21.The focus of our questioning on 15 March was on NHS Digital’s role as a steward of health and social care data. We were looking for evidence that its Chair and Chief Executive understood that role, and were prepared to act in accordance with it. We regret that we found very little such evidence in the responses which they gave to our questioning.
22.There is a longstanding principle that information collected for the purposes of healthcare is confidential. That principle was referred to in almost all the written submissions we received during this inquiry, but is perhaps most usefully expressed in Public Health England’s submission to the NBO review, provided to our predecessors in March 2017:
Healthcare practitioners routinely advise patients that information provided is confidential and that it will be shared only with their consent and/or to improve coordination of their care across teams and/or agencies. This is a fundamental principle of working with patients which ensures public confidence and is enshrined in the General Medical Council’s Good Medical Practice, the NHS Constitution, and a wide range of guidance and policy documents from the Department of Health, Royal Colleges and third sector/voluntary agency advice to their clients.
23.As a number of written submissions also pointed out, that confidentiality is not absolute. The NHS Code of Practice: Confidentiality, the General Medical Council’s Guidance on Confidentiality, and A guide to confidentiality in health and social care, published by NHS Digital itself, all acknowledge that confidential information can be disclosed to support the detection, investigation and punishment of serious crime. We support that position, and agree that it is entirely appropriate for NHS Digital to share information with law enforcement agencies, on a case-by-case basis, in cases of serious crime (such as the sex offender referred to in the Ministers’ response to our letter of 29 January).
As I said at the 16 January hearing, I share your concern that there is a difference between i) the legal bases for disclosure in the Health and Social Care Act 2012, ii) the guidance for disclosure contained in the NHS Code of Practice: Confidentiality (2003), and iii) the General Medical Council’s Guidance on Confidentiality (2009 and updated 2017). The key area of concern is that these guidance documents advise that information may be disclosed in relation to the detection, investigation or punishment of serious crime, whereas the Health and Social Care Act 2012 (section 261(5)(e)) permits disclosure where it is made “in connection with the investigation of a criminal offence” (not requiring an assessment of the ‘seriousness’ of that offence). Your committee noted that NHS England is undertaking a review of the NHS Code of Practice: Confidentiality which may result in greater alignment of the Code of Practice with the statute.
Nevertheless, NHS Digital has considered the matter carefully, concluding that the data sharing is lawful and proportionate in relation to the immigration offences. Case law confirms that the common law right to confidentiality is not absolute, and the law recognises the need for a balancing exercise between this right and other competing rights and interests. In the Court of Appeal case of W, X, Y and Z  EWCA Civ 1034, one of the reasons for weighing the balance in favour of disclosure was that the nature of the information in question was considered by the court to be “low on the spectrum of confidential information” (para 85). Our view is that the Home Office requesting disclosure of non-clinical administrative information such as address details (or simply confirmation of information it already has) falls at the less intrusive end of the spectrum. This is one of the factors leading us to conclude that the Home Office’s request is proportionate.
25.In addition to the concerns expressed by a wide range of non-governmental organisations, including the British Medical Association Medical Ethics Committee, we received representations from both the General Medical Council and the National Data Guardian for health and social care concerning NHS Digital’s approach to the sharing of these data. Dame Fiona Caldicott, the National Data Guardian, wrote to us following our 16 January oral evidence session as follows:
When NHS Digital consider releases of demographic data to police for law enforcement, it does apply a serious crime threshold. I have not seen a convincing explanation as to why the threshold that is described in published guidance is not applied to releases of data to the Home Office for the purposes of immigration enforcement.
Ahead of our 15 March session, Dame Fiona told us “I continue to feel that the key concerns expressed by your committee, my panel and I, and organisations such as the General Medical Council, British Medical Association, Royal College of General Practitioners, and knowledgeable charities, have not yet been sufficiently addressed.”
26.Following the 15 March session, we consider that those concerns remain insufficiently addressed. NHS Digital’s reliance on the case of W, X, Y and Z is unconvincing—indeed troubling. Para 46 of the judgement in that case says:
The present case is concerned with a particular regime under which patients are usually informed that the limited details contained in the Information may be disclosed to a limited class of persons for a particular reason connected with immigration control. It should not be seen as a Trojan horse which will lead to the dismantling of the principle that information about a person’s health and medical treatment is inherently private and confidential.
