Question to the Department of Health and Social Care:

To ask Her Majesty's Government whether the Data Protection Impact Assessment for the NHS COVID-19 Data Store published on 5 June covers the release of patient identifiable information to local public health teams; and if so, which (1) legal, or (2) policy, provisions prevent local directors of public health from receiving such information.

The COVID-19 Data Store does not hold patient identifiable data, as all data is de-identified (pseudonymised) in line with Information Commissioner’s Office (ICO) guidance and best practice, prior to being imported to the database. Therefore, the release of patient identifiable information to local public health teams, via the COVID-19 Data Store, is not possible.

NHS England is the data controller for all data held within the COVID-19 data store and ensures (via contractual arrangements) that data storage and processes are fully compliant with legislation and best practice.