All Lord Knight of Weymouth contributions to the Health and Social Care (National Data Guardian) Act 2018

Fri 26th October 2018
3 interactions (892 words)

Health and Social Care (National Data Guardian) Bill Debate

Full Debate: Read Full Debate
Department: Department of Health and Social Care

Health and Social Care (National Data Guardian) Bill

(2nd reading (Hansard): House of Lords)
Lord Knight of Weymouth Excerpts
Friday 26th October 2018

(2 years, 6 months ago)

Lords Chamber

Read Full debate Read Hansard Text
Department of Health and Social Care
Lord Patel Portrait Lord Patel (CB)
- Hansard - - - Excerpts

My Lords, I am very pleased to support the Bill. It is a simple Bill, which has been a long time coming. I pay tribute to two friends: Jo Churchill and Dame Fiona Caldicott, both of whom I know extremely well. Dame Fiona Caldicott has been a staunch guardian of the public interest so that patients can have confidence that whenever their data is kept and used, it is secure and used responsibly and transparently. In 1997, after her first review, she established what became known as Caldicott Guardians in every hospital in the land. As somebody who was involved in the use of patient data at that time, I can tell your Lordships that you had to satisfy the Caldicott Guardians—they were no pushover. They were there to make sure that patients’ data was used appropriately and responsibly and that the purpose was clear. It is because of this that all the professional bodies—the royal colleges, the GMC, the researchers and research organisations, and all others—back the Bill.

It is a simple Bill. It is necessary to put on a statutory basis what has been working extremely well on a non-statutory basis. Following the disestablishment of the national governance board, there was no statutory body to be the arbiter and the guardian of patient data. Putting the National Data Guardian on a statutory basis will provide that. As has been laid out clearly and in detail by the noble Baroness, Lady Chisholm, it is there to give guidance and help and to work on behalf of patients and the public so they can have confidence that the data about them or their health is used appropriately and for a clear purpose. This becomes even more important as we go further in using data to develop genomic information to improve healthcare and to develop things such as artificial intelligence for diagnosis. The National Data Guardian will therefore have an extremely important role to play.

I support what the noble Baroness, Lady Chisholm, said: we must not confuse the Bill with taking over any of the role of the Information Commissioner, or, for that matter, the Data Protection Act. This is completely different from them. It is focused on health and care data—how it is used and who is the guardian of that information in the public interest. I strongly support the Bill and hope that we will not hold it up in any way whatever. It would be a great pity if the Bill failed because of some misunderstanding of what it is all about.

Lord Knight of Weymouth Portrait Lord Knight of Weymouth (Lab)
- Hansard - -

My Lords, I too very much welcome the Bill and the way that it was introduced by the noble Baroness, Lady Chisholm, with appropriate detail and clarity, and the speech by the noble Lord, Lord Patel. Like them, I agree that it is important to give the authority of a statutory footing to the National Data Guardian, Dame Fiona Caldicott.

I remind your Lordships of my interests in respect of my part-ownership and administration of a company called xRapid. Without wanting to go into any kind of long advert for its technology, it demonstrates why I am excited by health technology. This particular technology uses an Apple iPhone attached to a microscope to allow diagnostics, such as of malaria. It works in the same way that a laboratory technician does: it recognises what it sees through a microscope and gives a diagnosis. To be able to do that the computer has to be trained, which is done by it looking at a series of images so that it can learn what the parasites look like. That is health data which has to be collected in order for the machine to be trained. But I see the huge social benefit of that technology—in the end, of that data being used—to provide much cheaper and much more accessible and affordable access to diagnostics around the world.

I have huge excitement around the potential for machine learning and other artificial intelligence to be able to spread some significant health benefits. I want that excitement to build and for others to share it but I am also aware of the worries that people have about the privacy of their data. I share those worries, especially about the inferences that can be drawn from data when it may not have been collected for a specific health purpose, as in this case, but is then mashed with data that has been collected with consent for health-related purposes. Inferences and intelligence are then drawn from what is found and analysed.

