On Thursday 15 March the Health and Social Care Select Committee took evidence from Sarah Wilkinson, Chief Executive Officer, NHS Digital; and Noel Gordon, Chair, NHS Digital on data sharing.
The transcript can be seen here, highlights include the following snippets:
Q103 Chair: In other words, you see yourselves as suppliers of data rather than custodians of data. This cuts to the heart of this issue. You see this as “our duty to supply” rather than “our duty to act on behalf of patients” and understand the ethical principles of confidentiality. Is that not part of the problem?
Noel Gordon: I do not think it is part of the problem. We hold 66 million patient records. We hold them under intense degrees of security. We are a national safe haven. The patient data we hold and the infrastructure we use are national assets, so that when we provide information to the Home Office it is under lawful conditions. We apply it under the discipline of the MOU and we apply a public interest test to the confidentiality and disclosure of the information. In all those respects, the board of NHS Digital has come to the view that our stewardship and custodianship over the information we have is of the absolute, utmost importance.
Chair: I am afraid I do not think you have demonstrated that you understand the ethical principles of confidentiality at all,
Q115 Luciana Berger: In the interest of maintaining public confidence, do you not think you should stop until the review of the code of confidentiality is complete?
Sarah Wilkinson: We thought about that very carefully. The analysis done with respect to deciding that it was appropriate to respond to these requests is pretty watertight and clear based on the information we have today—we cannot speculate, we cannot guess at what is going to happen or how the codes might evolve. I can tell you that when we get that new code we will look at it incredibly carefully.
Q116 Luciana Berger: What advice have you received from your independent group advising on the release of data—IGARD—on the practice of data-sharing for immigration enforcement?
Sarah Wilkinson: The IGARD people have not looked at the data-sharing. What they look at for us are the laws and the contractual structures that we need to put in place when data are being shared either with the research communities—the bulk of their work—or with local authorities. They have not looked at any intragovernmental sharing arrangements.
Q118 Chair: Will you explain what IGARD is, because not everybody following this hearing will know what the organisation does?
Sarah Wilkinson: Of course. It is a group of independent advisers that was set up by NHS Digital to help advise us when we get, as we do quite frequently, requests from the research community—large or small—to access data from the health system to be used in medical research and for similar purposes in local authorities. We go to this independent group of advisers and ask them to have a look at the intended use of that data with respect to legal frameworks and ethics, and to help guide on the conditions we might want to put in place for the use of that data.
Q119 Chair: In other words, they are the ethical advisers, if I am right. You did not involve your ethical advisers in this very important decision.
Sarah Wilkinson: No. They are ethical advisers with respect to the sharing of data with the research community and with local government. Their purview does not cover any of the intragovernmental data sharing.
Q120 Chair: You could have had the option to seek ethical advice. Did you seek ethical advice?
Sarah Wilkinson: We indeed looked very carefully at ethics and we—
Q121 Chair: Did you seek ethical advice—external, specific medical ethical advice?
Sarah Wilkinson: I do not believe that we went specifically to professional medical ethicists, no.
Q129 Chair: I understand that this was about the wider back-office issues, the national back office review. Did you consult specifically on the practice of data-sharing for immigration purposes?
Noel Gordon: It was in the terms of reference and it—
Q130 Chair: Did you consult on it specifically?
Noel Gordon: Yes, and we got replies that specifically addressed the issue of our disclosure. We addressed those issues in the context of the Goddard report, in three ways: first, by requesting that the memorandum of understanding was put in place, which is a form of service agreement that had not existed before; secondly, that we take advice from PHE on the impact of health‑seeking behaviours; and, thirdly, that the code of confidentiality of the NHS be reviewed again to see whether it could be updated and made more compliant with the legal framework under which we are operating.
Q131 Chair: Further to that point, is it not correct that Public Health England, the National Data Guardian, the General Medical Council, the BMA Medical Ethics Committee—the list goes on—very specifically warned you against this practice and why it could be harmful not only to the individuals but to the wider public good?
Noel Gordon: We obviously have listened carefully to the NGOs who presented evidence to you last time.
Q132 Chair: But you did not meet them.
Q146 Johnny Mercer: Is it not fair for an individual in this country to seek help from the NHS and not expect information at the lower end of their privacy data to be shared? Is that not reasonable?
Sarah Wilkinson: As you can see from the Minister’s letter, the Government position is that there is not a reasonable expectation. From our perspective, we have put on our fair processing notice that we may share address data with the Home Office for immigration enforcement tracing purposes, so we have sought to be completely transparent about the potential use of the data.
Q147 Johnny Mercer: Do you personally think that is right? If that is going to reduce people’s willingness to access healthcare, do you personally think that is right?
Sarah Wilkinson: We do not have empirical evidence that says that this will impact people’s use of the health system. Let us be clear that this data-sharing impacts a very specific set of the population. They are individuals who have been previously in contact with immigration enforcement, were communicating with them, whose immigration status is under assessment, who were aware of the duty to remain in contact and who are no longer in contact. It is a very small, set community of people.
Q148 Johnny Mercer: Right. You simply have not seen the evidence that sharing data with immigration services reduces access or willingness to seek healthcare treatments among some of our minority communities.
Sarah Wilkinson: Clearly, you have seen lots of anecdotal evidence that those communities of individuals will be deterred in some way from seeking healthcare.
Q150 Luciana Berger: I would like to give a very practical example—an extension of Johnny’s question. I received representations to let me know that, as a result of the Home Office securing information via NHS Digital, a deportation notice was sent to a GP to pass on to a highly vulnerable patient. Do you think that is acceptable?
Sarah Wilkinson: We are not part of the Home Office. We have nothing to do with how the Home Office handles this.
Q151 Luciana Berger: No, but, as a consequence of you releasing that data, you have to take some responsibility for what then happens with it.
Sarah Wilkinson: I know nothing of the case that you are talking about, I am afraid.
Q152 Luciana Berger: Whether or not you know about it, I am telling you it happened, so, on that basis, do you think that is appropriate?
Sarah Wilkinson: I am afraid I really cannot comment on what the Home Office do. I do not know enough contextually about that case or the way immigration enforcement works to be able to make a comment on it.
Q156 Chair: The nub of this, as I see it, is the point that Johnny has raised with you from the Minister’s letter, where it says that a person using the NHS cannot have a reasonable expectation when using a taxpayer‑funded service that their non‑medical data, which lies at the lower end of the privacy spectrum, will not be shared securely between other offices within Government. In other words, where do we go next? What happens when people start asking you, because it might be a criminal offence, about whether people are cohabiting? What if the DWP starts approaching you to ask for that data? Having established and said that this is all right, how can the public have confidence that you will not start telling them addresses if it is wanting to look at benefit fraud?
Sarah Wilkinson: Let me first say that I very much hope that the work being done on the code of confidentiality makes it extremely clear, by achieving consensus in the system, what the confidentiality status of address data and personal demographic data is. That is enormously important.
Q157 Chair: In other words, if they decide that that is at the lower end of the spectrum for everything, you will start handing over to other Government agencies, will you?
Sarah Wilkinson: No. If we were in receipt of requests for data-sharing for other governmental purposes, which we are not, we would go through the same rigorous assessment, and the factors would doubtless be significantly different.
Last updated : 20 Mar 2018