To ask the Secretary of State for Health what procedures his Department has to audit the usage and security of patient data disclosed to third parties by the Health and Social Care Information Centre; whether any audits have been carried out on such usage; and whether any confidentiality breaches have taken place in the last two years.
The Health and Social Care Information Centre (HSCIC) is responsible for ensuring that it does not disclose information to bodies that do not have secure data handling procedures. The HSCIC requires all bodies requesting information to meet published information security standards and to sign an agreement that enables the HSCIC to conduct audits where stronger assurance is desirable. Prior to the creation of the current HSCIC an audit of the Public Health Observatories, now part of Public Health England, was conducted in 2010. There have been no recorded confidentiality breaches by any recipient of data from the HSCIC or its predecessor over the past two years.