Call Girls Coimbatore Just Call 8250077686 Top Class Call Girl Service Available
Review of Caldicott report-2 2013 by Dr Saurabh Bhatia
1. Patient Information Exchange
The Recent
Recommendations
A Review of
Caldicott2 Report 2013 about
Information Governance Review
Dr Saurabh Bhatia, MBBS, MS, FCR
Medical Informatician
www.SaurabhBhatia.com
2. This
presentatio
n is a
review of
(c) Dr S Bhatia 2013
For IGR(Caldicott2)
…aim has been to
ensure that there is an
appropriate balance
between the
protection of the
patient or user’s
information, and the
use and sharing of
such information to
improve care
3. A Preamble
In 1996-7, Dame Fiona Caldicott, a psychiatrist from
UK, led a committee to prepare a set of
recommendations for patient data sharing principles and
its confidentiality.
The report was widely appreciated and implemented in
UK and adapted in various forms across Europe
It contained certain principles called Caldicott principles
and Hospitals had „Caldicott Guardians‟ to oversee the
implementation of Caldicott principles.
In 2013, Caldicott commission has improved their
recommendations in view of the technological
advancements, which will be reviewed here.
(c) Dr S Bhatia 2013Review of Caldicott2
4. Original Caldicott commission
recommendations
for managing medical information (1996-7):
F Formally justify the purpose for which
the information is used
I Identifiable information only when
absolutely necessary
O Only the minimum required should be
used
N Need to know access
A All must understand their responsibilities
C Comply with and understand the law
Dame
Fiona Caldicott
Review of Caldicott2 (c) Dr S Bhatia 2013Original Extract
5. The 2013 Caldicott2 report
The report is released in Apr 2013
It has 25 recommendations, most of which have
been reviewed here
It has re-emphasised some terms which remove
ambiguity from the minds of healthcare industry.
Some of them have been mentioned here.
You may download this report from
https://www.gov.uk/government/news/health-
secretary-to-strengthen-patient-privacy-on-
confidential-data-use
(c) Dr S Bhatia 2013
6. Recommendation 1
People must have the fullest possible access
to all the electronic care records about
them, across the whole health and social
care system, without charge.
An audit trail that details anyone and
everyone who has accessed a patient‟s
record should be made available in a suitable
form to patients via their personal health and
social care records.
(c) Dr S Bhatia 2013
The Keyword here
is “Without Charge”
How will hospitals
cater to the cost of
maintaining these IT
records and audit
trails?
At the same
time, this
emphasises the
patient right on her
records without
being arm-twisted to
get them.Review of Caldicott2Original Extract Author‟s Note
7. Recommendation 2
For the purposes of direct care, relevant
personal confidential data should be shared
among the registered and regulated health
and social care professionals who have a
legitimate relationship with the individual.
Health and social care providers should audit
their services against NICE Clinical Guideline
138, specifically against those quality
statements concerned with sharing
information for direct care.
(c) Dr S Bhatia 2013
Note the inclusion of
Social Care.
Should patient
authenticate who all
have a „legitimate
relationship‟ with the
patient?
Review of Caldicott2Original Extract Author‟s Note
http://www.nice.org.uk/nicemedia/live/13668/58284/58284.pdf
8. Recommendation 3
The health and social care professional
regulators must agree upon and publish the
conditions under which regulated and
registered professionals can rely on implied
consent to share personal confidential data
for direct care.
Where appropriate, this should be done in
consultation with the relevant Royal College.
This process should be commissioned from
the Professional Standards Authority.
(c) Dr S Bhatia 2013
This defines the
autonomy of
healthcare
organisations to make
sharing
decisions, where they
can share info as a
matter of process and
not keep taking
consents all the time
Review of Caldicott2Original Extract Author‟s Note
9. Recommendation 4
Direct care is provided by health and social care
staff working in multi-disciplinary „care teams‟. The
Review Panel recommends that registered and
regulated social workers be considered a part of
the care team. Relevant information should be
shared with members of the care team, when they
have a legitimate relationship with the patient or
service user. Providers must ensure that sharing is
effective and safe. Commissioners must assure
themselves on providers‟ performance.
Care teams may also contain staff that are not
registered with a regulatory authority and yet
undertake direct care. Health and social care
provider organisations must ensure that robust
combinations of safeguards are put in for these
staff with regard to the processing of personal
confidential data.
(c) Dr S Bhatia 2013
A Mixed Bag.
