The Health and Social Care Committee has voiced “serious concerns” about NHS Digital’s ability to protect patient data, after reviewing its Memorandum of Understanding with the Home Office that allows data sharing to trace immigration offenders.
The Committee said it is not satisfied that the chair and chief executive of NHS Digital have been “sufficiently robust in upholding the interests of patients, understanding the ethical principles underpinning confidentiality, or in maintaining the necessary degree of independence from Government”.
It also has serious concerns about government policy on the confidentiality of address data collected for the purposes of health and social care and, in particular, the risk that data sharing without patients’ knowledge or consent “could become more widespread”.
The report also highlights that knowing information may be passed to immigration authorities could deter people from seeking treatment, “resulting in detriment to the individuals concerned, hazard to public health, and greater cost to the NHS due to more expensive emergency treatment needing to be administered later.”
The Committee is again calling on NHS Digital to suspend its participation in the MoU until the current review of the NHS Code of Confidentiality is complete, which should include “proper consultation” with all interested parties and full involvement of experts in medical ethics.
“There is a clear ethical principle that address data held for the purposes of health and care should only be shared for law enforcement purposes in the case of serious crime. NHS Digital's decision to routinely share information with the Home Office with a lower threshold is entirely inappropriate,” said Chair of the Committee, Dr Sarah Wollaston.
“This behaviour calls into question NHS Digital’s ability to robustly act on behalf of patients in the event of other data sharing requests including from other government departments in the future.
“It is absolutely crucial that the public have confidence that those at the top of NHS Digital have both an understanding of the ethical principles underpinning confidentiality and the determination to act in the best interests of patients."
Responding to the report, Professor Helen Stokes-Lampard, chair of the Royal College of GPs, accused the Home Office of “displaying a blatant disregard for the trusted and vital GP-patient relationship,” and said that “its casual approach to confidential patient data” could alienate highly vulnerable patients.
"It is treating GP patient data like the Yellow Pages, and we are calling on NHS Digital to take urgent measures to suspend the agreement that is allowing them to do so.
"The scale of the examples we're hearing about are becoming increasingly alarming – and if all are true, paint a terrible picture. We fully agree with the Health Select Committee that any harm being inadvertently caused must be quantified, explicitly discussed and rigorously evaluated before any data sharing agreement can continue.”
NHS Digital's chief executive Sarah Wilkinson said the Committee’s report would be carefully considered and any new evidence would be taken into account, but she also stressed that the group has been through “a rigorous process to assess the release of demographic data to the Home Office”.
“This has established that there is a legal basis for the release and has assured us that it is in the public interest to share limited demographic data in very specific circumstances."