Govt 'comprehensively ignored' advice over NHS data-sharing deal

Health committee calls for immediate ban on use of 'unacceptable' agreement

By Rebecca Hill

Posted in Policy, 31st January 2018 12:57 GMT

NHS Digital must put an immediate stop to patient data-sharing deal with the UK Home Office for immigration enforcement, MPs have said.

The deal, which was put on official footing last year, allows the Home Office to ask the National Health Service for non-clinical information – such as date of birth or last known address – for suspected immigration offences.

During a heated evidence session earlier this month, doctors and patient groups told the Commons Health Committee that NHS Digital was operating to a "lower standard of confidentiality" than rest of the NHS, and risked damaging public trust and deterring migrants from seeking healthcare.

In a withering letter (PDF) to NHS Digital chief exec Sarah Wilkinson, published today, the committee's chair urged the body to cease sharing data with the Home Office and “immediately withdraw” the Memorandum of Understanding that underwrites the deal.

Chairwoman and former GP Sarah Wollaston slammed NHS Digital for carrying out an “inadequate consultation” on the deal that didn’t hear the concerns of NGOs, the General Medical Council and the National Data Guardian.

“This lack of consultation has resulted in a situation where data-sharing is taking place in a manner which is incompatible both with the guidance on confidentiality given by the GMC and the NHS Code of Confidentiality,” she said. “We find that situation unacceptable.”

Wollaston added that the government had “comprehensively ignored” the advice of Public Health England – the only health organisation she said that had been appropriately consulted.

PHE’s advice was that even the perception of data-sharing could pose a serious risk to public health, but the government had rejected it on the grounds it lacked “robust statistical evidence”.

This justification is “wholly unconvincing”, Wollaston went on, adding that the government’s request that PHE carry out a wider review “appears to be little more than window-dressing”.

Throughout the evidence session, government officials argued that, because the data was non-clinical, it was at the lower end of confidentiality, and emphasised that the MoU streamlined existing processes.

A statement sent from the Home Office to The Register about the health committee's letter re-iterated these points.

But Wollaston said the idea that a full consultation was unnecessary because the MoU operationalised existing functions “is wholly to miss the point”.

“It is not the MoU itself on which full consultation should have taken place, but on the practice of data-sharing for immigration enforcement which it enshrined,” she wrote.

Central to the MPs' concerns is that the government had failed to properly weigh the public interest in enforcing immigration laws with the public interest in a confidential health service.

There is “no mention anywhere in the MoU” of the latter, but five paragraphs devoted to the former, Wollaston said in the letter.

“The evidence which has been presented to us in the course of our brief inquiry suggests very strongly — contrary to your own assessment — that the public interest in the disclosure of information held by the NHS is heavily outweighed by the public interest in the maintenance of a confidential medical service,” she told Wilkinson.

For these reasons, Wollaston said that NHS Digital should suspend the MoU until it has carried out a more thorough review of the public interest test.

“We now expect NHS Digital to take this opportunity to demonstrate that it takes its duties in respect of confidentiality seriously,” she concluded.

“If it does not, we will expect to hold a further evidence session, where you will be required to provide a very much more convincing case for the continued operation of this MoU than has been presented so far.”

NHS Digital confirmed it had received the letter and would “consider it carefully and will respond fully in due course”. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

NHS England fingered over failure to forward patient correspondence

Millions wasted and patient harm 'cannot be ruled out'

NHS outages KO Welsh GP services and Manchester A&E

No connection... between the blackouts

Looking for scrubs? Nah, NHS wants white hats – the infosec techie kind

£20m vaccine for NHS cybersecurity

Doctor, doctor! My NHS Patient Access app has gone TITSUP*

Bad luck if you want to book an appointment online

NHS given a lashing for lack of action plan one year since WannaCry

Cyber resiliency of the UK's health service still in disarray

NHS Digital to probe live-stream spillage of confidential patient info – after El Reg tipoff

Exclusive Risk of app's vid demo falls under spotlight

Watchdog slaps NHS for failure to tackle correspondence backlog

Finds 1,788 cases of potential harm

Capita cost-cutting on NHS England contract 'put patients at risk' – spending watchdog

Outsourcing badboy staring at £3m compensation payout

Vast majority of NHS trusts have failed cyber security assessment, Brit MPs told

Don't panic, Captain Mainwaring!

NHS Digital heads accused of being 'suppliers', not 'custodians' of UK patient data

Compliance with Home Office data-slurp not cool, say MPs