(10 years, 9 months ago)
Commons ChamberAbsolutely. That is one of the real issues. As we have heard from Members on both sides of the House, absolute clarity is needed on such issues and on the data, which we as individuals own, from those who seek to provide that data to other people for other purposes. This goes to the heart of the matter, and the fundamental issue—that fundamental breach—is one of trust. My hon. Friend is absolutely right to raise that.
Trust can never be given with blind faith, but it can be built if it is based on accountability. That is what new clause 25 and amendment 29 seek to achieve. The new clause seeks to create a new, specific offence of the misuse of data provided by the HSCIC. Building on the schedule of offences in the Data Protection Act 1998, it makes it an offence to use data provided by the HSCIC for the purposes of re-identification. A person or organisation found guilty of that offence would be subject to an unlimited fine. In addition, it makes it a requirement for any organisation making applications for data from the HSCIC to disclose any previous convictions under the offence.
The purpose of the new clause is to help build public confidence in how individual patient data are used by ensuring that any person or entity who misuses the data is liable to significant criminal sanctions. Patients can then be assured that their privacy and the proper use of their medical data are of the utmost importance to Parliament, the judiciary and the NHS. The new clause would also place a duty on those convicted of misusing data to declare that conviction when reapplying for future data. In reality, barring some unforeseeable public interest, those guilty of misusing data once would be unlikely to gain access again.
In order to ensure a robust system, accountability for the use of the data must also cover those who grant permission for the data to be used. Clause 116 removes from the Secretary of State the duty to approve applications to use patient data for medical research. That is wholly and entirely wrong, and amendment 29 seeks to restore that duty.
In light of the letter from the Chair of the Health Committee to the Health Secretary, the emerging details of how patient data have been used and the rather strange pronouncement from the HSCIC that it will not say more about improper release of medical records until “later in the year”, the Secretary of State’s accountability for how patient data are used is absolutely critical. The use of patient data is a matter of huge import, and the issues surrounding it are enormous, too.
My hon. Friend is making important points and I hope that the Minister is taking note of them. Does my hon. Friend share my concern about the Minister’s assurances last night on the security of the data? The buck stops with the Health and Social Care Information Centre, not the Minister, but Ministers come and go, so it is easy to make assurances, as he might not be here next year.
I absolutely share those concerns. We did not hear anything last night that reassured anybody who understands the Bill. Certainly, Government new clause 34 is not worth the paper that it was hastily written on, and I want to move on to that right now.
Surely it is not too much to expect the democratically elected politician who sits in Cabinet and is responsible for the national health service to be accountable for how the medical data that that service captures is used. Crucially, the Secretary of State for Health is accountable not only to this House but to the people of this country in a way that a quango cannot be and has never been. Such accountability can begin the process of building the trust necessary to ensure the success of projects such as care.data. Without that, QED, the Secretary of State is asking Parliament and the people of this country for permission to remove democratic accountability from how their confidential medical data are used. The implications for the use of patient data in any project are utterly toxic.
I said earlier that it would be tragic if the Government’s failings were to continue to contribute towards the erosion of trust in care.data. Sadly, the Bill provides scope for other regrets. Part 1 seeks to make worthwhile but modest improvements to our care system, falling a long way short of the concept of whole-person care articulated by Labour. The Government new clauses and amendments that we are now discussing, however, and clause 119—the hospital closure clause that we will discuss later—fundamentally disfigure what is without doubt a worthwhile Bill. Perhaps that shows us the two sides of the coalition in the ministerial team. We shall see. None the less, it is a cause for regret.
Trust is at the heart of Government new clause 34. Yesterday, the Minister tried to reassure the House that the new clause would provide the safeguards that people require for the protection of their confidential medical data. He demonstrably failed to do that. Challenged time and again to illustrate how his new clause would facilitate the claims he has made for it, or improve safeguards for patients, he could not do so. Next time, it might be a good idea if the Secretary of State could get the same person to write both the Government amendments and the Government press release, because the amendments and the new clause do not provide what the Government claim they will. Sadly, that erodes trust yet further.
New clause 34 has been made necessary due to the appalling handling of the care.data project by the Government and the resulting erosion of public trust. The truth is that the new clause was hastily tabled again just before the deadline for amendments because the original, botched new clause 14 did not do what the Government said it would. Guess what? New clause 34 does not do what they say it will either. Subsection (3) would amend section 261 of the Health and Social Care Act 2012 to read:
“The Information Centre may disseminate (other than by way of publication), to any such persons and in such form and manner and at such times as it considers appropriate.
But the Information Centre may do so only if it considers that disseminating the information would be for the purposes of—
(a) the provision of health care or adult social care;
(b) the promotion of health.”
Yesterday, the Minister was given numerous opportunities to explain how this provision would prohibit private health insurance companies from gaining access to our data—he could not do so. The new clause provides for entirely elastic definitions that, in practice, will have a limitless application.
What happens when a private health insurance company requests information from the HSCIC on the basis that it was going to conduct specific controlled, randomised assessments of the impact of physical activity on various age groups in order to promote and recommend appropriate physical activity to its policyholders— perhaps with a view to reducing their premiums? That is clearly being used to promote health and well-being, so how would new clause 34 stop it? It would not—under the proposed wording, it would be facilitated. Once such a company has the data, what prevents it from using them for other means? Under our new clause 25, such use would be a clear offence, but sadly the Government have offered no such safeguards.
