Question to the Department of Health and Social Care:

To ask His Majesty's Government, further to the Written Answer by Lord Markham on 19 February (HL2438), why NHS England has disregarded requests from independent advisors to the Advisory Group for Data for the version control on the Terms of Reference to be updated to reflect the full circulation of the document and the timing of that circulation.

Answered by Lord Markham - Parliamentary Under-Secretary (Department of Health and Social Care)

NHS England has confirmed that it has updated the version control for the draft document, to reflect drafts as issued together with reviewer comments, including the date issued. NHS England, through the Privacy, Transparency and Trust team in the Delivery Directorate, has received feedback on the drafts, and will publish a final version in due course, following approval by or on behalf of the NHS England Board.

NHS England has confirmed that the Chair of the interim Advisory Group for Data has already been sent an updated interim version issued on 5 February 2024 and will share the next version with the group, in line with the commitment made to the group as outlined in the minutes of the meeting on 11 January 2024, before it progresses to the next stage of ratification.

Question to the Department of Health and Social Care:

To ask His Majesty's Government, further to the Written Answer by Lord Markham on 19 February (HL2438), whether they plan to respond positively to the request by NHS England’s Advisory Group for Data to see the next draft of the Terms of Reference before it progresses to the next stage of ratification.

Answered by Lord Markham - Parliamentary Under-Secretary (Department of Health and Social Care)

NHS England has confirmed that it has updated the version control for the draft document, to reflect drafts as issued together with reviewer comments, including the date issued. NHS England, through the Privacy, Transparency and Trust team in the Delivery Directorate, has received feedback on the drafts, and will publish a final version in due course, following approval by or on behalf of the NHS England Board.

NHS England has confirmed that the Chair of the interim Advisory Group for Data has already been sent an updated interim version issued on 5 February 2024 and will share the next version with the group, in line with the commitment made to the group as outlined in the minutes of the meeting on 11 January 2024, before it progresses to the next stage of ratification.

Question to the Department of Health and Social Care:

To ask His Majesty's Government, further to the meeting of the Advisory Group on Data (AGD) on 11 January, what discussions they have had with NHS England regarding AGD’s request to see the next draft of its draft Terms of Reference before it is moved on to the next stage of ratification.

Answered by Lord Markham - Parliamentary Under-Secretary (Department of Health and Social Care)

The Department has had no discussions with NHS England regarding the July 2023 meeting of the Data, Digital and Technology Committee, or regarding the Advisory Group for Data’s (AGD) request that the version control on its draft terms of reference be updated to reflect the full circulation of the document, as well as the timing of the circulation.

The role of the advisory group is set out within the statutory guidance issued by the Department, in NHS England’s protection of patient data. We understand that the terms of reference for the AGD are currently in draft, with version control reflecting formal drafts as issued. NHS England, through the Privacy, Transparency and Trust team in the Delivery Directorate, has received feedback on the drafts, which will be published in due course following approval by, or on behalf of, the NHS England board.

Question to the Department of Health and Social Care:

To ask His Majesty's Government what changes have been made to the draft Terms of Reference for the Advisory Group on Data since April 2023; and which part of NHS England was responsible for making those changes.

Answered by Lord Markham - Parliamentary Under-Secretary (Department of Health and Social Care)

The Department has had no discussions with NHS England regarding the July 2023 meeting of the Data, Digital and Technology Committee, or regarding the Advisory Group for Data’s (AGD) request that the version control on its draft terms of reference be updated to reflect the full circulation of the document, as well as the timing of the circulation.

The role of the advisory group is set out within the statutory guidance issued by the Department, in NHS England’s protection of patient data. We understand that the terms of reference for the AGD are currently in draft, with version control reflecting formal drafts as issued. NHS England, through the Privacy, Transparency and Trust team in the Delivery Directorate, has received feedback on the drafts, which will be published in due course following approval by, or on behalf of, the NHS England board.

