Thank you, Simon Madden, for your attendance this afternoon. I think it would be safe to say that the roll-out of the general practice data for planning and research scheme did not go as planned earlier this year. It was remarkable that despite the limited engagement, well over 1 million people opted out. What learning do you think we can take from that exercise for the data provisions contained in part 2 of the BillQ46 ?
We have obviously set out the position. The Government have set out the position in respect of GP data for planning and research, in terms of taking a pause and having a conditions-based approach, rather than a clear timeline for the commencement of that. Above all else, I think that the overriding need for trust and transparency—to build public trust in the use of health data—is vitally important, and the ways in which this is governed need to be transparent in such a way that the general public can see quite easily how their data will be used.
Indeed, I think it is a responsibility on Government and those of us in the health and care system more broadly to really promote the benefits of sharing data. It is a public good and, while putting in place sufficient safeguards and then giving the public the opportunity to opt out of that process if they are not convinced by those safeguards, it remains a public good and contributes to the broader health, if I can put it that way, of the health and care system.
Q Do you see the process enabled by the Bill running alongside a future resumption of the GPDPR process—or a conditions-based continuation, as you put it—or would they remain two separate things that overlap?
Essentially, they are separate in terms of process. The general public will not make a distinction between any things to do with their health data. Whether it is the draft data strategy that we published earlier in the year or the GP data for planning and research programme, to the general public it is about their health data.
It is incumbent on us to make sure that we have a strong narrative that reflects all aspects of health data. We need to reset the relationship between the patient—the citizen—and their health data, so that a perception does not arise that we are taking their trust for granted, because that is certainly not the case. The provisions in the Bill around data are meant, to some degree, to provide clarification where there is some confusion in the current framework about how and when data could be shared.
Obviously, a lot of the detail will only be there when the regulations are laid, but there has been a lot of concern in England about the talk of data being provided in a pseudonymised form to commercial companies. Is this not a repeat of the care.data issue, which lost public trust? A lot in these clauses could apply to Scotland. We have real issues in Scotland, where we have a lot of data sharing and analysis, and suddenly this gives NHS Digital to demand data, whether for a registry or for something else. It is about the commercial side; I do not think patients have an issue with Public Health England, universities or whoever learning from their data. The public concern is about the idea of pseudonymised data ending up with commercial companies.Q
I completely understand that. We have to be very clear about what we mean by “commercial companies”, because pharmaceutical companies that develop treatments and vaccines are also commercial companies.
I get that, but there is no doubt that, in order to improve treatments, we need to contribute to research in some way.
You are absolutely right. It goes back to my trust and transparency point. One of the things that we signalled in the data strategy particularly was a movement towards trusted research environments. That is crucial. In some ways, what we have announced on GP data for planning and research is an acceleration of that work. We have said that data will not be shipped around or disseminated; it will be accessed only within the confines of a secure, trusted research environment, with full transparency about who has access, who runs what queries, and so on. It will be held and will not be shared. That is the general direction of travel that we want to see, and that is why we set that out in the data strategy.
We do not have to make a choice now between enabling access to data, or sharing data, and protecting privacy. Technology has allowed us to create environments where it is perfectly possible for data to be accessed safely and securely, with strict safeguards, without privacy being compromised.
Q That is the public concern. My concern is that the data in Scotland lives within NHS Scotland. It is not under this Parliament or anything else, and yet there is no mention of Scottish Ministers being able to say, “We will share it in an anonymous form. We will be able to break that code if there is a safety issue on a medicines registry or if a piece of research needs to be traced back to a patient.” You can set filters within your trusted environment without handing over pseudonymised data to a commercial pharmaceutical company.
Q But by whom? That is the public concern. They have no issue with a public body. They are anxious and it goes right back to care.data. The danger is that it will set back your whole digital agenda if you get hundreds of thousands of the public all opting to not take part.
I completely understand. That is why I mentioned that it is incumbent on us to have not only the right safeguards in place but the right narrative and to engage with the public so that they understand what those safeguards are, how they operate and how they can opt out of the system. One of the things we have been looking at in developing the final version of the data strategy following the engagement is how we can do much more on public trust and transparency. It is not just about a one-off marketing campaign; it is about an ongoing public dialogue and involvement of the public in future policy considerations. Again, it goes back to that resetting point; I think this is a reset moment. Technology now allows us to go that bit further than we have ever been able to go before in terms of protecting privacy, but we have to be in a stronger position to explain that to the public and how it all works.
Q I hope that this is in scope, Mr McCabe. I have just come from the Chamber, where the Prime Minister is still on his feet. He talked about integrated care records, but I am not quite sure if we are discussing the same thing. This may not be news to you, Mr Madden, but could you clarify whether we are all talking about the same thing? I appreciate that you were not there to hear the Prime Minister, but is it your understanding that what we are hearing today about social care is the same as the conversation we have been having about integrated care records, personal care records and so on?
Forgive me, but I will take full advantage of the fact that I was not there and have not seen the statement that the Prime Minister made. A feature of our plans set out in the data strategy—not so much in terms of the Bill itself—is for each integrated care system to have a basic shared care record, so that throughout their whole health and care journey a patient or citizen does not have to do simple things like repeat test results or repeat their prescriptions, and so that their care journey between health and social care, with provisions for safeguarding and safeguarding information, is seamless.
I will ask a couple of questions, if I may, Mr McCabe, and then perhaps the hon. Member for Nottingham North can come back in if we have time. Moving away from what has been explored by colleagues so far on the extremely important protections around data sharing and data use, can you set out how the changes set out in the Bill relate to and will help you deliver the data strategy that you have in place?
