Information should be shared across health and social care when it is in patients’ best interests, but patients should be able to see an audit trail of everyone who has accessed their personal data.

These are the key recommendations of the Caldicott2 review, which reported this morning. ‘Information: to share or not to share’, was launched today at the ICO Conference Centre in London, and sets out 26 recommendations for the NHS.

The review, led by Dame Fiona Caldicott, who also led the Caldicott Committee that put in place most of the NHS’ existing information governance structures in the mid-1990s, also says patients should also have better access to their own information, including their records and correspondence about them.

“The review panel thinks this right of access should cover hospital records, community records and personal confidential data held by all organisations within the health and social care system,” says the report.

“It recommends that all communications between different health and social care teams should be copied to the patient or service user. There should be ‘no surprises’ for the patient about who has had access.”

The Caldicott2 review was set up in response to a recommendation in a 2011 NHS Future Forum report looking at the government’s plans to reorganise and reform the health service.

It noted that as the NHS moves towards a paperless future, the increased use of technology has led to concerns about the security of information and breaches of confidentiality.

On the other hand, it asked whether concerns about confidentiality have stifled information sharing, even when this can make services more accessible and efficient for patients.

The Caldicott review recognises that patient’s should be allowed to ‘opt out’ of their information being shared, but says it is important to strike a balance between patient confidentiality and information sharing.

Although education on information governance is a requirement for healthcare professionals, it says many are ‘insecure’ about the rules, which sometimes leads to data, which should be shared, not being shared.

“The review panel discovered that the mandatory training is often a ‘tick-box exercise’. Health and social care professionals should be educated and not simply trained in effective policies and processes for sharing of information.

“This education should include a professional component explaining why there may be a duty to share information in the interests of the patient, as well as the legal aspects of the common law of confidentiality, the Data Protection Act and Human Rights Act.”

The final recommendation adds that health secretary Jeremy Hunt should oversee the use of the recommendations in practice.

“The Secretary of State for Health should maintain oversight of the recommendations from the Information Governance Review and should publish an assessment of the implementation of those recommendations within 12 months of the publication of the review’s final report,” it says.

As EHI reported earlier this month, the review also adds a new Caldicott principle:”The duty to share information can be as important as the duty to protect patient confidentiality.”

“Our overarching aim has been to ensure that there is an appropriate balance between the protection of the patient or user’s information, and the use and sharing of such information to improve care,” says Dame Fiona Caldicott in the foreword of the report.

Mark Davies, medical director at the Health and Social Care Information Centre, told EHI:  "The HSCIC welcomes the report and sees it as a significant step towards more appropriate data sharing  which will have real impact on patient care." 


Caldicott2 Review