The nature of the Trust’s business makes it necessary for us to collect, store and use large quantities of personal and extremely sensitive information.
Obviously this information must be protected against loss and inappropriate disclosure. It’s also important to ensure that it’s kept accurate and up to date and we are bound by law to do all of those things. The Trust has certain responsibilities regarding the protection of information and so do we as individuals.
A Caldicott Guardian is a senior person responsible for protecting the confidentiality of people’s health and care information and making sure it is used properly.
All NHS organisations and local authorities which provide social services must have a Caldicott Guardian.
RDaSH Caldicott Guardian
Dr Nav Ahluwalia
Executive Medical Director
Phone No: 01302 796189
The Caldicott Committee (Using and Protecting Patient Information) recommended that the use of patient identifiable information should be regularly justified and routinely tested against the principles developed in the Caldicott Report.
A Caldicott review was undertaken (Caldicott2) in 2013 the outcome of which was an additional Principle(7). A further review was undertaken in 2020, with a further Principle(8) added. These can be found in the Information Governance Review. The UKCGC has also produced A Manual for Caldicott Guardians.
The Council is not a professional body and does not have responsibility for regulating Caldicott Guardian activities. It is therefore unable to assist with enquiries related to the conduct of individual Caldicott Guardians.
National Data Guardian
On 13 November 2014 the Secretary of State, the Rt Hon Jeremy Hunt MP, and the National Information Board appointed Dame Fiona Caldicott to a new role as National Data Guardian for health and care. Legislation was passed in December 2018 to place the role on a statutory footing.
The National Data Guardian’s role is to help ensure that the public can trust that health and care information is securely safeguarded and used appropriately.
The new law means that the National Data Guardian will be able to issue official guidance about the processing of health and adult social care data. Public bodies, such as hospitals, GPs, care homes, planners and commissioners of services, will have to take note of guidance that is relevant to them. So will organisations such as private companies or charities which are delivering services for the NHS or publicly funded adult social care.
The National Data Guardian will intervene if she is concerned by how an organisation is sharing data and she will be able to refer concerns directly to the Information Commissioner’s Office (ICO) and the Care Quality Commission (CQC) to investigate and sanction where necessary.
Common Law Duty of Confidentiality
Common law is not written out in one document like an Act of Parliament. It is a form of law based on previous court cases decided by judges and is also referred to as ‘judge-made’ or case law. The law is applied by reference to previous cases and is said to be ‘based on precedent’.
The general position is that, if information is given in circumstances where it is expected that a duty of confidence applies, that information cannot normally be disclosed without the information provider’s consent. In practice this means that all patient/service user information, whether held on paper, computer, visually, by audio recording or held in the memory of the professional, must not normally be disclosed without the consent of the patient/ service user.
It should be noted that the duty:
- Applies regardless of the patient/ service user’s age
- Applies regardless of the patient/ service user’s mental or physical health or condition
- Continues when staff are no longer employees of the Trust.