UK Home Office tiptoes back from slurping immigrants' NHS files

Govt says non-clinical info will only be extracted in, er, loosely defined circumstances

The UK government has partially backed down from ordering the NHS to hand over patients' personal details to the Home Office so it can track down illegal immigrants.

The decision to force NHS Digital cough up non-clinical records came under fire from privacy and civil liberties campaigners, doctors, and Members of Parliament, who said it could stop migrants seeking medical treatment, drive them into already-stretched A&E departments, and damage public perception of the NHS's ability to protect folks' privacy. Critics also said the transfer of records was at odds with the NHS Code of Confidentiality, which only allows confidential data to be shared in the case of serious crime.

The government argued that non-clinical info – such as last known address or date of birth – was at the "lower end of the privacy spectrum," and flatly rejected calls from Sarah Wollaston, the chairwoman of Parliament's health select committee, to scrap the arrangement.

However, the Windrush scandal – in which people living in the UK for decades with a legal right to remain were facing expulsion as illegal immigrants – has since shone a brighter light on the British government's policy of fostering a rather "hostile environment" for illegal immigrants. Today, digital minister Margot James indicated that the handover agreement was going to be rejigged.

"We have also dealt, I hope effectively, with my honourable friend for Totnes [Wollaston]'s concerns about the sharing of data between the Department for Health and the Home Office," James told MPs during a debate in the House of Commons within the past few hours.

The Home Office said that, with immediate effect, immigration officials can only request personal information on patients it specifically intends to deport because they have been sent down for a year or more for committing other crimes. Also, if someone unlawfully in the UK is deemed a public danger, or has committed a "serious crime," then they too could have their non-clinical records extracted from the NHS by immigration officials.

“The changes mean that data will be requested to locate foreign national offenders we intend to deport who have been given a prison sentence of 12 months or more and others who present a risk to the public," a Home Office spokesman said.

This means, we note, that even if a person has yet to be convicted of a crime, if their presence is considered to be a risk to security, the Home Office could still pull up their contact details and other info from NHS databases.

This concession is in line with an amendment tabled by a large cross-party group of MPs including Wollaston, who welcomed the move:

However, Rita Chadha, of the Migrants Rights Network, which has launched a legal challenge against the data handover, was more cautious.

"We're reserving judgement until the full details are released," she said, adding that the group still wanted to see the whole thing completely scrapped because, for one thing, "serious crime" is too loosely defined. Thus, the Home Office could just seize an illegal immigrant's records anyway, even if they were not jailed for 12 months or more. She said even those who are suspected of a serious crime are entitled to healthcare.

The concession on health data came as MPs debated an exemption for immigrants that would effectively remove a person's rights as a data subject – for instance, their ability to access information stored about them, or ask how it is being used – if granting said rights would prejudice "effective immigration control."

This has been unsuccessfully challenged before in both the Lords and the Commons, and is expected to be voted on later this evening.

Earlier this year, it was revealed that the British government was planning to stop monitoring pupils' nationality in its school census, which activists have been campaigning against since 2016. ®

Broader topics

Other stories you might like

  • Meet Wizard Spider, the multimillion-dollar gang behind Conti, Ryuk malware
    Russia-linked crime-as-a-service crew is rich, professional – and investing in R&D

    Analysis Wizard Spider, the Russia-linked crew behind high-profile malware Conti, Ryuk and Trickbot, has grown over the past five years into a multimillion-dollar organization that has built a corporate-like operating model, a year-long study has found.

    In a technical report this week, the folks at Prodaft, which has been tracking the cybercrime gang since 2021, outlined its own findings on Wizard Spider, supplemented by info that leaked about the Conti operation in February after the crooks publicly sided with Russia during the illegal invasion of Ukraine.

    What Prodaft found was a gang sitting on assets worth hundreds of millions of dollars funneled from multiple sophisticated malware variants. Wizard Spider, we're told, runs as a business with a complex network of subgroups and teams that target specific types of software, and has associations with other well-known miscreants, including those behind REvil and Qbot (also known as Qakbot or Pinkslipbot).

    Continue reading
  • Supreme Court urged to halt 'unconstitutional' Texas content-no-moderation law
    Everyone's entitled to a viewpoint but what's your viewpoint on what exactly is and isn't a viewpoint?

    A coalition of advocacy groups on Tuesday asked the US Supreme Court to block Texas' social media law HB 20 after the US Fifth Circuit Court of Appeals last week lifted a preliminary injunction that had kept it from taking effect.

    The Lone Star State law, which forbids large social media platforms from moderating content that's "lawful-but-awful," as advocacy group the Center for Democracy and Technology puts it, was approved last September by Governor Greg Abbott (R). It was immediately challenged in court and the judge hearing the case imposed a preliminary injunction, preventing the legislation from being enforced, on the basis that the trade groups opposing it – NetChoice and CCIA – were likely to prevail.

    But that injunction was lifted on appeal. That case continues to be litigated, but thanks to the Fifth Circuit, HB 20 can be enforced even as its constitutionality remains in dispute, hence the coalition's application [PDF] this month to the Supreme Court.

    Continue reading
  • How these crooks backdoor online shops and siphon victims' credit card info
    FBI and co blow lid off latest PHP tampering scam

    The FBI and its friends have warned businesses of crooks scraping people's credit-card details from tampered payment pages on compromised websites.

    It's an age-old problem: someone breaks into your online store and alters the code so that as your customers enter their info, copies of their data is siphoned to fraudsters to exploit. The Feds this week have detailed one such effort that reared its head lately.

    As early as September 2020, we're told, miscreants compromised at least one American company's vulnerable website from three IP addresses: 80[.]249.207.19, 80[.]82.64.211 and 80[.]249.206.197. The intruders modified the web script TempOrders.php in an attempt to inject malicious code into the checkout.php page.

    Continue reading

Biting the hand that feeds IT © 1998–2022