Asked by: Lord Hunt of Kings Heath (Labour - Life peer)
Question to the Department of Health and Social Care:
To ask His Majesty's Government whether they will set out the criteria to be used by NHS England to establish robust governance of the operation and management of the Advisory Group for Data and for the periodic audit of its business.
Answered by Lord Markham - Shadow Minister (Science, Innovation and Technology)
The advisory group for data (AGD) is central to ensuring that the transfer of NHS Digital's statutory functions to NHS England does not weaken existing protections of data.
The Secretary of State has issued statutory guidance about the exercise by NHS England of the transferred data functions. This statutory guidance requires NHS England to seek advice from a data advisory group, namely the AGD, on specific data access requests, and to support the development and maintenance of precedents, standards and guidance on data access. Terms of reference for the AGD are under consideration by NHS England following a consultation process. The terms of reference will be published once agreed by NHS England’s board or an appropriate sub-committee of the board. NHS England will also be transparent about the group’s operating processes. In line with this statutory guidance, NHS England will report annually on how it has discharged the transferred data functions.
We do not intend to set any criteria to be used by NHS England beyond what has already been set out in the statutory guidance, which will be kept under review.
Asked by: Lord Hunt of Kings Heath (Labour - Life peer)
Question to the Department of Health and Social Care:
To ask His Majesty's Government whether they will publish all performance management and audits undertaken by NHS England into the work and performance of the Advisory Group for Data.
Answered by Lord Markham - Shadow Minister (Science, Innovation and Technology)
The advisory group for data (AGD) is central to ensuring that the transfer of NHS Digital's statutory functions to NHS England does not weaken existing protections of data.
The Secretary of State has issued statutory guidance about the exercise by NHS England of the transferred data functions. This statutory guidance requires NHS England to seek advice from a data advisory group, namely the AGD, on specific data access requests, and to support the development and maintenance of precedents, standards and guidance on data access. Terms of reference for the AGD are under consideration by NHS England following a consultation process. The terms of reference will be published once agreed by NHS England’s board or an appropriate sub-committee of the board. NHS England will also be transparent about the group’s operating processes. In line with this statutory guidance, NHS England will report annually on how it has discharged the transferred data functions.
We do not intend to set any criteria to be used by NHS England beyond what has already been set out in the statutory guidance, which will be kept under review.
Asked by: Stewart Malcolm McDonald (Scottish National Party - Glasgow South)
Question to the Department of Health and Social Care:
To ask the Secretary of State for Health and Social Care, what steps her Department is taking to ensure the security and privacy of patient data transmitted through Chinese-made cellular internet of things modules.
Answered by Andrew Stephenson
The Department keeps the security issues associated with internet facing technology/components, including implications for patient data, under close review as part of its overall approach to security, and in line with Government Security Group, National Protective Security Authority and National Cyber Security Centre guidance. The Data Security and Protection Toolkit, which sets the cyber security standard for health and care organisations, sets out expectations regarding organisations using appropriate technical controls, such as encryption, to protect data.
The National Security and Investment Act allows the Government to intervene where foreign direct investment is targeted at innovative companies within the United Kingdom. Where such investment is within critical sectors, it is mandatory to notify the Government and this is subject to thorough assessment by the national security community. The Procurement Bill will also provide powers for the Government to exclude and debar companies from public procurement where the Government assesses there to be an intolerable national security risk.
Asked by: Lord Hunt of Kings Heath (Labour - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government what assessment they have made of the compliance by UK Biobank with NHS England’s assertion that “information is never passed to insurance companies without patient consent.”
Answered by Viscount Camrose - Shadow Minister (Science, Innovation and Technology)
The assurance that identifiable data will not be shared with any organisation, including insurance companies, was provided to participants at the time of recruitment, and still applies. Members of the public invited to join UK Biobank were given information leaflets and a consent form that stated that de-identified data would be made available to researchers from across industry, academia, charitable and government sectors if the applications met the required thresholds of including a bona fide researcher and doing health-related research in the public good.
Asked by: Lord Hunt of Kings Heath (Labour - Life peer)
Question to the Department of Health and Social Care:
To ask His Majesty's Government, further to the Written Answer by Lord Markham on 19 September (HL10083), whether they intend to direct NHS England to change the name of the Advisory Group for Data to avoid confusion with the National Data Advisory Group.
Answered by Lord Markham - Shadow Minister (Science, Innovation and Technology)
Following discussion at the National Data Advisory Group in March, the Department raised with NHS England the possibility of changing the name of the interim Advisory Group for Data. There are no plans to direct NHS England to change the name.
Asked by: Lord Hunt of Kings Heath (Labour - Life peer)
Question to the Department of Health and Social Care:
To ask His Majesty's Government what are the differences in (1) the remit, and (2) the membership, of NHS England’s Advisory Group on Data and the Department of Health and Social Care's National Data Advisory Group.
Answered by Lord Markham - Shadow Minister (Science, Innovation and Technology)
The Advisory Group for Data (AGD) is convened by NHS England and builds on the previous work by the Independent Group Advising on the Release of Data (IGARD). Currently operating in interim form, it includes the members of IGARD, alongside a representative of the Caldicott Guardian of NHS England, the Data Protection Officer, and senior staff supporting on Data and Analytics.
It provides NHS England with access to expert advice and assurance on internal and external access to data in relation to the exercise of NHS England’s functions transferred to it from NHS Digital, including on specific requests for the dissemination of information in accordance with the statutory guidance issued by my Rt hon. Friend, the Secretary of State for Health and Social Care. Its minutes are published on the NHS England website.
