care data scrapped after review of security standards

  • Date: 07 July 2016

NHS England has decided to close the programme after the publication of two reports on data security in the NHS.

Life science minister George Freeman said in a statement regarding the decision: "The government and the health and care system remain absolutely committed to realising the benefits of sharing information, as an essential part of improving outcomes for patients. Therefore this work will now be taken forward by the National Information Board, in close collaboration with the primary care community, in order to retain public confidence and to drive better care for patients."

The controversial scheme in development since 2013 was intended to extract GP patient information from various NHS providers to be used by healthcare commissioners to assess the safety and quality of local services and help NHS organisations plan and design better services. But it was criticised by health professionals and patient groups who said not enough had been done to raise awareness of how it would work and also how confidential patient data would be protected.

The decision follows on from the publication of two independent reviews commissioned by Secretary of State for Health, Jeremy Hunt. The Care Quality Commission (CQC) reviewed existing levels of data security across the NHS, and the National Data Guardian (NDG), Dame Fiona Caldicott, was asked to make recommendations on data security standards for health and social care and a new consent/opt-out data sharing model.

Both reports recommend that leaders of every NHS organisation should demonstrate clear accountability and responsibility for data security, just as they do for clinical and financial matters. There should also be internal and external scrutiny of whether new data standards are being implemented.

The NDG review proposes 10 new data security standards to apply to all organisations that hold health or care information. These include, for example, a requirement that organisations identify and address risks such as default passwords, dormant accounts and unsupported operating systems.

The NDG also recommends a new opt-out system making it clear to patients how their health and care information can be used, and in what circumstances they can opt out of it being shared for purposes other than their direct care. The review also calls for a much more extensive public dialogue over how health and care information is utilised and the benefits of data sharing, citing a current lack of public awareness.

National Data Guardian, Dame Fiona Caldicott, said: "My recommendations centre on trust. Building public trust for the use of health and care data means giving people confidence that their private information is kept secure and used in their interests.

"Citizens have a right to know how their data is safeguarded. They should be included in conversations about the potential benefits that responsible use of their information can bring. They must be offered a clear choice about whether they want to allow their information to be part of this. I would encourage everyone to get involved in the consultation about the proposals that I am putting to government today."


This page was correct at the time of publication. Any guidance is intended as general guidance for members only. If you are a member and need specific advice relating to your own circumstances, please contact one of our advisers.

Save this article

Save this article to a list of favourite articles which members can access in their account.

Save to library

Related Content

Dilemma: Disputed consent in a minor

Dilemma: Alleged prescription fraud

Dilemma: Covert recording made public

For registration, or any login issues, please visit our login page.