Caldicott within Information Governance

1. Caldicott within Information Governance Dr. Janine Brooks Caldicott Guardian NHS Information Authority

2. Confidentiality In the last few years, concerns over the confidentiality of patient data have been raised as a result of the increasing use of information technology within the health service and the possibility that unauthorised or inappropriate access to personal data may become more likely as a result.

3. The Caldicott Principles • Justify the purposes for which information is required • Don’t use patient identifiable information unless it is absolutely necessary • Use the minimum necessary patient identifiable information • Access to information should be on a strict need to know basis • Everyone with access should be aware of their responsibilities • Understand and comply with the law

4. Caldicott Audit Tool

5. Clinical Governance Initiative NHS (and Social Care) organisations will be held accountable, through clinical governance, for continuously improving confidentiality and security procedures in accordance with the Caldicott Report. Annual improvement plans and outcome reports will be mandatory.

6. The legal framework • Data Protection Act 1998 • Human Rights Act 1998 • Common Law duty of confidentiality • Crime and Disorder Act 1998 • Children’s Act 1989 • Access to Medical Reports Act 1988 • Freedom of Information Act 2000 • Mental Health Act 1983 • Protecting and using patient information (HSG 1996/18)

7. Information Governance – What is it? • The information component of Clinical Governance • “Framework for handling personal information in a confidential and secure manner to appropriate ethical and quality standards in a modern health service”

8. Information Governance – what is it? Information Governance aims to support the provision of high quality care by promoting the effective and appropriate use of information

9. Information Governance – what is it? Aims to improve outcomes by ensuring that information processing is subject to continuous improvement

10. So, what does it include? • Caldicott • Data Protection • Records Management • Data Accreditation • BS7799 • Controls Assurance • IM&T Security

11. Health Service Functions Service Quality Research Management Caldicott Report HSC 1999/053 Records Management EPR /Common Clinical Systems The Law: DPA 1998 Human Rights Act 1998 Freedom of Information Act 2000 Common Law Data Accreditation Process Data Quality Audit Security & Confidentiality Audit ISO17799 Quality Risk Management Controls Assurance NHS Numbers Project NSTS/Exeter Professional regulations Ethics, Ethnicity& Beliefs Local Traditions & Practices Technological & Sociological Change Choice Seamless Services Protection Privacy

12. Why? • An umbrella, bringing together initiatives • A way to unite law, ethics and policy, by: • satisfying the requirements of the law • improving data quality • encouraging and supporting best practice • A Way of Thinking, A Way of Working

13. Background to PRIMIS “… greater integration of care, evidence-based practice and the process of clinical governance, and a performance framework that focuses on the quality and outcomes of services. Information assembled from PHCT systems will also be needed for clinical audit and to construct and monitor indicators for performance assessment.” Information for Health

14. Key Deliverable for PRIMIS To provide tools and techniques to assist PCTs and HAs with comparative analysis, which will produce benchmarks as a basis for tackling inequality in access and inform local standards and targets to drive quality and efficiency

15. Practical implications for PRIMIS PRIMIS was set up as a training and support service to help GPs and their staff to make best use of their clinical computer systems and boost data quality in primary care. • An aid to information governance?

16. Questions and Answers