Examination of Witnesses (Questions 326
TUESDAY 20 NOVEMBER 2007
Q326 Chairman: Mr Burton, Dr Hickey,
Mr Jeavons, Mr Wright, thank you very much for coming to give
evidence. This is obviously going to be a busy session and we
have four witnesses from different Departments. What I thought
would be helpful is if we could address our questions to each
one of you. If there is a burning issue that you need to chip
in on if you could do so quickly because I hope to end this session
at about 12 o'clock. May I begin by asking Mr Jeavons the first
question concerning the Department of Health taking the lead in
government on these issues; what exactly does that mean?
I think the Department has taken a very long and strong interest
in the matter of confidentiality and the protection of patients'
interests with regard to information, and necessarily so because
without public confidence in how information about patients is
managed we risk losing one of the fundamental tenets of how the
NHS can operate. With the introduction of the National Programme
for IT in 2002, clearly the need to examine further how information
governance policy and practice is delivered in the NHS became
even more important, and a steady stream of activity since then
has strengthened our position. I think it is a combination of
the fact that this is so important to the effective delivery of
patient care and the introduction of the National Programme for
IT means that we have had to seek to try and raise our game continuously
over the last few years.
Q327 Chairman: What processes do
you use in your Department to deal with breaches of security,
in particular where errors have been found in records? How quickly
are they corrected and how effectively do you deal with new processes
in ensuring that those records are not defective?
Mr Jeavons: Most patient records
are not held in the Department; they are held in the individual
NHS organisations, and the responsibility for information governance
rests firmly with individual NHS organisations as part of their
statutory responsibilities. We provide guidance and policy on
dealing with information governance and dealing with potential
breaches. I can give you examples of where the NHS has acted to
deal with breaches that have come to their attention, and usually
(and having a run an NHS organisation myself I can testify to
this) this follows a formal disciplinary process because it inevitably
involves individual members of staff.
Q328 Chairman: How will the National
Information Governance Board go about adopting and maintaining
Mr Jeavons: The National Information
Governance Board came into being on 1 October. We are hoping through
the Health Bill to give it a statutory basis. This will effectively
require every NHS organisation under its remit to provide an annual
report on its information governance, it will review policy and
practice and make recommendations on improving them, and it will
report its findings to the Secretary of State on an annual basis,
so it is an extremely high-level and visible statement of the
accountability for information governance and it is directly connected
both to policy and into practice in the NHS.
Chairman: Ann Cryer?
Q329 Mrs Cryer: Richard, could you
tell us what strategies the Department of Health will be using
to ensure that patients are able to make informed choices about
how their information is held and stored?
Mr Jeavons: Yes. The responsibility
for ensuring that patients are reasonably well-informed exists
already. It pre-existed the National Programme for IT. The route
we have gone down is to reinforce and to clarify the responsibilities
of individual organisations. If I give you a specific example,
in last year's Operating Framework, which is the annual statement
of what the NHS should do in its plans in the coming year, we
gave an absolutely explicitly steer to NHS organisations about
reviewing their information governance position and being able
to answer simple questions that patients might ask them should
they be approached. That would be an example of how we are really
trying to make a very high-profile but very practical focus at
the top of organisations for their responsibilities. Another example
is public information programmes. We encourage and support the
NHS when they are considering changing the use of information
to improve patient care to run public information programmes to
ensure that their population has the opportunity to engage in
a discussion. For example, the Summary Care Record early adopter
programmes in Bolton and Bury would be examples of what we are
doing, and we are evaluating those. You can always do these things
better: you can learn from Scotland, you can learn from Hampshire,
you can learn from places that have done things, so it is a continuous
process. We have methods that we are trying and evaluating and
we are encouraging the NHS to do that as well.
Q330 Mrs Cryer: Just to dig a bit
further, can you tell us what sort of support and help will be
available to clinicians as they give advice on patient choice
Mr Jeavons: To go into the Summary
Care Record early adopters, which is the most vibrant and real
example at the moment, we are running a public information programme
which involves a personalised letter to every person over 16.
