The new review is the result of recommendations from the NHS Future Forum, a group of medical representatives brought together to advise on the government’s NHS reforms. One of the Forum’s recommendations is that the balance between the protection and sharing of patient data needs to be addressed.
The correct balance between the demands of medical researchers for access to health data and individual patient’s right to personal health information privacy is a contentious issue. Added to this is growing public concern over the frequency and apparent ease with which the NHS ‘loses’ confidential and sensitive patient data.
Last year, health system specialist FairWarning Inc published an independent survey on UK patient opinions. It found deep concerns. A full 87.1% of respondents believe that chief executives and senior management should be sacked or fined if they were aware of risks but failed to act, leading to a serious breach. Another 73.3% felt that better enforcement of rules and regulations would cut security breaches. Worryingly, more than half said they would withhold information about a sensitive personal condition if they were concerned about its privacy – and well over a third of patients would actually avoid seeking care for a sensitive medical condition due to privacy concerns.
Kurt Long, founder and CEO of FairWarning, has welcomed the new Caldicott review, which he says “could lead to a future in which patient data can be shared securely throughout the NHS, and where the reputations of healthcare providers are not under threat from the constant risk of serious breaches.” The danger is that following the government’s cancellation of many aspects of the National Programme for IT, it is local healthcare providers that are increasingly responsible for stored personal data – and there is some concern over whether they fully understand the technical requirements. “Unless security is treated as the fundamental underpinning of electronic healthcare systems, there is a clear danger that continuing data breaches will damage public confidence, causing patients and NHS professionals to back away from electronic care,” says Long.
FairWarning hopes that Dame Fiona will involve the infosec industry. “We hope,” said Long, “that experts in data security and health record monitoring will be invited to have an extensive input into Dame Fiona’s review. This is vital if privacy and secure sharing of data are to be a reality.”
He particularly hopes that the role of the Caldicott Guardians is reappraised. They were to be given a special role within the now defunct National Programme. “In the new environment,” says FairWarning's Long, “they must be able to understand the security issues surrounding IT systems procured locally rather than nationally.”