I was recently approached by a small medical research charity for some advice.
GDPR and more
Having been alerted to the urgent need to consider how they capture, store and use personal identifiable information as required by the General Data Protection Regulations (GDPR) due to be introduced in 2018, they had also become aware of further Government principles directed at health and social care organisations.
The Department of Health – Your Data, Better Security, Better Care is the Government Response to National Data Guardian for Health and Care Review of Data Security, Consent and Opt Outs and Care Quality Commission’s Safe Data, Safe Care and came into being in July 2017.
The National Data Guardian, Dame Fiona Caldicott, was a review commissioned in 1997 following increasing concerns about the use of patient information in the NHS and the need to ensure confidentiality due to the development of IT. It established the Caldicott Principles, 6 key areas where NHS Trusts had to ensure compliance with information governance.
In 2016, a further review was commissioned which widened the scope of the Principles to all bodies involved in health and social care. The reasoning behind this is that these bodies often hold very sensitive information on their patients and clients, which is sometimes shared with other bodies, both within the NHS and outside.
Who will be affected?
This clearly has implications for several small organisations, such as care homes, social care providers and research organisations who previously have not fully considered how they handle and store data on their patients and clients.
These organisations are often working hard to provide their service, and do not have the capacity to address the issues themselves. As the organisation I supported found, these guidelines are specific to the health and social care industry, so GDPR specialists couldn’t provide the advice and guidance so badly needed.
There hasn’t been as much hype about these regulations as there is for GDPR, but compliance is every bit as important, so companies involved in health and social care and research, must ensure that they are aware of the implications and have taken steps to address them. As with everything, ignorance will not be an excuse.
Who can help?
Gill Pipkin Consulting has reviewed all the findings and recommendations, and is able to provide clear guidance on what action needs to be taken to ensure compliance.