Health Committee
Oral evidence: Care.data database, HC 1105
Tuesday 25 February 2014
Ordered by the House of Commons to be published on 25 February 2014.
Members present: Mr Stephen Dorrell (Chair); Rosie Cooper; Andrew George; Barbara Keeley; Charlotte Leslie; Grahame M. Morris; Andrew Percy; Mr Virendra Sharma; David Tredinnick; Valerie Vaz; Dr Sarah Wollaston
Questions 1-63
Witnesses: Phil Booth, Co-ordinator, medConfidential, Nick Pickles, Director, Big Brother Watch, Sharmila Nebhrajani, Chief Executive, Association of Medical Research Charities, Professor Peter Weissberg, Medical Director, British Heart Foundation, and Dr Chaand Nagpaul, Chair, BMA General Practitioners Committee, gave evidence.
Q1 Chair: This is an important session. Thank you for coming. We have arranged it at relatively short notice, before NHS England decided to delay the launch of care.data, but that gives us more time to reflect on the issues and to hear the evidence and issues raised by the evidence. To begin with, I would ask each of the witnesses simply to introduce themselves and explain in a very few words the body they come from—not the point of view, otherwise we will be here for ever.
Nick Pickles: My name is Nick Pickles. I am the director of Big Brother Watch. We are a privacy and civil liberties campaign group.
Phil Booth: My name is Phil Booth. I am the co‑ordinator of medConfidential. We are a non‑partisan, independent group, campaigning for confidentiality and consent in health and social care.
Dr Nagpaul: I am Chaand Nagpaul. I am chairman of the British Medical Association’s General Practitioners Committee. We represent all GPs across the UK—46,000 in total.
Sharmila Nebhrajani: Hello. I am Sharmila Nebhrajani. I am the chief executive of the Association of Medical Research Charities, which represents 120‑odd medical research charities that are interested in funding and executing medical research.
Professor Weissberg: I am Peter Weissberg. I am the medical director of the British Heart Foundation. We are the major funder of research into heart and circulatory problems in the UK, hence our interest in this.
Q2 Chair: Thank you. I would like to begin with a very straightforward question and ask each of you in turn to summarise for the Committee what you see as being the main motivation behind the care.data programme—why people think it is a good thing and why it is important to those people—and then to summarise to the Committee the areas that you think should raise concerns and how those might most directly be addressed: in other words to summarise the arguments for and against so that they are clearly on the record at the beginning of the session. Could I start with Nick Pickles, please?
Nick Pickles: Thank you. I think none of us doubts that there are very laudable aims behind medical research, about improving transparency of outcomes across medical treatment and also making sure that we detect problems in the health service. They are all very, very laudable aims. We have got to a point now where care.data has been given as the only option to achieving all of these aims at the same time and actually I think there are a number of different avenues that could be pursued that would deliver the same benefits but would engineer into the system a far stronger protection for patient privacy, a far stronger mechanism for consent to be obtained, and also more transparency, which I think is very important to maintain trust going forward.
It is important to note that this is the first time we are having this debate, but it is not the first time that patient data is being used nationally from various sources. One of the things that should go on the record very urgently is that any future plan to use patient data in an identifiable or even pseudonymised format should always come with a full, transparent conversation with the public and a consent mechanism. It is very positive that the Secretary of State has recognised that; I think that should be the norm going forward, and we should not return to a system where things happened and patients did not know about them, and that was taken as consent. Having said that, clearly the communications around care.data have been far from adequate. I think NHS England needs to take responsibility for that.
I was checking my e‑mails and we have been working on this issue for nearly exactly a year, and one of the first things we raised was the summary care record—every patient was sent a letter and an opt‑out form—and that that should be the bare minimum of communication. I don’t know who decided that a leaflet was adequate for a scheme of such magnitude involving such sensitive information, but that decision was plainly wrong and a leaflet was not adequate. So that needs to be on the record as well.
Broadly, our concerns are the failure for the public to be properly informed about what was happening and the use of data—the broad transparency of this whole project. The conflation of different uses that I touched on, I think, could have been much better explained, and, if we had been having this conversation a year ago, some of those uses might have been separated out so that you would not have the same conversation about commissioning as you would with research because patients have different attitudes towards that information.
I think the particular point about opt‑out and the clarity of what information would be extracted where patients did opt out has been an ongoing issue for us. We received today a letter from the Secretary of State clarifying that, with which we are very happy, but broadly this—
Q3 Chair: On that narrow point, you are happy with the concept of opt‑out rather than advocating an opt‑in system.
Phil Booth: I am sorry—can I jump in? We are happy that what is being offered at the moment is an opt‑out. The problem is that that opt‑out was not functioning in a way that any reasonable person would understand. If someone had opted out, it was the case that information would still have left their GP record. So until that was fixed last week—at the same time as the delay, it seems—that was a really serious concern for us and for many patients, of course, and it was basically misleading the public.
Q4 Valerie Vaz: Is that in the public domain, or did he just choose to share it with a few people and not everyone?
