Question to the Department of Health and Social Care:

To ask the Secretary of State for Health and Social Care, what steps his Department has taken to ensure that the third-party data entry of NHS patient data is processed securely.

IT systems in the National Health Service operate to the highest standards of security, and all organisations have governance arrangements in place to ensure the safe, legal management of data. Third party organisations operate under the instruction of the NHS when processing data, with safeguards in place to keep people’s confidential information secure as per contractual requirements. All organisations that have access to NHS patient data and systems must use the Data Security and Protection Toolkit (DSPT) to provide assurance on an annual basis that they are practising good data security and that personal information is handled correctly. Over 61,500 organisations completed a DSPT assessment for 2024/25.

The privacy and confidentiality of health and care data is championed by the National Data Guardian who provides independent advice on the use of such data and holds the Caldicott Principles, which provide a framework for the safe and respectful use of data.