It is very concerning that that case should now be being used as precisely the kind of “Trojan horse” to which the court referred.
27.In our letter of 29 January, we argued that there had been inadequate consultation on the arrangements set out in the MoU. Following the responses from the Ministers and from NHS Digital, and the further evidence session on 15 March, we remain of that view.
28.The Ministers’ response is particularly woeful, suggesting that our view was that “the MOU [ … ] should have been the subject of public consultation, including with NHS practitioners and the NGO community”. In fact, we stated explicitly that “it is not the MoU itself on which full consultation should have taken place, but on the practice of data-sharing for immigration enforcement which it enshrined.” Ministers, it seems, continue “wholly to miss the point.”
29.NHS Digital, meanwhile, continued both in its written response to our 29 January letter and in oral evidence on 15 March to maintain that its consultation on the NBO review had been sufficient to address the issues raised by the practice of data-sharing for immigration tracing purposes. Written submissions we received both before and after our hearings make a very clear case that that is not so.
30.It is also regrettable that NHS Digital has not consulted medical ethicists on the appropriateness and implications of the data-sharing practices enshrined in the MoU.
31.The review of the NHS Code of Confidentiality currently being undertaken by NHS England is a very important piece of work which needs to be conducted with great care, full consideration of all the implications, and wide and proper consultation of a kind which has not been undertaken in the case of this MoU. It will be particularly important that the review seeks, and takes account of, the views of medical ethicists on the Code, and on any proposed revisions.
32.For the time being, however, the principle remains in place that data held for the purposes of health and care should only be shared for law enforcement purposes in the case of serious crime. It is not only the GMC and NHS Codes which reflect this principle, but even NHS Digital’s own guidance on confidentiality. It is entirely inappropriate that NHS Digital should be sharing data in a manner inconsistent with that principle.
33.Furthermore, NHS Digital’s decision to share information with the Home Office under the MoU is not in accordance with the statement on its website that its information is “only ever used for the good of health and care”. NHS Digital cannot continue to maintain that statement in the face of this data-sharing arrangement. That calls into question its ability to act according to that principle in the rest of its work.
34.The performance of the Chair and Chief Executive of NHS Digital when they appeared before us on 15 March showed that NHS Digital has taken a highly process-driven approach, focussed narrowly on legal considerations without due regard to wider concerns about ethics and public confidence. We do not consider that to be an appropriate basis on which to deal with the matter of the sharing of patient data.
35.NHS Digital’s Chair referred to his organisation’s “obligation” to provide information under section 261(5) of the Health and Social Care Act 2012. That provision, however, confers a power, not an obligation. The National Data Guardian told us
In the NHS Digital submission to your committee I noted that it states:
“Our public interest test does not take into consideration whether the alleged crime is serious. This is because the legal gateways used for the release of data, particularly s.261(5) of the Health and Social Care Act 2012, do not limit consideration of criminal offences only to serious crimes.” [Bold emphasis added]
However, I believe it to be the case that the legal gateway being used in the Health and Social Care Act should be considered as a necessary, but not sufficient, hurdle to be passed before the information is disclosed. As the relevant clauses of the Act make clear, the requirement to consider the Common Law Duty of Confidence remains. It is my opinion that the different requirements of the statute and the common law are not unhelpful inconsistencies to be solved or removed, but rather two standards, both of which must be satisfied.
36.We remain disappointed, as we said in our 29 January letter, that NHS Digital is approaching this matter as one of “simply [seeking] to exercise our statutory duty”. The written and oral evidence given to us in the course of this inquiry presents a wide range of ethical and practical implications of the practice enshrined in the MoU, implications which the Chair and Chief Executive have shown only the dimmest ability to comprehend and assess. The clearest example of that came in the response to our invitation for them to advise on whether an individual medical practitioner should inform their patients that their information might be shared in this way. It is extraordinary that—despite the inability of the Health and Social Care Minister, Lord O’Shaughnessy, to answer the same question in our earlier evidence session, a failure to which we drew attention in our 29 January letter—the Chair of NHS Digital remained unable to answer.
37.The leadership of NHS Digital has not been sufficiently robust in upholding the interests of patients or in maintaining the necessary degree of independence from Government. It is deeply concerning that so little regard was paid by either the Chair or the Chief Executive to the underlying ethical implications that arise from the MoU. At a time when the benefits of data sharing for research is such a key issue, it is absolutely crucial that the public have confidence that those at the top of NHS Digital have both an understanding of the ethical underpinning of confidentiality and the determination to act in the best interests of patients.
