"I'm a Caldicott Guardian!" announced my new GP proudly on my first visit to his surgery. I had just moved to Manchester to take up my responsibilities as UK Information Commissioner. It was clear that this health service professional, for one, knew a lot more about Data Protection in the NHS than I did. That was in 2009. Over the subsequent seven years, I got to learn a good deal about data protection and health as I had to deal with the misuse of patient data at all levels of the system - from local pharmacies to the health service information system itself.
Now, as Chair of Capacity - The Public Services Lab, I want to see the best possible collaboration between partners delivering health and social care services - and a larger role for local groups, charities, voluntary organisations, and social enterprises. And it's clear that data sharing, properly designed and implemented, is essential for successful innovation.
There's long been a tension between the desire to use data to improve performance in the NHS and develop new and more effective treatments, on the one hand, and concerns about privacy and the security of patients' sensitive personal information on the other. Attempts to balance the advantages and disadvantages of data initiatives haven't always convinced.
And now there is more change on the way with the General Data Protection Regulation which comes into force in the UK, and in the rest of the EU, on 25 May next year. It's not so much that the new Regulation is particularly burdensome. Rather, health and social care have a lot of catching up to do. And hoping that things will be different once the UK leaves the EU would be an illusion. Doing Data Protection properly is essential for joined-up health and social care in the 21st Century - and, particularly, if the UK expects to do business with our EU neighbours in the future.
There was widespread coverage recently of a case where things went wrong - the collaboration between the Royal Free Hospital and Google DeepMind. The Information Commissioner (ICO) found that data sharing had not been managed in accordance with data protection law. The ICO found that data could be used to help patients and still privacy could be respected; but to do that means a bit of extra thought when designing initiatives of this kind. The new GDPR rules will give patients more rights and if providers approach data in the right way everyone can benefit.
That's why Capacity - The Public Services Lab has taken the initiative in arranging a briefing event on Data Protection with the both the VCSE sector and public service commissioners in mind. It's on Tuesday 26th September from 4pm to 6.30 in Liverpool. We hope to see a good contingent of health and social care professionals there. To book your place, please follow this link. Bookings close on 15th September - so don't hang around for a second opinion!
Christopher Graham
Former Information Commissioner; Chair, Capacity – The Public Services Lab