Abstract
Caldicott Guardians have been in existence for over 10 years, and during that time the conflicts between respecting confidentiality and the need for agencies to share information have continued to be raised in a number of high-profile public cases. Christopher Fincken, Caldicott Guardian of an acute hospital and a member of the UK Council of Caldicott Guardians gives his individual account of the practical and philosophical problems encountered and offers some personal reflections on the evolution of the role.
Horns of a dilemma
I can clearly remember when I was at school, a long time ago; a small wooden shield, in the biology laboratory on which were mounted the twin horns of some unfortunate animal and neatly hand written underneath was a label in black ink reading ‘Horns of a Dilemma’. I didn't understand the subtlety at the time but over the years this gentle but inspired practical joke, has come to haunt me almost every day as I am routinely invisibly and uncomfortably butted by this mystical animal.
The role of Caldicott Guardians
As a Caldicott Guardian for nearly 10 years at an acute hospital located in a city but also serving a large rural population, I have seen the role of the Caldicott Guardian develop. Dame Fiona Caldicott's report, published in 1997, raised widespread concerns and had as a major focus the use of patient identifiable information for purposes not directly connected with patient care. The appointment of Caldicott Guardians, the adoption of the Caldicott principles and the introduction of the Caldicott Guardian Manual started to embed ‘Caldicott’ within the structures first of the NHS and then of other organizations. Over the ensuing years the role has evolved and matured and now frequently covers not just the use of patient identifiable information for non-clinical purposes but increasingly all issues related both to confidentiality and information sharing. The role of ‘Conscience of the Organization’ is in the job description, but is difficult to define and perhaps impossible to measure. I believe this element means speaking out on issues of importance and principle, even when on occasions it is not always popular to do so! Unfortunately sometimes Caldicott Guardians have to say ‘No’ when asked for permission to use patient information but this is often because the request has not been well thought through or is poorly worded, and the Guardian may be able to suggest alternatives to which they can agree. It is important that Caldicott Guardians are not just approachable but engaged with their role and have a high profile, so everyone knows who the Caldicott Guardian is in their organization, and how and when they should be contacted.
Confidentiality in the modern world
Awareness of confidentiality issues has been significantly raised in recent years, not least by Caldicott Guardians. The introduction of confidentiality clauses in contracts of employment, and confidentiality codes of conduct has encouraged staff to be much more careful about sharing information appropriately. One of the unintended consequences of this has been that because staff are anxious about potential disciplinary action against themselves they may tend to refuse to disclose information to ‘protect confidentiality’ under circumstances where it would be appropriate to share.
From ancient times the principle of confidentiality has been known and understood, but in recent years technical developments have raised new ethical and practical questions about how both individual members of society and professionals working within that society deal with ‘confidentiality issues’. Hippocrates wrote in 400 BC ‘All that may come to my knowledge in the exercise of my profession or in daily commerce with men, which ought not to be spread abroad, I will keep secret and will never reveal’. This honourable ethical lineage is not to be disparaged but we do not live in ancient times, Hippocrates did not have to reconcile issues of child protection or provide assurance of compliance with the Data Protection Act, his values were different at least in part from ours, for instance we no longer find the keeping of slaves socially acceptable.
It is our society that has decided both that slavery is unacceptable and that confidentiality of an individual's information is not absolute. We expect, indeed require, organizations to share information in child protection and similar cases. However, in other cases it is not mandatory (for example in issues of domestic violence) but only ‘permitted’ it, therefore, inevitably means that someone, often the Caldicott Guardian will have to make a judgement about whether to share information and if so; how much? It cannot be ‘ethically’ justified, if we hold information that we know could prevent serious harm to others and yet knowingly decide not to share it.
In our modern world a compromise has to be struck between sharing information, to provide better services, care for the individual and confidentiality. Elements of this compromise include the safeguards that are embedded in systems, technically controlled with password and audit trails and most importantly by a culture of confidentiality and security.
Confidentiality is sometimes pragmatically described as being about ‘keeping people's secrets safe’. The problem from an organizational perspective is that perceptions about what is ‘a secret’ are a personal matter. A patient with a hip replacement may consider their condition not to be a secret and be quite happy to talk to everyone in their local pub about it; a patient with a sexual or mental health problem is unlikely to be so unconcerned. For some, even the confirmation that they are a service user/client/patient may be considered as a gross breach of their confidentiality. It is, therefore, usual practice to treat all information as being potentially confidential unless the individual gives consent for that information to be shared. Legally though, confidentiality is not about others' perceptions of what are people's secrets. As its Latin origin suggests it is about fidelity that is ‘trust’ in the non-disclosure of anything conveyed as part of the doctor–patient relationship, whether or not it is of a private nature.
