care data scrapped after review of security standards

NHS England has decided to close the care.data programme after the publication of two reports on data security in the NHS.

Life science minister George Freeman said in a statement regarding the decision: "The government and the health and care system remain absolutely committed to realising the benefits of sharing information, as an essential part of improving outcomes for patients. Therefore this work will now be taken forward by the National Information Board, in close collaboration with the primary care community, in order to retain public confidence and to drive better care for patients."

The controversial scheme in development since 2013 was intended to extract GP patient information from various NHS providers to be used by healthcare commissioners to assess the safety and quality of local services and help NHS organisations plan and design better services. But it was criticised by health professionals and patient groups who said not enough had been done to raise awareness of how it would work and also how confidential patient data would be protected.

The decision follows on from the publication of two independent reviews commissioned by Secretary of State for Health, Jeremy Hunt. The Care Quality Commission (CQC) reviewed existing levels of data security across the NHS, and the National Data Guardian (NDG), Dame Fiona Caldicott, was asked to make recommendations on data security standards for health and social care and a new consent/opt-out data sharing model.

Both reports recommend that leaders of every NHS organisation should demonstrate clear accountability and responsibility for data security, just as they do for clinical and financial matters. There should also be internal and external scrutiny of whether new data standards are being implemented.

The NDG review proposes 10 new data security standards to apply to all organisations that hold health or care information. These include, for example, a requirement that organisations identify and address risks such as default passwords, dormant accounts and unsupported operating systems.

The NDG also recommends a new opt-out system making it clear to patients how their health and care information can be used, and in what circumstances they can opt out of it being shared for purposes other than their direct care. The review also calls for a much more extensive public dialogue over how health and care information is utilised and the benefits of data sharing, citing a current lack of public awareness.

National Data Guardian, Dame Fiona Caldicott, said: "My recommendations centre on trust. Building public trust for the use of health and care data means giving people confidence that their private information is kept secure and used in their interests.

"Citizens have a right to know how their data is safeguarded. They should be included in conversations about the potential benefits that responsible use of their information can bring. They must be offered a clear choice about whether they want to allow their information to be part of this. I would encourage everyone to get involved in the consultation about the proposals that I am putting to government today."

Links