderate harm', figures show.