Those are backed up with access to an NHS Direct helpline. When
people phone in, the staff in NHS Direct have been trained and
given tools to help them answer the questions effectively. We
are running information booths where patients can book to meet
people in their practices and health centres. The staff who are
providing the advice there are trained and we have provided an
e-portal of training materials for general practitioners to use
as well. To be fair, we are not at the stage where a lot of general
practitioners are directly engaged with their patients in these
discussions but that is coming in the next few months.
Q331 Mrs Cryer: Therefore how will
the Department of Health, just to take it further, interact with
the National Information Governance Board as it seeks to "be
ever watchful and in touch with public perceptions"?
Mr Jeavons: The National Information
Governance Board will produce an annual report to the Secretary
of State. It will have a statutory basis. It will seek advice
and accept views from anybody who wishes to approach it, so it
will operate in a very open way. When it thinks it has got a set
of questions it will seek, directly from the Department of Health's
Information Governance Policy and related advice, to answer the
questions and try to reach conclusions. In a sense, we have aligned
the information governance capability and advice and policy support
behind the Information Governance Board's roles and responsibilities,
but it has to retain a strong element of independence.
Q332 Mrs Cryer: So if I can just
be informed and ask; whilst witnesses in our inquiry spoke of
the use of patient information for research purposes as an example
of one of the benefits of "surveillance", they also
identified "a climate of suspicion" around the use of
patient information for research purposes. Therefore what steps
is the Department of Health taking to tackle concerns about the
security of information used in this way?
Mr Jeavons: Most recently we have
had two quite major joint pieces of work which are now guiding
what we are doing. Those pieces of work are the Joint Report with
the UKCRC that was commissioned, which Ian Diamond led for us,
and the recommendations of that were accepted, and the Boyd Report,
which was commissioned by the predecessor of the National Information
Governance Board, and again the recommendations were accepted.
Those two reports made a number of recommendations about what
needed to be done to bring greater clarity, to reduce ambiguity,
and to sustain and develop confidence in the area you are asking
the questions about. In response to that, we have established
a research capability programme which has a work plan to work
through those recommendations. Anonymisation and pseudonymisation
techniques were raised as issues and we are reviewing those. We
have looked at the current use and we have done an audit of the
current use of some of the information in order to test whether
we think the current practice is fit for purpose and is being
sustained. We have a number of activities over the next 12 months
which are aimed to respond and deal with those recommendations.
Q333 Mrs Cryer: Just to dig a bit
further and to refer to another select committee, the Health Select
Committee apparently did a recent report on the Electronic Patient
Record which registered concern about governance arrangements
for the use of patient information for research purposes. The
Secondary Uses Working Group has made recommendations on this
aspect of the development of NHS care records. Are you able to
give an indication of how the Department is taking these recommendations
Mr Jeavons: I think those recommendations
are in the Boyd Report that I have referred to, and the National
Information Governance Board have already agreed that they will
ask the Department to demonstrate that they have delivered against
those recommendations and those recommendations are being actioned
through the research capability programme.
Mrs Cryer: Right, thank you.
Q334 Margaret Moran: It sounds as
if it is all going terribly well when we know it is not. Just
look at Computer Weekly's history on this subject and you
can tell that is not the case. I have two questions. One of the
issues around data-sharing is that even if you get the technology
right, the problem is access by people and the use or misuse of
data in that way. Given that there was not apparently a buy-in
from front-line staff and there was not even proper consultation
of front-line staff at the outset of this programme, how confident
are you that there will not be breaches of data and confidentiality
and privacy as a result of that?
Mr Jeavons: You cannot stop the
wicked doing wicked things with information and patient data,
so you cannot say there will not be, and of course we have examples
where staff do misuse their privileges and have to be pursued
through disciplinary and other procedures. To speak to your point
about confidence, there is absolutely no complacency about the
extremely fine balance that we need to strike between public confidence,
staff confidence and the huge potential benefits that electronic
records and the use of data about patients for public health and
other purposes has. This is an incredibly difficult balancing
act and practice needs to change as information technology changes
the opportunities that are available to us. The reinforcement
with the NHS of their information governance responsibilities;
the backing up of that with advice and tools; the reinforcement
of the need to ensure that human resources policy and practice
is aligned with information governance policy and practice means
that we are putting in place all the things we can do to deal
and to manage this as well as possible, but we are not going to
stop those who wish to break their employment contract terms and
break their local Human Resources policies and procedures and
do wicked things. What we have to do is put in audit trails and
be able to say to these people it is much more likely now that
you are going to be caught, and if you are caught this is how
you will be dealt with.
