Supporting Caldicott Guardians across the UK


Council Meeting 21 June 2018



Chris Bunch, Sandra Lomax, Christopher Fincken, Arjun Dhillon, Adrian Marchbank, Faouzi Alam, Maria Marinelli, Air Commodore Reid, Gill Bennett (dial in), Alison Walne (dial in), Alison McCallum (dial in).


Ross Thornton


Nick Dodds, Cora Govett, Susan Kirby (dial in), Sean Kirwan (dial in)

Christopher Fincken and Sandra Lomax declared potential conflicts of interest as training providers.

Chairman and Vice-Chair’s reports

The Council’s Annual Report for 2017–18 has now been published and is available via the Council website. The Chairman thanked members for their helpful contributions.

The Chairman represented the Council in meetings of the NHS & Social Care GDPR Working Party and the NHS Code of Confidentiality Working Party see below), and has joined an IGA/NHS England Information Governance Steering Group which is developing an information governance framework to support the Local Health and Care Record Exemplars’ development of an integrated care record. He has also had useful meetings with Prof Stephen Powis (NHS England Medical Director) and Dr Simon Eccles (NHS England CCIO).

The National Data Guardian’s panel met on 19 March 2018: items discussed included: Key lines of enquiry for cyber security inspections by the Care Quality Commission and NHS Digital; Social Care and the National Data Guardian’s standards; and the NHS Genomics Medicine Service.

The Caldicott Guardians digital online forum now has 241 members with a further 119 requests to join. There have been 85 discussion threads created so far.

An update on the Data Security and Protection Toolkit has been provided by John Hodson at NHS Digital. The toolkit is now available and has been taken up by nearly 4000 organisations (5000+ individual users registered). Development is continuing with the main focus currently on the development and testing of GDPR-compliant breach reporting. Guidance is being continuously updated.

The Vice Chair provided council members with details of recent engagement with the Scottish Caldicott Guardians network. Her attendance at the recent Scottish Caldicott Guardian forum led to some interesting discussions and points for consideration by the Council, including a suggestion that council membership be extended to Senior Information Responsible Officers (SIROs), and investigating how to facilitate information sharing between emergency services (for example health and the fire service) to support preventative programmes such as falls prevention.

The Vice Chair also attended a Small Organisation Regional Workshop in Leeds, arranged by Ben Heal, Independent Member, on the 8th June. Over 40 delegates registered but due to train difficulties only 28 attended. The feedback form the day was excellent with speakers covering a wide range of topics including:

•    sharing personal data in small-scale organisations with relatives and significant others;

•    the role of the UKCGC in supporting the Caldicott function in small-scale settings;

•    the Caldicott role in Care Homes and using the Caldicott principles.

The afternoon comprised an interactive workshop where groups identified three key issues for them, and delegates discussed how they dealt with similar situations.

It was agreed that this may be the way forward for regional groups. Those attending found the interaction and networking plus a day together gave them time to focus on their role and learn from others in similar situations.

Slides from the event (PDF, 1MB)

SL agreed to discuss with Helen Dyer (NE regional network lead) and raise as an agenda item at the next meeting when more regional network leads were attending.

Independent members’ updates

Christopher Fincken reported that the funding for the Centre of Excellence for Information Sharing has not been renewed, and they are seeking new avenues for financial support. Christopher also recently attended an inter-collegiate domestic violence event, and has the associated online consultation on behalf of the Council.

Centre for Data Ethics and Innovation

A Centre for Data Ethics and Innovation (CDEI) is being established under the auspices of the Department for Digital, Culture, Media and Sport (DDCMS). Cora Govett and Nick Dodds, officials at DDCMS who are leading the work to establish the Centre, attended the meeting to seek views on the proposed role, scope and objectives for the Centre, and to discuss how it might work with the UKCGC to ensure the safe, ethical and innovative use of data and artificial intelligence (AI).