Question to the Department of Health and Social Care:

To ask His Majesty's Government what discussions they have had with NHS England regarding the concerns expressed by the Advisory Group on Data (AGD) at their meeting on 11 January about the Data, Digital and Technology Committee (DDaTC) meeting on the 12 July 2023, including (1) that the AGD had not been informed that its draft Terms of Reference had been submitted to DDaTC, (2) that the AGD was not informed about any DDaTC feedback on the AGD Terms of Reference, and (3) that the content of DDaTC minutes suggested a possible misunderstanding of AGD’s advisory role.

Answered by Lord Markham - Parliamentary Under-Secretary (Department of Health and Social Care)

The Department has had no discussions with NHS England regarding the July 2023 meeting of the Data, Digital and Technology Committee, or regarding the Advisory Group for Data’s (AGD) request that the version control on its draft terms of reference be updated to reflect the full circulation of the document, as well as the timing of the circulation.

The role of the advisory group is set out within the statutory guidance issued by the Department, in NHS England’s protection of patient data. We understand that the terms of reference for the AGD are currently in draft, with version control reflecting formal drafts as issued. NHS England, through the Privacy, Transparency and Trust team in the Delivery Directorate, has received feedback on the drafts, which will be published in due course following approval by, or on behalf of, the NHS England board.

Question to the Department of Health and Social Care:

To ask His Majesty's Government, further to the meeting of the Advisory Group on Data (AGD) on 11 January, what discussions they have had with NHS England regarding AGD’s request that the version control on its draft Terms of Reference be updated to reflect the full circulation of the document, and the timing of such circulation.

Answered by Lord Markham - Parliamentary Under-Secretary (Department of Health and Social Care)

The Department has had no discussions with NHS England regarding the July 2023 meeting of the Data, Digital and Technology Committee, or regarding the Advisory Group for Data’s (AGD) request that the version control on its draft terms of reference be updated to reflect the full circulation of the document, as well as the timing of the circulation.

The role of the advisory group is set out within the statutory guidance issued by the Department, in NHS England’s protection of patient data. We understand that the terms of reference for the AGD are currently in draft, with version control reflecting formal drafts as issued. NHS England, through the Privacy, Transparency and Trust team in the Delivery Directorate, has received feedback on the drafts, which will be published in due course following approval by, or on behalf of, the NHS England board.

Question to the Department of Health and Social Care:

To ask His Majesty's Government, further to the remarks by Lord Markham on 25 January 2023 (HL Deb col 280) that the transfer of certain statutory functions would not weaken existing protections data and that data protection would remain a priority, what assessment they have made of the consistency with those remarks of the conclusion of the Data, Digital and Technology Committee of NHS England on 12 July 2023 that the Advisory Group for Data should be audited to ensure its decisions “are proportionate and are not unnecessarily disruptive to delivery and transformation”.

Answered by Lord Markham - Parliamentary Under-Secretary (Department of Health and Social Care)

The advisory group for data (AGD) is central to ensuring that the transfer of NHS Digital's statutory functions to NHS England does not weaken existing protections of data.

The Secretary of State has issued statutory guidance about the exercise by NHS England of the transferred data functions. This statutory guidance requires NHS England to seek advice from a data advisory group, namely the AGD, on specific data access requests, and to support the development and maintenance of precedents, standards and guidance on data access. Terms of reference for the AGD are under consideration by NHS England following a consultation process. The terms of reference will be published once agreed by NHS England’s board or an appropriate sub-committee of the board. NHS England will also be transparent about the group’s operating processes. In line with this statutory guidance, NHS England will report annually on how it has discharged the transferred data functions.

We do not intend to set any criteria to be used by NHS England beyond what has already been set out in the statutory guidance, which will be kept under review.

Question to the Department of Health and Social Care:

To ask His Majesty's Government whether they will set out the criteria to be used by NHS England to establish robust governance of the operation and management of the Advisory Group for Data and for the periodic audit of its business.

Answered by Lord Markham - Parliamentary Under-Secretary (Department of Health and Social Care)

The advisory group for data (AGD) is central to ensuring that the transfer of NHS Digital's statutory functions to NHS England does not weaken existing protections of data.

