Neill Jones is the Caldicott Guardian for the William Brown medical centre, a GP practice in Peterlee, county Durham. It is one of 30 practices managed by IntraHealth, a not-for-profit company that operates in various parts of England and Scotland. Neill provides Caldicott support for all of them and acts as Caldicott Guardian for those that do not have one of their own.
This is one of many solutions to a problem that is commonplace in general practice. The GPs are data controllers, who are responsible for the security and con dentiality of their patients’ data, but many find it difficult to remain up to speed on information issues as well as on all the latest clinical developments.
Neill has been a GP since 1986. He worked initially as a full-time family doctor, but branched out in 1998 to take on other roles.
His current work pattern includes four clinical sessions a week, when he looks after patients in Peterlee or acts as a locum in other health centres in the InterHealth group, as well as being the group’s IT lead and Caldicott Guardian.
Neill’s work as a Caldicott Guardian often involves making a judgement call. In a recent case he was contacted by a north-east practice asking how it should respond to a solicitor who wanted a patient’s entire medical record to help that patient to make a complaint. All the practice’s permanent doctors were on leave and the solicitor insisted on an urgent response.
Decisions in such cases often depend on interpreting the third Caldicott principle—that the minimum amount of personal confidential data should be made available for a particular justifiable purpose. Questions included establishing which part of the record was needed, over how long a period.
In another recent case a practice had mistakenly included in medical notes sent to a hospital the fact that a patient had once been on the sex offender’s register. The practice apologised and the hospital agreed to remove this reference from the notes that it held. The patient wanted the reference to be removed from the medical notes held by the GP, but that could not be accepted because the information was accurate and in certain circumstances might become relevant. The patient asked the Information Commissioner’s Office to intervene and Neill became involved after the ICO asked the practice to explain itself.
Neill’s advice was that the entry should become a private note on the file, not visible to anyone but the individual’s GP and accessible only during a consultation with the patient, if appropriate. The ICO and the patient were content with that and so the matter was resolved.
Caldicott work does not take up much of Neill’s time. Typically he may give Caldicott-type advice once or twice a week. He also ensures that new starters get appropriate training in these issues. As he puts it: “It’s important to try to prevent problems rather than scrabble around when issues arise.” So, for example, practice staff are taught not to send a fax without first verifying the fax number by sending through a test message and checking that it has safely arrived.
One of Neill’s fellow managers acts as his deputy. He copies her in to all the emails he sends answering Caldicott questions and she has access to his paperwork and relevant documents.