Question to the Department of Health and Social Care:

To ask the Secretary of State for Health and Social Care, with reference to Schedule 12 of the Data Protection and Digital Information (No. 2) Bill, whether he already has the statutory authority to (a) issue written notices to relevant IT providers requesting their compliance with information standards of the type described in Section 251ZB and (b) publish a statement of censure to relevant IT providers regarding their non-compliance with those standards of the type described in Section 251ZC.

At present public providers of health or adult social care in England must have regard to information standards. Changes made by the Health and Care Act 2022, once commenced, will make information standards binding and extend them so that they apply to private health and adult social care providers that are required to be registered with the Care Quality Commission.

The Data Protection and Digital Information Bill is intended to make those involved in supplying IT systems used for processing health and adult social care information accountable for meeting mandatory information standards used in connection with the provision of health and adult social care in England. The Bill is intended to give the Secretary of State for Health and Social Care powers to enable them to issue relevant IT providers who are suspected of not complying with an information standard with a notice asking for compliance. The Secretary of State for Health and Social Care will also be able to publish a statement about non-compliance by way of public censure.