Adrian Marchbank is Caldicott Guardian for Plymouth Hospitals NHS Trust, a large acute trust whose main hospital has around 1,000 beds and more than 10,000 staff. Since 2000 his main job at the trust has been working as a consultant heart and lung surgeon, handling a busy list of patients and undertaking clinical research. In 2012 the position of Caldicott Guardian fell vacant and Adrian was appointed after competing against other candidates. He says his enthusiasm for the Caldicott work was rooted in a personal experience at the age of 15. After his grandfather died, the local paper printed an article including the name, address and phone number of his grandmother, without seeking her consent. Her obvious distress was Adrian’s introduction to issues of privacy and confidentiality. In many NHS trusts, the Caldicott Guardian role is one of the many tasks performed by the medical director or director of nursing. In Plymouth they prefer to appoint a senior clinician who is not on the board. Adrian says that works well for him: he is senior enough to carry clout, but independent enough to act from time to time as “the pebble in the shoe.”
He devotes one day a week to the role, setting aside Mondays for routine Caldicott work, including meeting newly appointed doctors, nurses and other staff to induct them into the part they and their teams will play in ensuring a high standard of information governance. He makes himself available at other times, when needed, to deal with cases that are outside the routine and require his personal judgement. The trust has a Senior Information Risk Owner (SIRO) with whom he works very closely, and an information governance team of three, who carry out the day-to-day tasks.
However much of the work to ensure a high standard of information governance is devolved to clinicians and administrators in each of the trust’s service delivery units. The trust reports more incidents to the Information Commissioner’s Of ce than most – not because it breaches the data protection rules more often, but because it has a commitment to total transparency and a policy of zero blame. Adrian says: “Mistakes happen. We don’t punish individuals, but when things go wrong we look at the processes.” One such exercise led to the removal of fax machines from the trust.
Adrian regards the introduction of this devolved and vigilant structure as a significant achievement of the Caldicott Guardian. Individual cases are referred up to him for a judgement call on average about once a week. Serious cases, involving a significant breach of patients’ confidentiality, come up perhaps once in six months. The most difficult decisions tend to involve balancing ethical and legal issues. Adrian recalls the complex factors involved in the decision to set up a data base to achieve the optimum outcome for babies requiring care. The system could only work if details about the babies could be provided in a form that might allow them to be identified. And it could only work quickly enough if this was done without waiting for the individual parents’ specific consent. After canvassing the views of parents, it was decided that saving lives is more important than protecting confidentiality. The data base went ahead. Adrian is a member of the UK Caldicott Guardian Council and co-chair of the south west regional network of Caldicott Guardians.