Supporting Caldicott Guardians across the UK


Council Meeting 26 April 2018



Chris Bunch, Sandra Lomax, Christopher Fincken, Ben Heal, Carey Bloomer, David Riley, Stephen Hinde, Arjun Dhillon, Adrian Marchbank Ruth Lilley. Alison Walne, Gill Bennett (dial-in), Richard Powley.


Janice Abraham, Christopher Evagora, Cait Taylor, Joe Apps, Ross Thornton, Joe Apps.


Nicola Perrin, Janet Messer, Kevin Hunt.

Chairman’s update

The Chairman has participated in meetings of the NHS and Social Care GDPR Working Party, the NHS Code of Confidentiality Working Party, and attended the Digital Health Networks Leadership Summit in March. He also attended the National Data Guardian’s panel met on 19 March 2018: items discussed included public communications arrangements for the National Opt-Out arrangements, and matters relating to the cancer registries.

The Vice-Chair provided an update on recent activities including seeking additional members for the UK CGC from under-represented sectors such as the armed forces, and engagement with other UK jurisdictions. Stephen Hinde agreed to send details of the Caldicott Guardian contact for Wales to help with further engagement with home nations.

A draft annual report has been circulated and helpful comments received. A further section on requests for advice is being developed for inclusion.

An update on the progress of the National Data Guardian Bill was provided.

Independent members’ updates

Christopher Fincken reported that the Centre of Excellence for Information Sharing’s document on sharing between the police and NHS is being updated and revised to ensure GDPR compliance.

The Domestic Abuse Bill is currently at an online consultation stage and Christopher is responding on behalf of UKCGC. He will be attending a proposed event at Westminster where he will lobby in support of the common law of confidentiality being set aside in certain domestic abuse scenarios. He is also meeting with the General Medical Council (GMC) who are going to be issuing new guidance regarding this subject.

Ben Heal reported that planning for the information sharing in small organisations event to be held in Leeds on Friday 8 June is progressing well. There are now 44 attendees booked to attend, and the logistics for the day are in place.

Updates from regional networks

South West: the network has not met since the last update.

London: A productive meeting was held on 28 March 2018. The next meeting is scheduled for 5 July 2018. Microsoft has been invited to attend and present a session regarding data security and cloud services.

North West: The network met in February 2018 and discussed the Caldicott Guardian role, and how to manage irrational complaints.

North East: The next meeting has been postponed until 2 July 2018.

Understanding Patient Data

Nicola Perrin from the Understanding Patient Data (UPD) team presented an update on how UPD is supporting better conversations about uses of health data. The recent animations developed by UPD surpassed expectations, being shared and viewed a great number of times. UPD also highlighted areas that have adopted and implemented the UPD materials such as Connected Health Cities and Discovery.

The Council discussed the nuances of using certain language within different sectors such as social care and the potential impact of General Data Protection Regulation (GDPR) on use of terms such as de-identified, de-personalised and anonymised in context of the Information Commissioners Office’s Code of Practice.

Health Research Authority Working Group and online research application process

Janet Messer, Director of the approvals service at the Health Research Authority (HRA) presented how the HRA aims to bring together the requirements of governance and legal compliance with independent ethical opinion from a Research Ethics Committee (REC) so that researchers only need to submit information once, using an Integrated Research Application System (IRAS).

IRAS enable researchers to enter the information about their project in one place instead of duplicating information in separate application forms. It uses filters to ensure that the data collected and collated is appropriate to the type of study, and consequently ensures the permissions and approvals required the aim of the system is to help researchers to meet regulatory and governance requirements.

Council was enthusiastic and supportive of HRA’s approach. The HRA has also recently published helpful guidance on the GDPR for researchers.

Faculty of Clinical Informatics

Kevin Hunt, Business Manager of the Faculty of Clinical Informatics (FCI) discussed the Faculty's aim to be the professional membership body for all clinical informaticians across the UK. The FCI has received £500,000 core funding from the National Information Board’s Paperless 2020: Building a Digital Ready Workforce programme. It has the support of The Academy of Medical Royal Colleges, and the Royal Colleges of Physicians and General Practitioners have been key to its initiation. It aims to provide support for revalidation for clinical informatics practitioners, career advice, and accreditation for learning and development.

The FCI has recently announced appointed its first cohort of founding fellows to lead the formation of the first Council, and to take forward priority areas. It plans to expand the Fellowship in the near future.

National Crime Agency UK Missing Persons Unit

Joe Apps from the Missing Persons Unit discussed the potential for establishing a greater understanding and more efficient process between police and health organisations to support answering queries whilst maintaining appropriate confidentiality.

Requests to Council for advice

The Council discussed recent requests for advice received. These included: whether or not if a Caldicott Guardian can be shared with a subsidiary organisation; alleged breaches of confidentiality; retention of emails when someone leaves; disclosure of information in relation to criminal proceedings; the use of anonymised data for research; the use of GP data for population analytics and risk stratification; and access to clinical data for audit and research.

The Council plans to use these and previous requests as a basis for a series of case reports in due course.

Caldicott Guardians and supporting staff may contact the Council for advice by email to the Secretariat, via the Council website support page, or by posting to the Digital Health Networks Caldicott Guardians’ online forum.

To join the digital forum please contact the Secretariat.

Chris Bunch