NHS Digital's demise bad for 55 million patients' privacy – ex-chairman
IT and data arm now part of NHS England, which could be pressured into data sharing without proper oversight
Ten months after attempts first began to extract the medical information of 55 million citizens in England, NHS Digital's former chairman is warning the merger of the agency with NHS England threatens the privacy of people's personal data.
The view was that if a patient had chosen to use the NHS they had implicitly agreed that their data could be used for the benefit of the NHS
Writing in trade publication the British Medical Journal, Kingsley Manning said health secretary Sajid Javid's decision to merge NHS Digital into NHS England and NHS Improvement last year was a "retrograde step not least in the context of this government's clear intent to weaken the constraints on the use of patient data."
Founded as the Health and Social Care Information Centre (HSCIC), IT and data arm NHS Digital received direction from NHS England, the central health service body charged with executing government policy in the NHS and paying health service providers.
However, NHS Digital could use its discretion to not comply with a direction from NHS England to collect data and to establish specific information systems.
"Doing away with an independent statutory body in NHS Digital, charged with defending patient rights, is itself, unfortunate. But handing that body and its powers to NHS England, is a grave error," Manning said of the move.
'Biggest data grab' in NHS history stuffs GP records in a central store for 'research' – and the time to opt out is nowREAD MORE
"In effect, NHS England will be able to decide that its legitimate interest override those of the citizen and the patient, with little or no external constraint or scrutiny. With no requirement for transparency and indeed with additional barriers to citizens asking for information about the use of their data, individuals may never know what NHS England chooses to do with their data. And this matters," the BMJ article said.
"In my experience, the general approach of NHS England, including of its clinicians, was that much of the guidance and regulations with respect to the use of patient [data] was seen as unnecessary. The view was that if a patient had chosen to use the NHS they had implicitly agreed that their data could be used for the benefit of the NHS," Manning said.
Such concerns might ring alarm bells with privacy campaigners. Last July, NHS Digital announced its second delay to what had been called the biggest data grab in NHS history of 55 million Englander's health records, and introduced new caveats to the extraction of personal medical information from GP systems.
The final, indefinite delay followed outcry from privacy campaign groups and concern from the medical profession who argued patients might not have knowledge of how their data would be used and shared if it had been automatically extracted from GP systems.
- Dido Harding's appointment to English public health body ruled unlawful
- UK pins hopes on 'latest technology' to whittle down massive National Health Service waiting lists
- A fifth of England's NHS trusts are mostly paper-based as they grapple with COVID backlog, warn MPs
- Cerner, a company that scooped more than £100m in NHS deals in a year, is in Oracle's crosshairs
NHS England has its own track record with handling patient data. Last year, the National Data Guardian declined to endorse NHS England's effort to be transparent by publishing details on data flows from a patient information project that put US spy-tech firm Palantir at the heart of the government's response to the pandemic.
The COVID-19 data store was launched in March 2020 and aimed to pull together medical and operational data about the spread of the virus.
Campaigners had to force the government to publish details of the companies contracted to support the project – AWS, Microsoft, Google, Brexit-linked analytics firm Faculty, and Palantir, whose technology has been employed by the CIA and controversial US immigration agency ICE.
Manning said NHS Digital was established to provide an element of protection. "If it is to disappear then what is required is to put in place robust, external, independent scrutiny of NHS England. This could be through giving the currently toothless National Data Guardian effective powers of oversight. There should also be a statutory requirement of transparency," he said.
Without proper oversight, efforts to use health data in a responsible way for the right reason might be lost because of a lack of public trust in the system.
"The demise of NHS Digital will go unnoticed by the vast majority of the population. But its absorption into NHS England is a step in the wrong direction, signalling a policy approach which not only challenging the basic right of patients with respect to their own data but may also, ultimately, prove self-defeating," Manning said.
The Register has contacted NHS England for a response to the article. ®