HSCIC move to reassure service users over data protection
The Health and Social Care Information Centre (HSCIC) has today set out a series of steps to guarantee greater openness and reassurance to the public, stricter controls over data use and better clarity for data users.
This follows completion of a review of information released by its predecessor organisation, the NHS Information Centre (NHS IC), which is published today and concluded there were significant administrative lapses in recording the release of data. In some cases the decision making process was unclear and records of decisions incomplete; when handling medical records this is unacceptable.
Sir Nick Partridge led the review and made a series of recommendations to the HSCIC Board which have been all accepted.
Sir Nick Partridge, the HSCIC Non-Executive Director who led the review said: “The HSCIC must learn lessons from the loosely recorded processes of its predecessor organisation. The public simply will not tolerate vagueness about medical records that may be intensely private to them. We exist to guard their data and we have to earn their trust by demonstrating scrupulous care with which we handle their personal information.
“Although there is a new Board and largely new senior executive team, the HSCIC inherited many of the NHS IC procedures and staff. This included data agreements with organisations, which have been highlighted by my review and which will subsequently be listed in future versions of the register of all data releases, first published by the HSCIC in April. We can now make sure we conform to recent legislative changes, so that data is released when it will benefit the health and social care system.”
“I am happy that the HSCIC Board has accepted my recommendations, which I believe will help build a robust, rigorous organisation that the public appreciates is working on its behalf. Without that external trust, we risk losing our public mandate and then cannot offer the vital insights that quality healthcare requires.”
Andy Williams, HSCIC Chief Executive, said: “In the interests of building an organisation which gains public confidence I want to draw a line under the past. It is vital we learn valuable lessons from a previous time but we need to move forward now and focus on ensuring our processes and decisions are robust, clear and transparent.
“The valuable work that the HSCIC does for the health and social care systems needs the endorsement of the public if it is to be effective. We want people to be certain their choices will be followed, clinicians to feel supported in their roles and data users to know where they are with us.”
Kingsley Manning, Chair of the HSCIC, said:“We welcome the government’s commitment to set up appropriate oversight for the system as a whole in relation to protecting confidentiality. We look forward to our work being subject to the same scrutiny and also want to encourage the public to scrutinise our activities – this is supremely important to me as Chair of the HSCIC and to our new Chief Executive.”
The HSCIC Board has agreed a programme of work put forward by Andy Williams for positive change:
- Patients and public representatives will be part of the new membership of the HSCIC’s data oversight committee, the Data Access Advisory Group (DAAG). This work will be overseen by the Confidentiality Advisory Group which will gain statutory powers later in the year.
- All data agreements will be re-issued, to ensure activity is centrally logged, monitored and audited, resulting in a clear and transparent process. Decisions will be documented and published.
- A new, strengthened audit function will monitor adherence to data sharing agreements and halt the flow of data if there are any concerns exposed. This will also monitor that data has been deleted when an agreement comes to the end. Any failure on the part of data users to abide by their agreements will entail no further release of data to them.
- A programme of active communication to the public and patients will help bring greater clarity about an individual’s right to object to their data flowing to or from the HSCIC.
- A list of all active data sharing agreements will be published in the HSCIC quarterly register, including 14 which originated in the NHS IC. Numbers of all people tracing requests by law enforcement agencies will also be included.
- Working with partners through the National Information Board we will begin a public consultation and vision for a new national collection strategy for health, public health and social care data and report by May 2015 on its findings.
- The HSCIC will take forward its new responsibility to oversee NHS data security across the health and social care sector, to ensure best practice is followed and the most up-to-date technology is employed to protect patients.
- The HSCIC will plan a new ‘data laboratory’ service which will protect the public’s information by allowing access to it in a safe environment with HSCIC managed networks and facilities.
- The HSCIC will work towards the externally assessed, highest industry standards of ISO27001 for data security and ISO9001, for data management, as part of its efforts to build public confidence.
- The HSCIC intends to invite stakeholders to a meeting to discuss the implications of these actions and gain views about their effectiveness in helping maintain secure and trusted information systems on July 15.
The review is at: www.hscic.gov.uk/datareview