38.The Ministers’ response to our 29 January letter contains the following statement:
It is also important to consider the expectations of anybody using the NHS–a state-provided national resource. We do not consider that a person using the NHS can have a reasonable expectation when using this taxpayer-funded service that their non-medical data, which lies at the lower end of the privacy spectrum, will not be shared securely between other officers within government in exercise of their lawful powers in cases such as these. We consider it increases public confidence that government shares data in all these circumstances.
39.In a supplementary submission to our inquiry, National Aids Trust comment
This is a very revealing and disquieting passage. It for a start makes clear the Government’s view that non-clinical information held by the NHS should be available to the rest of Government whenever they are acting ‘in the exercise of their lawful powers’. [ … ] The implications are enormous. As worrying is the argument that such access is a quid pro quo for the state providing a tax-funded NHS. We are not aware of any such ‘contract’ in the founding of the NHS—the benefit to Government is to have a healthy population, not to secure a database of personal information to mine for whatever purposes the Government sees fit.
40.The Chair of the BMA Medical Ethics Committee expanded further on that concern:
Whilst the MoU relates only to information about immigration offenders, it could be used to set a precedent which allows confidentiality to be set aside in the interest of political decisions. As was highlighted by a witness in the last evidence session, “to date, the criteria that apply for breaching that confidentiality are ethical criteria, not political criteria”. A direction of travel in which data-sharing arrangements are justified or rationalised on a political basis wholly undermines the ethical framework in place to ensure there is a balanced judgment made in situations of competing priorities.
He went on to refer to the statement in the Ministers’ letter as a “deeply concerning approach”.
41.These concerns are not mere scaremongering. Ahead of the 15 March hearing, NHS Digital presented us with the early results of polling which it had carried out “as part of [its] ongoing assessment of the appropriateness of NHS Digital’s sharing of personal demographic data with the Home Office for the purpose of tracing individuals suspected of immigration offences”. The questions asked as part of that polling show that the possibility of sharing demographic data with other Government departments in cases of tax evasion, benefits fraud or theft is already being contemplated by NHS Digital. NHS Digital’s Chair’s claim that “it would be unusual if we were requested by another Government Department to follow the process that we have adopted with the Home Office for immigration offences; [ … ] we have had no requests as such and we do not expect requests as such to come from other Departments that might require us to put in place a similar arrangement to the one we have today” offers little reassurance in the face of the Ministers’ statement of Government policy on the use of NHS data.
42.We are deeply concerned that accepting the Government’s stated position would lead to sharing non-clinical data such as addresses with other Government departments. We believe that patients’ addresses, collected for the purposes of health and social care, should continue to be regarded as confidential.
43.The Health and Social Care Act 2012 established NHS Digital as a non-departmental public body, at arm’s length from Government. It therefore has the ability—and, we argue, the duty—to stand up to Government robustly in the interests of patient confidentiality, and to protect the public’s health data from the encroachment of Government. That duty is reflected in the statutory requirement for NHS Digital to have regard to “the need to respect and promote the privacy of recipients of health services”. In cases where the Secretary of State feels that NHS Digital is not acting sufficiently in accordance with Government policy, he has the power under the Health and Social Care Act 2012 to give directions, so NHS Digital is not able to frustrate Government policy. What it can, and should, do is ensure that, unless specifically instructed otherwise, it acts in accordance with its remit to protect patient data and share it only for the good of health and care. Where, as in the case of this MoU, Government requires of NHS Digital something which is runs contrary to the longstanding policy of the NHS, as reflected in NHS Digital’s own guidance, its inability to say no is deeply worrying.
44.We support the sharing of data for the benefit of patients, with their consent. As demonstrated by the care.data experience, the success of such data-sharing depends crucially on public consent and confidence in NHS Digital’s commitment to respecting confidentiality. Its actions in this case risk undermining that confidence.
14 , p.22.
19 [accessed 24.03.18]
21 See Appendix 1
25 A guide to confidentiality in health and social care, Health and Care Information Centre (now known as NHS Digital), September 2013.
26 [accessed 24.03.18]
27 See, in particular, Q122ff.
35 Health and Social Act 2012 (as amended), section 253(1)(ca).
Published: 15 April 2018