I was supportive of the Data Protection Act, as it now is, but at the time of its passing I also pointed out the limitations as I saw them, in that it is a consent-based regime. It is very difficult to give consent about information if I do not know that you have it, because you have inferred it from analysing various sources of data that I might not know about. That is why I have previously talked in this House about the need for us to explore mechanisms such as data trusts and a statutory duty of care on technology companies, similar to the duty of care that they have in the physical world in respect of environmental protection or health and safety. In that way, they can then be held to account in a more general way for how the technology is used for social good.

Those concerns are good reasons for our needing a National Data Guardian in respect of health. I had some initial concerns about how that guardian would relate to the regulators but as set out by the noble Baroness, Lady Chisholm, in her speech I am satisfied that there would be a reasonable relationship—one whereby the National Data Guardian issues guidance, and the trusts and other health bodies would adhere to that guidance. If they did not, then it might be referred to the regulator.

I also remind the House of my interest as one of the chief officers at Tes Global, a large education business. I guess that my only question—if the Minister is in a position to answer questions when he responds—would be around the remit of the National Data Guardian. At Tes, we hold all sorts of data on teachers’ behaviour but we do not really hold any for children. I understand from my relationship with education the particular sensitivities that we have around the collection of children’s data: how it is held, who it is shared with and what happens when there are data breaches in respect of children. I am aware that there are 25,000 schools in this country collecting data on a systematic basis, many of which are led by people who are struggling to understand their obligations under the Data Protection Act and GDPR. I think that they would welcome guidance from a National Data Guardian, if such a person had a remit that extended to children and vulnerable adults. If the Minister were able to give any thoughts on it, has any consideration been given to extending the role of the National Data Guardian or finding another body that could perform a similar function in respect of children and vulnerable adults’ data as a whole?

I very much welcome the Bill and hope that it proceeds quickly, as the noble Lord, Lord Patel, said. We should get this on to the statute book quickly so that these protections can be put in place and it becomes part of a range of what has to be ever evolving legislation where we, as policymakers and legislators, are continuously keeping an eye on an ever evolving technological landscape. That will allow us to live in a society which can realise the excitement that I have around health technology and other social technologies, with the confidence of knowing that our rights as individuals in respect of the privacy of our data are being maintained.

Baroness Kidron Portrait Baroness Kidron (CB)
- Hansard - - - Excerpts

My Lords, I refer noble Lords to my registered interests, particularly as founder and chair of the 5Rights Foundation. Like the noble Lords who have already spoken, I very much welcome the Bill. Dame Fiona Caldicott’s role is important and if by putting her guidance on a statutory footing we give it more weight, then that can only be a good thing. I want to raise some things that are not covered in the Bill. I have one substantive point about the value of the data that the NHS holds and a couple of questions for the Minister.

The longitudinal data gathered by the NHS since its inception is one of the most valuable health datasets in the world. Within it lie clues to the next generation of drugs and treatments, and entirely new ways of thinking about prevention, treatment and cure. Equally, the gathering of data across health and social care could revolutionise the provision of services. If we knew the impact of meeting, or failing to meet, the social needs in the community on health outcomes, or could accurately predict the social care resources required for certain health conditions, it could help government to provide the right service at the right time to the right people, most probably at less cost.

While using data to improve health and social care outcomes is an exciting prospect, I believe we need to do it in a way that benefits the NHS and the British people. In 2016, the Royal Free London NHS Foundation Trust allowed DeepMind, an artificial intelligence company owned by Google, to access 1.6 million patient medical records in a trial of its Streams app, which was an alert, diagnosis and detection system for acute kidney injury. Subsequently, the arrangement was found to have been given on an “inappropriate legal basis” that broke data protection laws and revealed swathes of highly personal information without patient consent. The following year, Taunton and Somerset NHS Trust partnered with DeepMind on the very same app. In spite of a freedom of information battle and a data audit done by Linklaters on the instruction of the ICO, we still do not fully understand the financial or IP benefits of this deal to the NHS. But we do know that, earlier this year, DeepMind stated that while it was currently providing its development resources free to the NHS,

“it would determine how much to charge the NHS … later”.

