Care Bears... share: NHS England promises to heal careless data-sharing plans
But outcome of audit will only partially be made public
NHS England is still reeling from accusations that the health service – among other things – allowed a consultancy outfit to pump sensitive patient data onto Google servers.
Critics have argued that the apparently carefree and careless approach to sharing hospital records with private companies simply highlighted that a cautious, transparent and trustworthy approach was needed with NHS England's now six-month delayed GP medical records plan, dubbed care.data.
The Health and Social Care Information Centre - the body responsible for keeping patients' data secure - said this morning that its execs had agreed to conduct an audit of all the data releases made by its predecessor NHS Information Centre.
When quizzed last week by MPs about the NHSIC, which - it was claimed - had been found to have sold hospital records to insurers, the government's health undersecretary of state Dan Poulter batted away questions by declaring that such allegations related to actions taken by the HSCIC's predecessor prior to new legislation being put in place to tighten controls.
He said at the time:
The Health and Social Care Information Centre has much stronger safeguards in place than the NHS Information Centre did, which was the predecessor body, because of the 2012 [Health and Social Care] Act.
In other words, it hadn't happened on the HSCIC's watch. Since then, the organisation has been battling a three-pronged privacy storm.
In an effort to be seen to be doing the right thing, the HSCIC said it was beefing up its board by bringing in three non-exec directors ahead of publishing a report early next month that will make public "all data released under" the 11-month-old body.
The Register sought clarification about exactly what information would be released in that report from the HSCIC.
We asked: Will the HSCIC be publishing details of all data released under the NHSIC? If not, why not? And what will the audit achieve, if it's not transparent with the public about those particular releases?
Initially, the organisation's spokeswoman told us:
The audit will look at all data released by the NHSIC and will be published.
A tricky statement, readers might agree, that was difficult to parse. We asked for a clearer response, to which the HSCIC's spokeswoman replied:
I cannot give more detail on the form that Sir Nick [Partridge]’s audit will take – this is for him to determine. However, if you see his comment on the press release and that of Kingsley [Manning], our chair, you will see that they are making commitments to transparency.
The press release itself states that the report will be published on 2 April and will detail, among other things, "the legal basis on which data was released and the purpose to which the data is being put."
The HSCIC said it intended to release such information on a quarterly basis to allow members of the public to probe its decisions.
The body is also in the process of reminding outfits and researchers who have access to its hospital data about their responsibilities, the HSCIC's right to audit them and the fact that their names will soon be
mud made public, it said.
Manning, meanwhile, appeared to make it clear that data released by the NHSIC will only be looked at behind closed doors. He said:
We very much welcome recent announcements by the Secretary of State, including his intention to strengthen the legal basis of the HSCIC, which will increase patients' ability to object to the indirect use of their data and reinforce the requirement for their interests to be at the forefront when decisions to release data are made.
The HSCIC is absolutely committed to improving its own transparency and engagement with the public. In both reviewing the actions of the old NHS Information Centre and publishing our own decisions, we are encouraging public scrutiny. The clear benefits to patients of research and analysis of medical outcomes must drive our lawful release of data. This is why we were created by the Health and Social Care Act 2012.
The planned amendments (PDF) to the bill are tabled for a Parliamentary showdown next week. ®
Sponsored: 2016 Cyberthreat defense report