"I'm a Caldicott Guardian!" announced my new GP proudly on my first visit to his surgery. I had just moved to Manchester to take up my responsibilities as UK Information Commissioner. It was clear that this health service professional, for one, knew a lot more about Data Protection in the NHS than I did. That was in 2009. Over the subsequent seven years, I got to learn a good deal about data protection and health as I had to deal with the misuse of patient data at all levels of the system - from local pharmacies to the health service information system itself.
Now, as Chair of Capacity - The Public Services Lab, I want to see the best possible collaboration between partners delivering health and social care services - and a larger role for local groups, charities, voluntary organisations, and social enterprises. And it's clear that data sharing, properly designed and implemented, is essential for successful innovation.
There's long been a tension between the desire to use data to improve performance in the NHS and develop new and more effective treatments, on the one hand, and concerns about privacy and the security of patients' sensitive personal information on the other. Attempts to balance the advantages and disadvantages of data initiatives haven't always convinced.
And now there is more change on the way with the General Data Protection Regulation which comes into force in the UK, and in the rest of the EU, on 25 May next year. It's not so much that the new Regulation is particularly burdensome. Rather, health and social care have a lot of catching up to do. And hoping that things will be different once the UK leaves the EU would be an illusion. Doing Data Protection properly is essential for joined-up health and social care in the 21st Century - and, particularly, if the UK expects to do business with our EU neighbours in the future.
There was widespread coverage recently of a case where things went wrong - the collaboration between the Royal Free Hospital and Google DeepMind. The Information Commissioner (ICO) found that data sharing had not been managed in accordance with data protection law. The ICO found that data could be used to help patients and still privacy could be respected; but to do that means a bit of extra thought when designing initiatives of this kind. The new GDPR rules will give patients more rights and if providers approach data in the right way everyone can benefit.
That's why Capacity - The Public Services Lab has taken the initiative in arranging a briefing event on Data Protection with the both the VCSE sector and public service commissioners in mind. It's on Tuesday 26th September from 4pm to 6.30 in Liverpool. We hope to see a good contingent of health and social care professionals there. To book your place, please follow this link. Bookings close on 15th September - so don't hang around for a second opinion!
Christopher Graham
Former Information Commissioner; Chair, Capacity – The Public Services Lab
News and blogs >
Annual Review is published Read more
We are proud to publish our Annual Review 2025.
Time to focus on our neighbourhoods Read more
Health Innovation North West Coast co-delivered a one-day ‘hackathon’ to provide North West neighbourhood teams time and space to find solutions to tricky issues impacting their services
Innovation team meets West Lancashire MP Read more
A Health Innovation North West Coast team met West Lancashire MP Ashley Dalton to outline its mission to drive the adoption and spread of healthcare innovations.
Welcome for 10-year NHS blueprint Read more
Health Innovation North West Coast has welcomed the Government’s Ten Year Plan for Health and its focus on innovation as a key factor in setting the NHS ‘back on its feet’.