Question to the Department of Health and Social Care:

To ask the Secretary of State for Health and Social Care, pursuant to his oral contributions of 20 July 2020, Official Report 1863 and 1865, what steps he is taking to ensure consistent prioritisation of data protection requirements on personal health data.

Ensuring the privacy of individuals and the security of their personal data is a priority for the Government and National Health Service. We comply with the requirements of data protection legislation, ensuring data is used in a safe, secure and legal way. Personal data is handled according to the highest ethical and security standards.

We are clear that where organisations are using the Control of Patient information Notices to process confidential patient information under the Health Service Control of Patient Information Regulations 2002 (COPI) for purposes set out in Regulation 3(1) of COPI (insofar as those purposes relate to the current outbreak of COVID-19), that data controllers are still required to comply with relevant and appropriate data protection standards and to ensure that they operate within statutory and regulatory boundaries. Recipients of confidential patient information have responsibilities under COPI when processing the confidential patient information and must observe the restrictions which apply to their processing of it under Regulation 7 of COPI.

In addition, we are completing all necessary Data Protection Impact Assessments in order to meet our obligations under the General Data Protection Regulation.