Q335 David Davies: Mr Jeavons, what
work have you undertaken with other government departments in
relation to the sharing of databases? In particular, can I ask
you whether you work with the Border and Immigration Agency or
the Department for Work and Pensions, to ensure that non-EU citizens
do not access incorrectly out-patient care to which they are not
Mr Jeavons: Our main areas of
interaction are with the Department for Children, Schools and
Families and with Contact Point. We contribute and participate
in cross-government policy and Transformational Government activity.
We respond to requests for information that have a legal basis.
However, our basic opening position is that NHS information and
information about patients is confidential to the NHS and to the
patient and therefore we work on a "persuade us if you can
or provide a legal basis" mandate.
Q336 David Davies: But would you
not use the databases that are already available to other government
departments to ascertain whether or not people are getting access
to care to which they are not entitled?
Mr Jeavons: I am not aware that
it is the case that we do that and it is not clear that that is
necessary. We do not deny emergency care.
Q337 David Davies: No, we would not
do that under the law anyway, would we, because the law is quite
clear; emergency care is available but out-patient care is not.
The question is purely about out-patient care and whether you
are doing anything to tackle the billions of pounds that are being
lost because out-patient care is being provided to people who
are not entitled to it?
Mr Jeavons: Clearly if we had
evidence that there were billions of pounds being lost through
inappropriate use of NHS services that would need to be tackled.
If the opportunity were there for example to use other means to
check the identity of people before they access those services,
then those would be looked at, but I am not aware that those opportunities
are there and, if they are there, it is not obvious how to implement
them effectively in the NHS at the moment.
David Davies: The evidence is certainly
there, is it not; the question is whether or not the NHS are willing
to make use of other databases that already exist in government
departments, but I think you have answered the questions.
Chairman: Thank you, Mr Davies. We are
now turning to questions to Tim Wright. You are welcome to sit
there, Mr Jeavons, because there may be other issues that members
of the Committee will ask, so do not feel we are ignoring you.
It is just we want to get the other Departments to give us their
comments as well. Janet Dean has the first question to Tim Wright.
Q338 Mrs Dean: Mr Wright, could you
estimate the proportion of DCFS activity that depends on information-sharing
and the impact that the Every Child Matters strategy has had in
this respect? In doing so, could you say whether the majority
of activity is aimed at child protection or child welfare?
Mr Wright: A very significant
part of the activity of the Department now is geared around data-sharing.
We are quite a small central department operating within a very
large, very profuse education sector, so there are many agencies
and bodies that operate within that sector who will need and wish
to use and share information. A number of the programmes that
we are working on at the moment operate in that sphere and are
quite central and quite key to supporting the Government's policy
to improve choice for learners and enable individuals to move
round, if you like, within the education system and take with
them their personal records and details and be able to track their
attainment and so on. On the second part of your questionmy
colleague here already mentioned Contact Point and of course I
would draw a distinction between the purpose of Contact Point,
which is really early intervention to ensure the protection of
young children, with the sorts of systems that we are operating,
which are purely in the educational space which are trying to
engage with people in education. There is quite a split and quite
a wide range of activities that are there. I would not hazard
to put percentages on that because there is a very significant
effort from the Department, certainly around Contact Point, and
that is the largest single IT programme that we have on at this
Q339 Mrs Dean: I will come to Contact
Point in a minute but could you say first of all how the Department
goes about assessing the need for each new database that it creates
or commissions and then drawing up the protocols for sharing information
with other departments or agencies?
Mr Wright: I look after a team
of information technology professionals and certainly we work
extremely closely with the policy directorates of the Department
to understand how technology might be applied to improve the opportunities
for learners and children. It is quite a tight engagement, quite
a tight partnership, between the technical professionals that
provide and support the information systems and the infrastructure,
with those that are actually in the front-line of delivering the
Government's policy. There was a second part to your question,
I am sorry?