Health and Social Care (National Data Guardian) Bill DebateFull Debate: Read Full Debate
Lord Knight of WeymouthMain Page: Lord Knight of Weymouth (Labour - Life peer)
My Lords, I am very pleased to support the Bill. It is a simple Bill, which has been a long time coming. I pay tribute to two friends: Jo Churchill and Dame Fiona Caldicott, both of whom I know extremely well. Dame Fiona Caldicott has been a staunch guardian of the public interest so that patients can have confidence that whenever their data is kept and used, it is secure and used responsibly and transparently. In 1997, after her first review, she established what became known as Caldicott Guardians in every hospital in the land. As somebody who was involved in the use of patient data at that time, I can tell your Lordships that you had to satisfy the Caldicott Guardians—they were no pushover. They were there to make sure that patients’ data was used appropriately and responsibly and that the purpose was clear. It is because of this that all the professional bodies—the royal colleges, the GMC, the researchers and research organisations, and all others—back the Bill.
It is a simple Bill. It is necessary to put on a statutory basis what has been working extremely well on a non-statutory basis. Following the disestablishment of the national governance board, there was no statutory body to be the arbiter and the guardian of patient data. Putting the National Data Guardian on a statutory basis will provide that. As has been laid out clearly and in detail by the noble Baroness, Lady Chisholm, it is there to give guidance and help and to work on behalf of patients and the public so they can have confidence that the data about them or their health is used appropriately and for a clear purpose. This becomes even more important as we go further in using data to develop genomic information to improve healthcare and to develop things such as artificial intelligence for diagnosis. The National Data Guardian will therefore have an extremely important role to play.
I support what the noble Baroness, Lady Chisholm, said: we must not confuse the Bill with taking over any of the role of the Information Commissioner, or, for that matter, the Data Protection Act. This is completely different from them. It is focused on health and care data—how it is used and who is the guardian of that information in the public interest. I strongly support the Bill and hope that we will not hold it up in any way whatever. It would be a great pity if the Bill failed because of some misunderstanding of what it is all about.
My Lords, I refer noble Lords to my registered interests, particularly as founder and chair of the 5Rights Foundation. Like the noble Lords who have already spoken, I very much welcome the Bill. Dame Fiona Caldicott’s role is important and if by putting her guidance on a statutory footing we give it more weight, then that can only be a good thing. I want to raise some things that are not covered in the Bill. I have one substantive point about the value of the data that the NHS holds and a couple of questions for the Minister.
The longitudinal data gathered by the NHS since its inception is one of the most valuable health datasets in the world. Within it lie clues to the next generation of drugs and treatments, and entirely new ways of thinking about prevention, treatment and cure. Equally, the gathering of data across health and social care could revolutionise the provision of services. If we knew the impact of meeting, or failing to meet, the social needs in the community on health outcomes, or could accurately predict the social care resources required for certain health conditions, it could help government to provide the right service at the right time to the right people, most probably at less cost.
While using data to improve health and social care outcomes is an exciting prospect, I believe we need to do it in a way that benefits the NHS and the British people. In 2016, the Royal Free London NHS Foundation Trust allowed DeepMind, an artificial intelligence company owned by Google, to access 1.6 million patient medical records in a trial of its Streams app, which was an alert, diagnosis and detection system for acute kidney injury. Subsequently, the arrangement was found to have been given on an “inappropriate legal basis” that broke data protection laws and revealed swathes of highly personal information without patient consent. The following year, Taunton and Somerset NHS Trust partnered with DeepMind on the very same app. In spite of a freedom of information battle and a data audit done by Linklaters on the instruction of the ICO, we still do not fully understand the financial or IP benefits of this deal to the NHS. But we do know that, earlier this year, DeepMind stated that while it was currently providing its development resources free to the NHS,
“it would determine how much to charge the NHS … later”.
The costs of healthcare have become distorted with drug companies and private providers demanding eye-watering sums from the NHS. I wonder whether this Bill is an opportunity to start redressing the imbalance because, if the national data guardian Bill ensured that the value of the IP that emerges from our health data was properly recognised, that data could, with the consent of the patient, be shared or sold on a basis that that could revolutionise the financing of our struggling health service in the future.
Without a clear mandate, individual trusts with crippling budget deficits may be tempted to commoditise patient data in exchange for cash injections offered by corporations with far deeper pockets. The breakthroughs and advances that patient data makes possible may well then be sold back to the NHS at inflated prices, creating the risk that they will be out of the reach of the very people upon whose data they were built. To understand the value of the data in the NHS, we need only look at the share price of data-rich companies, even those with no revenue. The Secretary of State for Health and Social Care is particularly well placed to understand the value of what we hold. I would love to see the Government use this Bill to give the National Data Guardian a duty to develop binding and enforceable guidelines for the sale and exchange of health data for research and development. Those guidelines should fully reflect the sensitivity of the data and the singular value of the NHS dataset.
In addition to this point, I would like further details about the powers of the National Data Guardian. Will the Minister say what duty health providers have to comply with the National Data Guardian’s guidance and to demonstrate how they have done so? As noted by the shadow Minister in the other place:
“Without a requirement for organisations that receive advice to provide evidence of their response in a way that can be easily disseminated, there is no way we can be sure that the Data Guardian will be effective”,
“to ‘have regard’ to advice does not always mean that they take action in respect of that advice”.—[Official Report, Commons, Health and Social Care (National Data Guardian) Bill Committee, 6/6/18; col. 7.]
If, as has been explained, the purpose of putting the National Data Guardian’s role on a statutory footing is to give it weight, which we all welcome, surely a requirement to prove that the guidance has been acted upon is essential.
In looking at the information about the Bill, I found it hard to establish how the National Data Guardian will decide what guidance is needed. A positive obligation to provide the NDG with information about current data-sharing arrangements through report or audit would enable her to identify and anticipate potential issues and to address them in her guidance. Perhaps the Minister will explain why this obligation does not form part of the Bill.
I understand that children’s health data is covered by the Bill but not children’s social care data because that is covered by the Children and Social Work Act 2017. This carve-out raises the question of how family social care data will be considered, especially with regard to decisions made about one family member that can be made only in full sight of the family’s circumstances. I am sympathetic to the Government’s concern about conflicting guidelines, but the absence of guidance for children’s social care may well create greater conflict than a judicious overlap. The Association of Directors of Children’s Services, the Local Government Association and medConfidential are just some of the many organisations which have said that without children’s social care data in scope the National Data Guardian role is “a risk”, “perverse”, “not sensible” and “not a data guardian”.
The challenge we have about data in the 21st century is about its flow between one environment and another. Its value, beneficial and malign, lies in the fact that it can be amalgamated to reveal patterns of information and create new intellectual property. For that reason, it is frustrating to see children’s data being treated on a sector-by-sector basis. Has the Minister given any thought to how the partial coverage of children in this Bill fits with the Government’s other activities in this area, including the age-appropriate design code, potential outcomes from the Centre for Data Ethics and Innovation and the long-awaited internet safety strategy? Once again, I am afraid, I must put on the record my deep regret that the Government have deliberately chosen to deprioritise children by removing the UK Council for Child Internet Safety’s child focus, which could have served as a single point of expertise to consider children’s needs across all sectors.
I conclude by acknowledging the kindness of the noble Baroness, Lady Chisholm, in discussing the scope and purpose of the Bill in the run-up to today’s debate. I hope that I will receive comprehensive answers on all of these points, if not this morning, then certainly before the Bill progresses.