Department of Health and Social Care
Printable version E-mail this to a friend

Jeremy Hunt confirms commitment to balance patient safety and privacy

New guidance published for NHS and care staff as government responds in full to Caldicott Review.

People will be able to feel confident that information about their health and care is secure, protected and shared appropriately to create better services and deliver better care, Jeremy Hunt confirmed today. People will be able to feel confident that information about their health and care is secure, protected and shared appropriately to create better services and deliver better care, Jeremy Hunt confirmed today.

His comments came as the government’s full response to the Caldicott review on information governance was published, alongside new guidance from the Health and Social Care Information Centre that sets out the responsibilities of health and care staff towards personal confidential data.

The response accepts the recommendations of the original report and highlights that while information sharing is essential to provide good care for everyone, only the minimum amount of information should be shared and there must be strict rules to govern it. There are two reasons why personal confidential data is shared:


The government agrees with the Caldicott Review that sharing information in the right way is critical for making sure patients get the right care. For example, so staff in A&E seeing a frail elderly woman who has had a fall know she has dementia, because they can access her GP’s notes. For the first time ever, the responsibility of health and care staff towards sharing patient data in this way has been made crystal clear; and

Health and care planning and research:

The government recognises that patient information is important for scientists researching the latest drugs and treatments, as well as for planning local health services. As set out in the government’s initial response to the Caldicott Review, anyone who does not wish to have their information shared for this reason will have their objection respected. All they have to do is speak to their GP, and their data will not leave their GP surgery.

Health Secretary Jeremy Hunt said:

Sharing information securely is a major part of making health services safer.

Having the right information about patients means professionals can make sure they get the right care and treatment. Without that information, research to find new cures and therapies for killer diseases and other conditions would not be possible.

And sharing means people don’t have to repeat themselves constantly to each doctor, nurse, physiotherapist or care assistant they need to deal with.

But if someone has an objection to their information being shared beyond their own care, it will be respected. All they have to do in that case is speak to their GP and their information won’t leave the GP surgery.

The response sets out the responsibilities of different organisations in health and care when it comes to keeping patient information safe and secure. This includes:

  • New guidance on sharing data securely, to make sure crucial information is shared with the right people at the right time
  • Making sure health and care staff have appropriate training and education on information governance so they can make the right decisions
  • Being open and honest if a data breach happens and taking action to prevent it happening again
  • Making sure each organisation has a ‘Caldicott Guardian’ or lead on information governance The Health and Social Care Information Centre’s new guidance sets out five, easy to remember rules to help health and care staff make sure they deal with confidential patient information safely and securely. There will now be no excuse for uncertainty about how data should be shared.

Dame Fiona Caldicott is also chairing a new group to help make sure the NHS keeps to high standards on information sharing. She said:

The commitment expressed by the government to protecting confidentiality and responding to the wishes of anyone using health or social care services about how they want their information used is extremely heartening. What this means in practice is spelt out in the Confidentiality Guide which is being published today.

Coupled with the scrutiny work that my panel has been commissioned to undertake, I am confident that we can make great strides in terms of putting the patient and service user at the forefront of concerns about safely sharing information. The Health and Social Care Information Centre will be responsible for making sure the principles set out by Dame Fiona Caldicott in her Review are implemented right across the health and care system.

Kingsley Manning, Chair of the Health and Social Care Information Centre said:

The HSCIC is determined that the publication of this Confidentiality Guidance marks the start of a campaign to ensure it is part of the DNA of all health and social care organisations. The five rules aim to be easy for both staff and public to absorb. They sum up the new duty to share information in the interests of caring for the individual.

The HSCIC welcomes the responsibility given it by the Health Secretary to implement the Caldicott Review findings and will work closely with Dame Fiona to ensure she and her panel have proper oversight of progress.

Case study – Moorfields Eye Hospital

Moorfields Eye Hospital asks all new recruits to do an information governance test online which can be found here

Moorfields also uses OpenEyes; a unique, secure web-based system which allows direct entry of detailed clinical data to improve patient care, allow sharing of information where appropriate, facilitate research, and monitor performance. Some elements of the system are in active use throughout Moorfields, with others due to be implemented shortly; OpenEyes is also used in eye departments in Cardiff and Maidstone. Many other sites will go live before the end of the year, including Manchester, Salisbury, and Liverpool. The project has gained international attention, has won awards and is also of interest to specialties outside ophthalmology.

Contact – 020 7566 2628.

The five rules of patient confidentiality, set out in the new HSCIC guidance are:

  1. Confidential information about service users or patients should be treated confidentially and respectfully.

  2. Members of a care team should share confidential information when it is needed for the safe and effective care of individuals.

  3. Information that is shared for the benefit of the community should be anonymised.

  4. An individual’s right to object to the sharing of confidential information about them should be respected.

  5. Organisations should put policies, procedures and systems in place to ensure the confidentiality rules are followed.

Background information

  • For more information contact the Department of Health press office on 0207 210 5707
  • The Government’s full response to the Caldicott review can be found here
  • NHS England has published information for patients and healthcare staff about information sharing and the new care data service here
  • Members of Dame Fiona’s new group are:

    • Fiona Caldicott (Chair), Chair of the Oxford University Hospitals NHS Trust
    • Anne Stebbing, Consultant Surgeon, Hampshire Hospitals NHS Foundation Trust
    • Mr Ian Atkinson, Chief Officer Sheffield CCG
    • Dr Alan Hassey, Retired GP
    • Richard Wild and Eileen Phillips, HSCIC
    • John Carvel, Retired, former Social Affairs Editor at The Guardian
    • Mark Taylor, Lawyer and HRA Confidentiality Advisory Group Chair
    • Caroline Tapster, Retired, former CEO Hertfordshire Council
    • Professor Martin Severs, Geriatrician, School of Health Sciences and Social Work, University of Portsmouth
    • Janet Davies, Director of Nursing and Service Delivery, Royal College of Nursing

Members are appointed as individuals and not representatives of their organisations.

APM Conference 2023 - Change Changes: Thursday 8th June, The Vox, Birmingham