Question to the Department of Health and Social Care:

To ask the Secretary of State for Health and Social Care, what steps he is taking to ensure that the Federated Data Platform will maintain patient confidentiality.

To ensure that the Federated Data Platform (FDP) complies with data protection principles and associated legislation and maintains patient confidentiality, NHS England has developed an initial Data Protection Impact Assessment (DPIA) for the procurement of the FDP. An overarching DPIA will be undertaken to articulate the data security and protection principles and lawful bases for deployment. Purpose-specific DPIA’s will be drafted for each use case, which will receive formal approval within NHS England prior to deployment. A legal mechanism for sharing and processing data will be agreed in consultation with NHS England and legal counsel.

This will be concurrent and aligned with the procurement process to ensure data protection by design and default principles are embedded. This will ensure that a lawful basis for data sharing is identified and the common law duty of confidentiality is adhered to for all use cases. The FDP team is also consulting on this process with information governance leads in the sector and privacy campaigners.