TY - JOUR T1 - The use of NHS patient data: report by the National Data Guardian for Health and Care JF - British Journal of General Practice JO - Br J Gen Pract SP - 56 LP - 57 DO - 10.3399/bjgp17X688933 VL - 67 IS - 655 AU - Nigel Mathers AU - Ralph Sullivan AU - Arjun Dhillon AU - Imran Rafi AU - Amelia Bell Y1 - 2017/02/01 UR - http://bjgp.org/content/67/655/56.abstract N2 - The recent report by the National Data Guardian for Health and Care (or ‘Caldicott 3’) reviewed NHS data security, consent, and opt-outs for patients.1At the same time the Care Quality Commission (CQC) was also asked to review current approaches to data security across the NHS.2 As soon as both reports were published, care.data (NHS England’s controversial data-sharing programme) was immediately closed down.3There is little doubt that the use of large-scale health data has considerable potential to benefit not only patient care but also public health and research.4 The use of such data, however, raises great concerns about data security, patient privacy, and probably most importantly public trust, not only in the NHS but also in the relationship with their doctor. The demise of care.data was in no small part due to a loss of public trust and Caldicott 3 demands increased dialogue with the public to restore their trust. The NHS and GPs in particular, must be ‘beyond reproach’ in their use of health data to improve both direct and indirect patient care as well as contributions to public health and health research. Dame Fiona Caldicott’s review follows her previous reviews in 1996/1997 and 2013. The first of her reviews recommended six principles for the protection of people’s confidentiality (the Caldicott principles) and the second recommended an additional Caldicott principle which stated that duty to share information can be just as important as the duty to protect patient confidentiality. Caldicott 3 addresses the further issue of data security and future models of consent.As far as data security is concerned, the new Caldicott report sets out 10 standards which need to be applied in every healthcare organisation to address the three causes of data breaches: people, processes, and technology. As a way of improving … ER -