Dame Fiona Caldicott does not like to be kept waiting. As we sit in the foyer of NHS England’s London HQ waiting for a conference room to be cleared, she’s glaring at her watch with increasing frequency as her foot taps an intense tattoo on the clinical white floor.
If she gets this wound up by a 20 minute delay, the last ten years must have been hell. It has, after all, been that long since the first ‘Caldicott review’ was published with the grand aim of ensuring that all health service organisations know exactly how data can be used to better services while also protecting patients. And even the most casual of NHS watchers will be aware that this simply hasn’t happened – yet.
Her second review, published last April, aims to rectify this. “Everyone on the panel [for Caldicott 2] agreed that the balance was not right, that some clinicians have become sufficiently anxious about sharing information to not be thinking enough about what is in the interest of the patient.”
The former president of the Royal College of Psychiatrists was very clear on principle four – access to patient identifiable information should be strictly on a “need to know” basis. The problem arises, however, when some organisations are unclear what that means.
With the birth of clinical commissioning groups (CCGs) on 1 April 2013, came a raft of new commissioners, eager to make changes for their local populations. It appears that their wish to do so using identifiable data directly contradicts the Caldicott principles.
Section 251 of the Health Act 2006 allows for confidentiality rules to be set aside when anonymised information is “not sufficient” and where patient consent is “not practicable”. Health Secretary Jeremy Hunt has given CCGs six months to shelter under this umbrella, collecting patients’ data as they will until then. CCGs now have the same access to information as primary care trusts did before them.
And Fiona isn’t happy about it.
Her teaspoon clatters on the white saucer as she sets her cup down, face fierce. “Quite a lot of the requests from commissioners for identified data are for purposes which do not need it. If you take the patient who makes a case to their CCG for having a new drug, they will get consent because the patient wants the drug. They are going to agree to their personal information being shared.”
But for CCGs who attempt to collect information on all patients who have had a particular procedure, for example, there are “very clear rules”.
According to Dame Fiona, education and awareness of data protection issues is where the NHS is currently falling short – and practice managers have a big part to play in amending this.
Although she’s aware that practice managers may not always be the ‘Caldicott guardian’ upholding the principles laid out in her 1997 review, she believes they have an important role, especially now that a lot of patient information is being sent directly from practices to the Health and Social Care Information Centre (HSCIC).
“Those patients do not know what happens to their information. I think the people that meet the patients at reception, those responsible for organising work at the practice, need to be sure that patients are informed.”
Practice managers’ knowledge of the principles means they have a vital role in educating patients, Caldicott claims. However, she feels that although posters and website information schemes are important, for the most personal things, GPs must be the ones to talk to patients.
Leaning on the table, hand neatly folded, Caldicott says: “Practice managers are a very knowledgeable group but they’re not necessarily having all of the conversations with a patient that the doctor will be having.”
She lists. How much information should a GP put in a letter of referral? Does the patient want all information to be conveyed, even things which aren’t relevant? Does the patient know that they might see numerous staff members when they reach the hospital? Is the patient aware that this will mean their personal information could be shown to a number of people?
The growing number of questions is exactly why the average general practitioner needs to get up to speed on the regulations. The Data Protection Act isn’t the only bind on how information is shared by GPs – the General Medical Council (GMC) also has rules on passing records and other personal information to third parties.
But according to Caldicott, a one-off class on data protection wouldn’t go far enough. “All of those involved in information governance not only need to be trained in it when they start their careers, but they need to have ongoing education.
“The knowledge is changing, particularly with the new Health and Social Care Act. People need to be able to answer the more complicated questions that come from members of the public or colleagues.”
The latest incarnation of the NHS Mandate from the government to NHS England included the expectation that by March 2015 everyone who wishes to will be able to access the health records held by their GP.
This undertaking, which even the unflappable Dame Fiona Caldicott admits is “complicated”, could create more work for under-pressure primary care than even the government has anticipated.
Pointedly, she says: “I do not think it’s just a matter of saying yes, all patients can have access to their records. Indeed, I know there are some GPs who think there may be certain patients who should not have access to their records because of the impact of that information on their vulnerable status.”
Immediately she thinks of a situation where a patient with a mental illness may wish to see – and amend – their record. It could be hard, she argues, to explain both clinical jargon and descriptions of a patient that may not sit well with their current state of mind.
But changing patient records retrospectively should never be done, Fiona says.
Writing a note at the bottom of the file, once the patient has proved something in their record to be factually inaccurate, is the only course of action.
“I think many doctors are not convinced that the patient editing the record, even though it is their information and is about them, will be helpful in their care.”
A frank and open discussion between clinician and patient is all that’s needed to get through a situation that many GPs would never have been subjected to before. “Some of that process may require quite a lot of support of the patient, for them to be able to take on board what is in the record and be able to talk that through with someone.”
Dame Fiona Caldicott is driven by her unwavering belief that information sharing – when done correctly – can improve healthcare for every patient of the NHS. Patient records aside, not only is the current practice of having ambulances unable to access patients’ information impractical, she believes it is “quite unsafe” and can even be dangerous.
“Given the technology we have now got, we must find ways of enabling people who have a patient in front of them and… cannot find out certain things about their history which they need to know in order to safely treat them. The quicker we can do that, the safer it is to the public. I think that’s what they expect.”
Shuffling the papers in front of her on the wide white desk, she explains that the aim is to enable the patient to move freely around the healthcare system, on a “smooth pathway”.
For her, that’s the only way to truly integrate care.
“Patients don’t need to know what which bit of the service is currently doing what proportion of their care. They just want care, and as their situation changes, to have it continuously provided.”
Assertively, she adds: “I absolutely believe that this can make a difference, but it requires people to think about the ways in which they work. We all need to work harder at achieving it.”
Repacking her functional leather bag, Dame Fiona prepares for her next meeting in the drafty modern building.
When asked where she’s going, she adjusts her orange scarf and tells Management in Practice she’s off to meet Tim Kelsey, NHS England’s tzar of patients and technology.
Let’s hope he doesn’t keep her waiting.