> An employee of a Trust where I work requested access (in writing) to her
> occupational health records under the Health Records Act 1990. A Board
> Director has been appointed by the Trust as a Caldicott Guardian and
> requested that our OH records were sent to her for scrutiny prior to the
> records being released to the individual concerned.
>
> I have been working under the principal that our records should
> be released
> direct to the individual who requests them (or anyone else where there is
> written permission for release to third party) without involving anyone
> else in the Trust.
A very robust principal Lyndon
I would strongly urge you to phone the MDU/MPS for advice
> It seems that Trusts acting under guidance from
> Caldicott may interpret release of occupational health records
> in the same
> way as other medical records within a Trust and incorporate an extra layer
> in the process with OH records being scrutinised by the Trust Caldicott
> Guardian.
This is not the proper role of a Caldicott Guardian - however I work in
primary care and therefore take direct responsibility for the medical
records and personally scrutinise them for references to third parties and
remove non disclosable records etc... - It seems to me that if there is a
clinican (like yourself)who is responsible for the OH record then there is
no need for and indeed it is undesirable for any other person to act as
scruteniser
Probably worth pasting here the principles of Caldicott:-- (Sorry to the egg
sucking grandmothers )
*******************
Summary of a Manual for Caldicott Guardians A Gane Page 2
15/11/2000
The Caldicott Principles
The Committee developed a set of general principles.
Principle 1 Justify the purpose(s)
Every proposed use or transfer of patient identifiable information within or
from an
organisation should be clearly identified and scrutinised, with continuing
uses regularly
reviewed by an appropriate Guardian.
Principle 2 Don’t use patient identifiable information unless it is
absolutely necessary
Patient identifiable information items should not be used unless there is no
alternative
(includes Name, Address, Postcode, Date of Birth/Death/Treatment, Sex, NHS
or NI
Number, Ethnic Group and Occupation).
Principle 3 Use the minimum necessary patient identifiable information
Where us of patient identifiable information is considered essential, each
individual item of
information should be justified with the aim of reducing identifiability.
Principle 4 Access to patient identifiable information should be on a strict
need to
know basis
Only those individuals who need access to patient identifiable information
should have access
to it, and they should only have access to the information items that they
need to see.
Principle 5 Everyone should be aware of their responsibilities
Action should be taken to ensure that those handling patient identifiable
information – both
clinical and non-clinical staff – are aware of their responsibilitie and
obligations to respect
patient confidentiality.
Principle 6 Understand and comply with the law
Every use of patient identifiable information must be lawful. Someone is
each organisation
should be responsible for ensuring that the organisation complies with legal
requirements.
The Guardian’s Role
Responsible for agreeing and reviewing protocols governing the disclosure of
patient
information across organisations boundaries (e.g. Social Services, Police
etc.)
·
Responsible for agreeing and reviewing internal protocols governing the
protection and
use of patient identifiable information by staff in their organisation.
·
Play a strategic role, and represent confidentiality and security
requirements and issues at
Board level.
********************
|