While social care orgs
are being included,
they need to have
„safeguards‟ which
kind of puts a cost on
their accessing info.
Good in spirit, difficult
to implement.
Review of Caldicott2Original Extract Author‟s Note
10. Recommendation 5
The Review Panel also concluded that
individuals must be informed of any breach of
their personal confidential data as part of
maintaining public trust and supporting
transparency.
Recommendation 5
In cases when there is a breach of personal
confidential data, the data controller, the individual
or organisation legally responsible for the
data, must give a full explanation of the cause of
the breach with the remedial action being
undertaken and an apology to the person whose
confidentiality has been breached.
(c) Dr S Bhatia 2013
I feel this apology
thing is counter-
productive.
It will spur the
departments to hush
things up instead of
acknowledging public
shame.
Review of Caldicott2Original Extract Author‟s Note
11. Recommendation 6
The processing of data without a legal
basis, where one is required, must be
reported to the board, or equivalent body of
the health or social care organisation
involved and dealt with as a data breach.
There should be a standard severity scale for
breaches agreed across the whole of the
health and social care system. The board or
equivalent body of each organisation in the
health and social care system must publish
all such data breaches. This should be in the
quality report of NHS organisations, or as
part of the annual report or performance
report for non-NHS organisations.
(c) Dr S Bhatia 2013
Another counter
productive
recommendation.
Whenever the sharing
of information will be
linked to quality audit
of an organisation,
there will be personal
or commercial
motives to simply
deny sharing or hush
up the breach
Review of Caldicott2Original Extract Author‟s Note
12. Recommendation 7
All organisations in the health and
social care system should clearly
explain to patients and the public how
the personal information they collect
could be used in de-identified form for
research, audit, public health and
other purposes. All organisations
must also make clear what rights the
individual has open to them, including
any ability to actively dissent (i.e.
withhold their consent).
(c) Dr S Bhatia 2013
A very good rec.
This also ensures that
somewhere, we can
look forward to Big
Data and its utilisation
in future.
Review of Caldicott2Original Extract Author‟s Note
13. Recommendation 8
Consent is one way in which personal confidential
data can be legally shared. In such situations
people are entitled to have their consent decisions
reliably recorded and available to be shared
whenever appropriate, so their wishes can be
respected. In this context, the Informatics Services
Commissioning Group must develop or
commission:
guidance for the reliable recording in the care
record of any consent decision an individual
makes in relation to sharing their personal
confidential data; and
a strategy to ensure these consent decisions can
be shared and provide assurance that the
individual‟s wishes are respected.
(c) Dr S Bhatia 2013
Again, this rec will
safeguard both
patients as well as
providers. This will
also pave way for
future of collective
decision making and
understanding the
patterns of individual
reticence to data
sharing and help in
social medicine and
policy making, too.
Review of Caldicott2Original Extract Author‟s Note
14. Recommendation 9
The rights, pledges and duties relating to patient
information set out in the NHS Constitution should
be extended to cover the whole health and social
care system.
(c) Dr S Bhatia 2013
The rights, pledges
and duties should be
read directly from the
report. They are
embodiment of the
basic principles and
spirit of this entire
exercise.
Pg 59-60 of original
report
Review of Caldicott2Original Extract Author‟s Note
15. Recommendation 10
The linkage of personal confidential
data, which requires a legal basis, or data
that has been de-identified, but still
carries a high risk that it could be re-
identified with reasonable effort, from
more than one organisation for any
purpose other than direct care should
only be done in specialist, well-
governed, independently scrutinised and
accredited environments called
‘accredited safe havens’.
(c) Dr S Bhatia 2013
Once again, this is a
safe-than-sorry
approach which
needs more
eleboration by other
bodies like The
Informatics Services
Commissioning Group
and The Informatics
Services
Commissioning
Group. Unless
handled carefully,
can be the new
excuse to deny
sharing.Review of Caldicott2Original Extract Author‟s Note
16. Recommendation 11
The Information Centre‟s code of practice
should establish that an individual‟s existing
right to object to their personal confidential
data being shared, and to have that objection
considered, applies to both current and future
disclosures irrespective of whether they are
mandated or permitted by statute.
Both the criteria used to assess reasonable
objections and the consistent application of
those criteria should be reviewed on an
ongoing basis.
(c) Dr S Bhatia 2013
A double edged
sword. What
constitutes a
„reasonable‟ objection
can be reviewed over
a period of time.
