Health and Social Care (National Data Guardian) Bill Debate
Full Debate: Read Full DebatePeter Bone
Main Page: Peter Bone (Independent - Wellingborough)Department Debates - View all Peter Bone's debates with the Department of Health and Social Care
(6 years, 5 months ago)
Public Bill CommitteesWith this it will be convenient to consider that schedule 1 be the First schedule to the Bill.
It is a great pleasure to serve under your chairmanship, Dame Cheryl. I welcome the Minister and shadow Minister to the Committee.
The purpose of the Bill is to put on to a statutory footing the office of the National Data Guardian for Health and Social Care, and to promote the provision of advice and guidance about the processing of health and adult social care data in England. It would be remiss of me not to mention the work of my hon. Friend the Member for Bury St Edmunds (Jo Churchill): she has worked hard for a long time to establish the position of the National Data Guardian for Health and Social Care, and her perseverance and tenacity have ensured that we are on track to deliver it.
I thank the Minister and shadow Minister for their help and support with the Bill—and special thanks, of course, go to Dame Fiona Caldicott, who has pioneered the work on ensuring that the NHS handles data properly. She has been very helpful to me in the preparation of the Bill.
Clause 1 creates the Office of the National Data Guardian for Health and Social Care, referred to in the Bill as the “Data Guardian”. It makes general provisions about the Data Guardian’s functions and the way in which they are to be carried out. Subsection (2) empowers the Data Guardian to publish guidance about the processing of health and adult social care data in England. I should like to make it clear that it also covers public health data.
Subsection (3) imposes a duty on certain organisations and individuals to have regard to the National Data Guardian’s published guidance. Comment has been made as to why the Secretary of State is not included in the list. However, the Department of Health and Social Care is already included in the definition of those who have to have regard to the National Data Guardian’s advice, so it would be superfluous to include the Secretary of State.
Subsections (4), (5) and (6) cover requirements in relation to the Data Guardian’s published guidance. Those subsections are intended to keep the guidance relevant over time and, if necessary, updated to reflect new evidence. It has been suggested that subsection (5) should add an obligation that organisations and individuals that process health and social care data should provide the Data Guardian with appropriate information. I argue that that would create a duplication of the remit of regulators that already exist in those sectors. The Data Guardian’s role is as an advocate for the patient and the public, to build and maintain public trust. The role is as much about supporting individuals and organisations to get it right first time as it is about commenting, advising and providing guidance. It is not the intention of this Bill to create another regulator, but that the National Data Guardian should work with the Information Commissioner’s Office and the Care Quality Commission.
It has also been suggested that subsection (6) should add a duty that all data controllers and their data processors must publish their response to all advice issued. That would be extremely burdensome on those organisations and individuals, and it would be toothless without sanctions. Accountability should be assessed through actions, not written responses; the existing regulators would be able to assess the adherence to guidance and would cite the National Data Guardian during any investigation.
Clause 1(7) allows the Data Guardian to give informal advice, assistance and information to anyone, as long as it is about or relates to the processing of health and adult social care data in England. Clause 1(8) gives the Data Guardian flexibility in how far any particular piece of advice, assistance, information or guidance may be extended. The effect is to clarify that the Data Guardian can publish guidance and give advice on specific topics or themes, and can target it to certain organisations, individuals or sectors as appropriate. Clause 1(9) provides that the duty to have regard to the Data Guardian’s published guidance applies only in so far as the guidance is relevant to the functions or services of the body or person.
Clause 1(10) introduces schedule 1 to the Bill. As clause 1 and schedule 1 are being debated together, I will make some brief comments on schedule 1. The schedule makes further provision for the establishment, maintenance and operation of the Office of the Data Guardian. It sets out the Data Guardian’s terms of appointment and covers a broad range of matters related to the Office of the Data Guardian. It includes its constitution, its financial and reporting framework, and how members of staff and advisers are reported and remunerated. I draw the Committee’s attention to paragraph 15 of schedule 1, which provides that the Secretary of State must pay to the Data Guardian the amount that he considers appropriate for the purpose of enabling the Data Guardian to carry out his or her functions.
