National Data Guardian for Health and Social Care

The National Data Guardian for Health and Social Care is an independent, non-regulatory, advice giving body in England sponsored by the Department of Health and Social Care. Dame Fiona Caldicott had held the position on a non-statutory basis since its inception in November 2014. She was appointed the first statutory National Data Guardian in March 2019 following the introduction of the Health and Social Care (National Data Guardian) Act 2018, and remained in post until her death in February 2021. Dr Nicola Byrne was appointed to the role in March 2021 by the Secretary of State for Health and Social Care.

Role
The National Data Guardian provides guidance to the UK Government and the health and adult social care system on data confidentiality, security and patient data choice. Its role is to advise and challenge the health and social care system to help ensure that citizens’ confidential information is safeguarded securely and used properly to support direct care and achieve better outcomes from health and care services.

As a non-regulatory body, the National Data Guardian does not issue or enforce sanctions; it works with existing regulators such as the Information Commissioner’s Office and the Care Quality Commission where this is required.

Health and Social Care (National Data Guardian) Act 2018
A Private Members' Bill to place the National Data Guardian role on a statutory footing was introduced to Parliament in 2017. The Health and Social Care (National Data Guardian) Bill 2017-19 was sponsored by Member of Parliament Peter Bone.

A consultation on the roles and functions of the National Data Guardian was held in 2015 in preparation for the Bill's drafting.

The Bill received Royal Assent on 20 December 2018 and is now an Act of Parliament. The Health and Social Care (National Data Guardian) Act 2018 gives the National Data Guardian role formal, advice-giving powers on matters related to the processing of health and adult social care data in England.

Review of Data Security, Consent and Opt-outs (published July 2016)
In September 2015, the Secretary of State for Health Jeremy Hunt asked the National Data Guardian and the Care Quality Commission conduct a formal review into data security and use, delivering as its outcomes: recommendations for new data security standards for health and care; a method for testing compliance against the standards; and a new consent or opt-out model for data sharing in relation to patient confidential data.

The National Data Guardian's Review of Data Security, Consent and Opt-outs was published in July 2016. It made 20 recommendations, including the introduction of 10 national data security standards for health and care and a new tool for measuring performance against them.

The Care Quality Commission published its report Safe Data Safe Care in tandem.

The Government's 2017 response, 'Your Data: Better Security, Better Choice, Better Care, accepted the recommendations and reported on plans to deliver against them, including the development of a new national data opt-out system for patients, which was launched by NHS Digital in May 2018.

The review also led to the closure of the care.data programme by NHS England

Prior reviews by Dame Fiona Caldicott
The Review of Data Security, Consent and Opt-outs was the first formal report delivered by Dame Fiona Caldicott in her role as National Data Guardian. It is referred to as Caldicott 3, as it is her third formal report to Government on the protection and use of patient information. The first, her Report on the Review of Patient-identifiable Information is known as the Caldicott Report and was published in 1997. The second report known as Caldicott 2 was published in 2013.