In message <[log in to unmask]>, [log in to unmask]
writes
>Dear all,
>
>I have prepared the attached response to the Caldicott discussion
>papers, and put them into the post, with the earnest hope that they
>will make it across Leeds ahead of tomorrow's deadline. There is
>also a one line covering letter, which I have not bothered to
>circulate.
>
>The document is in Word format, which I hope that you can readily
>interpret. My apologies if you have problems.
>
>As you will see, I have tried to keep to one or two specific,
>non-technical issues. Any comments would be most welcome.
Can't comment - won't open in Wordpad. What version of Word?
Here is my response - in text..
Mary
PS if anyone hasn't responded, they do have a fax number! ;->>
28 6 98
RESPOSE TO CONSULTATION DOCUMENT
Dear Sirs,
HSC 1998/089 invites responses to the Consultation Document on :-
Part 1: The Role and Responsibilities of Caldicott Guardians and
Part 2: Access Controls for the NHS Strategic Tracing Service.
As a GP, I would like to respond to both parts, and to comment on the process of consultation on these important subjects and the implications of the consultation in this case.
Part 1: The Role and Responsibilities of Caldicott Guardians
It is acknowledged that it will be difficult to identify appropriate Guardians for settings other than Health Authorities and NHS Trusts - but in spite of this, the guidance (and, I assume, the timetable outlined in sections 29-32) "applies to health authorities, Trusts and primary care settings equally ". I note that "The NHS Executive will continue to develop proposals for other settings and would welcome views as part of this consultation exercise."
There appear to be a number of problems here.
1.GP practices already have an obligation to protect patient confidentiality , and systems to ensure that confidentiality is observed - the "internal function" of the Caldicott Guardian.
2.It is not certain that the ethical codes of the relevant professional bodies would allow passage of confidential person-identifiable information across organisational boundaries"e.g. with social services and other partner organisations contributing to the local provision of care", especially as there appears to be no equivalent system for ensuring confidentiality in any or all of these organisations.
3.Confidentiality is particularly important where information from one individual may be held in files relating to one or more other individuals eg family cases, and where the information may not have been authorised or, indeed, authenticated eg genetic family histories.
4.It is stated that "some primary care organisations e.g.large GP practices may warrant their own Guardian". I find it hard to imagine a situation where a Guardian is imposed on independent contractors by an outside body 's Chief Executive, or where such an appointment could "carry the confidence of his or her colleagues".
Could you elaborate?
5.Has any thought been given to the position of PCGs, and the need to ensure confidentiality in groups including non-NHS and non-clinical bodies?
6.Appointment of Caldicott Guardians.
From p.10, it appears that this is in the gift of the Chief Executive. In these circumstances, how is the authority of the Caldicott Guardian to be maintained - especially as any individual with the " necessary seniority and authority" will almost certainly already be involved in management and strategic planning?
7.Specifications for and liabilities of Caldicott Guardians
Senior Health Professionals may lack the knowledge of systems needed to ensure confidentiality - but IT Systems managers cannot be expected to be fully conversant with the concerns expresed by the professions regarding confidentiality. It is hard to see how one individual can fill all the requirements, and this leads to a question as to the legal liabilities of the position.
To summarise:-
I am concerned about the implications of this document for Primary Care, especially in view of the introduction of organisations containing both NHS and non health related bodies such as Social Services (Primary Care Groups) on 1.4.99.
The process for appointing Caldicott Guardians would appear to allow selection of individuals who would be expected to be compliant with management views.
The time scale - appoint/identify Guardian and agree responsibilities,authority and reporting proceedures by 31 October 1998 - appears impossibly tight - especially for Primary Care organisations.
Part 2.Access Controls for the NHS Strategic Tracing Service
I am slightly confused about this.
1.Para. 1.1.1 states that the national database will hold no clinical information, while in figure 1 - "example functions to be suported by the NSTS", among the functions listed are "waiting list/cleaning review, set-up and maintenance of disease related registers, validation of payement claims by GPs, post-payment validation , prescription management and detection and elimination of fraud."
How can these functions be performed without clinical information?
If the national database is intended, in the future, to contain clinical information, the model for access control(even seeing further observations on this ) is inappropriate. Access to management information does not include confidential person-identifiable information.
2.Caldicott Guardians
Caldicott Guardians are mentioned in several sections.
v.s. Can individuals appointed by Chief Executives be expected to monitor acces to the NHSTS?
3. Security model
The NHS data base will be the only national database containing up to date details of the locaton of every man, woman and child in the UK. Regardless of the clinical and NHS uses, this is an invaluable resource for anyone endevouring to locate any individual for any purpose - varying from official and semi-official organisations - GCHQ and the police - to civil - errrant spouses - and the downright criminal - mafia and organised crime.
The security model proposed appears to assume that the only threat is from inappropriate access within a contained environment, and that firewall protection will prevent any unauthorised access. If the security problems in other organisations is to be believed, the main threat is from insiders rather than outsiders. Is this aspect considered?
Comments on the process of Consultation
This is obviously an important Consultation Document., but the disribution was limited (HSC 1998/089) to Chief Executives of Health Authorities and NHS Trusts.
Were any others sent the consultation document? If so, who were they, and on what criteria were they selected? Why were they not included in the consultation list? Why was the existence of this consultation document not advertised?
HSC 1998/089 is on COIN. I believe the consultation docuement is also listed - but without either details of who was on the Caldicott Implementation Working Group, nor the address to which responses should be sent. There is no hypertext link between the two.
Why is it so difficult to obtain the information ?
I would be grateful for an ackowledgement of receipt and response to comments,
Yours sincerely,
K.M.Hawking MB,BS.
>
>Mike Wells
>***************************************************
>* M. Wells *
>* 9 Hall Close *
>* Bramhope *
>* Leeds LS16 9JQ *
>***************************************************
>The following section of this message contains a file attachment
>prepared for transmission using the Internet MIME message format.
>If you are using Pegasus Mail, or any another MIME-compliant system,
>you should be able to save it or view it from within your mailer.
>If you cannot, please ask your system administrator for assistance.
>
> ---- File information -----------
> File: Caldicott.doc
> Date: 29 Jun 1998, 12:20
> Size: 80384 bytes.
> Type: Unknown
>
>[ A MIME Application / Octet-stream part was included here. ]
>
Mary Hawking Kingsbury Court Surgery Church Street Dunstable LU5 4RS
tel:01582 663218 (surgery)fax:01582 476488 (surgery)
Member of British Healthcare Internet Association
Dunstable and Houghton Regis Locality Commisssioning Pilot
|