MPs raise ‘serious concerns’ about NHS Digital's use of patient data
Select committee repeats request to stop sharing with the Home Office the name and address of suspected immigration offenders, but NHS Digital insists arrangement is ‘in the public interest’
Credit: NHS Digital
A parliamentary committee has flagged up “serious concerns about NHS Digital’s ability to protect patient data” in relation to an ongoing agreement to share information on individuals suspected of immigration offences.
The Health and Social Care Committee has published a report on NHS Digital’s memorandum of understanding with the Home Office. The agreement between the two entities sets out a framework for “processing information requests from the Home Office to NHS Digital for tracing immigration offenders”.
The information covered by the MoU includes individual data on name, address, date of birth, gender, and date of NHS registration. It does not include any clinical information.
The MoU came into effect at the beginning of 2017, but the select committee said that “the practices which it now governs were being undertaken for some time before that on an ad hoc basis”.
The committee’s report said that the health service should adhere to a principle whereby data is only shared for law-enforcement purposes as it relates to the investigation of a serious crime. This principle, the committee said, is enshrined in the codes of conduct of both the NHS and the General Medical, as well as in NHS Digital’s own guidance on respecting confidentiality.
“It is entirely inappropriate that NHS Digital should be sharing data in a manner inconsistent with that principle,” the committee added.
- HMRC, Home Office, and DWP to share data in ‘fully digital’ post-Brexit immigration system
- Interview: NHS Digital director on ‘the power of technology to transform patient care’
- Government advises that NHS data can be safely hosted in the US and other countries
The practices laid out in the MoU also set a dangerous precedent, MPs warned, and create “the risk that sharing of patients’ addresses with other government departments will become accepted as normal practice”.
Having heard oral and written evidence earlier this year, MPs wrote to NHS Digital on 29 January to ask that it suspend its participation in the MoU, and “undertake a further and more thorough review of the consequences and wider implications of sharing addresses with the Home Office for immigration-tracing purposes”.
The Home Office and the Department of Health and Social both responded to decline the committee’s request to suspend the MoU.
In March, NHS Digital’s chief executive Sarah Wilkinson and chair Noel Gordon both gave oral evidence to MPs.
“We were looking for a very much more convincing case for the continued operation of the MoU than had been presented so far,” the committee said. “We regret that we did not hear such a case.”
The MPs added: “The leadership of NHS Digital has not been sufficiently robust in upholding the interests of patients or in maintaining the necessary degree of independence from government. It is deeply concerning that so little regard was paid by either the chair or the chief executive to the underlying ethical implications that arise from the MoU.”
"It is deeply concerning that so little regard was paid by either the chair or the chief executive [of NHS Digital] to the underlying ethical implications that arise from the MoU"
Health and Social Care Committee
The committee has reiterated its advice of earlier in the year that NHS Digital should suspend the MoU, pending the completion of an ongoing review of the NHS Code of Confidentiality. It added that the sharing of data for immigration-tracing purposes risks sabotaging public trust “at a time when the benefits of data-sharing for research is such a key issue”.
The committee said: “We support the sharing of data for the benefit of patients, with their consent. As demonstrated by the care.data experience, the success of such data-sharing depends crucially on public consent and confidence in NHS Digital’s commitment to respecting confidentiality. Its actions in this case risk undermining that confidence.”
Responding to the report, Sarah Wilkinson, chief executive at NHS Digital, said: "We will consider the health select committee's report carefully and will take into account any new evidence as it becomes available, but we have been through a rigorous process to assess the release of demographic data to the Home Office. This has established that there is a legal basis for the release, and has assured us that it is in the public interest to share limited demographic data in very specific circumstances."
Commissioner’s progress report includes revelations about UKIP’s non-compliance and a six-figure penalty for a pregnancy website that supplied data for Labour Party marketing
Simon McDougall joins regulator in the role of executive director for technology policy and innovation
Manufacturing and research facilities across eight regions given cash injection
Research from Dods shows that most public sector workers are not in favour of bringing in commercial firms to provide their IT