Digital Economy Bill - Report (2nd Day) (Continued)

Part of the debate – in the House of Lords at 9:30 pm on 20 March 2017.

Alert me about debates like this

Photo of Baroness Finlay of Llandaff Baroness Finlay of Llandaff Crossbench 9:30, 20 March 2017

My Lords, I have tabled amendments in this group. I start by thanking the noble and learned Lord, Lord Keen of Elie, and his Bill team for having met with me and for dealing patiently with my queries. I know from that meeting that the Government are not minded to accept my amendments, but I would like the arguments to be put on the record.

I have listened carefully to the noble Lord, Lord Whitty. While I do not dispute at all that his amendments are well intentioned, I can see enormous difficulties arising in determining the threshold of the condition—how severe it has to be, which co-morbidities might be aggravating one another, which members of the family would be involved and so on. I am not sure from the way he argued for his amendment whether an email notification system against a set of clear criteria that had been pre-negotiated with the consent of the patient or family would meet the needs and be simple and straightforward. Would it be a communication system free from the risk of mining the patient’s clinical records? The reason I ask is that at the moment health bodies are not specified in the Bill, but if they were included, that would certainly need legislation because in effect it would override the common-law duty of confidentiality.

I know that at the previous stage the noble and learned Lord, Lord Keen, said that the Government were minded to consider bringing health and social care bodies within the scope of these powers in the future and that that would be done using a statutory instrument passed by the affirmative procedure. I appreciate that the Minister said that there would be wide consultation before that happened.

The difficulty is that in Clause 36(7) it appears that the duty of confidence, which could apply to the duty of medical confidentiality, could be removed if health is brought within the scope of the Bill. It could provide a legal gateway for sharing medical records for purposes that are not currently specified among a wide range of government departments and public service providers. The concern is that to date a special legal status has been afforded to health data in the common-law duty of medical confidentiality due to its sensitivity and the importance to the public of a confidential health service. This common-law duty of confidentiality protects health data over and above the safeguards provided by the Data Protection Act, so simply referring to the Bill’s requirement to comply with that Act when making disclosures does not maintain the current level of protection.

If the Bill proceeds unamended and the Government include health bodies in the list of specified bodies, which they could do by statutory instrument, I think that would be viewed as a serious assault on medical confidentiality because it would open up the power to share confidential information. Indeed, problems with the failure of the current safeguards in the system were aired this weekend over TPP, the IT system that many general practitioners use. In a way, that demonstrated that the current safeguards in place around the IT systems are, frankly, inadequate.

NHS Digital could be drawn into the Bill’s information-sharing powers. It holds vast quantities of confidential data, which would mean that the Bill could give the Government direct access to them without consent, because the process would override the current common-law duty. This needs to be considered in the context of the National Data Guardian, who has spoken about the need to build trust in the health system’s ability to handle data, and a real concern among many patient groups of the general mistrust that their very confidential data could be shared.

I believe that my amendments will not be accepted, but if they are not I hope the Government will be able to reassure me that if health data were to be brought into the Bill’s information-sharing powers they will not just be added to the current framework created by the Bill and then the duty of medical confidentiality deemed to be protected, but that there will be full public engagement and full parliamentary scrutiny prior to proceeding, and that the protections in place would include independent oversight and real-time monitoring of the data sharing. In Wales, the IT system overseeing NHS Wales has instituted real-time monitoring because there was concern that staff could have used their access rights to unprofessionally access healthcare records of people with whom they did not have a direct care relationship. I am afraid that human nature is that people are rather inquisitive about what may be happening to people they know, but those may be very sensitive and very private data. Therefore, they need the highest safeguards around them.

The problem is that once there is a data leak it really cannot be pulled back and closed. I hope the Government will provide the reassurance that, as well as the other aspects, there will be real-time monitoring and independent oversight of the whole process, with additional sanctions that will be of a high enough level to, I hope, act as a major deterrent for any breaches of any data-sharing agreement.