Last updated:

New rules for doctors ensuring data confidentiality

Doctors will be asked to abide by new rules for keeping confidential patient data safe.Tony Calland

The government yesterday published its final response to a review into the way information is handled in and by the NHS, alongside new guidance from the HSCIC (Health and Social Care Information Centre).

The government accepted the recommendations of the review, chaired by Dame Fiona Caldicott, and stressed while information sharing was essential to provide good care for everyone, only the minimum amount of information should be shared and there must be strict rules to govern it.

Patients must also be given the right to object to having their identifiable data shared.


BMA backing

The BMA supported many of the recommendations made in Dame Fiona’s review, including that confidential information should be shared between those caring for the patient, and that there should be an increase in  public awareness of how health information is used for research.

BMA medical ethics committee chair Tony Calland (pictured above) said it was important for the association to be involved in data protection issues on ethical and practical grounds.

He said: ‘It is about protecting patient records and maintaining confidentiality in a fast-moving and rapidly changing world.

‘GPs are often data controllers and therefore have considerable responsibilities for maintaining the integrity and confidentiality of medical records. If systems are set up that allow leakage … GPs could face fines by the information commissioner.’


Safe haven concerns

The BMA remains concerned about the use of ‘safe havens’. These are areas where researchers and commissioners can carry out analyses of data under secure conditions.

Dr Calland said the association would continue to press the Department of Health to ensure safe havens were kept to a minimum and that robust safeguards were used to protect the use of information that could identify individuals.

He said: ‘We are seriously concerned about a number of things such as the criteria you need to be approved as a safe haven which is not very sophisticated at the moment.

‘If non-NHS companies apply for save-haven status, the risks [of data breaches] become considerably raised. If safe havens remain with the NHS family we would still be anxious but less anxious.’

The government response to the Caldicott Review, Information: to Share or Not to Share?, says the DH commits to examine the challenges of safe havens before pressing ahead with their more widespread use.

The association is playing a key role in developing material for GPs and patients about the collection and use of their data through the new care.data programme, alongside NHS England, the HSCIC and the Royal College of GPs.


Objection measures

The number of patients objecting to identifiable data leaving the GP practice level will be monitored. Where there appears to be an abnormally high number of objections, the BMA and NHS England will explore the reasons behind this with GP practices, for example whether this is due to coding errors or misunderstandings.

Health secretary Jeremy Hunt said: ‘Sharing information securely is a major part of making health services safer.data light

‘Having the right information about patients means professionals can make sure they get the right care and treatment. Without that information, research to find new cures and therapies for killer diseases and other conditions would not be possible.

‘And sharing means people don’t have to repeat themselves constantly to each doctor, nurse, physiotherapist or care assistant they need to deal with.’

The HSCIC five rules of patient confidentiality are:

  • Confidential information about service users or patients should be treated confidentially and respectfully
  • Members of a care team should share confidential information when it is needed for the safe and effective care of individuals
  • Information that is shared for the benefit of the community should be anonymised
  • An individual’s right to object to the sharing of confidential information about them should be respected
  • Organisations should put policies, procedures and systems in place to ensure the confidentiality rules are followed.

 Read Information: To Share or Not to Share? Government Response to the Caldicott Review

 Read the BMA response to the Caldicott Review


The story so far