Review of Caldicott2Original Extract Author‟s Note
17. Recommendation 14
Regulatory, professional and educational
bodies should ensure that:
information governance, and especially best
practice on appropriate sharing, is a core
competency of undergraduate training; and
information governance, appropriate
sharing, sound record keeping and the
importance of data quality are part of
continuous professional development and are
assessed as part of any professional
revalidation process.
(c) Dr S Bhatia 2013
An excellent rec. This
will ensure that
informatics, its
intricacies and its
application becomes a
part of nursing and
medical education.
This will also mean
that the new crop of
professionals will not
see computers as
overheads/ nuisance.
Review of Caldicott2Original Extract Author‟s Note
18. Recommendation 15
The Department of Health should
recommend that all organisations within the
health and social care system which process
personal confidential data, including but not
limited to local authorities and social care
providers as well as telephony and other
virtual service providers, appoint a Caldicott
Guardian and any information governance
leaders required, and assure themselves of
their continuous professional development.
(c) Dr S Bhatia 2013
This is equivalent to
having an ethics
committee or auditor
or quality assessor on
board and in various
countries, can be
adapted in
appropriate forms.
Review of Caldicott2Original Extract Author‟s Note
19. Recommendation 16
Given the number of social welfare initiatives
involving the creation or use of family
records, the Review Panel recommends that
such initiatives should be examined in detail
from the perspective of Article 8 of the
Human Rights Act. The Law Commission
should consider including this in its
forthcoming review of the data sharing
between public bodies
(c) Dr S Bhatia 2013
This is the first step
towards
acknowledging the
role of family in a
person‟s health
record. This will pave
the way for a better
socially structured
form of record
sharing. Early
initiative and will take
time but on right lines.
Review of Caldicott2Original Extract Author‟s Note
Please note that asian countries, where
families are closer and individual existence
is usually not as paramount as west, family
records are a „must-have‟ and people can
get offended and violent if denied access
to the records of their near and dear ones.
20. Recommendation 17The NHS Commissioning Board, clinical
commissioning groups and local authorities must
ensure that health and social care services that
offer virtual consultations and/ or are dependent
on medical devices for biometric monitoring are
conforming to best practice with regard to
information governance and will do so in the
future.
The Review Panel concluded that providers of
direct care services using virtual consultations
should offer patients access to their record and a
copy of all ongoing communications from that
record. …any provider offering virtual consultation
services should be able to share, when
appropriate, relevant digital information from the
patient, with registered and regulated health or
social care professionals responsible for the
patient‟s care. This includes both written text or
numbers and images, such as photographs.
(c) Dr S Bhatia 2013
This is a strong boost
to telemedicine in all
forms. It is a very
tentative step, and
allows other bodies to
define best
practices, but at least
a formal
acknowledgement of
virtual services and a
step towards reducing
the legal paranoia
around them in the
mind of doctors.
Review of Caldicott2Original Extract Author‟s Note
21. Recommendation 20The Department of Health should lead the
development and implementation of
a standard template that all health and social care
organisations can use when creating data
controller to data controller data sharing
agreements. The template should ensure that
agreements meet legal requirements and require
minimum resources to implement.
(c) Dr S Bhatia 2013
This is a step in the
direction of system
agnostic healthcare
information exchange.
Templates, once
defined, can be
included as part of
various systems by
vendors thus
providing HIE without
the technological
barriers.
Review of Caldicott2Original Extract Author‟s Note
22. Revised list of Caldicott
principles
1. Justify the purpose(s)
2. Don’t use personal confidential data unless it is absolutely necessary
3. Use the minimum necessary personal confidential data
4. Access to personal confidential data should be on a strict need-to-know
basis
5. Everyone with access to personal confidential data should be aware of
their responsibilities
6. Comply with the law
7. The duty to share information can be as important as the duty to protect
patient confidentiality
(c) Dr S Bhatia 2013Review of Caldicott2Original Extract Author‟s Note
23. Other interesting changes
…obligation to prevent information seeping
outside the health and social care system
should not stop it being shared appropriately
within it.
The term used to describe how organisations
manage the way information is handled within
the health and social care system in England is
„information governance‟.
Information governance applies to the balance
between privacy and sharing of personal
confidential data and is therefore fundamental
to the health and social care system, providing
both the necessary safeguards to protect
patient information, and an effective framework
to guide those working in the health and social
care system to decide when to share, or not to
share. (c) Dr S Bhatia 2013
This is a direct
effect of hospitals
(mis)using the data
protection principles
to refuse to share
information or
charge hefty fees for
this.
