Health Committee Hears Evidence on Care.Data programme

On Tuesday 25 February 2014, the Health Select Committee, of which Valerie is a member, heard evidence on the proposed Care.Data database.

Valerie said:

“I am alarmed that Atos, which has been widely criticised for its role in ‘Fitness for Work’ medical examinations for Disability Living Allowance and Employment and Support Allowance, has been entrusted to manage the extraction of patient data from GP surgeries for the Care.Data database. I asked HSCIC (Health and Social Care Information Centre) how much its contract with Atos is worth and they could not answer this.”

“There is an unacceptable lack of clarity over who controls patients’ medical data. Under the Data Protection Act there is a ‘controller’ of data. The GP is the data controller for the data that is held by the GP practice. When the data then goes to the HSCIC, the HSCIC becomes the data controller for that data. Very recently the Information Commissioner has agreed that NHS England and HSCIC are data controllers in common for Care.Data. There are now three sets of people liable for the data, and this will be very confusing for patients. Under this system, GPs are legally bound as data controllers and so when they have done what they should do in terms of fulfilling their legal obligation to upload data they should, in my view, have indemnity against legal action.”

“I am very concerned that NHS England has not properly communicated to the public who can and cannot access their medical data. There is inadequate information and people do not know how to opt out. People are raising legitimate concerns, and it is shocking that the Secretary of State has chosen not to share it with the public or elected Members of Parliament but in a private letter.”

“There are a number of points which NHS England and HSCIC need to clarify. I asked whether NHS England, or HSCIC, will allow patient data to be shared outside the European Union, for example in the USA, which has a much more relaxed attitude to data protection. It is concerning that NHS England would only say that they are ‘pretty convinced’ that they are only allowed to handle this data in the UK, and have agreed to provide a note. In my view, it is crucial that patient data stays in the UK where its use is subject to UK laws.”

“HSCIC also needs to further clarify the procedures it will use to ensure that patient data is safe. I am far from convinced that patient anonymity is protected following the incident last Monday in which a map of Hospital Episode Statistics was published by a commercial organisation in a format which meant it may have been possible to identify individual patients. HSCIC has not provided adequate assurances that this incident cannot be repeated with the Care.Data database.”

“It was reported on 23 February 2014 that the medical records of every NHS hospital patient in the country have been sold for insurance purposes. I was concerned to hear that while the use of Care.Data has at the moment been approved only for commissioning and not research purposes, it may in the future be used by commercial companies and private sector research organisations. The public should have been properly informed about who has access to their medical data so the public can decide what happens to it.”