Question to the Department of Health and Social Care:
To ask the Secretary of State for Health and Social Care, what steps he is taking to limit the transfer of patient data to overseas contractors.
There are strong protections in law to ensure that health and care information is used in a safe, secure, and legal way. This includes the UK General Data Protection Regulation and Data Protection Act 2018, which establishes a legal framework for processing personal information, including safeguarding requirements, and transfer risk assessments for transfers outside the United Kingdom not covered by an adequacy decision. All contractors, regardless of where they are based, must comply with this legislation.
National Health Service contracts must be subject to proper scrutiny and there are tools in place to do this in a targeted and proportionate way. For health and digital contracts, procurement powers, such as the Procurement Act 2023, sit alongside data protection legislation and contractual data protection provisions.
While the Government’s procurement framework cannot explicitly favour suppliers based on nationality, individual contracts can require NHS data to remain in the UK.