The Committee will be aware that there was some debate about the cost during the money resolution debate. I thank hon. Members who are here today and those who took part in the debate. I want to make clear that, although the estimated cost is £725,000 per year, that is only an additional £225,000 per year and relates to putting the Data Guardian on a statutory footing. As the Committee will know, there is already a Data Guardian, which costs £500,000; we are just putting this on a statutory footing and saying it is the right thing to do.
I congratulate my hon. Friend on having got his Bill so far. On the costs, the Data Guardian will basically be indemnified for the costs incurred, yet I see that the Data Guardian will have enormous flexibility to publish and give as much guidance or advice as they wish. Surely the Data Guardian could, by giving a lot more advice and guidance over which there is no control, result in significantly increased costs for the public sector?
I am grateful for my hon. Friend’s intervention and the fact that he is on the Committee; I know that all Committees welcome his membership.
The reason why we have a Data Guardian is to provide safeguarding and to make sure that the data is handled properly. Those costs can only be estimated; as my hon. Friend says, they could be more or less, depending on the requirements. That is exactly why we need a guardian. I would like the costs to be minimal, because that means that we are handling the guardian properly. But if there needs to be more, because there is a requirement to do more, there will be more cost.
Does my hon. Friend know of any case where a regulator given powers by Parliament has chosen to reduce the amount of powers that are used? Surely, the natural thing is for regulators to increase their activity, using the powers to the maximum and thereby increasing the costs.
I agree, but what we are not doing today is creating a regulator; I would not be likely to propose a Bill to create a regulator. The Data Guardian already exists and it is not a regulator—I specifically said that in my opening remarks. Although it is probably true that regulators do that, that is not what I expect to happen with the National Data Guardian.
It is a pleasure, as always, to serve under your chairmanship, Dame Cheryl. I congratulate the hon. Member for Wellingborough on his notable success in getting the Bill to this stage, and I thank him for his candour during the debate on the money resolution and for his acknowledgment of his good fortune in getting the Bill to this stage ahead of others.
As I mentioned when we debated the money resolution of the Bill, Labour Members welcome the decision to put the National Data Guardian for Health and Social Care on a statutory footing. On that basis, we agree with the thrust of the Bill. I am sure that colleagues will be relieved that I do not intend to speak for too long, but I have one or two comments and observations about clause 1—and about clause 2, which we will discuss a little later. I hope that the Minister will be able to respond to the points made by the hon. Member for Wellingborough, some of which I was going to make anyway.
I mentioned when the money resolution was debated that although the use of data has the potential to improve our health services and treatments beyond recognition, we know from past experience that use of data in the NHS and in wider society can prove controversial and carries high levels of suspicion among patients. We hope that the establishment of the Data Guardian on a statutory footing can give patients confidence that their medical information will be treated in the correct manner. I note from the comments of the hon. Member for Wellingborough that there seems to be an omission from clause 1 as it stands, as there does not seem to be an opportunity for the National Data Guardian to give advice to the Secretary of State himself, although he considers that duty to be covered elsewhere and that such as an addition would be superfluous.
There seems to be a discrepancy that leaves the Data Guardian in an inferior position to either the existing Confidentiality Advisory Group or the Health Research Authority. I would be grateful to know if that was the intention of the legislation. The power to appoint the Data Guardian rests entirely with the Secretary of State, seemingly without any qualification. Is it envisaged that the Health Committee might get an opportunity to comment on such appointments? Recent appointments in the health sector have proven controversial, so it would be appropriate for the Select Committee to comment.
Our second query relates to public health commissioned through local authorities. Given the heavy use of data in public health, it is surprising that that does not seem to be covered by the Bill. Given all the public health activity undertaken by non-public bodies in recent years, I would welcome comments from the Minister and from the hon. Member for Wellingborough about whether the Bill is intended to cover health in the broader sense.
There is also a query about other forms of data that are more directly within the NHS, such as the cancer registry, which resides in Public Health England. It uses data collected by the NHS that could affect the direct care of patients. I would welcome confirmation of whether the Data Guardian is intended to cover that data, too.