The Secretary of State has issued statutory guidance about the exercise by NHS England of the transferred data functions. This statutory guidance requires NHS England to seek advice from a data advisory group, namely the AGD, on specific data access requests, and to support the development and maintenance of precedents, standards and guidance on data access. Terms of reference for the AGD are under consideration by NHS England following a consultation process. The terms of reference will be published once agreed by NHS England’s board or an appropriate sub-committee of the board. NHS England will also be transparent about the group’s operating processes. In line with this statutory guidance, NHS England will report annually on how it has discharged the transferred data functions.

We do not intend to set any criteria to be used by NHS England beyond what has already been set out in the statutory guidance, which will be kept under review.

Question to the Department of Health and Social Care:

To ask His Majesty's Government whether they will publish all performance management and audits undertaken by NHS England into the work and performance of the Advisory Group for Data.

Answered by Lord Markham - Parliamentary Under-Secretary (Department of Health and Social Care)

The advisory group for data (AGD) is central to ensuring that the transfer of NHS Digital's statutory functions to NHS England does not weaken existing protections of data.

The Secretary of State has issued statutory guidance about the exercise by NHS England of the transferred data functions. This statutory guidance requires NHS England to seek advice from a data advisory group, namely the AGD, on specific data access requests, and to support the development and maintenance of precedents, standards and guidance on data access. Terms of reference for the AGD are under consideration by NHS England following a consultation process. The terms of reference will be published once agreed by NHS England’s board or an appropriate sub-committee of the board. NHS England will also be transparent about the group’s operating processes. In line with this statutory guidance, NHS England will report annually on how it has discharged the transferred data functions.

We do not intend to set any criteria to be used by NHS England beyond what has already been set out in the statutory guidance, which will be kept under review.

Question to the Department of Health and Social Care:

To ask the Secretary of State for Health and Social Care, what steps her Department is taking to ensure the security and privacy of patient data transmitted through Chinese-made cellular internet of things modules.

Answered by Andrew Stephenson - Minister of State (Department of Health and Social Care)

The Department keeps the security issues associated with internet facing technology/components, including implications for patient data, under close review as part of its overall approach to security, and in line with Government Security Group, National Protective Security Authority and National Cyber Security Centre guidance. The Data Security and Protection Toolkit, which sets the cyber security standard for health and care organisations, sets out expectations regarding organisations using appropriate technical controls, such as encryption, to protect data.

The National Security and Investment Act allows the Government to intervene where foreign direct investment is targeted at innovative companies within the United Kingdom. Where such investment is within critical sectors, it is mandatory to notify the Government and this is subject to thorough assessment by the national security community. The Procurement Bill will also provide powers for the Government to exclude and debar companies from public procurement where the Government assesses there to be an intolerable national security risk.

Question to the Department for Science, Innovation & Technology:

To ask His Majesty's Government what assessment they have made of the compliance by UK Biobank with NHS England’s assertion that “information is never passed to insurance companies without patient consent.”

Answered by Viscount Camrose - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)

The assurance that identifiable data will not be shared with any organisation, including insurance companies, was provided to participants at the time of recruitment, and still applies. Members of the public invited to join UK Biobank were given information leaflets and a consent form that stated that de-identified data would be made available to researchers from across industry, academia, charitable and government sectors if the applications met the required thresholds of including a bona fide researcher and doing health-related research in the public good.

Question to the Department of Health and Social Care:

To ask His Majesty's Government, further to the Written Answer by Lord Markham on 19 September (HL10083), whether they intend to direct NHS England to change the name of the Advisory Group for Data to avoid confusion with the National Data Advisory Group.

Answered by Lord Markham - Parliamentary Under-Secretary (Department of Health and Social Care)

Following discussion at the National Data Advisory Group in March, the Department raised with NHS England the possibility of changing the name of the interim Advisory Group for Data. There are no plans to direct NHS England to change the name.

Question to the Department of Health and Social Care:

To ask His Majesty's Government what are the differences in (1) the remit, and (2) the membership, of NHS England’s Advisory Group on Data and the Department of Health and Social Care's National Data Advisory Group.

