NHS Digital’s sharing of non-clinical patient information with the Home Office has been branded “entirely inappropriate” by MPs, who say they are concerned about the body’s ability to act as a reliable steward of the data.
The Health and Social Care Committee launched an inquiry into the memorandum of understanding (MoU) on data sharing between NHS Digital, the Department of Health and Social Care and Home Office.
The memoradum, which came into effect in January 2017, allows the Home Office to gain access to patient data – including non-clinical information – for the purpose of tracing immigration offenders and vulnerable people.
This means NHS Digital can be asked to hand over information such as a patient’s date of birth or last known address to the Home Office.
But chair of the Health and Social Care Committee Dr Sarah Wollaston said there was a “clear ethical principle” that information about a patient’s address should only be shared for law enforcement purposes “in the case of serious crime”.
She suggested immigration offences would not fall into this category, and the committee concluded there are “serious concerns” about NHS Digital’s ability “to act as the steward of this non-clinical data”.
“NHS Digital’s decision to routinely share information with the Home Office with a lower threshold is entirely inappropriate,” said Wollaston.
“This behaviour calls into question NHS Digital’s ability to robustly act on behalf of patients in the event of other data sharing requests including from other government departments in the future.
“It is absolutely crucial that the public have confidence that those at the top of NHS Digital have both an understanding of the ethical principles underpinning confidentiality and the determination to act in the best interests of patients.”
The committee therefore concluded the MoU should be suspended “until the current review of the NHS Code of Confidentiality is complete”.
The Department of Health and Social Care had already agreed to update this code, which was first published in 2003, following an internal NHS Digital review of the legal basis for the national tracing service, through which it is possible to identify whether a person has ever been registered with a GP.
The M0U was cited as part of NHS Digital’s response to this review.
The intention of the confidentiality code update is to clarify which information is to be classed as confidential and to clarify the definition of a serious crime.
In response to the committee’s report, Sarah Wilkinson, chief executive at NHS Digital said: “We will consider the Health Select Committee’s report carefully and will take into account any new evidence as it becomes available, but we have been through a rigorous process to assess the release of demographic data to the Home Office.
“This has established that there is a legal basis for the release and has assured us that it is in the public interest to share limited demographic data in very specific circumstances.”
The committee’s report has been welcomed by the British Medical Association (BMA), which said it also opposed the data sharing agreement.
Dr John Chisholm, BMA medical ethics committee chair, said: “We have already seen the impact that the MoU is having on doctors working on the front line, with just this week a GP in London receiving a letter from the Home Office requesting information about a patient for immigration purposes.
“This example of a doctor being asked to effectively act as an enforcer for the Home Office is wholly at odds with a doctor’s primary role to promote the best interests of their patients.
“If the bond of trust between doctor and patient is broken, it risks not only the health of that individual, but can also have serious public health implications if people suffering from infectious conditions avoid seeking medical treatment.
“Further, the agreement and the government’s position that the public cannot have a ‘a reasonable expectation’ that their data will not be shared amongst state departments if they are using the NHS, set a dangerous precedent that opens up the possibility of patients’ data being passed on not just in immigration cases, but for other non-health-related purposes.
“The BMA therefore backs the committee’s calls for NHS Digital to suspend the MoU immediately.”