Presentation made by Professor Martin Severs, HSCIC Caldicott Guardian and Lead Clinician, at the Healthcare Conferences UK event 'Information Governance Implementing the Government Response to Caldicott2', to preview the new HSCIC Code of Practice on Confidential Information. This event was held at London's Hallam Conference Centre, on Wednesday 12 November 2014.

1. The New Code of Practice
On Confidential Information
Professor Martin Severs

2. Key topics
• Who are the HSCIC and do they do
anything?
• What is the code of practice
– Who does it affect
– What is in scope (and what isn’t)
• Practices to implement
• Timescales
– Aiming to publish by the end of November
2

3. HSCIC:
Who are they?
Are they part of the NHS?
3
August 2014: Work by MORI on behalf of NHS
England

4. What we do
We set standards that protect
patient’s confidential information, reduce
bureaucracy and improve data quality
We operate essential technology services
that support the health and care system
We collect, analyse and publish
national data and statistical information
that helps inform decision making
We develop the next generation of
national data and information systems

5. Who we are

6. What we do
NHS Mail
600,000 registered
users
GP2GP
89% of clinicians
agree it improves
patient experience
The Spine
Contains 80
million records
NHS Choices
Handles 29 million
enquiries a month
Electronic
Prescription
Service
Potential to save the
NHS £179M a year
Informing public
discussion
3,000 news stories
used our statistics

7. What we do
GP Payments
Service
Calculates and pays
over £7.2 billion
annually
Choose and Book
50 million patients
referrals reached
Statistical
reports
220 statistical
reports published
Screening
Helps to detect over
13,500 invasive
cancers
National Back
Office
Manages accuracy
of 6.3 million
transactions

8. What is the code of practice
• Describes good practice for any organisation
that collects, analyses, publishes or
disseminates “confidential information”
• Health and Social Care Information Centre
has a legal duty to publish the code
8

9. Who does it affect
• Public bodies have to “have regard” to the
code of practice
• Other organisations may have to have regard
through contracts
9

10. Key exclusions
• Care record keeping
• Systems for the direct provision of care
• Information solely about Children’s Social
Care (Department for Education lead on
children’s social care)
10

11. Scope of the code of practice
which
identifies a
person
Information …
Patients
Care recipients
Carers
Family members
Care professionals
Public sector staff

12. Scope of the code of practice
which
identifies a
person
may
help identify
a person
Information …
Patients
Care recipients
Carers
Family members
Care professionals
Public sector staff

13. Scope of the code of practice
held in
confidence
which
identifies a
person
may
help identify
a person
Information …
Fœtuses
Contracts
Security plans

14. Scope of the code of practice
held in
confidence
which
identifies a
person
concerning English health or
adult social care provision
may
help identify
a person
Information …

15. Scope of the code of practice
held in
confidence
which
identifies a
person
concerning English health or
adult social care provision
may
help identify
a person
Information …

16. Scope of the code of practice
information which:
• identifies any person,
or
• allows the identity of
anyone to be
discovered, or
• is held under a duty of
confidence
and is concerned with the
provision of health
services or adult social
care in England

17. The key practices
Through the seven stages of handling confidential information

18. The key practices to follow
Establish the purpose of
arrangements to handle
confidential information
Practices
• State what you are
intending to achieve
• Check whether available
information will help you
achieve it
• For research, follow the
research governance
framework

19. The key practices to follow
Establish and use standards
for handling data
Practices
• Use standards
• Define standards if
necessary
• Minimise burden /
inefficiency
• Avoid transcription

20. The key practices to follow
Recognise people’s objections
to the handling of information
about them
Practices
• All organisations
– Record objections
– Share objections with
recipients if a legal flow
remains
– Share the number of
records omitted where
there is no legal flow of
confidential information

21. The key practices to follow
Implement systems for
handling confidential
information
Practices
• Implement
– Efficient systems
– Safe systems
– Good management
systems for example using
ISO standards
– Minimise risk of breach for
example by encrypting,
anonymising or
pseudonymising as soon
as practical

22. The key practices to follow
Adopt sound analysis of
confidential data
Practices
• Analysis should
– Be scientific
– Follow best practice
– Be transparently
documented
• Quality should be
monitored, assured and
reported
• Repeated analysis

23. The key practices to follow
Share information Practices
• Maximum value comes
from the use of
information
• Sharing must be lawful
• Publications should
enable free reuse
• Sharing requires a data
sharing contract and
agreement

24. The key practices to follow
Dispose of information once
it is no longer required
Practices
• Review purposes and
retained information with
a planned schedule
• Use industry best practice
to dispose of data once
there is no ongoing
purpose for retention
• Maintain a record of
information disposal

25. Timetable
Draft
• Initial draft prepared
• May 2014
Consult
• Consulted with the public
• June to August 2014
Approve
• Seeking approval from DH and NHS England
• November 2014

26. Connect with us
www.hscic.gov.uk
@hscic
www.slideshare.net/hscic
0300 303 5678