The Caldicott Principles were introduced to make sure that patient information stored across the NHS is protected and information that could identify patients is only accessed when appropriate to do so. There are currently seven principles; six of these have been around since 1997 with the seventh added in 2013. They are all still very relevant today. Protecting patient identifiable information has been an important function within Achiever Medical since its creation. As such, adhering to the Caldicott Principles is something that we have striven to do within the product. Outlined below are some of the ways in which Achiever Medical helps you meet the Caldicott Principles.
1. Justify the purpose(s) of using confidential information
Achiever Medical uses its system filters and data encryption tools to protect and strictly control your sensitive and confidential data. Through these, for example, only permitted users can see patient identifiable information.
The software encrypts all patient identifiable data (PID) before it is saved into the database. You can only see patient identifiable information through the Achiever interface; even if you are a database administrator.
A Security Officer grants you access to patient identifiable data within the software. You set up a Security Officer for each project – this may be the same person for each project. The Security Officer will review your need to access patient details in line with your project role and the ethics oversight for that project. If deemed appropriate, the Security Officer will grant you access for that project, so you will only see the PID for patients linked to that project.
2. Only use it when absolutely necessary
Achiever Medical operates on the basis that in practice most users do not require access to patient identifiable information. Even when granted high-level access to a project, e.g. as a Principal Investigator, you do not automatically have visibility of patient identifiable data. The Security Officer grants access on a need-to-know basis only.
3. Use the minimum that is required
You can store donors in Achiever Medical with no identifiable data at all. You can simply allocate a Donor ID in Achiever Medical that corresponds to a number in a separate system in which you manage the PID. Where you can use this “linked anonymisation” technique is when the software is hosted outside the NHS N3 network but is used by NHS staff. In this case, you can verify a donor’s ID using a hospital management system and then store the samples and redacted informed consent in Achiever Medical. This approach makes sure you do not breach this principle and you can confidently continue to use the other Achiever Medical features.
If you are not storing patient identifiable data in Achiever Medical, then you can easily hide or remove any identifiable data fields from the system.
4. Access should be on a strict need-to-know basis
You can only see identifiable information if you need to see it. Even if you are the Human Tissue Act (HTA) Person Designate, you do not automatically have access to it. In addition, even if you do need to see it e.g. as a clinic nurse taking informed consent, you can only access those donors linked to the project you are working on. All other donors, even if visible, are anonymised.
5. Everyone must understand his or her responsibilities
Achiever Medical will prompt you on the importance of handling data securely and sensitively through its workflows. In addition, its automated email alerts can highlight any potential issues.
You can also record your Standard Operating Procedures (SOPs) and lab role responsibilities and policy documents in Achiever Medical. You can store this as linked documents attached to the projects to which the processes and policies relate. Having the latest versions of this documentation just a button click away makes it easier for everyone to understand their responsibilities.
6. Understand and comply with the law
Every use of PID must be lawful. Achiever Medical assigns a mandatory Oversight Officer to each project that contains biological samples that are subject to the HTA. This Oversight Officer is the HTA Person’s Designate (PD) who is responsible for the project’s work. That person must approve the project (including the project staff, their roles and each member’s access to PID). They also have responsibility for monitoring effective compliance.
In addition, Achiever Medical has standard workflows such as Consent Withdrawal functionality to help you meet the Caldicott Principles. You can be sure by using these workflows that you are consistently following and capturing information that is legally required. The software automatically audits these processes and gives your Oversight Officer the necessary data to confirm compliance or highlight any non-conformance for swift resolution.
7. The duty to share information can be as important as the duty to protect patient confidentiality
Achiever Medical gives you easy access to the patient’s consent details so you can be confident that you can use their information for a specified purpose. In addition, you can store your SOPs in the system. This allows you to access information on best practice and in-house processes and be confident in your use of your data.
Achiever Medical promotes the sharing of data on a need-to-know basis. Information should be accessible to those who need it, in a manner that is secure and permitted. Achiever Medical’s combination of roles, profiles and encryption allows you to easily enforce these rules.
Final thoughts about how Achiever helps you meet the Caldicott Principles
Achiever Medical helps you meet the Caldicott Principles to protect patient identifiable information. It gives you maximum visibility of your SOPs, legal regulations and company policies within the system that gives you confidence about your roles and responsibilities. The system protects patient identifiable data at several levels to ensure you can only see it if you have the relevant permissions. You can control who can see what. Your Security Officers have a set of tools to allow them to easily grant access to patient identifiable data for specified donor groups to individual team members.
The result is that you can knowledgeably and confidently carry out your work on an appropriately restricted sets of patients. Further, you can be sure that you are working efficiently with only the data you need to do your job.
- What are the Caldicott Principles – https://www.igt.hscic.gov.uk/Caldicott2Principles.aspx