The costs of healthcare have become distorted with drug companies and private providers demanding eye-watering sums from the NHS. I wonder whether this Bill is an opportunity to start redressing the imbalance because, if the national data guardian Bill ensured that the value of the IP that emerges from our health data was properly recognised, that data could, with the consent of the patient, be shared or sold on a basis that that could revolutionise the financing of our struggling health service in the future.

Without a clear mandate, individual trusts with crippling budget deficits may be tempted to commoditise patient data in exchange for cash injections offered by corporations with far deeper pockets. The breakthroughs and advances that patient data makes possible may well then be sold back to the NHS at inflated prices, creating the risk that they will be out of the reach of the very people upon whose data they were built. To understand the value of the data in the NHS, we need only look at the share price of data-rich companies, even those with no revenue. The Secretary of State for Health and Social Care is particularly well placed to understand the value of what we hold. I would love to see the Government use this Bill to give the National Data Guardian a duty to develop binding and enforceable guidelines for the sale and exchange of health data for research and development. Those guidelines should fully reflect the sensitivity of the data and the singular value of the NHS dataset.

In addition to this point, I would like further details about the powers of the National Data Guardian. Will the Minister say what duty health providers have to comply with the National Data Guardian’s guidance and to demonstrate how they have done so? As noted by the shadow Minister in the other place:

“Without a requirement for organisations that receive advice to provide evidence of their response in a way that can be easily disseminated, there is no way we can be sure that the Data Guardian will be effective”,

since,

“to ‘have regard’ to advice does not always mean that they take action in respect of that advice”.—[Official Report, Commons, Health and Social Care (National Data Guardian) Bill Committee, 6/6/18; col. 7.]

If, as has been explained, the purpose of putting the National Data Guardian’s role on a statutory footing is to give it weight, which we all welcome, surely a requirement to prove that the guidance has been acted upon is essential.

In looking at the information about the Bill, I found it hard to establish how the National Data Guardian will decide what guidance is needed. A positive obligation to provide the NDG with information about current data-sharing arrangements through report or audit would enable her to identify and anticipate potential issues and to address them in her guidance. Perhaps the Minister will explain why this obligation does not form part of the Bill.

I understand that children’s health data is covered by the Bill but not children’s social care data because that is covered by the Children and Social Work Act 2017. This carve-out raises the question of how family social care data will be considered, especially with regard to decisions made about one family member that can be made only in full sight of the family’s circumstances. I am sympathetic to the Government’s concern about conflicting guidelines, but the absence of guidance for children’s social care may well create greater conflict than a judicious overlap. The Association of Directors of Children’s Services, the Local Government Association and medConfidential are just some of the many organisations which have said that without children’s social care data in scope the National Data Guardian role is “a risk”, “perverse”, “not sensible” and “not a data guardian”.

The challenge we have about data in the 21st century is about its flow between one environment and another. Its value, beneficial and malign, lies in the fact that it can be amalgamated to reveal patterns of information and create new intellectual property. For that reason, it is frustrating to see children’s data being treated on a sector-by-sector basis. Has the Minister given any thought to how the partial coverage of children in this Bill fits with the Government’s other activities in this area, including the age-appropriate design code, potential outcomes from the Centre for Data Ethics and Innovation and the long-awaited internet safety strategy? Once again, I am afraid, I must put on the record my deep regret that the Government have deliberately chosen to deprioritise children by removing the UK Council for Child Internet Safety’s child focus, which could have served as a single point of expertise to consider children’s needs across all sectors.

I conclude by acknowledging the kindness of the noble Baroness, Lady Chisholm, in discussing the scope and purpose of the Bill in the run-up to today’s debate. I hope that I will receive comprehensive answers on all of these points, if not this morning, then certainly before the Bill progresses.