NHS Digital’s sharing of non-clinical patient data branded “inappropriate”

  • 17 April 2018
NHS Digital’s sharing of non-clinical patient data branded “inappropriate”

NHS Digital’s sharing of non-clinical patient information with the Home Office has been branded “entirely inappropriate” by MPs, who say they are concerned about the body’s ability to act as a reliable steward of the data.

The Health and Social Care Committee launched an inquiry into the memorandum of understanding (MoU) on data sharing between NHS Digital, the Department of Health and Social Care and Home Office.

The memoradum, which came into effect in January 2017, allows the Home Office to gain access to patient data – including non-clinical information – for the purpose of tracing immigration offenders and vulnerable people.

This means NHS Digital can be asked to hand over information such as a patient’s date of birth or last known address to the Home Office.

But chair of the Health and Social Care Committee Dr Sarah Wollaston said there was a “clear ethical principle” that information about a patient’s address should only be shared for law enforcement purposes “in the case of serious crime”.

She suggested immigration offences would not fall into this category, and the committee concluded there are “serious concerns” about NHS Digital’s ability “to act as the steward of this non-clinical data”.

“NHS Digital’s decision to routinely share information with the Home Office with a lower threshold is entirely inappropriate,” said Wollaston.

“This behaviour calls into question NHS Digital’s ability to robustly act on behalf of patients in the event of other data sharing requests including from other government departments in the future.

“It is absolutely crucial that the public have confidence that those at the top of NHS Digital have both an understanding of the ethical principles underpinning confidentiality and the determination to act in the best interests of patients.”

The committee therefore concluded the MoU should be suspended “until the current review of the NHS Code of Confidentiality is complete”.

The Department of Health and Social Care had already agreed to update this code, which was first published in 2003, following an internal NHS Digital review of the legal basis for the national tracing service, through which it is possible to identify whether a person has ever been registered with a GP.

The M0U was cited as part of NHS Digital’s response to this review.

The intention of the confidentiality code update is to clarify which information is to be classed as confidential and to clarify the definition of a serious crime.

In response to the committee’s report, Sarah Wilkinson, chief executive at NHS Digital said: “We will consider the Health Select Committee’s report carefully and will take into account any new evidence as it becomes available, but we have been through a rigorous process to assess the release of demographic data to the Home Office.

“This has established that there is a legal basis for the release and has assured us that it is in the public interest to share limited demographic data in very specific circumstances.”

The committee’s report has been welcomed by the British Medical Association (BMA), which said it also opposed the data sharing agreement.

Dr John Chisholm, BMA medical ethics committee chair, said: “We have already seen the impact that the MoU is having on doctors working on the front line, with just this week a GP in London receiving a letter from the Home Office requesting information about a patient for immigration purposes.

“This example of a doctor being asked to effectively act as an enforcer for the Home Office is wholly at odds with a doctor’s primary role to promote the best interests of their patients.

“If the bond of trust between doctor and patient is broken, it risks not only the health of that individual, but can also have serious public health implications if people suffering from infectious conditions avoid seeking medical treatment.

“Further, the agreement and the government’s position that the public cannot have a ‘a reasonable expectation’ that their data will not be shared amongst state departments if they are using the NHS, set a dangerous precedent that opens up the possibility of patients’ data being passed on not just in immigration cases, but for other non-health-related purposes.

“The BMA therefore backs the committee’s calls for NHS Digital to suspend the MoU immediately.”

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

WHO launches collaborative network for data and digital health

WHO launches collaborative network for data and digital health

WHO is bringing together its European region member states with partners for a network focused on advancing data and digital solutions in health.
NHS Wales prepares for drone-based blood transfer service

NHS Wales prepares for drone-based blood transfer service

Aerospace innovators will showcase technology as part of a project to prepare NHS Wales for drone-based services for the transfer of blood products. 
Calderdale and Huddersfield awarded HIMSS stage 6 for analytics capabilities

Calderdale and Huddersfield awarded HIMSS stage 6 for analytics capabilities

Calderdale and Huddersfield NHS Foundation Trust has achieved a stage 6 validation from HIMSS for its use of data and approach to data science.


  • At a time when trust in patient health records is considerably raised from the all time low following the SCR implementation, are we now at risk of turning back the extensive curent NHS digital developments? Clearly no insights were gained from Facebook!

  • My respect for Sarah Wollaston MP has increased from an already high level. When I started working for the NHS I was told only to release patient demographic information to the police if they had a warrant signed by a magistrate. The MoU undermined my own Trust in the NHS – never mind that of those already sceptical about trusting the NHS with their data.
    The legal position may not be clear or universally agreed but anyone with a reasonable sense of right and wrong will realise that this is unethical.
    There are practical implications too. Despite propaganda peddled in the press, visitors to this country ARE still allowed free access to a range of NHS services, including A&E*, during which their demographic details will be recorded.
    Do we really want to encourage people to give false names and addresses in order to get A&E treatment with the risk that the NHS won’t be able to contact them if their pathology results show they have a highly infectious and deadly disease?
    Do we really want to risk epidemics because people are left untreated?aaa
    Do we really want vulnerable people to die from sepsis or pneominia because they don’t trust the NHS not to pass their details on to Immigration?
    This has nothing to do with walking on eggshells, labelling people as racist or xenophobic, or with encouraging health tourism. It is a matter of ethics and the erosion of Trust in the NHS as an ever more powerful central government interferes ever increasingly in the personal affairs of us all.
    Ironically, one of the tenets of the ruling Conservative party is that the role of the State in our private lives should be reduced.

    * https://www.nhs.uk/NHSEngland/AboutNHSservices/uk-visitors/visiting-england/Pages/visitors-from-outside-the-eea.aspx

  • If law enforcement agencies need this information to enforce law, I can’t understand why everyone is up in arms? Using the NHS system when you have no entitlement to it is fraudulent and, ultimately, theft. Walking on eggshells due to a fear of being labelled racist or xenophobic is a weak approach to a very real concern with increased demands and reducing budgets.

Comments are closed.