The hon. Member for Wellingborough touched on clause 1 (6), which I would like to explore in a little more detail. Labour Members might have expected it to include an obligation for data controllers not only to have regard to advice, but to publish their response to that advice. That expectation is not unrealistic, given that the responses to question 5 of the Government’s consultation were overwhelmingly supportive of such a provision.
In question 5 of the consultation, the Government propose that
“organisations holding health and care data which could be used to identify individuals should be required to publish all materials demonstrating how they have responded to advice from the national data guardian.”
In their response to the consultation, the Government said:
“Responses were supportive of the proposal that the national data guardian should be given formal advice giving powers.”
That would certainly provide reassurances that the National Data Guardian will have real authority and act as an independent voice for patients, but without such statutory backing it is foreseeable that its independence and authority could be undermined. Without a requirement for organisations that receive advice to provide evidence of their response in a way that can be easily disseminated, there is no way we can be sure that the Data Guardian will be effective in doing the important job required by the Bill.
Members will recognise that the requirement for bodies to “have regard” to advice does not always mean that they take action in respect of that advice. An obvious example of that is, of course, the National Institute for Health and Care Excellence guidelines, which we know CCGs often ignore—seemingly with total impunity. I am sure Members do not want a repeat of that with this Bill, so I ask the hon. Gentleman and the Minister to respond on that point in a little more detail. I take the point that providing such responses might be burdensome on authorities controlling data, but I do not think that that cuts the mustard, given our concern about whether this measure will give the Data Guardian sufficient authority and teeth to deal with the issues under discussion.
My final point on clause 1 relates to data sharing and the lack of a positive obligation for bodies to provide that information. For the National Data Guardian to take a view on a particular data issue, it must first know that there is an issue on which to take a view—an unknown unknown, as we say. Could we have a published register of data sharing arrangements to which NHS bodies could sign up and submit a copy of their agreements? That would provide the Data Guardian with a single point of reference from which it could note any new agreements outwith the norm; that is exactly what the Government committed to doing with the current public service delivery data sharing codes of practice currently laid before Parliament.
There is a danger that the Data Guardian will become involved only after an issue has already reached the public’s attention, and possibly after an inappropriate use of data that might already have affected thousands of patients. A positive obligation to shared data arrangements with the Data Guardian might reduce the risk of such an eventuality. I look forward to hearing from the Minister and the hon. Gentleman on those points.
It is a pleasure to serve under your chairmanship, Dame Cheryl, and an absolute pleasure to respond to the Bill of my hon. Friend the Member for Wellingborough. I congratulate him on bringing this important reform forward and thank him for working so constructively with the Government to put the National Data Guardian on a statutory footing.
This is an important reform. As the shadow Minister mentioned, the public are rightly concerned about information and data that is held on them and the extent to which that is shared. The new National Data Guardian will do much to reassure people that the environment in which data is held and managed is one that respects their privacy, while at the same time ensuring that appropriate safeguarding can be achieved. Given the culture that exists within our health services, the comfort with which organisations can respond to the advice given by the National Data Guardian will make for a much more effective system to support the public.
I confirm the Government’s support for and commitment to the Bill. We very much wish it to succeed. We see real benefits to all individuals in ensuring that we share health and care data in a safe, secure and legal way. The Bill will go a long way to increasing public trust in the appropriate and effective use of health and care data. The National Data Guardian has already established herself as an independent and authoritative voice for the patient and service user in how their data is used in the health and adult social care system.
Let me address some of the points that have been raised. Clearly, my hon. Friends will be concerned about the potential costs, as we would be as Conservatives. The estimates we have established as a result of the impact assessment provide for some extra expenditure, and that is for additional staffing so that the published guidance has a legal status—that will be a natural outcome of putting the Data Guardian on a legal footing. There will be some additional costs, and we have been generous in our estimates for them.
The shadow Minister asked a number of questions about other agencies that might be covered by the Bill, and as my hon. Friend the Member for Wellingborough said, the Bill as drafted covers public health. Provisions in the Bill will extend to local authority functions with respect to adult social care, but not to children because they are covered by a different legal framework.