Answered by Lord Markham - Parliamentary Under-Secretary (Department of Health and Social Care)

The Advisory Group for Data (AGD) is convened by NHS England and builds on the previous work by the Independent Group Advising on the Release of Data (IGARD). Currently operating in interim form, it includes the members of IGARD, alongside a representative of the Caldicott Guardian of NHS England, the Data Protection Officer, and senior staff supporting on Data and Analytics.

It provides NHS England with access to expert advice and assurance on internal and external access to data in relation to the exercise of NHS England’s functions transferred to it from NHS Digital, including on specific requests for the dissemination of information in accordance with the statutory guidance issued by my Rt hon. Friend, the Secretary of State for Health and Social Care. Its minutes are published on the NHS England website.

The National Data Advisory Group (NDAG) is convened by the Department to provide strategic policy advice on data and data sharing, including the implementation of Data Saves Lives, the data strategy. It does not advise on specific data sharing requests and has a different membership to the ADG. NDAG includes, among others, the National Data Guardian for Health and Social Care, the Chair of the Academy of Medical Royal Colleges and the Chief Executive of the Patient’s Association.

Question to the Department of Health and Social Care:

To ask His Majesty's Government whether they intend to publish a list of organisations from whom views have been sought, whether formally or informally, on drafts of the new terms of reference for NHS England’s Advisory Group for Data.

Answered by Lord Markham - Parliamentary Under-Secretary (Department of Health and Social Care)

NHS England advises that it has sought views on the draft terms of reference for its Advisory Group for Data from the Department, The National Data Guardian, The Independent Group Advising (NHS Digital) on Release of Data prior to the legal merger, and subsequently the interim data advisory group established until terms of reference are finalised and approved and NHS England's Cyber Security and Risk Committee. The draft terms of reference are currently being updated to take into account feedback and once they have been approved by the Board or a sub-committee of the Board, NHS England advises it will publish them in line with the Statutory Guidance.

The statutory guidance on NHS England’s protection of patient data states that the data advisory group should, among other functions, be able to provide NHS England with advice as requested on "streamlining and continuously improving internal and external data access processes, using a clearly understood risk management framework, precedent approaches and standards that requests must meet". Once the terms of reference for the new group are approved and the group is in place NHS England will work, with the new group's advice, to agree an appropriate risk management framework including considering the form that might take, how it might be summarised or articulated, and what information about it should be published. Interim arrangements are in place while this new group is being established and advice is sought based on the published Data Access Request Service (DARS) Standards and Precedents in relation to applications for access to data. These arrangements and the advice provided by the group are reflected in the minutes of each meeting of the interim group.

Question to the Department of Health and Social Care:

To ask His Majesty's Government whether they intend to place a copy of the risk management framework, which was referred to in NHS England’s protection of patient data, published on 23 May, in the Library of the House.

Answered by Lord Markham - Parliamentary Under-Secretary (Department of Health and Social Care)

NHS England advises that it has sought views on the draft terms of reference for its Advisory Group for Data from the Department, The National Data Guardian, The Independent Group Advising (NHS Digital) on Release of Data prior to the legal merger, and subsequently the interim data advisory group established until terms of reference are finalised and approved and NHS England's Cyber Security and Risk Committee. The draft terms of reference are currently being updated to take into account feedback and once they have been approved by the Board or a sub-committee of the Board, NHS England advises it will publish them in line with the Statutory Guidance.

The statutory guidance on NHS England’s protection of patient data states that the data advisory group should, among other functions, be able to provide NHS England with advice as requested on "streamlining and continuously improving internal and external data access processes, using a clearly understood risk management framework, precedent approaches and standards that requests must meet". Once the terms of reference for the new group are approved and the group is in place NHS England will work, with the new group's advice, to agree an appropriate risk management framework including considering the form that might take, how it might be summarised or articulated, and what information about it should be published. Interim arrangements are in place while this new group is being established and advice is sought based on the published Data Access Request Service (DARS) Standards and Precedents in relation to applications for access to data. These arrangements and the advice provided by the group are reflected in the minutes of each meeting of the interim group.