Duties are due to be formally transferred to NHS England in a week’s time

Credit: Crown Copyright/Open Government Licence v3.0 

The government has introduced legislation finalising the closure of NHS Digital and the transfer of its functions into NHS England.

Published in draft form this week and awaiting parliamentary approval, the Transfer of Functions, Abolition and Transitional Provisions are the statutory instrument via which the responsibilities of the soon-to-close technology agency will be taken over by NHS England. 

According to the Department of Social Care, the aim of the regulations is “to ensure the good practice of NHS Digital continues, and that the highest standards of data protection, transparency and information governance are upheld” once the merger is formalised on 31 January.

Alongside the regulations, the DHSC has also published draft guidance setting out NHS England’s new data-protection obligations.

The guidelines – which are due to finalised “in a reasonable timeframe” following the completion of the merger – reiterate the need to maintain high performance levels set by NHS Digital since its creation 10 years ago. In taking over the functions of the tech unit, NHS England commits to “ensure at least the same degree of protection, level of safeguards and transparency over data use”, according to the guidance.

Related content

• NHS Digital cites transformation ‘turning point’ after £750m investment in FY22
• NHS Digital spends £8m on four deals to support ‘Covid-19 rapid response’
• Mental health: NHS looks to digital and data to close ‘historic treatment gap’

Safeguards will include ensuring that teams responsible for overseeing the use of data will be “organisationally separate from the functions providing assurance and advice on this”.

NHS England must also implement “processes and procedures… for obtaining independent advice when exercising the transferred data functions”. This external input “should support oversight and scrutiny”.

The guidelines further recommend that NHS England includes as part of a “specific data advisory group… who can, individually and collectively, provide expert advice and assurance on both internal and external access to data for purposes other than direct care”. 
Feedback should also be regularly sought from a wide range of stakeholders, including organisations focused on patients’ rights and privacy issues, as well as the IT industry, and the Information Commissioner’s Office and other watchdogs.

The guidance said: “NHS Digital has been an effective and secure guardian of people’s data since its creation, developing and improving its processes in response to expert advice – such as that provided by the National Data Guardian – and to public expectations of how health and social care data will be appropriately used. The transfer of NHS Digital’s functions to NHS England will see the continuation of that vital role and its culture of continuous improvement in the protection of data.”

It added: “By maintaining the highest standards of data protection and information governance, along with transparency in how data is used, NHS England will adopt principles, processes and safeguards that are designed to demonstrate it is, and will continue to be, a trusted custodian of health and care data. This aim, together with the principles, processes and safeguards that support it, will ensure NHS England continues to be a safe haven for data.”