皇冠体育app

Attendees

Panel members

• Dr Nicola Byrne (chair)
• Dr Joanne Bailey
• Dr Natalie Banner
• John Carvel
• Dr Edward Dove
• Dame Moira Gibb
• Sam Bergin Goncalves
• Dr Fiona Head
• Mr Adrian Marchbank
• Maisie McKenzie
• Eileen Phillips
• Rob Shaw
• Jenny Westaway
• Professor James Wilson

Office of the National Data Guardian team

• Ryan Avison
• Dr Helen Bauckham
• Dr Vicky Chico
• Layla Heyes
• Karen Swift

Guests

• Timir Goswami 鈥� NHSE
• Louise Greenrod - DHSC
• Mark Gubby - NHSE
• John Hodson - NHSE
• Shaid Hussain 鈥� NHSE
• Gareth James - DHSC
• Katy Lindfield - NHSE
• Tom Lymn - DHSC

1. Welcome, apologies, and declarations of interest

National Data Guardian (NDG), Dr Nicola Byrne, chaired the meeting.

• Apologies were received from Professor Ian Craddock and Dr Arjun Dhillon.
• Dr George Fernie, Vice-chair of the UK Caldicott Guadian Council, attended as an observer.
• This was the final panel meeting for members Dr Joanne Bailey, Eileen Phillips, and Sam Bergin Goncalves, and the NDG thanked them for their support. 皇冠体育app NDG also confirmed that panel member Dr Edward Dove will be leaving panel in September 2024.
• Dr Nicola Byrne confirmed she has been re-appointed for a second term as National Data Guardian. 皇冠体育app term lasts three years, from 17 March 2024 to 16 March 2027.
• 皇冠体育appre were no conflicts declared.

2. Minutes from previous meeting, actions, and decisions

Panel members accepted the minutes from its 16 January 2024 meeting as an accurate record. One minor amendment was highlighted under item 4 to be corrected before publication.

Head of the Office of the National Data Guardian (ONDG), Ryan Avison, confirmed that there are no open actions. 皇冠体育appy were all completed prior to this meeting.

3. Key updates

Ryan Avison led the key updates, providing a summary of key ONDG activities since the last panel. Other ONDG members also contributed.

3.1 New member of staff in the ONDG

Following their appointment, a new privacy specialist will join the ONDG team in April.

3.2 Federated Data Platform information governance arrangements

皇冠体育app NDG met with NHS England to discuss the information governance (IG) documentation for both the Federated Data Platform (FDP) and its associated privacy enhancing technologies (PET). 皇冠体育app FDP programme has committed to engaging closely with the Information Commissioners Office (ICO) and NDG as it develops its overarching information governance documentation for the programmes. 皇冠体育app NDG appreciates the commitment to engage the NDG and the ICO on the development of these documents and recognises that the FDP team is working at pace to meet demanding timelines.

3.3 Reasonable Expectations project update

Helen Bauckham, Project Manager in the Office of the National Data Guardian (ONDG), provided a recap of the Reasonable Expectations project, outlining the timeline, key personnel involved, and anticipated project outputs.

Helen updated panel on the recently completed co-design phase of the project. She explained that the co-design phase had exceeded the initial timeline expectations. However, she emphasised that this extension was essential to ensure the accuracy of the materials with the partner programmes before advancing to the public deliberation phases. 皇冠体育app communication materials are currently being developed by the research supplier design team at Thinks Insight and Strategy to transform the content into leaflets for each partner programme, focusing on formatting and design aspects.

Helen explained that the research supplier is currently developing the first draft of the workshop materials, designed to guide constructive, meaningful discussions capable of delivering the required outputs. 皇冠体育appse materials will be shared with the wider project team for review and feedback.

A panel member, and expert member of the project鈥檚 working group, expressed concerns about not having had the opportunity to review any materials for the deliberative workshops and focus group stages. 皇冠体育appy emphasised the importance of having a detailed plan for these phases, and allowing sufficient time for review, deliberation and development with the wider project team. Helen and Vicky Chico explained that the primary focus to date had been on ensuring the accuracy of communication materials for testing with partner programmes. In the future, the office project team will work closely with the research supplier to develop strategies for running the deliberative workshops and focus groups and gathering feedback on the workshop materials.

