Early January Update

IIGOP Annual Report

Following its care.data report at the end of last year, the 2014 Annual Report of Dame Fiona Caldicott’s Independent Information Governance Oversight Panel (IIGOP) was published in early January. Amongst other things, it says:

In summary, the goal should be a state of information governance in which the following proposition prevails: “Organisations have no hiding places, the public have no surprises.”

But with good progress having been made on just six of the year-long Caldicott2 Review’s 26 recommendations, the IIGOP is forced to conclude:

Unfortunately the cultural change that we called for [in 2013] in relation to information governance has only emerged in parts of the system.

The annual report goes into some detail on care.data in Chapter 3, noting:

The unintended consequence of care.data was a positive cycle of change, with greater public interest causing organisations to respond with greater transparency and stronger information governance.

But, worryingly, on consent across the health and care system:

IIGOP welcomes the Secretary of State’s enhancement of the “right to object” in the care.data programme, but calls for a more consistent approach. It is not reasonable to expect the public to understand objections and “opt outs” if there are different rules for different programmes. This remains unfinished business.

Over the next few weeks, we will see whether the Government and NHS England are moving towards that goal – or whether they’ve been hiding more surprises for the public later in the year.

Meanwhile, Healthwatch England “found disturbing evidence of the harm caused by failure to share information appropriately. The inquiry focused on the experiences of older people, people with mental health conditions and people who are homeless.”

The findings, summarised on pages 17 and 18 of the annual report, are especially horrifying due to the impacts on the direct care of patients – a missed opportunity cost due to the care.data programme:

Public opinion research has shown that most patients want any healthcare professional who treats them to have secure electronic access to key data from their GP health record. Most were surprised that emergency care doctors do not have automatic access to records, and concerned that lack of access may lead to delays in treatment and fatal errors. The public’s main concerns about the use of information about them were suspicions around usage creep, lack of personal benefits and loss of data.

As medConfidential has always said, there need be no conflict between good ethics, good data handling and good medical care.
A Statutory Data Guardian?

We had hoped that, as the Secretary of State said would happen, the National Data Guardian – providing independent, overarching information oversight for the entire health and care system – would be put on a statutory footing “at the earliest opportunity”. That opportunity was last Friday, but the Secretary of State failed to meet his commitment.

As we now discover from the IIGOP’s Annual Report, this is just one example of what happened without a strong oversight body:

NHS England communicated the proposal in a leaflet that was supposed to be delivered to all homes across England in January 2014. A copy of the intended leaflet was sent to IIGOP shortly before the quarterly meeting of the panel on 9th December 2013. On the following day IIGOP advised NHS England that its leaflet was not fit for purpose, but was informed that it had already been sent to the printers and would not be recalled.

Last Friday, Jeremy Lefroy’s Private Member’s Bill reached its final stage in the House of Commons, and has now moved on to the Lords. When the NHS Number is used beyond the NHS, its wider use a lifelong identifier for every person in the UK will also never be recalled. We wrote a briefing on this issue when it first raised its head.



2015 marks 10 years since the dodgy deal between the (then) NHS Information Centre and Dr Foster Ltd – a period during which, as we now know, less-than-optimal decisions were made.

One quote in the Public Accounts Committee’s report that sounds entirely familiar from the care.data fiasco a decade on:

At the outset there was an urgency to complete the deal with Dr Foster Ltd, and in negotiating the joint venture the roles and responsibilities of the Department’s advisors were sometimes confused.

With echoes of the messy “IG Universe” picture that emerged last year, and with venture capitalists that now own bits of the private sector part of Dr Foster Ltd writing down their stake and seeking an exit, we see once again that – in the long term – routing round or failing to institute and apply proper Information Governance doesn’t help anyone.

Finally, as the 12 month mark approaches, we understand the Health Select Committee will continue its inquiry into care.data and the handling of NHS patients’ records shortly. Let’s hope that this time its members will be given full and frank evidence by all.