20.06.18
The Memorandum of Understanding: Privacy at risk
Source: NHE May/June 2018
The Memorandum of Understanding (MoU) between the Home Office and NHS Digital meant that patient data and confidentiality was being put at risk and undermined the principles of the NHS, writes Dr Sarah Wollaston, chair of the Health and Social Care Committee.
It was back in 2017 when we first heard from the National Aids Trust and Doctors of the World, expressing their concern about an MoU detailing the processing of information requests from the Home Office to NHS Digital for tracing immigration offenders. The existence of the MoU had come to light only after a Freedom of Information request the previous year.
The MoU formalised arrangements for the Home Office to make disclosure requests to NHS Digital for the purpose of tracing immigration offenders. These requests for information were, up until the MoU, carried out on a case-by-case basis, but then became routine.
The data required and requested by the Home Office was limited to name, date of birth, gender and address. Although this did not include any clinical information, the Health and Social Care Committee was seriously concerned about the principles at stake.
There is an incompatibility between the disclosure of information about people in contact with health services and the obligations of confidentiality assumed to apply to that information.
Healthcare practitioners routinely advise patients that information provided is confidential and that it will be shared only with their consent and/or to improve coordination of their care across teams and/or agencies.
This is a fundamental principle of working with patients which ensures public confidence and is enshrined in the General Medical Council’s Good Medical Practice, the NHS Constitution, and a wide range of guidance and policy documents from the Department of Health and Social Care (DHSC), royal colleges and third sector/voluntary agency advice to their clients.
There is also the risk that sharing patients’ addresses with other government departments will become accepted as normal practice. And this, in turn, could have a wider effect on the public perception of the confidentiality of data supplied to the NHS.
Furthermore, the knowledge that information may be passed to immigration authorities could deter people from seeking treatment, resulting in detriment to the individuals concerned, hazard to public health, and greater cost to the NHS due to more expensive emergency treatment needing to be administered later.
We held evidence sessions on this subject and then wrote to NHS Digital requesting it to suspend its involvement in the MoU, and undertake a further and more thorough review of the consequences and wider implications of sharing addresses with the Home Office for immigration tracing purposes.
But ministers in the Home Office and the DHSC and NHS Digital itself rejected the request to suspend the MoU, leaving us with serious concerns about the ability of the chair and chief executive of NHS Digital to understand, and act in accordance with, the organisation’s role as a steward of health and social care data.
Our concerns were wider than just this MoU. The following is a quote from health and immigration ministers responding to our concerns about the bulk ordering of patient data: “We do not consider that a person using the NHS can have a reasonable expectation when using this taxpayer-funded service that their non-medical data, which lies at the lower end of the privacy spectrum, will not be shared securely between other officers within government in exercise of their lawful powers in cases such as these.
“We consider it increases public confidence that government shares data in all these circumstances.”
The National Aids Trust saw this and put the response rather well: “This is a very revealing and disquieting passage. It for a start makes clear the government’s view that non-clinical information held by the NHS should be available to the rest of government whenever they are acting ‘in the exercise of their lawful powers.’
“The benefit to government is to have a healthy population, not to secure a database of personal information to mine for whatever purposes the government sees fit.”
The leadership of NHS Digital has not been sufficiently robust in upholding the interests of patients or in maintaining the necessary degree of independence from government.
Many organisations and individuals raised serious concerns about the implications for confidentiality of data collected for the purposes of health and social care.
The review of the NHS Code of Confidentiality being undertaken by NHS England, which was ordered because the current code conflicted with NHS Digital’s practice in respect of immigration tracing requests, comes at this the wrong way around – it was the MoU which was undermining the longstanding principles of confidentiality and needed rescinding.
We asked NHS Digital to suspend its agreement to share data for immigration tracing purposes but it refused to do so. Its response throughout has shown a worrying failure to grasp the ethical underpinning of and importance of confidentiality and a reluctance to properly stand up for the interests of patients.
It is hugely welcome that after the select committee tabled an amendment to the Data Protection Bill, the government has accepted that the higher bar of serious crime should be applied to requests for data sharing.
The minister, Margot James MP, has formally announced the withdrawal of the MoU in its existing form to reflect that, as well as the offending paragraph about wider data sharing.
Confidentiality lies at the heart of the relationship of trust between patients and clinicians, and it was important to uphold that principle.
Enjoying NHE? Subscribe here to receive our weekly news updates or click here to receive a copy of the magazine!