The scope, objectives and remit of the CDEI were discussed, and the following points raised:

•    how the CDEI will fit into the current governance and regulatory arrangements;

•    the need for continued open and transparent engagement, particularly with the public, key stakeholder groups such as clinical researchers, and bodies such as the Health Research Authority (HRA), Medical Research Council (MRC), and Research Advisory Group (hosted by NHS Digital). Arjun Dhillon, NHS Digital’s deputy Caldicott Guardian, kindly offered to facilitate engagement between the CDEI and NHS Digital teams that have already undertaken significant work in this area;

•    the need to ensure that the ethical aspects of the Centre’s role are explicitly clarified, and for details of how ethics skill set and values will be considered during the establishment of the Centre’s structure and hierarchy.

The meeting welcomed the opportunity to engage with the CDEI, and agreed that the Council will seek and collate feedback from members, and will complete the online consultation.

National Data Opt-out launch

Susan Kirby, Senior Implementation Manager for the National Data Opt-out programme, updated the meeting on scheme’s recent launch, and provided a high-level overview of the number of Opt-outs and responses to the communications campaign. In response to questions, she clarified the application of the Opt-out and potential policy exemptions to national data bases and registries, such as the National Surgical Data Set and the Cancer registry. Details of how, where and to whom the National Data Opt-out policy applies is available on the NHS Digital website.

NHS Code of Confidentiality

Sean Kirwan, Senior Data Sharing and Privacy Manager at NHS England, briefed the meeting on the update to the NHS Confidentiality Code of Practice commissioned by DHSC. An expert reference group has been established to oversee the revision, with representation from key stakeholders (including the UKCGC). Smaller working groups have been established to discuss some issues in more detail (e.g. children and young people, public interest disclosures, and how the wider legal framework impacts on the common law duty of confidentiality.

Sean agreed to provide a further update to Council later in the year.

General Data Protection Regulation (GDPR) update

Dawn Monaghan, Head of Strategic IG (NHS Digital) and Director of the Information Governance Alliance (IGA), provided the meeting with an update of recent developments around the 25th May, when the Regulation came into effect.

The GDPR launch had gone well and the guidance developed by the National GDPR working group (which the Chair attends), has been well received. There are discussions continuing between the ICO, NHS Digital and NHS England regarding the possible classification of pseudonymised data as ‘personal data’. It is intended that this will be addressed and resolved by the information governance framework being developed to support the LHCREs.

There has been fresh legal advice regarding the appropriate legal basis for processing patient data in primary care, with Article 6(1)c thought to be more appropriate than Article 6(1)e as previously advised. The latter is not thought to be wrong; however, in one interpretation of the Regulation, the former is considered preferable. Discussions continue.

Requests to Council for advice

The Council discussed recent requests for advice received. These included: enquiries regarding subject access and redaction; whether a patient with mental health issues confessing to viewing inappropriate and illegal web content should be reported to the police; requirements for Caldicott Guardians in the private sector; and retention periods for medical records.

The Council plans to use these and previous requests as a basis for a series of case reports in due course.

Caldicott Guardians and supporting staff may contact the Council for advice by email to the Secretariat, via the Council website support page, or by posting to the Digital Health Networks Caldicott Guardians’ online forum.

To join the digital forum please contact the Secretariat.

Other business

Travel expenses for Council meetings

The UKCGC Chair, Vice-Chair and Council officers have considered the best use of funding available to the Council, and have agreed that members’ travel expenses may be reimbursed if no other source of funding is available to the member.

In place of fixed appointments of independent members, a more flexible arrangement in which a member may agree to undertake defined work ‘packages’ and be remunerated at fixed rate based on the DHSC daily rate is now available. Packages could include attendance at meetings or events as a Council representative, organising meetings or workshops for Caldicott Guardians (including regional network meetings), writing articles for the website and/or updating the manual, etc. Members are invited to discuss topics of interest with the Chairman.

Council meetings: day of week

During 2018 Council meetings have all been on Thursdays. A proposal meetings alternate between Wednesday and a Thursday was accepted. Dates for 2019 are now available.

Chris Bunch