Systems delivered by NHS Connecting for Health will provide the alert data and tools for reviewing alerts, but detailed monitoring arrangements and assessment of follow up actions are the responsibility of local national health service organisations and individual Caldicott Guardians.
Staff who breach patient confidentiality are subject to disciplinary measures and the legal penalties provided under the Data Protection Act, and professional staff risk losing their licence to practice. There is no evidence that breaches currently happen other than very exceptionally. We expect this to continue to be the case when systems are deployed that have the ability to audit behaviour.
Only a small number of alerts are therefore expected, and we anticipate that Caldicott Guardians, or their delegated representatives, will be able to monitor all alerts raised to them.
(2) which NHS suppliers will have access to the secondary users service; and what terms and conditions will govern such access.
[holding answer 9 May 2008]: The terms and conditions are being agreed but include, for example, limitations on the disclosure of data to third parties and the copying of data, and termination and liability clauses in the event of unauthorised disclosure of personally-identifiable information. There will also be a right of audit to verify adherence to the terms and conditions, which will be the key condition determining permission to access for those wishing to use the service.
When finalised, the terms and conditions will be published.