Health and Social Care (National Data Guardian) Bill Debate
Full Debate: Read Full DebateJustin Madders
Main Page: Justin Madders (Labour - Ellesmere Port and Bromborough)Department Debates - View all Justin Madders's debates with the Department of Health and Social Care
(6 years, 6 months ago)
Public Bill CommitteesI agree, but what we are not doing today is creating a regulator; I would not be likely to propose a Bill to create a regulator. The Data Guardian already exists and it is not a regulator—I specifically said that in my opening remarks. Although it is probably true that regulators do that, that is not what I expect to happen with the National Data Guardian.
It is a pleasure, as always, to serve under your chairmanship, Dame Cheryl. I congratulate the hon. Member for Wellingborough on his notable success in getting the Bill to this stage, and I thank him for his candour during the debate on the money resolution and for his acknowledgment of his good fortune in getting the Bill to this stage ahead of others.
As I mentioned when we debated the money resolution of the Bill, Labour Members welcome the decision to put the National Data Guardian for Health and Social Care on a statutory footing. On that basis, we agree with the thrust of the Bill. I am sure that colleagues will be relieved that I do not intend to speak for too long, but I have one or two comments and observations about clause 1—and about clause 2, which we will discuss a little later. I hope that the Minister will be able to respond to the points made by the hon. Member for Wellingborough, some of which I was going to make anyway.
I mentioned when the money resolution was debated that although the use of data has the potential to improve our health services and treatments beyond recognition, we know from past experience that use of data in the NHS and in wider society can prove controversial and carries high levels of suspicion among patients. We hope that the establishment of the Data Guardian on a statutory footing can give patients confidence that their medical information will be treated in the correct manner. I note from the comments of the hon. Member for Wellingborough that there seems to be an omission from clause 1 as it stands, as there does not seem to be an opportunity for the National Data Guardian to give advice to the Secretary of State himself, although he considers that duty to be covered elsewhere and that such as an addition would be superfluous.
There seems to be a discrepancy that leaves the Data Guardian in an inferior position to either the existing Confidentiality Advisory Group or the Health Research Authority. I would be grateful to know if that was the intention of the legislation. The power to appoint the Data Guardian rests entirely with the Secretary of State, seemingly without any qualification. Is it envisaged that the Health Committee might get an opportunity to comment on such appointments? Recent appointments in the health sector have proven controversial, so it would be appropriate for the Select Committee to comment.
Our second query relates to public health commissioned through local authorities. Given the heavy use of data in public health, it is surprising that that does not seem to be covered by the Bill. Given all the public health activity undertaken by non-public bodies in recent years, I would welcome comments from the Minister and from the hon. Member for Wellingborough about whether the Bill is intended to cover health in the broader sense.
There is also a query about other forms of data that are more directly within the NHS, such as the cancer registry, which resides in Public Health England. It uses data collected by the NHS that could affect the direct care of patients. I would welcome confirmation of whether the Data Guardian is intended to cover that data, too.
The hon. Member for Wellingborough touched on clause 1 (6), which I would like to explore in a little more detail. Labour Members might have expected it to include an obligation for data controllers not only to have regard to advice, but to publish their response to that advice. That expectation is not unrealistic, given that the responses to question 5 of the Government’s consultation were overwhelmingly supportive of such a provision.
In question 5 of the consultation, the Government propose that
“organisations holding health and care data which could be used to identify individuals should be required to publish all materials demonstrating how they have responded to advice from the national data guardian.”
In their response to the consultation, the Government said:
“Responses were supportive of the proposal that the national data guardian should be given formal advice giving powers.”
That would certainly provide reassurances that the National Data Guardian will have real authority and act as an independent voice for patients, but without such statutory backing it is foreseeable that its independence and authority could be undermined. Without a requirement for organisations that receive advice to provide evidence of their response in a way that can be easily disseminated, there is no way we can be sure that the Data Guardian will be effective in doing the important job required by the Bill.
Members will recognise that the requirement for bodies to “have regard” to advice does not always mean that they take action in respect of that advice. An obvious example of that is, of course, the National Institute for Health and Care Excellence guidelines, which we know CCGs often ignore—seemingly with total impunity. I am sure Members do not want a repeat of that with this Bill, so I ask the hon. Gentleman and the Minister to respond on that point in a little more detail. I take the point that providing such responses might be burdensome on authorities controlling data, but I do not think that that cuts the mustard, given our concern about whether this measure will give the Data Guardian sufficient authority and teeth to deal with the issues under discussion.
My final point on clause 1 relates to data sharing and the lack of a positive obligation for bodies to provide that information. For the National Data Guardian to take a view on a particular data issue, it must first know that there is an issue on which to take a view—an unknown unknown, as we say. Could we have a published register of data sharing arrangements to which NHS bodies could sign up and submit a copy of their agreements? That would provide the Data Guardian with a single point of reference from which it could note any new agreements outwith the norm; that is exactly what the Government committed to doing with the current public service delivery data sharing codes of practice currently laid before Parliament.