The hon. Member for Rhondda raised some good points to which we could ask the National Data Guardian to have regard. He is right to say that we as Members of Parliament often take up health and social care issues on behalf of our constituents, and nothing is intended to get in the way of that. Indeed, it could be helpful to us if the National Data Guardian gave instructions to those bodies about their obligation to be open and transparent. I am sure that the hon. Gentleman, and other hon. Members, have often found that the spirit of openness that we expect when we challenge something is not always respected. In that culture of openness, and with respect for privacy and safety, we support the Bill.
I am grateful for the support from the Minister and the shadow Minister, and I wish to pick up on a couple of points. The appointment will be down to the Secretary of State, but I absolutely expect it to go to the Health and Social Care Committee—I think that is understood. A point was raised about advice and having written reports on what is being done, but the argument against that is that we want to see action. There is some confusion—the Data Guardian is not a regulator, and therefore that is not its role. All organisations are covered by a regulator and will take into account what the National Data Guardian says. That is why I do not think that such a provision would work.
I understand what the hon. Gentleman is saying, but it was clear in the Government consultation, and the response to it, that there was an intention for the body to have a few more teeth. Why did that change course?
The problem is that we could easily say that we need to have a regulator, but that is not what the Data Guardian does. We do not want to come along afterwards and say what has gone wrong; we want to get this right at the beginning and work with the different holders of data. It is a different approach. The comparison I think of is when I was involved with combating modern-day slavery. We now have a commissioner for that whose job is not to regulate but to expose and say what is going well or badly, and that helps. There could be pressure on an organisation—for instance, if it gets really bad publicity it will do something about it, but equally the commissioner will show where things are going well. We do not want to move towards a regulator or have lots of enforcement powers because that is totally different to what we have already established with Dame Fiona. Each hospital has a Caldicott guardian in it, so we are basically putting something that works on a statutory footing for the future.
I am pleased by the conversion of the hon. Member for Rhondda to concerns about cost, and I shall remind him of that if there is ever a Labour Government in future—
Well, I am sure there will be a Labour Government sometime in the next century.
The hon. Gentleman makes a very important point about MPs and data provided by our constituents. Although I do not think it is particularly relevant to this, I do think all Members are wrestling with what the new regulations mean. Medical practitioners have to hold information for a very long time. I have very detailed medical information from some of my constituents, and serious issues might arise if we were forced to destroy such information. Perhaps the National Data Guardian could give some advice on that point. I get very frustrated when I have to deal with the local hospital, if I do not get a consent form. That is clearly a delaying factor and definitely needs to be cleared up.
Question put and agreed to.
Clause 1 accordingly ordered to stand part of the Bill.
Schedule 1 agreed to.
Clause 2
Interpretation
Question proposed, That the clause stand part of the Bill.
We have dealt with the heart of the Bill in clause 1. The subsequent clauses, while important, are not so detailed.
The purpose of clause 2 is to define some of the important terms used in clause 1. For instance, subsection (3) defines “adult social care”. I would clarify that children’s social care data, as has already been mentioned, is not within the scope of the Bill. It is covered via a different legislative framework and that framework has safeguards in place to protect children’s social care data from inappropriate use.
I would also point out that clause 2(7) provides that “processing” has the same meaning as given in section 1(1) of the Data Protection Act 1998. That definition has been used as it is a broad definition that captures a whole range of activity involving data, including obtaining, holding, recording, using and sharing.
I wish to raise a point on the exclusion of children’s data. I appreciate that hon. Members have referred to it already, but we are slightly concerned that although children’s data may be covered elsewhere, the guardian does not have any ability to write to bodies in that respect. It is perfectly reasonable for that to be included; indeed, I think it was included in the original Bill as drafted. We see it as a safety net, rather than an added complication.
If I may, I will come back to the hon. Gentleman on that point. I would say that it would not, but I will confirm in due course.
The shadow Minister makes a fair point, which goes to the heart of a problem that I have found in the past—that children are looked after by the Department for Education and not the health service. When I dealt with modern-day slavery, I came across exactly the same problem. What the shadow Minister said should be heard loud and clear by the Department for Education.
Question put and agreed to.
Clause 2 accordingly ordered to stand part of the Bill.
With this it will be convenient to discuss that schedule 2 be the Second schedule to the Bill.
