Caldicott 3: Easy to say, hard to do?

  • 6 October 2016
Caldicott 3: Easy to say, hard to do?

Launching her latest report into data security in the NHS, national data guardian Dame Fiona Caldicott kept coming back to one word: simple.

Speaking at The King’s Fund, she said she wanted a new “simple” model for consent and opt-outs, giving people a “simple choice”. But just how simple would it be to set this up, IT wise?

What Dame Fiona appears to envisage is a flagging system, evident across the health and care system, that can be changed at any time, and that makes it clear to patients what will happen to their data.

This would, presumably, mean that if a patient tells her GP that she does, or doesn’t, want her data shared for particular purposes, this choice would be apparent wherever else she turned up, be that in hospital or in the community service. Oh, and that any health professional could amend that choice across the whole record as the patient wishes.

Regardless of whether you think that the proposed opt-outs are the right ones, would this actually work in practice? Do we have the technology to do it – and if not, what will it take to get there?

“There’s a big gap between what’s technically possible, and what’s being done in practice,” says Joel Ratnasothy, vice president of product strategy with population health informatics company Caradigm.

“The reality on the ground is always somewhat disconnected from the aspirations of those above. But it’s also important to separate the technical challenge from the operational challenge, which in my view will be harder.

The NHS is not one entity (whatever people think)

Part of the issue is fragmentation – and not only in terms of the numbers of different IT systems in use across the health service. “The [public] perception is that the NHS is a ‘single entity that holds my data’,” Ranasothy continues.

“But it’s lots of different, autonomous organisations, and having data sharing agreements between them all is a real bureaucratic challenge, even when you’re only talking about direct care. When you’re looking at secondary uses of data, for example for research, then that only becomes more complex.”

Primary care, of course, is probably the most digitally advanced area of the NHS, and GP IT systems have already had to adapt to meet the demands of, say, care.data (or its equivalent programmes).

Perhaps that explains why Emis Health medical director Shaun O’Hanlon is relatively confident that the tech challenge of the Caldicott proposals can be met. He points out that it’s already possible to flag patients through the NHS Spine, and that there are local systems in place to record patient preferences around, for example, having their data used in research.

“The challenge will be moving from the current messy set of systems to a single way of doing it,” he says. “Many systems would have to be modified; using modern technology that shouldn’t be difficult, but it will need some investment. The challenge will be to get it [the consent system] understandable, and to make it scalable.”

Let’s just have an app for that?

NHS Digital has already said it is putting in place a service that will allow people to say whether their personal data can be shared – it was part of the organisation’s goals for 2015-20.

NHS Digital isn’t giving out any detail on how this might work at the moment – although there has been a substantial clue on its thinking.

Papers for a National Information Board meeting revealed a proposed timeline of December 2017 for achieving the ambition of “citizens will be able to record their preferences using opt-out app solution”, although this was quickly removed from the NHS Digital website.

Definitions get messy, fast

But, regardless of Dame Fiona’s wishes, it almost certainly won’t be simple. “It’s complex,” says Dr O’Hanlon. “You have to make it clear whether it’s about direct care or indirect care; if it’s indirect care, and you consent to your data being used by the NHS, does that include Virgin Healthcare or other companies working with the NHS? It gets blurred around the edges.

“It’s not easy. What if you consent to share data for a local research project? Does that mean your data can be used for a national project? And if you consent to it being used in a national project, does your data stop being available for the local project?”

Getting the right level of granularity to fit all circumstances will be important, he says, but adds: “It’s more of a people challenge than a tech challenge. You have to get the right people in the room.”

And the stakes are high. “Unless we crack this nut, we’ll still have people getting sub-optimal care because their record isn’t shared properly, and the NHS will still be suffering because it isn’t getting all the information it needs to do its job properly, such as knowing how many GP appointments there are in a day. No industry could work like that and it’s an unacceptable position to be in.”

Leadership and pragmatism both needed

Dr Ratnasothy says there’s a need for national leadership. He would like to see changes to NHS procurement that mandates data sharing – at no cost to the NHS – so that all systems can work together.

He would also like to see national templates or frameworks for data sharing agreements to simplify and speed up the process and reduce the bureaucratic burden.

He is, however, optimistic that the integrated care agenda involving the STP (Sustainability and Transformation Plans) process, bringing together the major health and care players in a locality to look at health and services in a place-based way, might make a difference.

If placed-based health services are being run under the umbrella of one organisation, with one budget, then that will simplify the tech and operational challenge. “STPs offer a glimmer of hope,” he says. “If they work in concert around the patients, then technological progress will be rapid.”

And of course, says Dr O’Hanlon, getting the governance right will also be vital to meeting the tech challenge, and that includes making it clear-cut. “IT is black and white; it works in noughts and ones. If you don’t get a governance model that works in noughts and ones, it won’t be possible.”

Both Dr O’Hanlon and Dr Ratnasothy hope that everyone involved in making the necessary changes will take a realistic approach – and work hard to rebuild public trust.

“You’ve got to get the right people in the room and you’ve got to involve the suppliers right at the start of the process,” says Dr O’Hanlon. “You need pragmatism from the suppliers and pragmatism from the NHS.”

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

GPs face EMIS IT outage at busiest time of the week

GPs face EMIS IT outage at busiest time of the week

An outage to the EMIS IT system caused “chaos” for GPs in England when access was cut off to appointment booking systems and patient records.
Huma acquires eConsult to become ‘end-to-end tech platform’

Huma acquires eConsult to become ‘end-to-end tech platform’

Global healthcare AI firm Huma has announced its acquisition of GP online consultation and digital triage startup eConsult.
NHSE says IT should flag patient safety issues in primary care

NHSE says IT should flag patient safety issues in primary care

New patient safety guidance from NHS England says that primary care’s IT systems should automatically flag patient safety issues.