Julie Cooper – 2016 Parliamentary Question to the Department of Health

The below Parliamentary question was asked by Julie Cooper on 2016-02-24.

To ask the Secretary of State for Health, what steps he is taking to prevent patient data being used for purposes other than direct care.

George Freeman

The Department takes protection of patient data very seriously. It is the role of the Health and Social Care Information Centre (HSCIC) to ensure that high quality information is used appropriately to improve patient care. The organisation has legal powers to collect and analyse information from all providers of National Health Service care. It is committed, and legally bound to the very highest standards of privacy, security and confidentiality to ensure that patient confidential information is protected at all times. Access to information is strictly controlled. Under further safeguards introduced by the Care Act 2014, the HSCIC may only use its general dissemination powers for information where there is a clear purpose for the provision of health care or adult social care or the promotion of health.

The Department has recently made considerable investment in conjunction with the HSCIC and strategic partners in order to create the Care Computer Emergency Response Team service (CareCERT).

CareCERT was launched in September 2015 and exists to be a centre of excellence for Cyber Security advice and Security Incident Management.

CareCERT has sent regular alerts and advisories to every NHS organisation and local authority on a range of Cyber Security issues. This specifically helps to protect patient data by ensuring health and care organisations are prepared and implement appropriate security technology to protect information.

To improve health and social care services for everyone patient information is used for purposes beyond direct care, including for commissioning, public health, research and monitoring services. Commissioners need good information about the types of illnesses people have and the treatments they receive, as well as the result of that care or treatment so that they can commission the services that people need. Information also helps researchers to improve medicines and treatments for patients and to find better ways to prevent illness and treat conditions. Health and care information can also be used to identify who is most at risk of particular diseases and conditions.

The NHS Constitution establishes the principles and values of the NHS in England. It sets out rights to which patients, public and staff are entitled, and pledges which the NHS is committed to achieve, together with responsibilities, which the public, patients and staff owe to one another to ensure that the NHS operates fairly and effectively. The NHS Constitution states that:

― You have the right of access to your own health records and to have any factual inaccuracies corrected.

― You have the right to privacy and confidentiality and to expect the NHS to keep your confidential information safe and secure.

― You have the right to be informed about how your information is used.

― You have the right to request that your confidential information is not used beyond your own care and treatment and to have your objections considered, and where your wishes cannot be followed, to be told the reasons including the legal basis.

Dame Fiona Caldicott, the National Data Guardian, is taking forward an independent review to develop clear guidelines for the protection of personal data against which every NHS and care organisation will be held to account and will be recommending a new data security standards and a new consent or objections model for health and care information. The Independent Review is expected to report to the Secretary of State for Health shortly.