MPs raise ‘serious concerns’ about NHS Digital's use of patient data
Select committee repeats request to stop sharing with the Home Office the name and address of suspected immigration offenders, but NHS Digital insists arrangement is ‘in the public interest’
Credit: NHS Digital
A parliamentary committee has flagged up “serious concerns about NHS Digital’s ability to protect patient data” in relation to an ongoing agreement to share information on individuals suspected of immigration offences.
The Health and Social Care Committee has published a report on NHS Digital’s memorandum of understanding with the Home Office. The agreement between the two entities sets out a framework for “processing information requests from the Home Office to NHS Digital for tracing immigration offenders”.
The information covered by the MoU includes individual data on name, address, date of birth, gender, and date of NHS registration. It does not include any clinical information.
The MoU came into effect at the beginning of 2017, but the select committee said that “the practices which it now governs were being undertaken for some time before that on an ad hoc basis”.
The committee’s report said that the health service should adhere to a principle whereby data is only shared for law-enforcement purposes as it relates to the investigation of a serious crime. This principle, the committee said, is enshrined in the codes of conduct of both the NHS and the General Medical, as well as in NHS Digital’s own guidance on respecting confidentiality.
“It is entirely inappropriate that NHS Digital should be sharing data in a manner inconsistent with that principle,” the committee added.
- HMRC, Home Office, and DWP to share data in ‘fully digital’ post-Brexit immigration system
- Interview: NHS Digital director on ‘the power of technology to transform patient care’
- Government advises that NHS data can be safely hosted in the US and other countries
The practices laid out in the MoU also set a dangerous precedent, MPs warned, and create “the risk that sharing of patients’ addresses with other government departments will become accepted as normal practice”.
Having heard oral and written evidence earlier this year, MPs wrote to NHS Digital on 29 January to ask that it suspend its participation in the MoU, and “undertake a further and more thorough review of the consequences and wider implications of sharing addresses with the Home Office for immigration-tracing purposes”.
The Home Office and the Department of Health and Social both responded to decline the committee’s request to suspend the MoU.
In March, NHS Digital’s chief executive Sarah Wilkinson and chair Noel Gordon both gave oral evidence to MPs.
“We were looking for a very much more convincing case for the continued operation of the MoU than had been presented so far,” the committee said. “We regret that we did not hear such a case.”
The MPs added: “The leadership of NHS Digital has not been sufficiently robust in upholding the interests of patients or in maintaining the necessary degree of independence from government. It is deeply concerning that so little regard was paid by either the chair or the chief executive to the underlying ethical implications that arise from the MoU.”
"It is deeply concerning that so little regard was paid by either the chair or the chief executive [of NHS Digital] to the underlying ethical implications that arise from the MoU"
Health and Social Care Committee
The committee has reiterated its advice of earlier in the year that NHS Digital should suspend the MoU, pending the completion of an ongoing review of the NHS Code of Confidentiality. It added that the sharing of data for immigration-tracing purposes risks sabotaging public trust “at a time when the benefits of data-sharing for research is such a key issue”.
The committee said: “We support the sharing of data for the benefit of patients, with their consent. As demonstrated by the care.data experience, the success of such data-sharing depends crucially on public consent and confidence in NHS Digital’s commitment to respecting confidentiality. Its actions in this case risk undermining that confidence.”
Responding to the report, Sarah Wilkinson, chief executive at NHS Digital, said: "We will consider the health select committee's report carefully and will take into account any new evidence as it becomes available, but we have been through a rigorous process to assess the release of demographic data to the Home Office. This has established that there is a legal basis for the release, and has assured us that it is in the public interest to share limited demographic data in very specific circumstances."
Paul Maltby claims councils must first renew ageing infrastructure before realising the benefits of machine learning and automation
DCMS committee continues to pursue Facebook CEO as chair says ‘we expected detail – we got excuses’
Island’s local authority recruits for a range of leaders to fulfil transformation plan
Civil servant returns to organisation to take operational reins
The cautionary tale of the Leicestershire teenager who hacked high-ranking officials of NATO allies shows the need for improved password security
Calm has turned a section of the 57,509-word EU document into a sleep-inducing audio book