It is important to set out that these provisions alone, while they do much within the Bill, must be seen in the context of that wider data strategy. They support our ambitions, and the integration and collaboration that is described in the Bill will be a huge enabler for the ambitions set out in the strategy itself.
The provisions themselves focus to some extent on tidying things up and providing a degree of clarification. I mentioned the provisions for clarifying NHS Digital powers: currently, there is sometimes confusion around what data NHS Digital can share and in what circumstances it can share it. Sometimes, that leads to problems when data may need to be shared for very good reasons—for justifiable reasons—but NHS Digital is sometimes not convinced that it has the legal power to be able to share the data. This puts beyond doubt its ability to share data appropriately.
Another provision is on information standards. We are making a provision in the Bill to mandate standards for the storage and collection of data. That is important to ensure that data can flow between different IT systems and organisational boundaries in the health and care system. That will then help individual patients and improve health outcomes. We want to ensure that providers of health and care services purchase only technology that adheres to that set of standards, so that we have that interoperability, and those improved outcomes for patients, through that mandation of information standards.
We have also put in clauses around sharing anonymous health and care information, which help to essentially set a duty to share anonymous information when it is legally permitted to do so. One of the lessons that we have learned over the pandemic has been that, although it is perfectly permissible for data to be shared—it is legally permissible to do so—the shift from “can” to “should” has a great impact within the system.
Our invoking of the control of patient information regulations under existing legislation, to enable that sharing of data and to say, “You should share data in these circumstances,” has significantly helped the free flow of data safely and securely within the health system. That has had an impact on patient care. I think that the duty to share anonymous data will help to put on a more permanent footing some of those provisions that we have seen during the pandemic.
Q To what extent would you consider it a fair characterisation that this is, in a sense, evolutionary, and that, actually, to a large extent, the provisions related to data—to go back to what you said—add greater transparency and legal clarity around some things that may have had to happen during the pandemic, and give them a longer-term basis in statute, as debated by this place? Do feel entirely free to disagree with that characterisation, I hasten to add. I am not leading you in any way, but to what extent would you consider that to be a fair reflection of these provisions?
I think it is a fair reflection, to a certain degree. I think that the thing that we must always be conscious of, particularly in the field of data and technology, is that we see advances but legislation often does not keep up with those advances. It is about ensuring that everyone understands their responsibilities—not just that the public understands the responsibilities of organisations that are safeguarding data, but that those organisations themselves have the right powers to be able to share data safely and securely. I think it is evolutionary in that sense, but it is also about making sure that the provisions in the Bill are keeping pace with the development of technology and how data is used in the real, modern world.
Q I will ask two questions in finishing, if I may, Mr McCabe. The first is a final one on the GPDPR promise. Mr Madden, you said that that is a separate process to the one in part 2 of the Bill—which I completely agree with—but that in the public’s mind, the two are likely to be conflated, and that now would be a good moment to reset the relationship between people and their data. Again, I completely agree with that. Is there any technical reason why we could not run those two processes not as two but as one?
I should perhaps caveat my previous comments by saying that they very much are, in our mind; it is all about health data. The focal point for us at the moment, which we are working through with Ministers, is the formulation of the final version of the data strategy. Of course, the legislative provisions are within the data strategy. It is very much the case that the publication of that document, I think, is the right moment for that reset where we have more intensified engagement with the public and we really step up the narrative around how health data is used. As one of your colleagues said, the real detail comes in regulations, if there are any regulations around that; and of course there would need to be consultation before the regulations were put in place.
Q Finally, I remember from my time in local government that we would talk about the desire in social care to share data with the health service. We talked about, obviously, regulatory barriers that stopped us and we would welcome provisions that removed that, but a very practical obstacle on our list of things in the way was that the systems did not necessarily speak to each other. Do you think that health service systems and social care systems are ready to speak to each other now, or will there need to be, across all integrated care systems, a whole new provider brought in?
Obviously, interoperability is absolutely key. The information standards piece that I spoke about is part of that, but also, outside the legislative piece, work is going on to create a unified data architecture. This is not about driving or having everything from the centre, so that everybody uses the same things, but about making sure that the architecture enables that interoperability so that the systems can speak to each other. There is certainly a degree of levelling up to do in terms of digital maturity, which is another area in which NHSX is involved, supporting the Department and NHS England. But yes, interoperability is key. We are not there yet; we have some way to go to make sure that everything will flow as it should and the systems speak to each other.
Q Mr Madden, I would like to know specifically how the strategy will help us to deliver integrated care within the confines of the Bill, so that we can give better patient outcomes, because ultimately that is what I have assumed the Bill is striving for. You did allude to how that interoperability gives us greater vision into the system. I wonder whether you could help us by bringing that to life. Thank you.
The best example is something that I have already cited to a certain degree, which is the shared care record. To some degree, that would happen irrespective of whether ICSs and the Bill were in place, because health and social care need to come together; that is something that needs to happen in any event. But what the Bill does is create the proper framework of integration and collaboration. There are other powers in the Bill, for instance the duty to co-operate and collaborate, that I think are going to be absolutely crucial. From a public perspective, they see the NHS and see one organisation, whereas we all know that it is a confederation of organisations, each sometimes with different aims, pulling together. The ICS structure set out in the Bill, plus the data provisions that support that broader approach, will help provide that free flow of information so that clinicians and care professionals have access to the information they need to be able to treat patients in the most effective way.