Health and Social Care (National Data Guardian) Bill
Debate between Justin Madders and Peter BoneWednesday 6th June 2018
(5 years, 11 months ago)
Public Bill CommitteesRead Full debate Health and Social Care (National Data Guardian) Act 2018 View all Health and Social Care (National Data Guardian) Act 2018 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: Public Bill Committee Amendments as at 6 June 2018 - (6 Jun 2018)
Mr Bone
I agree, but what we are not doing today is creating a regulator; I would not be likely to propose a Bill to create a regulator. The Data Guardian already exists and it is not a regulator—I specifically said that in my opening remarks. Although it is probably true that regulators do that, that is not what I expect to happen with the National Data Guardian.
Justin Madders (Ellesmere Port and Neston) (Lab)
It is a pleasure, as always, to serve under your chairmanship, Dame Cheryl. I congratulate the hon. Member for Wellingborough on his notable success in getting the Bill to this stage, and I thank him for his candour during the debate on the money resolution and for his acknowledgment of his good fortune in getting the Bill to this stage ahead of others.
As I mentioned when we debated the money resolution of the Bill, Labour Members welcome the decision to put the National Data Guardian for Health and Social Care on a statutory footing. On that basis, we agree with the thrust of the Bill. I am sure that colleagues will be relieved that I do not intend to speak for too long, but I have one or two comments and observations about clause 1—and about clause 2, which we will discuss a little later. I hope that the Minister will be able to respond to the points made by the hon. Member for Wellingborough, some of which I was going to make anyway.
I mentioned when the money resolution was debated that although the use of data has the potential to improve our health services and treatments beyond recognition, we know from past experience that use of data in the NHS and in wider society can prove controversial and carries high levels of suspicion among patients. We hope that the establishment of the Data Guardian on a statutory footing can give patients confidence that their medical information will be treated in the correct manner. I note from the comments of the hon. Member for Wellingborough that there seems to be an omission from clause 1 as it stands, as there does not seem to be an opportunity for the National Data Guardian to give advice to the Secretary of State himself, although he considers that duty to be covered elsewhere and that such as an addition would be superfluous.
There seems to be a discrepancy that leaves the Data Guardian in an inferior position to either the existing Confidentiality Advisory Group or the Health Research Authority. I would be grateful to know if that was the intention of the legislation. The power to appoint the Data Guardian rests entirely with the Secretary of State, seemingly without any qualification. Is it envisaged that the Health Committee might get an opportunity to comment on such appointments? Recent appointments in the health sector have proven controversial, so it would be appropriate for the Select Committee to comment.
Our second query relates to public health commissioned through local authorities. Given the heavy use of data in public health, it is surprising that that does not seem to be covered by the Bill. Given all the public health activity undertaken by non-public bodies in recent years, I would welcome comments from the Minister and from the hon. Member for Wellingborough about whether the Bill is intended to cover health in the broader sense.
There is also a query about other forms of data that are more directly within the NHS, such as the cancer registry, which resides in Public Health England. It uses data collected by the NHS that could affect the direct care of patients. I would welcome confirmation of whether the Data Guardian is intended to cover that data, too.
The hon. Member for Wellingborough touched on clause 1 (6), which I would like to explore in a little more detail. Labour Members might have expected it to include an obligation for data controllers not only to have regard to advice, but to publish their response to that advice. That expectation is not unrealistic, given that the responses to question 5 of the Government’s consultation were overwhelmingly supportive of such a provision.
In question 5 of the consultation, the Government propose that
“organisations holding health and care data which could be used to identify individuals should be required to publish all materials demonstrating how they have responded to advice from the national data guardian.”
In their response to the consultation, the Government said:
“Responses were supportive of the proposal that the national data guardian should be given formal advice giving powers.”
That would certainly provide reassurances that the National Data Guardian will have real authority and act as an independent voice for patients, but without such statutory backing it is foreseeable that its independence and authority could be undermined. Without a requirement for organisations that receive advice to provide evidence of their response in a way that can be easily disseminated, there is no way we can be sure that the Data Guardian will be effective in doing the important job required by the Bill.
