The department of health has published its response to the Caldicott review on information governance. The government’s response accepts all the recommendations of the review outlined in Dame Fiona’s report of 26 April 2013 though a substantial amount of work has to be done and clear guidance formulated.

The review confirmed that commissioners should not have access to patient confidential data (PCD) for commissioning purposes but that it should only be used for ‘direct patient care’.

Published along side the government’s response is a Guide to confidentiality in health and social care supporting users of confidential information by the Health and Social Care Information Centre (HSCIC). The guide sets out five confidentiality rules that should be observed by staff with access to patient confidential information and is supported by a reference guide which provides more detailed information for organisations and examples of good practice.

Speaking at the launch of the government’s response Kingsley Manning, the chair of the HSCIC said:

“Overwhelmingly the functions of clinical commissioning groups can be met using anonymised data”.

“We are working with NHS England to define what the requirements are for clinical commissioning groups and commissioning support units for confidential information. Our own view is that it indicates that the requirement for confidential data is very small indeed.”

Up until now commissioners have been covered by a temporary exemption under section 251 previously held by primary care trusts to allow some patient identifiable data to continue to flow to CCGs and CSUs from NHS England.

The exemption expires on 31 October 2013.

According to the government’s response this exemption is unlikely to continue (in the long term) as NHS England is looking to create ‘accredited safe havens to hold confidential information, link data sets, and release information to commissioners and others’.

A considerable amount of work remains to be done to get the Caldicott recommendations part of routine day to day practice by all health care providers. It will take a lot more to make management of information governance in the health sector less complex, confusing and less a cause of considerable anxiety.