MPs slam NHS Digital for Home Office data-sharing deal

Health committee voices ethical concerns over use of patient data for immigration enforcement

Doctor NHS

MPs have accused NHS Digital's bosses of paying "little regard" to the potential ethical violations of sharing patient data with immigration enforcement.

Members of the House of Commons' Health Select Committee expressed their concerns over NHS Digital's role in agreeing to share non-clinical information, such as addresss or data of birth, with the Home Office in a report published yesterday.

Advertisement - Article continues below

Reacting to a Memorandum of Understanding (MoU) between the Home Office, the Department of Health, and NHS Digital, MPs criticised the relationship between them, and warned that sharing such data could deter people in need of treatment from seeking healthcare.

The Health Select Committee's report said NHS Digital had been established as a non-departmental body "at arm's length from government," and stressed that it had a duty "to stand up to government robustly in the interests of patient confidentiality, and to protect the public's health data from the encroachment of government".

Data held for the purposes of health and care should only be shared for law enforcement purposes in the case of serious crime, the committee added, something that is reflected in the NHS and General Medical Council (GMC) codes, as well as NHS Digital's own guidance on confidentiality.

"There is a clear ethical principle that address data held for the purposes of health and care should only be shared for law enforcement purposes in the case of serious crime," said health committee chair Sarah Wollaston.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"NHS Digital's decision to routinely share information with the Home Office with a lower threshold is entirely inappropriate.

"This behaviour calls into question NHS Digital's ability to robustly act on behalf of patients in the event of other data sharing requests including from other government departments in the future."

The health committee's verdict comes as the Home Office struggles to get to grips with a crisis around reports it had wrongly deported large numbers of UK residents from the Windrush generation - thousands of people who arrived in the UK as children in the first wave of Commonwealth immigration.

Sarah Wilkinson, NHS Digital's chief executive, said in a statement: "We will consider the Health Select Committee's report carefully and will take into account any new evidence as it becomes available, but we have been through a rigorous process to assess the release of demographic data to the Home Office.

"This has established that there is a legal basis for the release and has assured us that it is in the public interest to share limited demographic data in very specific circumstances."

Advertisement - Article continues below

NHS Digital also provided IT Pro with an opinion poll conducted in March showing that while 59% of the public says it is very important for the government to trace individuals suspected of immigration crime, 82% also say it is very important the NHS treats a patient's address details as confidential.

The report, meanwhile, highlighted a recent history of the Home Office using patient data for immigration enforcement purposes.

Citing a previous report, the health committee disclosed data showing the Home Office made thousands of immigration tracing requests based on the now defunct care.data dataset, comprising 39% of requests (3,501) in 2014/15, and 55% (6,774) of requests in 2015/16.

The High Court granted the Migrants' Rights Network (MRN) permission to legally challenge the MoU last month, with the case expected to be heard "as soon as possible" according to the presiding judge.

Advertisement
Advertisement

Recommended

Visit/policy-legislation/data-protection/355184/supreme-court-finds-morrisons-was-not-liable-for-2014
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020
Visit/security/privacy/355048/government-may-trace-covid-19-patients-using-mobile-phone-data
privacy

UK government may trace COVID-19 patients using mobile phone data

20 Mar 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354842/irish-data-regulator-racks-up
General Data Protection Regulation (GDPR)

Irish data regulator racks up GDPR cases against Big Tech

24 Feb 2020
Visit/data-insights/data-management/354423/eu-us-data-transfer-tools-used-by-facebook-ruled-legal
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019

Most Popular

Visit/security/cyber-security/355200/spacex-bans-the-use-of-zoom
cyber security

Elon Musk's SpaceX bans Zoom over security fears

2 Apr 2020
Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020