MPs have voiced “serious concerns” about NHS Digital’s leadership, claiming execs paid “little regard” to the ethics of sharing patient details for immigration enforcement, and are too close to government.
Members of the House of Commons Health Committee slammed the body – which provides IT and data services for the UK's National Health Service – for signing a data-sharing agreement with the Home Office.
The British government, meanwhile, was blasted for taking a stance on health data confidentiality that is at odds with the NHS's own code - and warned it would open the door to other departments seeking patient addresses.
The criticisms came in a report on a Memorandum of Understanding that allows NHS Digital to hand over non-clinical information - such as last known address or date of birth - to the Home Office so it can trace immigration offenders.
The report, published today, stated the cosy arrangement could deter people from seeking healthcare, increase strain on emergency departments (where patients don’t have to say who they are) and damage public perception about NHS data confidentiality.
The MPs said the government should have taken more seriously the warning from Public Health England that even the perception of data-sharing could pose a serious risk - instead it ignored this advice, saying it lacked robust evidence.
Address sharing could become normal practice
A further concern for the health committee was the risk of setting a precedent that would see the sharing of patient addresses with other government departments “become accepted as normal practice”.
In particular, the committee said they were deeply concerned by this statement from ministers at the Home Office and health department:
“We do not consider that a person using the NHS can have a reasonable expectation when using this taxpayer funded service that their non-medical data, which lies at the lower end of the privacy spectrum, will not be shared securely between other officers within government in exercise of their lawful powers in cases such as these.”
The MPs emphasised that addresses "should continue to be regarded as confidential", and pointed out the NHS Code of Confidentiality only allows confidential data to be shared in the case of serious crime.
“There is a clear ethical principle that address data held for the purposes of health and care should only be shared for law enforcement purposes in the case of serious crime," said committee chair Sarah Wollaston.
"NHS Digital's decision to routinely share information with the Home Office with a lower threshold is entirely inappropriate. This behaviour calls into question NHS Digital’s ability to robustly act on behalf of patients in the event of other data sharing requests including from other government departments in the future.”
The committee also questioned whether the leadership would be up to "maintaining the necessary degree of independence from government”, and said it was "deeply concerning that so little regard was paid...to the underlying ethical implications that arise from the MoU".
In addition, the committee said, research is increasingly dependent on patients sharing their data, and steps should be taken to avoid risking that; possibly alluding to the damage done by the controversial Care.data scheme.
“It is absolutely crucial that the public have confidence that those at the top of NHS Digital have both an understanding of the ethical underpinning of confidentiality and the determination to act in the best interests of patients," the committee said.
The committee called on NHS Digital to suspend its participation in the deal, at least until two related reviews are completed: one into the NHS Code of Confidentiality, the other into the MoU itself.
The government ordered the latter review from the PHE only after the MoU hit the headlines, and ostensibly aims to generate the “robust statistical evidence” it said was lacking.
However, the MPs described this as “window dressing”, and noted it is tough to collect such evidence on a population (migrants that the Home Office has lost touch with) that is “by definition hard to reach”.
This view is echoed by Fizza Qureshi of the Migrants Rights Network, a campaign group that has launched a legal action against the MoU.
“It’s incredibly difficult, because how do you measure if something is having a deterrent effect on migrants?”
Qureshi said that - although this data-sharing has been happening for some time - knowledge of it is only just starting to trickle down to people. Anecdotal evidence abounds, she said, but producing robust evidence is much more challenging.
“I don’t think the onus should be on charities, organisations and the health service to prove it,” she added. “The onus should be on the Home Office to ensure its policies won’t have a detrimental impact on marginalised groups - for instance, through equality impact assessments.”
Qureshi also expressed frustration the data-sharing deal came to light in the way that it did - the government published the MoU online and it was picked up on by journalists. “It’s all going on behind the scenes, we’re just becoming aware of it - the government isn’t being transparent.”
The MRN was granted the permission to seek a legal challenge at the start of last month, but a date has yet to be scheduled. ®