The clause introduces amendments to other legislation as a consequence of the Bill. Schedule 2 lists five Acts to be altered, following parliamentary counsel’s advice. Those are the Public Records Act 1958, the Parliamentary Commissioner Act 1967, the House of Commons Disqualification Act 1975, the Freedom of Information Act 2000 and the Equality Act 2010.
Why is the hon. Gentleman so keen on disqualifying a Member of the House of Commons from being the Data Guardian?
The consequential amendments introduced are typical for setting up such a body. The Government are content with the clause, as drafted.
Question put and agreed to.
Clause 3 accordingly ordered to stand part of the Bill.
Schedule 2 agreed to.
Clause 4
Extent
Question proposed, That the clause stand part of the Bill.
The clause sets out the Bill’s territorial extent. The Bill extends to England and Wales only. The Committee will note that clause 1 provides for the Data Guardian to publish guidance and give advice, information and assistance, but that applies only to the processing of health and social care data in England. However, in regard to application, the provisions extend to England and Wales but apply only to England. The provisions do not extend or apply to Scotland or Northern Ireland. I hope that is perfectly clear.
Well no, it is not really. In fact, it is a little bit worse than that. We return to clause 2(5), which says:
“‘The health service’ means the health service continued under section 1(1) of the National Health Service Act 2006”,
but that Act states:
“The Secretary of State must continue the promotion in England of a comprehensive health service”
and so on. I therefore do not understand why the Bill extends to England and Wales. Will the provision will have any relevance whatever in Wales? If not, I do not know why it says that it does.
Clearly the Bill extends to England, but the purpose of the National Data Guardian is to give advice on the appropriate sharing of data and best practice. I should expect practitioners to have regard to the advice regardless of where they come from, because, notwithstanding the legal framework in which they operate, all health professionals want to behave in a responsible way. We expect the guidance of the National Data Guardian to be good practice. She has been giving advice without statutory powers to do so, and that advice has been respected; I think that that will continue. It is largely through an accident of the current structuring of the health service that the provisions are as they are. The principles under which the Data Guardian will give advice extend way beyond the geography of England.
It may well be a standard clause, but such clauses are often abused by the Government. For example, Parliament passed a measure to outlaw exit payments for public sector workers in the Enterprise Act 2016. We are still waiting for the regulations under that primary legislation to be introduced. The Government now say that they will have to consult on them. Effectively, what Parliament thought was happening—the limiting of public sector exit payments—has not happened.
The Bill is supported across the House, as the measure I have mentioned was. I should be grateful for some indication from the Minister of when the Government will implement it. It could be delayed by the Government by means of the regulation-making powers in the clause; or by the Government’s not appointing the Data Guardian. There are other ways in which it could be delayed, and if we take the past as a guide to the future we should be suspicious of the Government when they are not prepared to include in the Bill a commitment for it to commence on a given date.
I completely agree with everything my hon. Friend says. It is Ministers’ responsibility to ensure that the decisions made by Parliament are actioned as promptly and effectively as possible. I know him well enough to be sure that he will hold me to account on exactly that basis if he does not feel the Bill comes forward quickly enough. I would like to see it commenced by the end of the year, and I will work with my officials to ensure that that is the case. If we cannot achieve that, I will give him an explanation.
I am grateful for the contributions by my hon. Friend the Member for Christchurch and the hon. Member for Rhondda. I absolutely agree with their general comments. I looked carefully when drafting the Bill at the issue they raised. I could have included a provision that the Bill would come into effect, say, six months after it became law, but I did not because we already have a Data Guardian, so there will not be any gap, and I know how much the Government support the Bill. That is the reason we did not put in a date, but under other circumstances I absolutely would have insisted on one.
Question put and agreed to.
Clause 5 accordingly ordered to stand part of the Bill.
Clause 6
Short title
Question proposed, That the clause stand part of the Bill.
Before I close proceedings, may I thank all Members for taking part in the scrutiny of the Bill, and the Hansard reporters and officials from both the House and the Department who have supported us?
Further to that point of order, Dame Cheryl. I echo the thanks of my hon. Friend and again thank him for his real industry on what will be an important reform. I also thank colleagues who showed up today for their probing questions, which are always important as we scrutinise legislation.