This week the National Data Guardian for Health and Care, Dame Fiona Caldicott, has published a Review of Data Security, Consent and Opt-Outs. The review makes a number of recommendations to the Department of Health, and to Government bodies, including proposals for new data security standards for the NHS and social care, a method for testing compliance against the standards, and a new opt-out consent model.

The report also recommends that the Government should consider introducing stronger sanctions to protect anonymised data, including criminal penalties for deliberate and negligent re-identification of individuals. This is in line with a recommendation made in the Council’s own report on the ethics of biological and health data, published in February 2015.

The review puts forward an ‘eight-point’ model for consent and opt-out, including that people can opt-out of sharing their personal confidential data except for their direct care, and even if opted out, people can still consent to their use of data in specific research projects. Whilst the Council is supportive of offering people a genuine opportunity to opt out, its own report advises against putting too much emphasis on consent as a mechanism to protect the interests of individuals. Appropriate governance based on a deeper understanding of the privacy norms and public interests at stake, is equally important. This requires continuing public participation and meaningful forms of accountability.

In the review, Dame Fiona stresses the importance of engaging the public about how their information is used and safeguarded, and the benefits of data sharing. She recommends that the next step should be a wide-ranging, public consultation on the opt-out model proposals. The Council believes that public involvement should be at the centre of data initiatives from the earliest stages, allowing people’s interests and values to be expressed, transformed and reconciled and engaging them more closely, helping to earn trust. Dame Fiona previously referred to the Council’s work and the importance of public dialogue, when setting out her priorities as National Data Guardian in September 2015.

The review conducted evidence sessions and interviews with key organisations and stakeholders, including patient representative groups, GPs and other clinicians, commissioners and providers of health and social care services, researchers and the Information Commissioner’s Office (ICO). The Nuffield Council hosted a roundtable on data security, discussing interim findings of the review, new approaches to consent options and implementation with Dame Fiona and the review team and a range of stakeholders in December 2015.

The Care Quality Commission has also published a review of data security within the NHS: ‘Safe data, safe care’. Following the publication of the reviews, George Freeman MP, Parliamentary Under Secretary of State for Life Sciences, issued a written statement to Parliament announcing a public consultation on the new data security standards and proposed consent/opt-out model in Dame Fiona’s review. The consultation will run until 7 September 2016.

Find out more about the Council’s work on biological and health data.