I wrote last month about how health and care data is being used to tackle the coronavirus COVID-19 epidemic. I explained a little about what we’ve been doing during this time to support proportionate uses of people’s data to tackle the pandemic. And I emphasised the importance of openness about what is happening with data in order to maintain public trust.
Since then we’ve continued to work with a range of other organisations and individuals to try and achieve those aims. We’ve advised on protections for new data collections, on communications to the public, on guidance for staff and volunteers, and more.
Two of the members of my advisory panel have been representing the National Data Guardian on the NHS COVID-19 App Data Ethics Advisory Board (EAB). This is a group which is advising NHSX about steps it should take to ensure that the NHS COVID-19 app will be trustworthy. We’ve worked alongside other members of the group to try to ask the questions that we believe are critical – exactly what the data will and won’t be used for, how far the data will be anonymised, how well the app will work, who will have access to the data and for how long, how the public will be informed and enabled to make choices.
The EAB presented a set of six principles to the Secretary of State for Health and Social Care, and we’re pleased to see that the letter presenting these principles and the Government response has been published. This is an important and welcome step forward in transparency.
There has understandably been a great deal of public interest in this app. The app is a tool which has potential, as part of a wider test and trace programme, to help people live more safely and under fewer restrictions. We all have a stake in its success and that will be helped by open engagement about the principles behind its development and the choices that are to be made.
The importance of there being no surprises for the public about the use of their data has long been a theme threaded through my work. This has run through work with my advisory panel to consider the role that the legal concept of ‘reasonable expectations’ should play in shaping the circumstances under which health and care data may be shared legitimately. We’ve been looking at this for more than two years, and our work has encompassed articles, seminars, a citizens’ jury, discussions among the NDG panel, and engagement with stakeholders. It has been influenced by academic work led by two NDG panel members, Dr Mark Taylor and Professor James Wilson.
As a result, we are proposing to create an eighth Caldicott Principle to add to the existing seven Caldicott Principles. It would remind those using and sharing data of ‘no surprises’, of the importance of considering and informing people’s expectations to promote understanding and agreement about its uses.
The Caldicott Principles were first published in 1997 as six good practice guidelines recommended for application by the NHS when confidential information is used. Senior individuals responsible for ensuring the Principles were upheld in their organisations were appointed in the NHS and later in social care and other sectors. They became known as Caldicott Guardians and there are now more than 18,000 across England helping their organisations ensure that information is used legally, ethically and appropriately. A review in 2013 led to the creation of a seventh principle. It made clear that the duty to share information can be as important as the duty to protect patient confidentiality.
So we’ve been talking with a range of stakeholders about the Caldicott Principles over the last few months. We’ve had feedback that the existing Principles remain useful and relevant. We’ve heard that during this epidemic, when data needs to be shared in new ways or more quickly than usual, the Principles are more important than ever to provide a simple, practical summary for staff, patients and those seeking social care about how information may be used. And we’ve been told that the role of the Caldicott Guardian continues to be valuable, complementing other roles, such as the Senior Information Risk Officer and the Data Protection Officer, with responsibilities for data.
We believe that our proposed eighth principle would be highly relevant now, when maintaining public trust for the use of data is critical. If it were not for the epidemic, we would have launched a full public consultation, accompanied by workshops for members of the public to have their say. The consultation would cover proposed minor changes to the wording of the existing Caldicott Principles to ensure they remain up-to-date, the new eighth Principle and a proposal that the NDG uses her statutory powers in order to issue guidance about organisations appointing Caldicott Guardians to uphold the Caldicott Principles.
We’ve delayed the launch of that consultation while we, and others we work with, have been concentrating on the COVID-19 response. But we are also thinking ahead to the time after the current crisis. Some of the temporary data sharing arrangements will have to end. What is appropriate during a public health crisis to meet the overriding need to protect the public against a dangerous disease may not be appropriate when the danger recedes. However, some of the changes that were expedited by the impetus to improve data sharing rapidly may be very beneficial and should be maintained. There must be careful consideration of which of the temporary measures cease, and which are continued. We look forward to contributing to that conversation.
We’ve decided to launch our consultation later in the summer, and to extend the period that it’s open to allow colleagues busy with COVID-19 activities more time to respond. We hope that this will allow both members of the public and health and care professionals, to help us develop our new set of Principles and guidance in time to inform the conversation about data sharing once the crisis is resolved.
Follow this news feed: HM Government