It was commissioned by the health secretary in the aftermath of the 2014 launch of the care.data scheme, which would have taken GP records and stored them centrally on the national Health and Social Care Information Centre database.
Advertisement
The review recommends stronger, but simpler and more understandable, data and cyber security standards, saying that data controllers were “confused by the plethora” of standards and good practice principles available.
In response, NHS England said: “In light of Dame Fiona’s recommendations, NHS England has taken the decision to close the care.data programme”.
Minister for Life Sciences, George Freeman MP, commissioned the reports in 2015 after the programme was halted in 2014 following heavy criticism from groups including the British Medical Association (BMA) and the Royal College of Global Positioning System after leaks that the information could be sold to insurance and pharmaceutical companies.
The announcement follows hot on the heels of the publication of National Data Guardian Dame Fiona Caldicott’s long-awaited report on NHS patient data security.
But it’s essential that people have confidence in the way their data is managed and assurance over how it will be used.
However, the government and NHS England remain determined to continue data sharing health information.
The government’s care.data programme was an initiative meant to improve the NHS and social services, by pooling and analysing the vast stores of patient data generated by the two bodies.
“Just as research scientists have to seek approval for their data-linkage protocols and analytic methods, the same should apply to submissions by government departments; and, as for randomised controlled trials, the presumption should be that linkage protocols are registered and open”.
For hospital and surgery IT staff, the recommendations include a tool to identify vulnerabilities such as dormant accounts, default passwords and multiple logins.
Caldicott proposes ten security standards to be applied in every health and care organisation that handles personal confidential information.
Dr Jeremy Farrar, Director of the Wellcome Trust, said: “We will only unlock the huge value of patient data if we have open and honest discussions about how and why data can be used for care and research, what’s allowed and not allowed, and how personal information is safeguarded”.
With regard to patients, Caldicott recommended: “There should be a new consent/opt-out model to allow people to opt-out of their personal confidential data being used for purposes beyond their direct care”.
Advertisement
“If adopted, it will give choice back to the patient, so they can actively control the flow of their health data, and have the right to protect it without the threat of a loss of healthcare provision or fear of discrimination”.
