everythingpossible - Fotolia

Guidance on consent and opt-outs for patient data sharing delayed

A review by Fiona Caldicott on patient data sharing – originally expected in February, then delayed until April – is now not due to be published until after the EU referendum

Fiona Caldicott’s guidance on a consent and opt-out model for the sharing of patient information, as well as data security in the NHS, has been delayed until after the EU referendum.

Although Caldicott and her team have developed a single model of consent for the sharing of confidential patient information, the report won’t be published until summer 2016. 

She was asked by health secretary Jeremy Hunt in September 2015 to provide guidance on how to word a new model of consent and opt-outs to be used by Care.data.

The Care.data programme, which has previously caused uproar after concerns around the sharing of patient data by extracting it from GP records and putting it onto a central database held by the Health & Social Care Information Centre, was paused that same month, awaiting the review.

Computer Weekly understands that Care.data, in its current form, is unlikely to resurface, but that a revised method of sharing patient information for research purposes is still on the cards.

Speaking at UK eHealth Week, Caldicott said her team had been “surprised that there’s a relatively low understanding among the public” of how their data is currently used and shared across the NHS.

“Most people trust the NHS to do the right thing with their data, but they want to know what it’s for and what the benefits are,” she said. “When it’s explained, many of them are willing to have their data shared – provided it’s safeguarded and they have an opportunity to opt out.

“We need to have a single, simple model of opt-out and consent in regards to their data being used for other things than their health and care. We’ve come up with such a model, which we want to put before the public.”

Following the publication of the review, it will be open to public consultation, which is likely to run for around six months.

Caldicott said there needs to be a conversation with the public, both on how the health service is currently run and how data is shared, and on the potential benefits of having data shared with researchers and other third parties.

“There’s a need for ongoing explanation on how data is currently used and the benefits of data sharing and what people’s rights are,” she said. “Implementation will take time. We’re asking the service to change a lot, which can’t be achieved quickly.”

In September 2015, Hunt also asked the Care Quality Commission to undertake a review of the standards of data security across the NHS, to which Caldicott contributed through developing new guidelines for the protection of personal data, against which every NHS organisation will be held to account.

In terms of data security, Caldicott said there is already “a lot of good practice across the system”.

“We know that many organisations are more concerned about their security than a few years ago. But there are still issues involving people and processes and the extent to which technology underpins the work,” she said. “The standards should be clear, simple and consistent across the system, and relevant and easy to achieve.”

Caldicott added that the standards would enable organisations to safeguard their security, but that responsibility needs to come from leaders in the organisation. “This has to come from the top. Boards of organisations, leaders of care must take responsibility,” she said.

Read more on Healthcare and NHS IT