Asked by: Chi Onwurah (Labour - Newcastle upon Tyne Central)
Question to the Department of Health and Social Care:
To ask the Secretary of State for Health and Social Care, what his Department's policy is on the sharing of personal health data with organisations outside the NHS (a) with and (b) without a person's permission.
Answered by Will Quince
The use of patient information must comply with data protection legislation and the common law duty of confidence, where appropriate. Personal health data can only be used for purposes beyond individual care and treatment in specific circumstances and there must be a legal basis for any disclosure.
Confidential patient information can only be shared for non-health purposes where an individual has provided consent, where there is an over-riding public interest, where the information is required by law, or where there is a legal gateway which sets aside the common law duty of confidence. Any disclosure of patient data held within NHS Digital must comply with section 261 of the Health and Social Care Act 2012. Applications for access to patient data held by NHS Digital is made to its Data Access Request Service.
The National Data Opt-Out introduced in 2018 allows patients, in specified circumstances, to opt-out of their information being used for research or planning purposes and has been mandatory since 31 July 2022.
Asked by: John McDonnell (Labour - Hayes and Harlington)
Question to the Department of Health and Social Care:
To ask the Secretary of State for Health and Social Care, if he will make an assessment of the potential implications for his policies of the case of Dr S. Shashikanth and the decision not to share patient data with a primary care trust; and if he will make an assessment of the potential merits of enabling general practitioners to determine at a practice-level whether to share patient data across an integrated care system.
Answered by Will Quince
‘Data saves lives: reshaping health and social care with data’, published in June 2022, prioritises appropriate data sharing across health, social care and public health systems to ensure patient safety. As of March 2022, all integrated care systems in England have implemented a basic shared care record, connecting National Health Service trusts and general practices.
Asked by: John McDonnell (Labour - Hayes and Harlington)
Question to the Department of Health and Social Care:
To ask the Secretary of State for Health and Social Care, with reference to the concerns raised in the letter sent on 7 November 2022 by Dr Nicola Byrne, National Data Guardian, and Dr Arjun Dhillon, chair of the UK Caldicott Guardian Council to integrated care board senior information risk owners, whether he is taking steps to assess the confidentiality of patients' data in response to those concerns.
Answered by Will Quince
‘Data saves lives: reshaping health and social care with data’ sets out the importance of transparency in maintaining trust in the use of personal information in the health and care system. NHS England supports integrated care boards with advice on identifying the appropriate legal basis for using confidential patient information for purposes beyond individual care, including ensuring that the correct approvals are sought where relevant.
Asked by: Lord Hunt of Kings Heath (Labour - Life peer)
Question to the Department of Health and Social Care:
To ask His Majesty's Government what plans they have to publish the letter sent from the National Data Guardian to NHS Integrated Care Systems and Senior Information Risk Owners on 1 November (NDG reference 299/1541); and whether they will place a copy of this letter in the Library of the House.
Answered by Lord Markham - Parliamentary Under-Secretary (Department of Health and Social Care)
A copy of the letter sent by the National Data Guardian to National Health Service integrated care systems and Senior Information Risk Owners on 7 November is attached. This letter was published by the National Data Guardian on 23 November 2022.
Asked by: David Warburton (Independent - Somerton and Frome)
Question to the Department of Health and Social Care:
To ask the Secretary of State for Health and Social Care, what steps his Department will take to support NHS GP surgeries with the extra workload associated with the forthcoming rollout of expanded patient access to medical records.
Answered by Neil O'Brien
Since 2019, it has been a contractual requirement for general practitioner (GP) practices to offer all patients access to their record. Following recommendations published by the Royal College of General Practitioners, NHS England provided GP practices with a four-month notice period prior to the planned deployment of automatic online access to prospective records for patients registered with practices using TPP and EMIS information technology systems.
NHS England has hosted webinars for practice staff to prepare for this change, published guidance and a checklist detailing policies and processes which require updating.