The issue of trust is central to understanding the concept of confidentiality and privacy. Even within a single GP practice, patients will often prefer to see a particular GP because they trust them. In issues of consent this is particularly important, for sometimes a patient when asked to make a choice or give consent will say something like ‘I don't know, you decide for me’ – implicit in this exchange is the individuals trust in the professional, seeing them first and foremost as another individual.
Maintaining confidentiality
In practice there are so many complex policies, protocols, guidelines that confusion can be engendered and consequently there can be a lack of clarity about exactly what information can be disclosed to whom and under what circumstances. Whether it be how much, if any, information can be disclosed to a mother enquiring by telephone about her son, a hospital patient, to know whether he has been seriously injured in a road traffic accident, or an informal enquiry from the police about a patient in ITU. Individuals (patients, service users, clients) are all perceived to have a right of confidentiality, and yet many individuals now complain that confidentiality is sometimes being used by professionals as an excuse for not communicating or sharing information and this is reflected in the increasing number of complaints about ‘not sharing information’.
One of the key elements in making a judgment is that of proportionality, in this the Caldicott principle of ‘using the minimum amount of information’ is clear. The difficulty is that in a given situation, it is not always clear what the minimum either is or should be. In terms of information-sharing, this is a major issue as it will not always be clear from the outset where the line should be drawn as to what is required. That it should be ‘the minimum necessary’ may be understood as an intellectual concept, but the reality is that often the relevance of information only becomes apparent when set in the context of information held by other agencies.
It is important for all professionals to recognize that compliance with their duty of confidentiality is not their only obligation and that under relevant circumstances (like child protection cases), it is recognized that both organizations and individuals have a professional responsibility to share information and that this duty outweighs the duty of confidentiality owed to the individual. If an organization holds information about an individual that could be shared appropriately to protect either the individual or others from harm, it becomes an ethical dilemma; as any decision to withhold information, may then become a contributory factor to harm being caused.
It should be clear to all those staff involved:
what information they can share and under what circumstances; what information they cannot share and under what circumstances; what they should do if they are not sure or are challenged, who they can ask and how and to whom the matter should be escalated. volunteered by the individual: it may be sensitive, non-sensitive, or the deepest darkest of secrets, e.g. the patient may confide he has engaged in unprotected sex with a prostitute. The individual already knows this information so it can't come as a surprise to them; information ‘discovered’ by professionals: this information was previously unknown to the individual, e.g. the patient has motor neurone disease, cancer, or is going blind; some information may be known by the individual: ‘I had a fall and my hip now hurts’ and this may be added to by professionals after tests who can confirm that the patient has broken their hip. This is ‘composite information’ with each part of the total picture being supplied by different sources becoming ‘established information’.
It may also be useful to recognize that information is not homogenous and may come from a variety of sources and have multiple contents; it may be:
The Caldicott Guardian manual gives general advice on the application of the Caldicott principles, but experience has indicated that the range of issues coming to Caldicott Guardians is immense, and is not covered in detail by that document. Individual guardians may feel confident in their abilities to ‘deal with’ a wide range of issues, but there may be a lack of published guidance on a particular topic. Consequently an individual Caldicott Guardian in one organization may interpret the principles in one way, for example believing in a particular case that an individual's information should remain confidential, whereas another Caldicott Guardian might believe that interests of public safety outweighed the individual's right to confidentiality.
Most ‘confidentiality issues’ are resolved at grass roots level and only escalated to Caldicott Guardians in complex cases. This escalation process means that many Caldicott Guardians will only have to deal the difficult problems that no one else has been able to resolve and consequently may feel that they are having to rely on their personal judgment to a large extent. Caldicott Guardians are relied upon to give clear and sound leadership. The UK Council of Caldicott Guardians is the central body for all Caldicott Guardians and provides guidance when requested to individual Guardians raising queries or seeking advice.
Therefore, the challenge for Caldicott Guardians is that they are the ones who carry the onerous responsibility, under certain circumstances, of deciding whether or not it is appropriate to risk an individuals trust by making a judgment to share an individual's information without their consent. It is the guardian's authority that decides where to strike the balance between maintaining the individuals' confidentiality and privacy, and wider considerations such as protection from harm, acting in what is believed to be in the individuals' best interest or setting aside the interest of the individual in the interests of third parties or society at large.
It is a contentious role and frequently challenging to find not a ‘right answer’ but ‘the best possible solution under the circumstances’ or even in dire cases the ‘least worse option’. All decision-making processes and considerations should be recorded and documented.
In almost every case there is a judgment to be made, carefully weighing issues of patient confidentiality against the need to share information, sometimes the balance is clear but frequently it is not. The issues may be both complex and finely balanced and then the horns of the dilemma really make their presence felt.