Phil Booth: We have received a letter today from the Secretary of State that links to a page on the HSCIC website which now explains what they will currently be doing when someone has put—or has got their GP to put—an objection code on to their record. So it is now public.
Nick Pickles: That interfaces with an older document from December, which is the direction that we are assuming will now be updated by NHS England to reflect that no data will leave your record if you opt out.
Chair: That was just on the narrow point.
Q5 Barbara Keeley: It is worth saying at this point that that was not shared with Parliament—
Valerie Vaz: No.
Barbara Keeley: —although we have Health questions. There were three questions directed to the Secretary of State on this and he did not tell the House, which is disgraceful.
Nick Pickles: This has been discussed in many different forums, but naturally one of the reasons why the delay is a good thing is that there are lots of issues that we can flush out now, if for no other reason, as to the opt‑in point, to ask the question in future, going forward, whether opt‑in is ethically a much stronger model. Informed consent is best tested by opt-in. I think that is a fair point.
Q6 Chair: But that is not what you were advocating. You are accepting the current proposal as refined in this correspondence.
Nick Pickles: I think we are probably saying the same thing. If we had an opportunity to change it, I think opt‑in does add a much stronger test for patients. But given the scale of the pause, we are focused more on getting the system working properly than trying to radically re‑engineer something. We would like to start with that, but we are where we are.
Phil Booth: MedConfidential’s position is that this should be re-engineered from the ground up, but, realistically, NHS England has pushed forward now, despite two six‑month delays, and does not seem to be relenting from that. That being the case, because our primary concern is the patient and the patients’ feelings about what is done with their medical records, we take the pragmatic view that we must try to make the mechanisms that are available work properly so that people understand how they can use them for themselves and their families. Yes, we would very much like to say, “Look, this is a halt. This is the wrong way to go about designing this sort of thing.” What you are talking about here is, at its heart, creating an aggregation of the entire country’s medical records, or extracts of the medical records, at individual patient level.
Q7 Andrew George: Can I just be clear? What is the connection between the two organisations? It seems that you are chirping in, in unison. I just wondered what your membership is.
Phil Booth: MedConfidential was founded by a number of organisations, including Big Brother Watch, NO2ID, the Foundation for Information Policy Research and Privacy International. We have been supported by others such as Liberty. MedConfidential is basically me, Terri Dowty, who used to run Action on Rights for Children, and Sam Smith, a former member of Privacy International. Then we have a network of volunteers. We are a very small organisation, but in terms of our policy, if you like, I speak to that. Big Brother Watch has its own policy, but it is a family and we work together.
Nick Pickles: This is a useful opportunity to make my final point. Something we have been campaigning on for many years now—supported by the Justice Select Committee, the Home Affairs Select Committee and the Joint Select Committee on the Draft Communications Data Bill—is the broader framework of infringement penalties for breaching the Data Protection Act, and section 55 in particular, where custodial sentences are not available for those who acquire personal information illegally. It is something that I think in this context is particularly acute and the power is already on the statute book; it is just waiting to be commenced. From our point of view, the broader issue about information governance and privacy and data protection feeds into this issue as well as a range of other ones.
Q8 Chair: Could I move on to Dr Nagpaul, please?
Dr Nagpaul: Yes. It is interesting that you asked about the benefits, but actually the benefits are lost in what is the fundamental problem at the moment, which is around public and professional confidence—or lack of—in the programme. That is just a reflection.
I want to describe the perspective of GPs. We do think we have a unique position because we are, after all, the custodians of the patient data that is to be extracted. So we are in a unique position, and, of course, reflecting that patients visit their GP—they visit us—and entrust us with very personal, sensitive, confidential information as part of a life‑long record in general practice.
At the heart of our concern as GPs is the fact that, if patients mistrust or are concerned about the security of their data, or have concerns about how this data will be used, that would potentially irrevocably damage that fabric of trust when a patient walks into a GP’s surgery. That may have other consequences around confidence in the way that the NHS records data. It may result in patients not attending their GP surgery at all for fear of what may happen to their records or data or, if they do attend, be inhibited from being totally open about some things and maybe not about others. If you would like to just reflect, we were recently talking about patients not attending their GP quickly enough with suspected cancer, for example. It would be extremely damaging if, at the heart of this, patients lost confidence and trust about the data that is recorded by their GP. We all plaster it on our websites: “If you are registered at our practice, we can assure you of confidentiality.” At the heart of this has to be an assurance to the public, and patients in particular, about the safety of their records that we keep.
Q9 Chair: Could I move on, please to Ms Nebhrajani?
Sharmila Nebhrajani: I want to give you a research funder’s perspective on the research elements of care.data, and there are care elements that you may want to reflect on separately. It is the research funder’s belief that this is a really excellent database and it is a really valuable asset, but it is being stymied by its execution. That is partly about the way it is communicated—and we may talk a little more about the leaflet and the way in which the public has been allowed to understand it—but, also, there are some very big unknowns still in the execution of the database: who can use the data, for what purpose, on what basis and how opt‑ins and opt‑outs will work. So there are some real shortcomings there.
