Mr Davis

- Hansard -

Copy Link

- - Excerpts

Thank you, Mr Deputy Speaker. I take it you do not want me to start from the beginning again. That might test people’s patience a little.

As I was saying, if the giants of data security can be hacked, what chance the NHS? Big databases and big systems are intrinsically vulnerable. In 2017, a ransomware attack brought parts of the NHS to its knees. Trusts were forced to turn away patients, ambulances were diverted and 20,000 operations were cancelled. That highlights significant problems the Government have not yet had time to address. Despite those problems, the Government have been determined to press ahead with their data plans regardless. They undertook no widespread consultation, provided no easy opt-out, and showed no particular willingness to listen as would be proper with such an important move. The public were given little over a month to opt out of a data grab that few knew existed. The plan was described by the British Medical Association as “a complete failure” and “completely inadequate”.

The Government’s riding roughshod over our privacy was halted only when a coalition of organisations, including digital rights campaign group Foxglove, the Doctors’ Association UK, the National Pensioners Convention and myself, challenged the legality of the state’s actions. Our letter before legal action and threat of injunction forced a delay of two months. That is a welcome pause, but it has not resolved the issue.

Earlier this week, the Secretary of State published a data strategy that raised the possibility of using health data to improve care, something I know is close to his heart, but plans for securing and handling our data were consigned to a single paragraph—almost an afterthought. If the Government do not take corrective action to address our concerns, there will inevitably be a full judicial review. I have no doubt that, without clear action to both protect privacy and give patients control of their own data, the Government will find themselves on the losing side of any legal case.

Today, I hope and believe the Government will have the courtesy to listen. Indeed, if I may, I will thank the Secretary of State for being here personally today. It is very unusual for a Secretary of State to take the time to be here—he must be the busiest man in the Government—and address the issue today. That he has done so is, I think, a compliment to him.

A comprehensive health database undoubtedly has the potential to revolutionise patient treatment and save hundreds of thousands of lives. However, this data grab is not the correct approach. There are much better, safer and more effective ways to do this in the national interest. No system is ever going to be 100% safe, but it must be as safe as possible. We must find the proper balance between privacy and progress, research and restrictions, individual rights and academic insights. That also means controlling the companies we allow into our health system. Patient trust is vital to our NHS, so foreign tech companies such as Palantir, with their history of supporting mass surveillance, assisting in drone strikes, immigration raids and predictive policing, must not be placed at the heart of our NHS. We should not be giving away our most sensitive medical information lightly under the guise of research to huge companies whose focus is profits over people.

Of course, this was not Whitehall’s first attempt at a medical data grab. The failed care.data programme was the most notorious attempt to invade our privacy. Launched in 2013, NHS Digital’s project aimed to extract data from GP surgeries into a central database and sell the information to third parties for profit. NHS Digital claimed the data was going to be anonymised, not realising that that was actually impossible. The Cabinet Office described the disaster as having

“major issues with project definition, schedule, budget, quality and/or benefits delivery, which at this stage do not appear to be manageable or resolvable.”

The project was ended in July 2016, wasting £8 million before it was scrapped.

However, care.data was just one example. I am afraid the Department has a long and problematic history with IT. Before care.data the NHS national programme for IT was launched by Labour in 2003. It sought to link more than 30,000 GPs to nearly 300 hospitals with a centralised medical records system for 50 million patients. The initial budget of £2.3 billion—note billion, not million—ballooned to £20 billion, which had to be written off when the programme collapsed in 2011. My old Committee, the Public Accounts Committee described the failed programme as one of the

“worst and most expensive contracting fiascos”

ever.

The possibilities to make research more productive, quicker and more secure are goals worth pursuing. There is no doubt that we all agree on the aims, but the path to progress must be agreed on, and there is clear concern among the public, GPs and professional bodies about this new data system.