‘The leading UK event focusing on the design of mental health facilities’
A new report by the Health and Social Care Committee has raised concerns over NHS Digital’s ability to protect patient data.
The committee’s report into Memorandum of understanding on data-sharing between NHS Digital and the Home Office highlighted doubts over NHS Digital’s leadership to act as ‘the steward of non clinical data’, saying that the organisation has not been ‘sufficiently robust in upholding the interests of patients’ or in ‘understanding the ethical principles underpinning confidentiality’.
The Committee also maintains serious concerns about government policy on the confidentiality of address data collected for the purposes of health and social care, including the risk that data sharing without patients’ knowledge or consent could become more common.
Unsurprisingly, the report says that NHS Digital should suspend its participation in the memorandum of understanding until the current review of the NHS Code of Confidentiality is complete.
Sarah Wollaston, chair of the committee, said: "There is a clear ethical principle that address data held for the purposes of health and care should only be shared for law enforcement purposes in the case of serious crime. NHS Digital's decision to routinely share information with the Home Office with a lower threshold is entirely inappropriate. This behaviour calls into question NHS Digital’s ability to robustly act on behalf of patients in the event of other data sharing requests including from other government departments in the future.
“It is absolutely crucial that the public have confidence that those at the top of NHS Digital have both an understanding of the ethical principles underpinning confidentiality and the determination to act in the best interests of patients."
In response, Sarah Wilkinson, chief executive at NHS Digital, said: "We will consider the Health Select Committee's report carefully and will take into account any new evidence as it becomes available, but we have been through a rigorous process to assess the release of demographic data to the Home Office. This has established that there is a legal basis for the release and has assured us that it is in the public interest to share limited demographic data in very specific circumstances."
Discover how to comply with GDPR articles 15: the Right to Access, Article 20: the Right to Data Portability and Article 32: the Security of Processing, mitigate the risk of data breach and reduce costs, on average, by £50,000 PA.