Asked by: Chi Onwurah (Labour - Newcastle upon Tyne Central)
Question to the Department of Health and Social Care:
To ask the Secretary of State for Health and Social Care, with reference to the recommendations of the Goldacre Review, what assessment he has made of the potential merits of creating a single, national data controller for all NHS records; and what steps he taking to (a) recruit people with technical data skills and knowledge to senior roles in the NHS and (b) train staff in senior roles in the NHS in the basics of data analysis.
Answered by Gillian Keegan - Secretary of State for Education
It has not proved possible to respond to the hon. Member in the time available before Prorogation.
Asked by: Chi Onwurah (Labour - Newcastle upon Tyne Central)
Question to the Department of Health and Social Care:
To ask the Secretary of State for Health and Social Care, with reference to the recommendations in the Goldacre review, what steps he is taking to ensure that NHS data policies take into consideration the limitations of (a) pseudonymisation and (b) trust as techniques when managing patient privacy; and what discussions he has had with the Cabinet Office on the implications of that policy for Government data sharing more broadly.
Answered by Gillian Keegan - Secretary of State for Education
The Goldacre review highlighted that National Health Service data can accelerate medical research and allow planning for more effective services, while also describing the limitations of a system built on data sharing which relies on techniques such as trust and pseudonymisation to manage patient privacy. The Review recommends that the NHS adopts secure online platforms for verified researchers and analysts to access its data. These platforms, known as Secure Data Environments or Trusted Research Environments, will support high standards of information governance, transparency and security. Secure Data Environments remove the need for data to be physically shared between different users which reduces the reliance on factors such as trust and pseudonymisation being necessary to manage patient privacy.
The Department is currently developing policy principles and standards for the adoption of Secure Data Environments in the NHS. We will continue to engage with other Government departments on issues of data policy.
Asked by: Stephanie Peacock (Labour - Barnsley East)
Question to the Ministry of Defence:
To ask the Secretary of State for Defence, what data his Department collects on the number of Armed Forces personnel with adverse childhood experiences.
Answered by Leo Docherty - Minister of State (Ministry of Defence) (Minister for the Armed Forces)
The Ministry of Defence (MOD) does not have a definition for what constitutes "adverse childhood experiences". Such a term could refer to circumstances ranging from socioeconomic factors, such as a deprived background, through to serious criminal matters, such as being a victim of child abuse. Although there is no centralised definition, and therefore no central data collection in this area, the MOD would hold some data on certain matters which may be considered adverse childhood experiences. For example, socioeconomic background may be recorded in voluntary diversity declarations, while incidents of childhood abuse may be recorded in confidential medical records or as part of a mental health assessment during recruitment medicals. In-line with our data protection obligations, the MOD requests only the minimum of personal data required for our purposes, both during and after recruitment, which does not routinely include information about any adverse childhood experiences.
Asked by: Baroness Cumberlege (Conservative - Life peer)
Question to the Department of Health and Social Care:
To ask Her Majesty's Government, further to the answer by Lord Bethell on 8 June 2021 (HL Deb cols 1219–20), what improvements they have made to the process for patients opting out of their medical data being used for research and planning; and how each patient can see where data about them are used.
Answered by Lord Kamall
Whilst no recent changes have been made to the patient opt-out process, we are considering further engagement with the public, patients, service users, staff and stakeholders. This will include raising awareness of the opt-out system, with the aim of making the process simpler and more transparent and how tools such as a transparency statement could help patients understand how their data is used. We will provide further details in the data strategy for health and social care, due for publication in spring 2022.
Asked by: Baroness Barker (Liberal Democrat - Life peer)
Question to the Department of Health and Social Care:
To ask Her Majesty's Government how much longer temporary data sharing relaxations implemented in April 2020 will continue; and what criteria they are using to assess when the COVID-19 pandemic "emergency period" has come to an end, for the purposes of such data sharing changes.
Answered by Lord Kamall
Notices under The Health Service (Control of Patient Information) Regulations 2002 to support the transfer of data for COVID-19 purposes are due to expire on 30 June 2022. The COVID-19 Public Health Directions to NHS Digital will continue, reviewed annually to ascertain if there remains a public health need for information systems to collect data on COVID-19.