The Department of Health Data Sharing consultation has opened today. This consultation is part of the wider engagement on the use and disclosure of information, and will be open for six weeks, closing on 8 August 2014.
About the consultation
This consultation is carried out under section 251(9) of the National Health Service Act 2006 and sets out proposals for new regulations to place strong controls around the disclosure of data which might potentially identify individuals by the Health and Social Care Information Centre (HSCIC) and accredited safe havens.
It also includes proposals for new regulations to address concerns about restrictions on the sharing of confidential personal information with NHS and social care case managers who need to have access to this information in relation to those for whom they are responsible for arranging health or care services. No serious case review has ever said that ‘too much information was shared between organisations’ though the opposite has all too frequently been the case. Proposals for establishing accredited safe havens which place strong controls on the sharing and use of data for activities such as commissioning are also outlined.
Subject to Parliamentary approval the new regulations are expected to be in place by the end of 2014. They will be informed by the responses to this consultation.
The opportunities and benefits of appropriate data sharing have been acknowledged by all to enable the quality and safety of services to be monitored, measured and improved, but people have to trust that their information is properly safeguarded. Review after review has identified the failure of professionals to share information as a causal factor in child deaths and other tragedies.
These proposed Regulations are an important step on a journey to ensure that, for purposes other than direct care:
the minimum necessary level of identifiable information is used to support any particular purpose;
there is a clear lawful basis for all uses of information; and
there are robust controls in place to prevent security breaches or misuse of information.
As technology develops and information quality improves, the need for staff to access identifiable information will reduce and opportunities for individuals to exercise control over how information about them is used will increase. To achieve this, it is expected that, over the medium term (within, say, three to five years):
access to data will be more automated so that routine functions, including many commissioning functions, will not require access to identifiable data itself;
the Health and Social Care Information Centre (HSCIC) will be the environment for holding identifiable data at the national level with a number of other smaller safe havens able to access identifiable data for these purposes; and
consent will be used more widely as the means to share information.