Minutes Thursday 10 October 2019

10am to midday

Skipton House, London 232D, and Quarry House, Leeds 4W25.


Name Representing Role
Dawn Monaghan, Chair (DM) NHSX Head of IG Policy
Dame Fiona Caldicott (DFC) National Data Guardian National Data Guardian for Health and Social Care
Matthew Gould (MG) NHSX CEO NHSX
Lorraine Jackson (LJ) NHSX Deputy Director, Data Policy
Kathy Hall (KH) NHSX Director of Technology and Data Strategy
David Evans (DE) NHSX IG Policy Projects Lead
Jackie Gray (JG) NHS Digital Executive Director of IG
Juliet Tizzard (JT) Health Research Authority Director of Policy
Dr Robert Kyffin (RK) Public Health England Data & Information Policy and Partnerships Lead
Simon Richardson (SR) Care Quality Commission Information Rights Manager
Dr Tony Calland (TC) Confidentiality Advisory Group Chair of Confidentiality Advisory Group
Jonathan Bamford (JB) Information Commissioner’s Office Director of Strategic Policy, (Domestic)
Rachel Merrett (RM) NHSX Head of Stakeholder Engagement.
Jenny Firth (JF) NHSX Head of Information and Transparency
Sally Chapman (SC) NHSX Project Manager Data Sharing & Privacy Unit


Name Representing Role
N/A - -



Welcome and Introductions

DM welcomed members to this the first National Information Governance Board.

MG also welcomed the Board and outlined the need for simplified information governance so that any unnecessary barriers are removed and information can be shared to benefit patients. 

MG opened up the discussion with points raised of the need to educate GPs on data sharing; the need for guidance to be supported by standards; the need to focus on patient benefits and involve patients; and the need to consider and help address IG challenges in social care.   

JG acknowledged the need to increase standards of how the Board will work with guidance, giving consideration to the challenges within areas of law, that are not understood.

DFC agreed that the agenda of patient safety is an ideal time to embed this.

All agreed that assurance for patients/service users is key with a need to consider how to collaborate with patients/service users including in social care.

DM advised the Board that this group would need to have a risk register going forward and we should consider what those risks may be and discuss at the next board.

Collective guidance

The Board agreed that a definitive list of guidance is to be curated, noting this is a substantial, but urgent task, as many different organisations are producing guidance on issues relating to IG.  


DM - IG policy team in NHSx to produce a curated list of guidance and update on progress at the next meeting. 


Review of TOR/ Name of group/ Membership


Discussion held regarding who else should be invited to join the Board. 

All agreed that clinicians would input through the sub groups.

SR noted that the Board is missing a representative from social care. DFC supported the identification of a representative.

DM queried who in adult social care would usually sign off guidance. SR advised that not aware that anyone has statutory sign off.

DE agreed to approach the appropriate person from the LGA with the correct level of responsibility.

DFC recommended that patients needed to be involved whilst recognising it can be tricky to identify those who can bring a broad range of opinion.

RK suggested the same was true for social care.


DFC asked if the Board has the responsibility to advise MG and higher?

DM confirmed this Board reports up to MG with recommendations. NHSx has overall responsibility for publication but sign off would be done collectively through the Board.

RK advised that the vision for the immediate future is not the same as the long term vision. The Board agreed that was the case. RK stated a preference to have a tighter group in the first instance to get key messages out and reiterated the need to be clear on what is the scope?

RM advised an operational process may help and would enable the Board to engage different stakeholders and groups for recommendation to be reported back to the Board.

JG reminded the Board to be aware that the different organisations have their own statutory function. 

DM agreed, that whilst organisations may author guidance they have a statutory duty to provide, it would also need the sign off from the Board.

JG noted that there is a difference between providing guidance and being responsible for the content.

DFC advised the NDG and the ICO are currently working on a joint statement regarding  GDPR and Caldicott principles.

All agreed that it is to be a one stop shop for guidance and that the focus of the group needs to be clearer.


ALL - Review ToR, sending specific edits to SC.

SC/DM - Revise and incorporate changes to TOR and circulate prior to next meeting.

DM - Approach ADASS to join the Board.

DE - Approach LGA to join the Board.

DM - Draft key points of discussion on the scope of the Board and circulate.

ALL - Consider and send suggestions for the name of Board to SC.


Operational Processes - paper presented by RM

RM provided a verbal update on a proposed operational approach to ensure that stakeholders were engaged and actions were taken forward between meetings. The approach was broadly supported by members.  RM agreed to set this out in a paper, including a stakeholder list, for the next meeting. 


RM - Provide a paper on the proposed operational approach to the next meeting

RM - Provide full findings of the questionnaire at the next meeting.  


Work in Progress - Updates from Members of work already underway

JG gave an update on the work NHSD were undertaking on looking at the role that Article 40 could play in relation to health and guidance. A template was in development which picks up all the technical requirements on what a code is and how to target codes, initially using the toolkit as a form of monitoring. 

JG proposed that a group is set up to assess the value of codes and to bring recommendations to the Board.

Proposal agreed by the Board.

JT advised that guidance is in development with the NDG, to provide clarity of how to inform the NHS on how to lawfully use patient data for the development of medical software, including common law and what kinds of approval are required when developing this technology.

DFC updated the Board that following becoming statutory they have consulted on what the priorities should be. The priorities had been published on the NDG website. An action plan was in progress and DFC explained that it would be useful to hear if their priorities overlapped with others. 

TC advised the Board that CAG were looking at AI and machine learning,namely the issue of the amount of data that is going to be required and balancing the  concerns of Public interest and ethics.

JB explained a lot of the ICO work had been covered by the other members but concluded that they had increased focus on health and care data.  They were looking at codes; regulatory tools around accountability to support compliance and have opened a regulatory sandbox in relation to healthcare.

SR advised that the CQC were in the process of developing a consistent manner  to identifying and responding to innovation along with updating guidance on CCTV.


DFC - NDG office to distil priorities into a paper to be circulated to members.

JG/DM - Meeting to discuss how to take the code forward and to establish working.

DFC/JB - Share the NDG and ICO statement regarding work between the GDPR and the Duty of Common Law with the Board and advise their responsibility.

ALL -  Members to list their top three pieces of guidance that they are working on to DM.


Risk Register – Suggested items


All - Board to consider any risks they may want to add to the register for the next meeting.


Any other business

Date of next meeting would be November with subsequent meetings bi-monthly from January 2020.


SC - Circulate date of next meeting for November and plan dates for year ahead