The Information Governance Toolkit: Data Protection, Caldicott, Confidentiality

The Information Governance Toolkit: Data Protection, Caldicott, Confidentiality

Tobias Keyser and Christine DaintyRadcliffe PublishingOxford2004ISBN 1857756002Keywords: Data security, Freedom of information, Knowledge sharing, National Health ServiceReview DOI: 10.1108/095656907107579468

The bond of confidentiality between a patient and those providing treatment is a basic tenet of the National Health Service (NHS). It ensures that confidential clinical data are used in the most effective and secure way to deliver the best treatment, and that the patient’s trust is retained. Confidentiality in the NHS context is primarily defined and governed by the 1997 Caldicott Report (undertaken to examine the transfer of patient-identifiable data between NHS organisations and with non-NHS organisations for purposes other than immediate health care), Confidentiality: NHS Code of Practice (Department of Health, 2003), and, of course, the Data Protection Act 1998. This book’s primary focus is the overlapping roles of the Caldicott Principles (espoused by the Report) and data protection legislation in securing patient confidentiality and transparent data usage.

The term “information governance” used here is defined as the framework by which patient data are secured and protected. The impact of technology on the sharing and dissemination of such data are emphasised. Indeed, in the few years since the book was published, this has become a hot topic with much media space being devoted to the debate on the safety of patient information in the electronic environment.

Topics covered by the book are Caldicott, data protection and other legislation including the Freedom of Information Act 2000, confidentiality, information security, data quality, health records management and information sharing. The book’s emphasis is refreshingly practical. In addition to the detailed descriptions of the governing legislation and principles, there is a wealth of practical advice. Sections on topics such as training, security, and publicity are laid out in such a way that they can easily be adapted for local use and from them workable policies and procedures can be devised. Of particular value is a in-depth information governance audit questionnaire that can be used to identify areas in need of improvement and to formulate best practice.

The importance of records management as the foundation of effective information governance is covered but primarily in the context of health records. Topics such as records storage, retention and disposal are considered as are the challenges presented by electronic records. The fact that management of corporate records as a topic is omitted is surprising considering the inclusion of the discussion on freedom of information legislation. Interestingly, there is no entry for “records management” in the index.

The fact that the book was written in 2004 and published in 2005 inevitably means that some recent information governance topics are either omitted or given only brief mention. For instance, there is no mention of the Environmental Information Regulations 2004 or Re-use of Public Sector Information Regulations 2005, and Confidentiality: NHS Code of Practice is only mentioned in passing. The section on freedom of information legislation is a useful, albeit brief, introduction to the subject but lacks the detailed guidance and rulings that have developed over the last few years. This is particularly evident in the discussion of the application of exemptions.

The book is divided into two distinct parts contributed by the individual authors. Part one is aimed at the primary health care team whereas part two concentrates on general practice. This arrangement does inevitably lead to a degree of repetition, and makes locating all information on a particular topic quite awkward. It would have made the material perhaps easier to consult if, instead of simply joining the two contributions end-to-end, the material had been consolidated and presented in a more logical flow.

Readers of this book should to be aware that it predates the Information Governance Toolkit developed by the NHS Information Authority and now operated by NHS Connecting for Health. The Toolkit is a mandatory online assessment tool covering all aspects of information governance and is used by all sectors of the NHS. It is well-established with the data set used by acute trusts now at version 4. This book is not a manual for completing the Information Governance Toolkit (which comes with its own set of online guidance documents and exemplar materials). The preface explains that following a Caldicott audit carried out in 2000 a Manual for Primary Health Care Teams in Liverpool was developed and this book is an expansion of that work.

Despite these caveats, the book remains a highly practical text and will act as a good introduction to the topic of information governance. Indeed, the potential audience is likely to be wider than just those working in the NHS as many of the aspects covered will apply to all organisations handling personal and confidential information.

Nigel Metcalfe Birmingham Women’s Health Care NHS Trust, Edgbaston, UK

ReferencesDepartment of Health (2003), Confidentiality: NHS Code of Practice, Department of Health, London