It is with great sadness that we learned today of the death of Dame Fiona Caldicott.
As members of the team who supported Dame Fiona in her work as National Data Guardian for Health and Social Care (NDG), we are full of sorrow at losing our inspirational colleague. She led us with unswerving integrity, modesty and a commitment to doing her best for patients and service users. Her name is well known across our sector and beyond, but we had the added privilege of knowing her personally and holding dear the thoughtful, compassionate person behind the public profile.
Dame Fiona’s success as NDG owed a lot to her style of operation. She did not pontificate. She appointed a panel of advisers from across a range of disciplines and listened well to what they had to say before reaching a conclusion. Their loyalty to her was based on profound respect for her integrity. She empowered her staff by asking helpful questions and then trusted them to get on with the job. Her formidable intellect and exacting standards, meant that she could sometimes seem stern. But behind the business-like approach she was caring towards members of her team and supportive at times of difficulty. She always took the time to express her thanks and demonstrate gratitude for a job well done or a kindness shown. Her longevity in office gave her an apparently unfailing sense of judgement about when and how to intervene most effectively in dealings with Government departments and other organisations. She put patients and service users first. She knew outcomes were more important than headlines.
Dame Fiona was appointed to the office of NDG in November 2014 and was confirmed as the first statutory holder of the position in April 2019. However, her achievements are of much longer standing across a wide range of public life. In the field of medical confidentiality and public trust, she has been a towering presence for the past quarter of a century.
From the age of 10 she knew she wanted to be a doctor. After working initially in general practice, she took advantage of reforms that allowed part-time hospital-based training in clinical specialisms. This enabled her to combine parenting responsibilities with qualifying for membership of the Royal College of Psychiatrists and gaining appointment to senior clinical and teaching posts. She became the first woman president of the Royal College of Psychiatrists from 1993 to 1996 and was chair of the Academy of Medical Royal Colleges from 1995 to 1996.
In those roles she caught the attention of the Chief Medical Officer for England and Wales, who appointed her to lead a review of how patient information was protected. This was a time of widespread concern about how the development of IT systems might spread information about patients that had previously remained protected in doctors’ local premises. When she undertook the review, she didn’t profess any special expertise in information governance, although as a practising psychiatrist she had experience of the sensitivities of information handling. The task might have been a poisoned chalice because the Department of Health appointed 50 people to her committee with a wide range of conflicting views. But out of this complexity came a report that had a lasting influence on the theory and practice of medical confidentiality.
It established an enduring set of principles that became permanently associated with Dame Fiona’s name. The six Caldicott Principles for sharing personal confidential data established that confidential information should only be used when absolutely necessary, for a justifiable purpose, within the law and on a strict need-to-know basis.
The Caldicott report in 1997 also recommended that NHS organisations should each appoint a “guardian” to uphold these principles. NHS bodies were instructed to do this by the Department of Health in 1998. Much to Dame Fiona’s surprise, they became known as Caldicott Guardians. The role was subsequently implemented within social care and other sectors such as the police, prisons and the Ministry of Defence. There are now over 22,000 Caldicott Guardians, not only throughout Britain, but also overseas. Dame Fiona sometimes expressed mild bemusement that so many people should be called after the surname that she took from her husband.
Dame Fiona moved on from information governance to take senior positions across a wide range of public service. From 1996 until 2010 she was Principal of Somerville College, Oxford, also serving as a Pro Vice-Chancellor of Oxford University, responsible for personnel and equal opportunities. From 2009 until 2019 she was chair of Oxford University Hospitals NHS Trust, steering it to Foundation Trust status.
After stepping down from her role at Somerville, she moved back into the field of medical confidentiality in 2011, as chair of the National Information Governance Board. It was a brave thing to do since the NIGB had already been slated for abolition as part of a wider programme of Whitehall reform. When asked why she did it, she said: “I wanted to leave information governance in a good state.”
Except that she didn’t leave. In 2012-13 Dame Fiona was asked by the Government to lead a second inquiry, known as the Information Governance Review. The Government wanted this inquiry to find an appropriate balance between the protection of patient information and the sharing of information to improve care. Dame Fiona took evidence from patients, service users and a wide range of health and social care professionals, exploring the protections needed to allow information to be shared for individual care – and in anonymised form to benefit research, service planning and public health.
The main outcome was a seventh Caldicott principle to add to the other six. After hearing evidence that some over-anxious care providers were interpreting the confidentiality guidance too rigidly, she explained how the duty to share information can be as important as the duty to protect it.
The Government accepted all the 26 recommendations in her report and the Secretary of State asked Dame Fiona to set up a new independent Panel to monitor progress and provide independent advice and challenge to the whole health and care system. He strengthened this role in November 2015 when he appointed her National Data Guardian for Health and Social Care.
The highlight of her work during this period was a third formal review for the Government: the Review of Data Security, Consent and Opt-outs, which was published in June 2016. This set 10 standards of data security for health and care organisations, which formed the basis for current work across these services to strengthen cyber defences. It also recommended a new consent/opt-out model to give people a clear choice about how their personal confidential data may be used for purposes beyond their individual care. Dame Fiona did not want to encourage people to opt out and she made it clear that she would not opt out herself, but she believed that providing the opportunity was an essential step towards maintaining public trust.
Dame Fiona was delighted when Parliament passed legislation in December 2018, with all-party support, to put the NDG role on a statutory basis. In the Bill debate, many Parliamentarians paid tribute to the extraordinary contribution that Dame Fiona had made as a staunch advocate for the public interest with regards to data, which had illustrated the need for this role. She was confirmed as the first holder of this statutory office in April 2019.
Her recent work as NDG has included advice to the Government about temporary relaxation of the normal rules to permit more extensive data sharing to combat the coronavirus pandemic. Following research into people’s expectations about data sharing, she has also added a new, eighth Caldicott principle, putting a responsibility on professionals to inform patients and service users about how their confidential information is used. This built on a theme that Dame Fiona had been developing in speeches and articles over recent years. She advocated that a range of steps should be taken to ensure no surprises for patients and service users, so they could have clear expectations about how and why their confidential information is used, and what choices they have about this. The wording of this eighth principle was finalised after consultation and published on 8 December 2020.
Dame Fiona had her 80th birthday in January 2021. Until the final days, when she became unwell, she maintained an energetic workload. She was preparing to complete her extended term as NDG at the end of March 2021 and wanted before then to make the first use of her statutory powers to enhance the authority of Caldicott Guardians. After public consultation, that work is far enough advanced to be implemented over the coming weeks as a permanent part of her legacy.
She concluded a blog posted on this site on 8 December by saying: “As we … think about what data use should look like in a post coronavirus landscape, we must continue to listen to the public. We have already begun to see emerging evidence, which suggests that people are becoming more knowledgeable about the importance of health and care data, and more accepting of its use. We now have an opportunity to build on this growing awareness. And at this time, transparency will be key to providing the reassurance that earns confidence. We must make a concerted effort to engage with the people whose data we hold before making important decisions about it.”
Dame Fiona is survived by her husband Robert Caldicott and daughter Lucy.
Written by John Carvel on behalf of the NDG panel and office team.