BCS, The Chartered Institute for IT has called for a greater role for patients in information governance.
While welcoming the recommendations made in the recent Caldicott 2 Review report, BCS Health says several issues need to be addressed.
In its response to the review, BCS is calling for a greater role for patients in information governance, and a move to the widespread use of "privacy enhancing technologies" to avoid the need for duplicating identifiable data outside the care providers that create it.
Also, where such data is stored centrally, the BCS wants tighter governance and more transparency from the "safe havens" holding it.
Dame Fiona Caldicott led an independent panel of experts reviewing patient information governance practice in the NHS, and the final report, referred to as Caldicott 2, was published at the end of April 2013.
The panel’s “overarching aim has been to ensure that there is an appropriate balance between the protection of the patient or user’s information, and the use and sharing of such information to improve care", said Caldicott.
Dr Justin Whatling, chair of BCS Health, said: "Patient information governance is an increasingly important topic because of the urgent need to share and integrate patient data to improve care and care commissioning, power research and to empower individual patients.
"However, we believe there is still more that could be done in ensuring that patients play a role in the governance of their information, and to this end we have made our own recommendations to supplement those in the report.”
Ian Herbert, vice chair of BCS Health, said: "De-identifying data before it leaves its origin will greatly reduce patient concerns about unconsented secondary uses of their data, and have an insignificant impact on the ability to link data from different sources and its utility for secondary uses."
For the "relatively small number of patients who are still concerned", he said, allowing patients to opt out of their data being used for secondary purposes was appropriate. "However given the importance of patient data in care and research, we should aspire to provide more granular opt outs," said Herbert.
Patients should be able to opt out of use for research, risk stratification or service audits, rather than out of all data sharing, Herbert said.