Information sharing and disclosure
In 2013, Dame Fiona Caldicott’s Information Governance Review: information to share or not to share introduced the seventh Caldicott principle: The duty to share information can be as important as the duty to protect patient confidentiality. Health and social care professionals should have the confidence to share information in the best interests of their patients and service users within the framework set out by the Caldicott principles. They should be supported by the policies of their employers, regulators and professional bodies.
This seventh principle was designed to encourage teams of professionals providing direct care for a patient or service user to share information across professional or organisational boundaries to maximise safety and quality of care. All health and social care professionals have a responsibility to protect and maintain confidentiality, but they must also be aware of situations where other considerations (such as safeguarding) take precedence and override the duty of confidence.
There is a complex legislative framework including common law, statute and case law that covers this area, and there may be differing legal opinion on how the law should be interpreted and applied in individual cases. The role of the Caldicott Guardian is to advise on the ethical as well as the legal considerations, following the Caldicott principles.
Whilst the DPA only applies to living individuals, the Caldicott principles also apply to records and information regarding the deceased. The Access to Health Records Act gives certain individuals formal rights to access the medical records of the deceased: there is no comparable legislation permitting access to their social care records, although the Caldicott principles may still be applied. After a bereavement, loved ones may have a need for information to help their grieving process and Caldicott Guardians should ensure that appropriate information is not unnecessarily withheld.
The Caldicott Guardian also has a potential role in quality assurance of information sharing, for example when a new personal data sharing system is being created. This may require privacy impact assessments, information sharing agreements and protocols, and systems for consent— in all of which matters the Caldicott Guardian can provide independent advice. This in turn may lead to more fundamental changes in organisations’ policies and procedures.