It is a pleasure, as always, to serve under your chairmanship, Dame Cheryl. I congratulate the hon. Member for Wellingborough on his notable success in getting the Bill to this stage, and I thank him for his candour during the debate on the money resolution and for his acknowledgment of his good fortune in getting the Bill to this stage ahead of others.
As I mentioned when we debated the money resolution of the Bill, Labour Members welcome the decision to put the National Data Guardian for Health and Social Care on a statutory footing. On that basis, we agree with the thrust of the Bill. I am sure that colleagues will be relieved that I do not intend to speak for too long, but I have one or two comments and observations about clause 1—and about clause 2, which we will discuss a little later. I hope that the Minister will be able to respond to the points made by the hon. Member for Wellingborough, some of which I was going to make anyway.
I mentioned when the money resolution was debated that although the use of data has the potential to improve our health services and treatments beyond recognition, we know from past experience that use of data in the NHS and in wider society can prove controversial and carries high levels of suspicion among patients. We hope that the establishment of the Data Guardian on a statutory footing can give patients confidence that their medical information will be treated in the correct manner. I note from the comments of the hon. Member for Wellingborough that there seems to be an omission from clause 1 as it stands, as there does not seem to be an opportunity for the National Data Guardian to give advice to the Secretary of State himself, although he considers that duty to be covered elsewhere and that such as an addition would be superfluous.
There seems to be a discrepancy that leaves the Data Guardian in an inferior position to either the existing Confidentiality Advisory Group or the Health Research Authority. I would be grateful to know if that was the intention of the legislation. The power to appoint the Data Guardian rests entirely with the Secretary of State, seemingly without any qualification. Is it envisaged that the Health Committee might get an opportunity to comment on such appointments? Recent appointments in the health sector have proven controversial, so it would be appropriate for the Select Committee to comment.
Our second query relates to public health commissioned through local authorities. Given the heavy use of data in public health, it is surprising that that does not seem to be covered by the Bill. Given all the public health activity undertaken by non-public bodies in recent years, I would welcome comments from the Minister and from the hon. Member for Wellingborough about whether the Bill is intended to cover health in the broader sense.
There is also a query about other forms of data that are more directly within the NHS, such as the cancer registry, which resides in Public Health England. It uses data collected by the NHS that could affect the direct care of patients. I would welcome confirmation of whether the Data Guardian is intended to cover that data, too.
The hon. Member for Wellingborough touched on clause 1 (6), which I would like to explore in a little more detail. Labour Members might have expected it to include an obligation for data controllers not only to have regard to advice, but to publish their response to that advice. That expectation is not unrealistic, given that the responses to question 5 of the Government’s consultation were overwhelmingly supportive of such a provision.
In question 5 of the consultation, the Government propose that
“organisations holding health and care data which could be used to identify individuals should be required to publish all materials demonstrating how they have responded to advice from the national data guardian.”
In their response to the consultation, the Government said:
“Responses were supportive of the proposal that the national data guardian should be given formal advice giving powers.”
That would certainly provide reassurances that the National Data Guardian will have real authority and act as an independent voice for patients, but without such statutory backing it is foreseeable that its independence and authority could be undermined. Without a requirement for organisations that receive advice to provide evidence of their response in a way that can be easily disseminated, there is no way we can be sure that the Data Guardian will be effective in doing the important job required by the Bill.
Members will recognise that the requirement for bodies to “have regard” to advice does not always mean that they take action in respect of that advice. An obvious example of that is, of course, the National Institute for Health and Care Excellence guidelines, which we know CCGs often ignore—seemingly with total impunity. I am sure Members do not want a repeat of that with this Bill, so I ask the hon. Gentleman and the Minister to respond on that point in a little more detail. I take the point that providing such responses might be burdensome on authorities controlling data, but I do not think that that cuts the mustard, given our concern about whether this measure will give the Data Guardian sufficient authority and teeth to deal with the issues under discussion.
My final point on clause 1 relates to data sharing and the lack of a positive obligation for bodies to provide that information. For the National Data Guardian to take a view on a particular data issue, it must first know that there is an issue on which to take a view—an unknown unknown, as we say. Could we have a published register of data sharing arrangements to which NHS bodies could sign up and submit a copy of their agreements? That would provide the Data Guardian with a single point of reference from which it could note any new agreements outwith the norm; that is exactly what the Government committed to doing with the current public service delivery data sharing codes of practice currently laid before Parliament.
There is a danger that the Data Guardian will become involved only after an issue has already reached the public’s attention, and possibly after an inappropriate use of data that might already have affected thousands of patients. A positive obligation to shared data arrangements with the Data Guardian might reduce the risk of such an eventuality. I look forward to hearing from the Minister and the hon. Gentleman on those points.