NHS Digital heads accused of being 'suppliers', not 'custodians' of UK patient data

The heads of the Digital arm of the UK's National Health Service have been accused of acting as suppliers, rather than guardians, of the data belonging to patients under their care by handing address information to the Home Office for immigration enforcement.

Chief exec of NHS Digital Sarah Wilkinson, and the organisation’s chair Noel Gordon, were grilled about the memorandum of understanding (MoU) on data-sharing between with the Home Office on January 2017, in a Health and Social Care Committee today.

Committee chair Sarah Wollaston wrote to NHS Digital in January to ask it to put an immediate stop to the agreement, citing concerns that there had been "inadequate consultation“. However, the NHS has said it would continue sharing data with the Home Office for immigration enforcement.

Gordon said the body was only providing information “of an administrative kind” to those who were seeking to pursue criminal offences. He said the body saw the MoU with home office as “lawful and proportionate”.

Wollaston said: “In other words you see yourselves as suppliers of data rather than custodians of data and I think this cuts to the heart of the issue... [you see your] duty to supply [data] rather than to act on behalf of patients.“

Gordon said NHS Digital holds 66 million patient records. “Patient data is a national asset and infrastructure we use is national asset.” He insisted he information passed onto the Home Office was under lawful confiscations and had passed the public interest test.

Labour MP Luciana Berger said that as a result of the data sharing arrangement, one GP was told to pass on a deportation notice to a highly vulnerable patient. She asked Wilkinson: “Do you think that is acceptable?” But she declined to comment.

Wollaston, a former GP, said the current situation is “dismal” She said: “You’ve been told clearly by Public Health England that there is a risk on this - and [you could have] at least suspend data sharing until they have finished review.”

But Wilkinson insisted there was no evidence to suggest the sharing of address data with the Home Office for immigration enforcement purposes by NHS Digital affected "health-seeking" behaviour.

Wollaston has said sharing addresses in this way breaches the NHS’s code of practice on confidentiality. These transfers of data have continued despite objections by the National Data Guardian, the General Medical Council and Public Health England.

She questioned whether the precedent of sharing information could be extending to cracking down on benefit claimants if the basis for information-sharing was lowered from “serious criminal offence” to “any criminal offence”.

Gordon said the body has had no requests and doesn’t expect requests from other departments. ®