The National Data Advisory Group (NDAG) is convened by the Department to provide strategic policy advice on data and data sharing, including the implementation of Data Saves Lives, the data strategy. It does not advise on specific data sharing requests and has a different membership to the ADG. NDAG includes, among others, the National Data Guardian for Health and Social Care, the Chair of the Academy of Medical Royal Colleges and the Chief Executive of the Patient’s Association.
Asked by: David Mundell (Conservative - Dumfriesshire, Clydesdale and Tweeddale)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, whether she has had recent discussions with the Information Commissioner’s Office on the adequacy of the guidance provided on their website for (a) identifying and (b) reporting breaches of data protection law related to personal health data.
Answered by John Whittingdale
The UK’s data protection legislation requires all organisations to process personal data lawfully, fairly, transparently and securely. There are stricter conditions and safeguards in relation to processing of personal data relating to people’s health.
The Data Protection and Digital Information (no. 2) Bill does not remove or amend these foundational principles. Instead, it builds on the existing elements of the legislation to make it more ambitious and innovation-friendly, while still underpinned by secure and trustworthy data standards.
The ICO already has published guidance for organisations on the use of special category data, but it has recently been made aware of concerns linked to the inappropriate sharing of personal health data, including the HIV status of individuals. It is currently engaging with the organisations involved to understand these issues further. It has indicated that it will take the necessary steps to ensure that it supports and advises relevant organisations about sharing sensitive information, and that it is clear in its guidance about identifying and reporting breaches linked to health data.
Asked by: Lord Hunt of Kings Heath (Labour - Life peer)
Question to the Department of Health and Social Care:
To ask His Majesty's Government whether they intend to publish a list of organisations from whom views have been sought, whether formally or informally, on drafts of the new terms of reference for NHS England’s Advisory Group for Data.
Answered by Lord Markham - Shadow Minister (Science, Innovation and Technology)
NHS England advises that it has sought views on the draft terms of reference for its Advisory Group for Data from the Department, The National Data Guardian, The Independent Group Advising (NHS Digital) on Release of Data prior to the legal merger, and subsequently the interim data advisory group established until terms of reference are finalised and approved and NHS England's Cyber Security and Risk Committee. The draft terms of reference are currently being updated to take into account feedback and once they have been approved by the Board or a sub-committee of the Board, NHS England advises it will publish them in line with the Statutory Guidance.
The statutory guidance on NHS England’s protection of patient data states that the data advisory group should, among other functions, be able to provide NHS England with advice as requested on "streamlining and continuously improving internal and external data access processes, using a clearly understood risk management framework, precedent approaches and standards that requests must meet". Once the terms of reference for the new group are approved and the group is in place NHS England will work, with the new group's advice, to agree an appropriate risk management framework including considering the form that might take, how it might be summarised or articulated, and what information about it should be published. Interim arrangements are in place while this new group is being established and advice is sought based on the published Data Access Request Service (DARS) Standards and Precedents in relation to applications for access to data. These arrangements and the advice provided by the group are reflected in the minutes of each meeting of the interim group.
Asked by: Lord Hunt of Kings Heath (Labour - Life peer)
Question to the Department of Health and Social Care:
To ask His Majesty's Government whether they intend to place a copy of the risk management framework, which was referred to in NHS England’s protection of patient data, published on 23 May, in the Library of the House.
Answered by Lord Markham - Shadow Minister (Science, Innovation and Technology)
NHS England advises that it has sought views on the draft terms of reference for its Advisory Group for Data from the Department, The National Data Guardian, The Independent Group Advising (NHS Digital) on Release of Data prior to the legal merger, and subsequently the interim data advisory group established until terms of reference are finalised and approved and NHS England's Cyber Security and Risk Committee. The draft terms of reference are currently being updated to take into account feedback and once they have been approved by the Board or a sub-committee of the Board, NHS England advises it will publish them in line with the Statutory Guidance.
The statutory guidance on NHS England’s protection of patient data states that the data advisory group should, among other functions, be able to provide NHS England with advice as requested on "streamlining and continuously improving internal and external data access processes, using a clearly understood risk management framework, precedent approaches and standards that requests must meet". Once the terms of reference for the new group are approved and the group is in place NHS England will work, with the new group's advice, to agree an appropriate risk management framework including considering the form that might take, how it might be summarised or articulated, and what information about it should be published. Interim arrangements are in place while this new group is being established and advice is sought based on the published Data Access Request Service (DARS) Standards and Precedents in relation to applications for access to data. These arrangements and the advice provided by the group are reflected in the minutes of each meeting of the interim group.
Asked by: Julian Lewis (Conservative - New Forest East)
Question to the Ministry of Defence:
To ask the Secretary of State for Defence, when his Department expects to announce dates for nuclear test veterans to receive the medals and clasps in recognition of their service; and what steps his Department is taking to make available to interested parties the findings of medical tests carried out on participants in the nuclear testing programme.
Answered by Andrew Murrison
The Government continues to recognise and be grateful to all Service personnel who participated in the British Nuclear testing programme. They contributed to keeping our nation secure during the Cold War and since, by ensuring that the UK was equipped with an appropriate nuclear capability.
I am pleased that a forthcoming commemorative Nuclear Test Medal was announced by the Prime Minister in November 2022, which is intended to recognise Service veterans and civilians who participated in the UK’s nuclear tests between 1952 and 1967. The first Nuclear Test Medals are expected to be available in summer 2023. Details on the eligibility criteria for the Medal, together with information on the application process, will be announced by the end of March 2023. There is a long-established process to design, procure and produce a new Medal and collectively this process takes some months.
In relation to medical test results, an individual can make a Subject Access Request (SAR) to the relevant military service, Veterans UK or the Atomic Weapons Establishment to have sight of what records are held on them. Information is provided on request to individuals, or representatives acting on their behalf, under ‘General Data Protection Regulation (GDPR), Chapter 3, Article 15 – Right of access’.