Caldicott Review and Information Governance


Closing Date: 31st August 2016

Workshop Date: 20th September 2016

Email responses and inquiries to

I have proposed a new consent/opt-out model that describes clearly when information is used, and when patients have a choice to opt out of their personal confidential data being used.

We owe it to citizens to enable them to understand data usage as fully as they wish, and ensure that information about how data is accessed, by whom, and for what purposes, is available. This work is part of a wider dialogue that should be conducted on data use across different sectors. Health and social care data, although unique, cannot be isolated from that discussion.

Dame Fiona Caldicott (2016)

The National Data Guardian for Health and Care’s Review of Data Security, Consent and Opt-Outs (“Caldicott Review”) was published on 6th July 2016. This long awaited review comes against the background of three parallel developments. First, recognition by policymakers that significant inroads still remain to been made into ongoing concerns about public trust regarding the privacy, security and use of patients’ health information. Second, perceptions relating to the inability of the law to grapple with the conceptual and regulatory gaps resulting from the digitalisation of information, increasing use of mobile devices and social media in health care and pace of innovation in the practice of science and medicine. Third, uncertainty surrounding the political ramifications of the referendum on UK’s membership of the EU and the likely implications of the General Data Protection Regulation (“GDPR”) for entrenched norms and practices relating to consent, collection and use of health information and data sharing in medical research. The GDPR comes into force in the UK on 25 May 2018.

It will be some time before the outcome of the Public Consultation, which closes on September 7th and Government’s response are published. This Workshop is designed to stimulate discussion and undertake critical engagement with the legal, ethical and policy ramifications in light of one part of the Caldicott Review – designing a model for information sharing which embeds constitutional safeguards for individuals and vulnerable patients while harnessing the value of health information to improve direct care services and steer innovation in fields such as pharmacogenomics and clinical genomics. Developing a coherent and principled framework for “consent” and “data sharing and use” is far from straightforward in an environment of information flows and evolving health information ecosystem. The ground rules not only need to be worked out quickly but communicated clearly to the public in a meaningful way. The stakes for not gauging the public mood in particular are high, as noted by the Secretary of State in 2015:

Exciting though this all is, we will throw away these opportunities if the public do not believe they can trust us to look after their personal medical data securely. The NHS has not yet won the public’s trust in an area that is vital for the future of patient care.

Dame Fiona Caldicott’s warning about regulatory inertia is also worth recounting:

There has been little positive change in the use of data across health and social care since the 2013 Review and this has been frustrating to see.

The Workshop proceeds on the footing that interdisciplinary engagement will provide the type of understanding necessary to provide an empirical basis for assessing the likely legal, ethical, technical and clinical challenges emerging from the Caldicott Review’s Recommendation for a new consent/opt out model. More specifically, the Workshop aims to anticipate the future direction of policymaking in relation to implementing the:

1. Options for patient consent;

2. Use of health information for delivery of clinical care services and advance the practice of medicine; and

3. Development of innovative governance models.

Position papers and provocation pieces (maximum 1000 words) are welcomed particularly from scholars, researchers, practitioners and representatives from the healthcare sector organizations and industry, which address the following questions:

1. Does the Caldicott Review’s Recommendation for a new consent/opt out model point towards a much needed shift in cultural, ethical and legal mindset that requires fresh thinking about the provenance of consent and the ethics of data sharing within research, clinical care and delivery of NHS services?

2. Which specific recommendations made by Dame Fiona Caldicott for a new consent/opt out model should we prioritise?

3. What regulatory, design and participatory model (s) of information governance will enable patients’ rights to be reinforced while steering innovation?