Review of Caldicott2Original Extract Author‟s Note
24. Key definitions
People often talk about „data‟ and „information‟ as
if they mean much the same thing. However the
terms have a precise meaning and the words are
not interchangeable. Readers may understand
this report more easily by grasping the distinction
from the outset:
Data is used to describe „qualitative or quantitative
statements or numbers that are assumed to be
factual, and not the product of analysis or
interpretation.‟
Information is the „output of some process that
summarises interprets or otherwise represents
data to convey meaning.‟
This report also uses the phrase „personal
confidential data‟ throughout. This term
describes personal information about identified or
identifiable individuals, which should be kept
private or secret.
(c) Dr S Bhatia 2013
The 1997 report did
not consider the issue
of whether
professionals shared
information well, in
the interests of
patients, because that
was not regarded as
a problem at the time.
That omission
became increasingly
noticeable as the
need for closer
integration between
health and social
care became ever
more apparent
Review of Caldicott2Original Extract Author‟s Note
25. People’s right to access
information about
themselves…give people better access to their care
records… people who are allowed to
share their own records can be
empowered to take part in decisions about
their own care...
…patients‟ attempts to become involved in
decision making were thwarted by
“information governance rules” …even if
they explicitly consented … because of
„data protection policies‟;
The Review Panel concludes that
personal confidential data can be
shared with individuals via email when
the individual has explicitly consented
and they have been informed of any
potential risk. (c) Dr S Bhatia 2013
This is a major shift
from earlier policies
and when
implemented, will
necessitate emailing
of hospital record to
a patient in
commonly readable
formats.
Review of Caldicott2Original Extract Author‟s Note
26. Definition: two types of
recordsHealth and social care records
These are the commonest type and are supported by the
information strategy.
A professional creates an electronic patient record, which is then
shared with the patient and their relevant care teams. The health
or social care professional is responsible and accountable for
that record when it is for the purpose of direct care. Patients
may get right of access, the ability to see, interact and
request corrections but not the right to change the content
because that might be clinically unsafe. This access is
sometimes referred to as „patient online access‟ or „record
access‟.
Patient-owned records
These are less common forms of record that individuals create
and manage themselves. They are kept separate from any
electronic patient record and the individual has total control
and responsibility for the content. Patient-owned records may
include extracts from electronic patient records, but may also
contain information added by the individual such as exercise
monitoring data, weight etc; commercial contributions e.g. from
over the counter drug purchases or from supermarket alcohol
purchases; and contributions from personally acquired „medical
devices‟. (c) Dr S Bhatia 2013
For the first
time, there is official
differentiation
equalling an EMR
vs PHR debate/
status of records.
This will impact the
way patients access
their records
http://www.rcgp.org.uk/clinical-and-
research/practice-management-
resources/health-informatics-
group/patient-online.aspx
Review of Caldicott2Original Extract Author‟s Note
27. Implied Consent
There is in effect an unwritten agreement between the
individual and the professionals who provide the care
that allows this [data] sharing to take place.
Implied consent is applicable only within the
context of direct care of individuals.
It refers to instances where the consent of the
individual patient can be implied without
having to make any positive action, such as
giving their verbal agreement for a specific
aspect of sharing information to proceed.
Examples of the use of implied consent
include doctors and nurses sharing personal
confidential data during handovers without
asking for the patient‟s consent.
The Review Panel concluded that across the health
and social care system, implied consent is only
applicable in instances of direct care
(c) Dr S Bhatia 2013
For the first time, we are
seeing some sanity
prevailing over the
paranoia of data
protection. Info-
governance is finally
recognizing the
importance of implied
consent, which has
been the basis of most
of our clinical practices
historically
GMC guidance on
confidentiality, http://www.gmc-
uk.org/guidance/ethical_guidance/c
onfidentiality_24_35_disclosing_inf
ormation_with_ consent.asp
Review of Caldicott2Original Extract Author‟s Note
28. Full Report
I have covered only those recommendations
which can have an impact internationally.
For other recs, please read the full report
This ppt will also be available, along with the full
report from our website
www.tsmls.org/publications
All views are personal views of the author
Comments can be sent at i@saurabhbhatia.com
(c) Dr S Bhatia 2013