Today's event bought together Caldicott Guardians from health, social care, and beyond.
Dr Nicola Byrne, National Data Guardian for Health and Social Care, Office of the National Data Guardian
Nicola opened today's event by discussing the role's focus on improving healthcare services through better data use while maintaining public and professional trust. She emphasised the importance of relationships, the interconnectedness of healthcare data, and the need to balance risks and intentions in data handling. Recent national programs, such as the Federated Data Platform and the Single Patient Record initiative, were highlighted, along with public engagement efforts to inform data policy.
The meeting continued with a focus on the role and responsibilities of Caldicott Guardians in healthcare organisations. The discussion highlighted the importance of having appropriate data protection arrangements in place, including the potential need for a Caldicott Guardian, to maintain public confidence and comply with regulatory expectations. The spreakers addressed various questions about data access, privacy, and ethical considerations, emphasising the need for clear documentation of decisions and maintaining appropriate relationships with other teams. The role of Caldicott Guardians in complex cases, such as assisted dying, was also discussed, with a reminder of their focus on data privacy and trust rather than making clinical decisions.
Cybersecurity and Healthcare Data Protection
Mike Fell, the Executive Director of National Cyber Security Operations for NHS England, discussed the cyber threats facing the healthcare sector, emphasizing that the largest threat is criminally motivated, financially driven attacks such as ransomware. He outlined national cyber resilience efforts, including monitoring, training, and incident response capabilities, and highlighted the importance of foundational security measures like multi-factor authentication and regular patching to prevent incidents.
John Hudson, responsible for the Data Security and Protection Toolkit (DSPT), explained recent changes to the DSPT framework, including a shift to outcomes-based assessments for larger organizations, while maintaining a simplified checklist approach for smaller ones. He stressed the role of Caldicott Guardians in balancing clinical and security needs, promoting training, and ensuring cultural change.
Huw Twamley, representing the Medical Examiner Service, described the system’s role in improving death certification and learning from deaths, while addressing challenges with record access and data sharing, particularly in cases of organ donation and post-death scrutiny.
Rachel Merrett
Head of IG Policy Engagement, NHS Transformation Directorate, NHS England - presented the Information Governance (IG) portal, a one-stop shop for IG guidance and advice, and discussed upcoming guidance on sharing information with the police and in emergencies
