PART 1
(OPEN TO THE PUBLIC)
ITEM NO
REPORT OF THE LEAD MEMBER FOR
COMMUNITY & SOCIAL SERVICES DIRECTORATE
TO THE CABINET BRIEFING
ON
9th JULY 2002
TITLE: IMPLEMENTING THE CALDICOTT STANDARD INTO
SOCIAL CARE
RECOMMENDATIONS: Cabinet is recommended to:
i)
note the requirements placed on the Community & Social
Services Directorate in respect of the Caldicott standard
ii)
note the work undertaken to date in progressing compliance
EXECUTIVE SUMMARY: The Caldicott standard in respect of the
security and confidentiality of personally identifiable information is being
introduced into Social Services Departments, according to a set
framework and accompanied by a given work programme.
BACKGROUND DOCUMENTS
(Available for public inspection): Local Authority Circular LAC(2002)2
‘Implementing the Caldicott Standard into Social Care’
CONTACT OFFICER: Josette Phillips 793 2242
WARD(S) TO WHICH REPORT RELATE(S): All
KEY COUNCIL POLICIES:
DETAILS
Introduction
Dame Caldicott’s review of personally identifiable information in 1997
recommended that ‘Guardians’ of personal information be created to
safeguard and govern the uses made of confidential information within
NHS organisations.
In 2001 it was agreed by the Department of Health to extend the Caldicott
standard into Councils with Social Services Responsibilities (CSSRs) in
order to provide a good foundation for joint working between Health and
Social Services, and to help support the fulfilment of the many joint
strategies across the children’s and adult services.
The Data Protection Act 1998 is the key legislation covering all aspects
of information processing, including security and confidentiality of
personally identifiable information. The Caldicott requirements provide a
framework to operationalise the Data Protection Act and underpin
appropriate information sharing.
The Caldicott principles in respect of information sharing are:
 Formal justification of purpose
 Identifiable information transferred only when absolutely
necessary
 Only the minimum required
 Need to know access controls
 All to understand their responsibilities
 Comply with and understand the law
The critical rules are:
 Personally identifiable information must be kept secure and
confidential
 Aggregated data must not be traceable back to the individual
The Department of Health is currently giving consideration to how it
might be possible to extend implementation of the standards across other
local authority functions in due course.
Background
All CSSRs were expected to appoint a Caldicott Guardian by 1 April
2002, a later date than initially proposed. The Caldicott work programme
is prescribed within the Local Authority Circular ‘Implementing the
Caldicott Standard into Social Care’. The Guardian’s first task is to
undertake an audit of existing systems, procedures and organisational
capabilities relating to confidentiality and security in the organisation.
This is developed into a stock-take report and improvement plan, both of
which are necessary to comply with Caldicott.
The management audit requires current performance to be rated from 0-2
against eighteen broad headings, constructing an organisational profile.
A steering Group was established in January 2002 with representation
from all divisions in order to oversee the work that is required.
Management Audit
The Management Audit stock-take report is attached as Appendix 1.
Current Performance/Initial Improvement Plan
The current performance/initial improvement plan is attached as
Appendix 2.
Conclusions
The Community & Social Services Directorate must progress the
improvement plan in respect of the Caldicott standard in order to comply
with the requirements of the Department of Health.