What is Caldicott

1
(No Transcript)
2
What is Caldicott ?

• A review commissioned by the Chief Medical
  Officer, in 1997, led by Dame Fiona Caldicott.
• To investigate ways in which patient information
  is used in the NHS.
• The Caldicott Committee also made a number of
  recommendations aimed at improving the way the
  NHS handles and protects patient information,
  summarised by 6 Principles...

3
The 6 Caldicott Principles

• Principle 1 - Justify the purpose(s)
• Every proposed use or transfer of
  patient-identifiable information within or from
  an organisation should be clearly defined and
  scrutinised, with continuing uses regularly
  reviewed by an appropriate guardian.
• Principle 2 - Don't use patient-identifiable
  information unless it is absolutely necessary
• Patient-identifiable information items should not
  be used unless there is no alternative.
• Principle 3 - Use the minimum necessary
  patient-identifiable information
• Where use of patient-identifiable information is
  considered to be essential, each individual item
  of information should be justified with the aim
  of reducing identifiability.

4
The 6 Caldicott Principles

• Principle 4 - Access to patient-identifiable
  information should be on a strict need to know
  basis
• Only those individuals who need access to
  patient-identifiable information should have
  access to it, and they should only have access to
  the information items that they need to see.
• Principle 5 - Everyone should be aware of their
  responsibilities
• Action should be taken to ensure that those
  handling patient-identifiable information, both
  clinical and non-clinical staff, are aware of
  their responsibilities and obligations to respect
  patient confidentiality.
• Principle 6 - Understand and comply with the law
• Every use of patient-identifiable information
  must be lawful. Someone in each organisation
  should be responsible for ensuring that the
  organisation complies with legal requirements.

5
Patient identifiable-information includes

• Surname
• Forename
• Initials
• Address
• Postcode
• Date of birth
• Other dates (e.g. date of diagnosis)
• Sex
• NHS number
• NI number
• Hospital number
• Computer number
• Ethnic group
• Occupation

6
Sensitive Personal Data includes

• Ethnic origin or race
• Political opinion
• Religious beliefs
• Trade Union membership
• Health mental or physical
• Sexual life
• Commission of any offence (or alleged)
• Any Court proceedings or findings

7
Why is Caldicott Different to Data Protection ?

• Caldicott is not an Act of Parliament.
• Caldicott covers Patient data only.
• Specific emphasis on the use of the NHS number to
  pseudo-anonymise patient data.
• Very specific about justifying information flows
  and information sharing protocols.
• Requires a clinical lead in the role of
  Caldicott Guardian.

8
Data Protection Act 1998 - Principles

• All information and data which can identify a
  person, held in any format (visual / verbal /
  paper / computer / microfilm / etc.) is
  safeguarded by the Data Protection Act 1998,
  which is influenced by eight principles
• FIRST PRINCIPLE
• Personal data shall be processed fairly and
  lawfully.
• SECOND PRINCIPLE
• Personal data shall be obtained only for one or
  more specified and lawful purpose(s), and shall
  not be further processed in any manner
  incompatible with that purpose or those purposes.
• THIRD PRINCIPLE
• Personal data shall be adequate, relevant and not
  excessive in relation to the purpose or purposes
  for which they are processed.
• FOURTH PRINCIPLE
• Personal data shall be accurate and, where
  necessary, kept up to date.

9
Data Protection Act 1998 - Principles

• FIFTH PRINCIPLE
• Personal data processed for any purpose or
  purposes shall not be kept for longer than is
  necessary for that purpose or those purposes.
• SIXTH PRINCIPLE
• Personal data shall be processed in accordance
  with the rights of data subjects under this Act.
• SEVENTH PRINCIPLE
• Appropriate technical and organisational measures
  shall be taken against unauthorised or unlawful
  processing of personal data and against
  accidental loss or destruction of, or damage to,
  personal data.
• EIGHTH PRINCIPLE
• Personal data shall not be transferred to a
  country or territory outside the European
  Economic Area, unless that country or territory
  ensures an adequate level of protection for the
  rights and freedoms of data subjects in relation
  to the processing of personal data.

10
What does it mean for You ?
11

• Security arrangements for patient identifiable
  data
• Imagine it is information about you or your
  family and treat it accordingly.
• Dont leave information lying about and dont
  store it where it can be seen .
• Lock doors and windows when the room or building
  is unattended.

12

• Telephone Calls
• Consider whos calling.
• Check out third party enquiry's.
• Should a message be left or not.
• Dealing with other organisations.

13

• Computers - basic precautions
• Who can see the screen ?
• Who can access the data - log off.
• Do not share passwords.
• What about viruses ?
• Using e-mail Internet.

14

• Safe Havens - Using the Fax
• Do you really need to fax it ?
• Who is at the other end ?
• Can you limit the information you send ?
• Should you send clinical details separately from
  patient identifiable data ?

15
Disposal of patient identifiable data Special
arrangements must be in place - you need to find
out what they are. Remember lists of patients,
floppy disks with patient information, pieces of
paper with brief notes on them all need to be
properly disposed of.
16
For further information, please
contact Suzanne Robinson Information
Governance Manager Cheshire West Primary Care
Trust, and Ellesmere Port Neston
PCT Telephone 01244 650551 Fax 01244
650395 E-mail suzanne.robinson_at_cwpct.nhs.uk