4. Data Security and Protection Toolkit and Cyber Assessment Framework

Mark Gubby, Timir Goswami, John Hodson, and Shaid Hussain from NHS England (NHSE) and Katy Lindfield from the Department of Health and Social Care (DHSC) joined the panel meeting as guests. 皇冠体育appy were invited to discuss NHSE and the DHSC鈥檚 plan to implement the Cyber Assessment Framework (CAF) within the Data Security and Protection Toolkit (DSPT).

皇冠体育appir discussion paper outlined:

• How the health and care CAF presented in the DSPT will build on the success of the National Data Guardian鈥檚 10 data security standards (NDG standards).
• A proposal for a phased withdrawal of the NDG standards, supported by the adoption of minimum expectations that the CAF sets standards which are more robust or at least as stringent as those currently set through the DSPT, thereby maintaining and strengthening the underlying objectives of the NDG standards.

皇冠体育app NDG reiterated that the introduction of the 10 data security standards across the NHS was an outcome of the . 皇冠体育app standards were not published as official guidance, although the review鈥檚 recommendations were accepted by the government in 2016.

Panel members discussed the key themes from the presentation and made several observations. 皇冠体育appy thought that moving to an outcomes-based model could be a more meaningful tool to help measure and mitigate risks, where the emphasis would be on good decision-making and not what ticks a compliance box. Panellists appreciated that what people are required to do under the CAF framework will remain constant and stable for many years, with only the minimum achievement level varying from year to year. This stability is important as it will enable organisations to plan better to meet their responsibilities.

Panel members were reassured that a health and care CAF overlay would be embedded within the DSPT, adding further outcomes in a custom section on 鈥榰sing and sharing information appropriately鈥�. This will ensure that the data protection, confidentiality, and other information governance issues will continue to be fully covered in the DSPT. Panel members were reassured that NDG standards had been considered and mapped to this new overlay. However, the panel noted that during the review process that led to the 10 NDG security standards, it was found that data breaches were caused by people, processes and technology, and strong leadership was essential to address these issues. As a result, the standards were clustered into leadership obligations. 皇冠体育app panel members raised concerns about how the leadership element of the NDG standards would be maintained and whether it would be given less importance by embedding the standards in a CAF overlay.

皇冠体育app panel members believed that stakeholder communication would be essential and recommended that the NDG should issue a joint public statement with colleagues from NHSE and DHSC. 皇冠体育app statement should explain why NDG is supporting the adoption of the new CAF-aligned information standard. 皇冠体育app panel also suggested it would be crucial for the NDG to make it clear that the change is an 鈥榚volution鈥� of the existing standards and not a 鈥榳ithdrawal鈥� of the NDG standards.,

皇冠体育app NDG and her panel thanked the NHSE and DHSC representatives for attending the meeting.

24.03.12/4.1:聽 皇冠体育app ONDG to consider with NHSE/DHSC how the leadership elements of the NDG standards will be maintained through the proposal and to look at drafting a joint statement on the evolution of the NDG standards.

5. National Data Opt-Out (NDOO) reform paper

Louise Greenrod and members of the DHSC/NHSE Joint Digital Policy Unit鈥檚 Data Policy Team attended the NDG鈥檚 Panel meeting to update on current plans for the reform of the National Data Opt-Out (NDOO).

皇冠体育appy confirmed that they will use the they are running later this year to engage members of the public on the subject. 皇冠体育appy explained that the public engagement exercise is intended to cover a wider range of topics than just opt-out 鈥� and in particular to meet the public engagement commitments made in the 2022 Data Saves Lives Strategy. 皇冠体育app DHSC and NHS England are jointly leading the engagement work and will establish a steering group to advise on it.

A discussion about the complexity and constraints of the existing NDOO model followed. With a specific reference to opt-out, panel members expressed a concern that the objectives of the public engagement exercise, as currently drafted, may not be clear or well-defined enough to prompt useful 鈥榓ctionable鈥� feedback from participants. 皇冠体育appy suggested that the scope should be narrowed, or that more clearly defined options for opt-out reform should be presented to the public for discussion. 皇冠体育app DHSC Data Policy Team acknowledged these points, noting that this was an early opportunity for input ahead of the design phase of the public engagement work and that they are keen to engage further as the work progresses.

皇冠体育app NDG and her panel thanked the DHSC representatives for attending. 皇冠体育app ONDG will continue to engage with the DHSC and NHS England representatives and report back to panel as plans for the public engagement exercise progress.

6. Any other business

No further points were raised