Members will recognise that the requirement for bodies to “have regard” to advice does not always mean that they take action in respect of that advice. An obvious example of that is, of course, the National Institute for Health and Care Excellence guidelines, which we know CCGs often ignore—seemingly with total impunity. I am sure Members do not want a repeat of that with this Bill, so I ask the hon. Gentleman and the Minister to respond on that point in a little more detail. I take the point that providing such responses might be burdensome on authorities controlling data, but I do not think that that cuts the mustard, given our concern about whether this measure will give the Data Guardian sufficient authority and teeth to deal with the issues under discussion.
My final point on clause 1 relates to data sharing and the lack of a positive obligation for bodies to provide that information. For the National Data Guardian to take a view on a particular data issue, it must first know that there is an issue on which to take a view—an unknown unknown, as we say. Could we have a published register of data sharing arrangements to which NHS bodies could sign up and submit a copy of their agreements? That would provide the Data Guardian with a single point of reference from which it could note any new agreements outwith the norm; that is exactly what the Government committed to doing with the current public service delivery data sharing codes of practice currently laid before Parliament.
There is a danger that the Data Guardian will become involved only after an issue has already reached the public’s attention, and possibly after an inappropriate use of data that might already have affected thousands of patients. A positive obligation to shared data arrangements with the Data Guardian might reduce the risk of such an eventuality. I look forward to hearing from the Minister and the hon. Gentleman on those points.
Mr Bone
I am grateful for the support from the Minister and the shadow Minister, and I wish to pick up on a couple of points. The appointment will be down to the Secretary of State, but I absolutely expect it to go to the Health and Social Care Committee—I think that is understood. A point was raised about advice and having written reports on what is being done, but the argument against that is that we want to see action. There is some confusion—the Data Guardian is not a regulator, and therefore that is not its role. All organisations are covered by a regulator and will take into account what the National Data Guardian says. That is why I do not think that such a provision would work.
Justin Madders
I understand what the hon. Gentleman is saying, but it was clear in the Government consultation, and the response to it, that there was an intention for the body to have a few more teeth. Why did that change course?
Mr Bone
The problem is that we could easily say that we need to have a regulator, but that is not what the Data Guardian does. We do not want to come along afterwards and say what has gone wrong; we want to get this right at the beginning and work with the different holders of data. It is a different approach. The comparison I think of is when I was involved with combating modern-day slavery. We now have a commissioner for that whose job is not to regulate but to expose and say what is going well or badly, and that helps. There could be pressure on an organisation—for instance, if it gets really bad publicity it will do something about it, but equally the commissioner will show where things are going well. We do not want to move towards a regulator or have lots of enforcement powers because that is totally different to what we have already established with Dame Fiona. Each hospital has a Caldicott guardian in it, so we are basically putting something that works on a statutory footing for the future.
I am pleased by the conversion of the hon. Member for Rhondda to concerns about cost, and I shall remind him of that if there is ever a Labour Government in future—
Mr Bone
We have dealt with the heart of the Bill in clause 1. The subsequent clauses, while important, are not so detailed.
The purpose of clause 2 is to define some of the important terms used in clause 1. For instance, subsection (3) defines “adult social care”. I would clarify that children’s social care data, as has already been mentioned, is not within the scope of the Bill. It is covered via a different legislative framework and that framework has safeguards in place to protect children’s social care data from inappropriate use.
I would also point out that clause 2(7) provides that “processing” has the same meaning as given in section 1(1) of the Data Protection Act 1998. That definition has been used as it is a broad definition that captures a whole range of activity involving data, including obtaining, holding, recording, using and sharing.
Justin Madders
I wish to raise a point on the exclusion of children’s data. I appreciate that hon. Members have referred to it already, but we are slightly concerned that although children’s data may be covered elsewhere, the guardian does not have any ability to write to bodies in that respect. It is perfectly reasonable for that to be included; indeed, I think it was included in the original Bill as drafted. We see it as a safety net, rather than an added complication.