Earlier this week the flop that was the care.data initiative was finally scrapped for good. Having cost the NHS big – both in terms of money and human resource – it was decided enough was enough.

While that news was surely celebrated by GP practice managers up and down the country, another data exercise was quietly announced, conveniently masked, some may say, while the Chilcot enquiry was being announced.

In a nutshell the move, announced by National Data Guardian Dame Fiona Caldicott in a report provisionally accepted in full by health secretary Jeremy Hunt, GP practices should prepare for more stringent CQC inspections that are all to do with data security standards.

The CQC says that GP practices will undergo ‘strengthened’ inspections on information governance, with practices having to ‘demonstrate clear ownership and responsibility for data security’. That means practice data security will be audited to the same level as their clinical and financial standards – with 10 new data security standards to be adhered to.

The CQC report states that:

• Practice audits should be in place to ensure new data security standards are met
• Every organisation should demonstrate clear ownership and responsibility for data security, just as it does for clinical and financial management and accountability;
• Arrangements for internal data security audit and external validation should be reviewed and strengthened to a level similar to those assuring financial integrity and accountability;
• It will amend its inspections to include assurance that appropriate validation against the new data security standards have been carried out, and make sure inspectors involved are appropriately trained.

The report calls for a “much more extensive dialogue” with the public about how their data is shared and suggests a new model of patient consent. This would allow patients to opt out of either of the following, or both:

• Personal confidential information being used to provide local services and run the NHS and social care system (For example, by NHS commissioners or providers to assess the standards of services);
• Personal confidential information being used to support research and improve treatment and care (For example, a university or commercial organisation using NHS data for health research).

More unnecessary paperwork

As has been pointed out on the Practice Index Forum, this looks like being nothing more than an additional and unnecessary piece of red tape – and another job for practice managers to complete.

“Given that we already do the IG Toolkit every year, this is a barn door piece of duplication which will impose yet more work on general practice,” one practice manager commented.

And that practice manager may be right. After all, the IG Toolkit is described by the NHS as an online system which allows organisations to assess themselves or be assessed against Information Governance policies and standards. It also allows members of the public to view participating organisations’ IG Toolkit assessments.

Given all of the above, there is a thread on our forum that we’ll use, with your support, to lobby the powers at be and try to encourage some common sense.

Or head along and voice your opinions to the Department of Health.

We’ll keep you up-to-date with progress as and when we have some news.

———————————-

Trending topics in the forum:

Benchmarking survey
Staff with tattoos
Caller ID