It is no wonder the public cannot trust Ministers. Just a few weeks ago, in Committee room 9, the Minister assured me and the rest of the Public Bill Committee:
“There are strict controls about the release of potentially identifiable information; for example, that type of information would only ever be released to approved organisations for approved purposes”.––[Official Report, Care Public Bill Committee, 30 January 2014; c. 516.]
Yet these strict controls fail to appear time and again. The only comfort offered to the public is that those issues will be resolved by regulations drafted by Ministers in whom confidence and trust has been lost—that is not good enough. With that in mind, can the Minister explain who signed off the release of data covering 47 million patients that were obtained by the Institute and Faculty of Actuaries? Such issues must be addressed, and it seems likely that when he eventually responds to the Chair of the Health Committee, the Secretary of State will give cause for yet further concern about how patient data are being used.
In responding to the news about that massive data breach, a Department of Health source stated:
“The rules changed last year so this would no longer be allowed. Information like this can only be accessed now if there is a clear benefit to improving health or health systems.”
It is chaos: if the rules have already been changed, the new clause tabled in haste by the Minister is full of superfluous subsections. Why does he need to change the rules again if they have already been changed?
We have a golden opportunity to get this right. The more that patients allow their data to be used, the greater the positive effects of care.data. These issues will not be resolved today and they will not be resolved by any of the Government proposals before us. If we want care.data and schemes like it to work in the future, we need to establish trust. Getting this right will save lives. Accountability is critical when accessing and using the most sensitive personal data, and the whole House can send a message to the people of this country—that we understand their concerns, that we are serious about safeguarding their most private data and that we are determined to continue to improve our health services—by voting for new clause 25 and amendment 29.
(10 years, 9 months ago)
Commons ChamberThat is a good point. It is very important for the Government to lay down parameters for the scope.
The sharing of medical data has a fantastic potential to do good, as long as the necessary safeguards are there, but if it is mishandled, it also has the potential to do great harm. Patient data consist of very confidential information, which could prove damaging to the public if it were to end up in the wrong hands. We have already seen examples of that. I share the public’s fear that the Government are not seeking appropriate safeguards in respect of highly personal and sensitive information. Despite the Minister’s assurances about new clause 34, I do not think that it goes far enough.
Let me return to the issue of accountability. The benefits for companies that seek to misuse or leak patient data, for example, are considerable. The Minister has ruled out insurance companies, but I am worried about private health care firms. The pharmaceutical industry could profit from the re-identification of patient records, and I believe that the absence of parliamentary accountability to which I referred earlier, and a lack of clear and harsh penalties for those who misuse data, are undermining trust in what could be a highly beneficial scheme. Subsection (2) of new clause 25 defines misuse, and subsection (3) gives an indication of the penalties that would be applied. I think that they might act as a deterrent.
My hon. Friend is making an excellent, intelligent and informed speech. The charge has been made that pushing our proposals too far risks scuppering the project, but is it not the case that the more safeguards we can introduce to reassure the public, the better the prospects of its success will be—and, moreover, the greater the data sample will be, and the better the system will be as a result?
I entirely agree. I think that that is vital, because, as we have seen in the case of politicians following the expenses scandal, once public trust has been lost, it is a huge task to win that trust back. There is a mountain to be climbed. I therefore think it important that we get this right.
The Government have an opportunity to pause the implementation of the Bill in order to consult properly, and, in the Bill itself, to address issues that have been raised by Members in all parts of the House and by other interested parties. I believe that if there is to be public confidence in the scheme, the Government should make a gesture by supporting Labour’s new clauses, particularly new clause 25. Given that the misuse and identification of data are the prime concerns of the public, I think that it would be eminently sensible to make them an offence. That is not rocket science, is it? If that is the problem, why do we not address it directly by creating an offence? Similarly, if an organisation makes applications for data from the Health and Social Care Information Centre, it should have to disclose any previous convictions under that offence. I am a big supporter of transparency and the extension of freedom of information. Private health care companies should disclose information that is relevant in those circumstances.
It seems bizarre to insist that the public should allow their private information to be shared with organisations that are allowed to hide their chequered pasts in some cases behind the cloak of commercial confidentiality. Parliamentary accountability, too, should be introduced to the decision-making process. The Secretary of State should retain the duty to approve any applications. The buck should stop with the Secretary of State. If there is a serious commitment to win back the public’s trust on care.data, the buck should stop with the Secretary of State, rather than with a big and unaccountable quango.
It would be of great benefit to the public if data sharing were exercised in an accountable and secure manner. I have always been an advocate of investment in public health. For that to be effective, we need an evidence base on which to plan interventions. The scheme is set to be disrupted unless the Government can demonstrate that they are serious about protecting patients’ privacy.
I have considered that, and that is an important point. Compliance is important. Those issues should be addressed in the Bill. If we are to ensure that there is public trust, those points must be addressed.
Does my hon. Friend share my concern and that of many GPs that the lack of necessary safeguards in the Bill may have an unintended consequence, particularly among the hardest to reach groups in society? Fear about the lack of safeguards in the Bill may stop them from accessing GPs and sharing their details and problems with them.
That is a huge danger. We have an opportunity to address that in this House this evening and when we consider the Bill further tomorrow. I personally am not advocating that people sign up to the opt-out clauses. That is important, but we need assurances to be able with confidence to support the Bill and the data collection proposals.