There is a danger that the Data Guardian will become involved only after an issue has already reached the public’s attention, and possibly after an inappropriate use of data that might already have affected thousands of patients. A positive obligation to shared data arrangements with the Data Guardian might reduce the risk of such an eventuality. I look forward to hearing from the Minister and the hon. Gentleman on those points.
For the sake of our protocols, I should say that I had arranged for the windows to be opened because it is rather warm in this Committee room, but I am perfectly happy if people wish to remove their jackets.
I am grateful for the support from the Minister and the shadow Minister, and I wish to pick up on a couple of points. The appointment will be down to the Secretary of State, but I absolutely expect it to go to the Health and Social Care Committee—I think that is understood. A point was raised about advice and having written reports on what is being done, but the argument against that is that we want to see action. There is some confusion—the Data Guardian is not a regulator, and therefore that is not its role. All organisations are covered by a regulator and will take into account what the National Data Guardian says. That is why I do not think that such a provision would work.
I understand what the hon. Gentleman is saying, but it was clear in the Government consultation, and the response to it, that there was an intention for the body to have a few more teeth. Why did that change course?
The problem is that we could easily say that we need to have a regulator, but that is not what the Data Guardian does. We do not want to come along afterwards and say what has gone wrong; we want to get this right at the beginning and work with the different holders of data. It is a different approach. The comparison I think of is when I was involved with combating modern-day slavery. We now have a commissioner for that whose job is not to regulate but to expose and say what is going well or badly, and that helps. There could be pressure on an organisation—for instance, if it gets really bad publicity it will do something about it, but equally the commissioner will show where things are going well. We do not want to move towards a regulator or have lots of enforcement powers because that is totally different to what we have already established with Dame Fiona. Each hospital has a Caldicott guardian in it, so we are basically putting something that works on a statutory footing for the future.
I am pleased by the conversion of the hon. Member for Rhondda to concerns about cost, and I shall remind him of that if there is ever a Labour Government in future—
We have dealt with the heart of the Bill in clause 1. The subsequent clauses, while important, are not so detailed.
The purpose of clause 2 is to define some of the important terms used in clause 1. For instance, subsection (3) defines “adult social care”. I would clarify that children’s social care data, as has already been mentioned, is not within the scope of the Bill. It is covered via a different legislative framework and that framework has safeguards in place to protect children’s social care data from inappropriate use.
I would also point out that clause 2(7) provides that “processing” has the same meaning as given in section 1(1) of the Data Protection Act 1998. That definition has been used as it is a broad definition that captures a whole range of activity involving data, including obtaining, holding, recording, using and sharing.
I wish to raise a point on the exclusion of children’s data. I appreciate that hon. Members have referred to it already, but we are slightly concerned that although children’s data may be covered elsewhere, the guardian does not have any ability to write to bodies in that respect. It is perfectly reasonable for that to be included; indeed, I think it was included in the original Bill as drafted. We see it as a safety net, rather than an added complication.
I confirm that the Government support the clause. On the point about children, it is our interpretation that the provisions do not prevent the National Data Guardian from engaging constructively with the Department for Education on adult social care data and its interaction with or effect on children’s data. Clearly, this is something we will monitor, but, bearing in mind that the whole ethos behind the creation of the National Data Guardian is to spread good practice and make representations rather than regulations, the concern that the hon. Gentleman has expressed is important, but we do not think it will get in the way of sensible engagement.
In regard to application, the provisions extend to England and Wales but apply only to England. I have to confess that my knowledge of devolution arrangements is perhaps not as good as it should be, but our view is that the Bill applies only to England. Although the provisions could extend to England and Wales, it would be within the competence of the National Assembly for Wales to appoint a guardian and make such arrangements. That said, the National Data Guardian is an advisory role—it is not a reserved power under devolution arrangements—and as is common in the operation of the health systems in all four nations, I would expect that the advice and guidance given by the National Data Guardian would be heard and, when appropriate, acted on by the health services in the other nations.
My understanding when preparing for the Committee was that it would apply to England only. I think that is what the Minister has confirmed. Certainly in my part of the world there is quite a lot of movement of patients both ways between England and Wales, because we are quite close to the Welsh border. Can the Minister explain what will happen to patient records in that situation?
Clearly the Bill extends to England, but the purpose of the National Data Guardian is to give advice on the appropriate sharing of data and best practice. I should expect practitioners to have regard to the advice regardless of where they come from, because, notwithstanding the legal framework in which they operate, all health professionals want to behave in a responsible way. We expect the guidance of the National Data Guardian to be good practice. She has been giving advice without statutory powers to do so, and that advice has been respected; I think that that will continue. It is largely through an accident of the current structuring of the health service that the provisions are as they are. The principles under which the Data Guardian will give advice extend way beyond the geography of England.