Let me start with the benefits because that is the point that you raised first of all. There is already quite a lot of data available for research. This system would allow you to link primary care data with secondary care data, and that does not happen yet very well and it does not happen at scale. So there is the germ of a really good system here and the sorts of benefits that are talked about, which the Committee will be aware of, are things such as the link between smoking and lung cancer would have been elucidated in datasets like this; the link between MMR and autism would have been debunked using datasets like this. But also there are more recent examples. In the flu epidemic of two or three years ago, in 2010, researchers were able to link the sort of primary care data about vaccinations that Dr Nagpaul is talking about with the critical care bed usage in hospitals to identify what was causing the influenza epidemic to be so strong, to make that link back to a shift from children to adults and therefore to create a new vaccination programme based on that insight.
So there is real value here. The research funder’s anxiety is that it is being executed rather poorly. I think there are several issues in that. The first is that research data depends on the public having confidence and trust in the system. The public are very generous with both their money and their resource to charities and to research, and we risk eroding that support if the public cannot have confidence in how their data will be used. Do you want to come in?
Q10 Valerie Vaz: I was going to ask why you need all the information—everything that everyone knows about a patient.
Sharmila Nebhrajani: Let’s leave aside research and care, because research does not need all the information, but there is real benefit in having a spread. As you start to have stratified medicines and start to target groups by ethnic grouping and genetic make‑up, you do start to need groups that are bigger than typical research sizes. At the moment, the research data that comes through GP practices is about less than 10% of all GP practices feeding into GPRD, which is the precursor of this database. There will be merit in getting scale, but I don’t want to undermine the critical thought, which is that there are some execution problems here. The public is rightly worried that they don’t understand who can use their data and who can’t. There is a real conflation of purpose and identity; so people are very worried about pharmaceutical companies having access to this data. We won’t have a drug developed in this country without having pharmaceutical companies involved in the creation of those research projects. It may be perfectly legitimate for the public to understand how industry can use that data. That is not the same as saying that insurance companies should have access to that data. Clarity about who can and who won’t have access to data is very important.
I want to come back on the point of opt‑in, opt‑out and consent. A research funder’s perspective is that this data needs to be used with care because it is the public’s most sensitive data and it needs to be used with competence; the safeguards need to be there. But the patient needs to make an informed decision about whether or not they want their data to be available in the system. Research funders would say that that information needs to be given properly to the public and they need to have time to reflect. In that sense this pause is welcome. But an opt‑out is sufficiently strong if the information system is good, and that is for two reasons. No. 1, the public already tell us they want their data to be available for research. 80% of people polled in a recent MORI poll said they would like researchers to have access to their data. The second example is that, of 1.3 million people approached for an ovarian cancer trial, only 32 people complained. So the vast majority of people are happy for their data to be made available but they do want to understand the parameters around that.
The problem with an opt‑in is that there is now quite a lot of evidence that you bias your sample away from the very people whose data we want—that is the vulnerable, people whose English is not their first language, lower social economic groups and ethnic minorities. Those are the people who are least likely to opt in but whose data may be most useful for them for care and for research. We should think really carefully about not conflating consent and opt‑out.
Q11 Chair: Before I bring in other members of the Committee, could I ask Professor Weissberg to put his cards on the table?
Professor Weissberg: Yes. I echo everything that Sharmila has said. To amplify that last point, this is not an issue about being able to grab data from vulnerable people who don’t understand things. The issue about the disadvantage and the ethnic minorities is that that is where the burden of disease—particularly in my field, cardiovascular disease, and it is still the biggest killer in our community—lies, and that is why we need that information.
I would answer this, without trying to repeat what has been said earlier on, in a number of ways. From a health service perspective, it is inconceivable that we could have a publicly funded organisation spending £95 billion, or whatever it happens to be, of public money on patient care without being able to performance manage that, and you have to have data to do that. It is an issue we have to crack and we have to sort out how we are going to crack it, because it is an absolute necessity from that point of view. Because of our health service, we have a unique opportunity here because of our nationalised, unified patient database, which could be available for research. It is something which every other nation in the world would give its eye teeth for if they could only get their hands on it. We have it and we have to learn how to use it responsibly for the benefit of our patients.
In explaining what I think the benefits are of this, I am going to turn that on its head and say what I know to have already been the harms of not having it up until now. I have been around for long enough to have seen a number of medical disasters that have occurred not through mismanagement but through ignorance. I am afraid there is much more we don’t know about medicine than we do know, even in this day. I am sorry about the Rumsfeldian‑type of approach to it.
Let’s start with aspirin. Aspirin is a common drug given to everybody, but it is almost certainly causing permanent disability and death in children when given for febrile illness. It took years for that penny to drop—to make the link between aspirin and Reye’s syndrome. When the link was made and the drug was withdrawn—or at least controls were put on so it does not happen—Reye’s syndrome has all but gone away. It has not gone away completely, but it has all but gone away. So there is a situation where, for the want of being able to link data very simply—aspirin and a rare syndrome—people died. It would have been easy to have done a case‑controlled study on those anonymised data very quickly to come up with that answer without having to see people die.
Beta blockers are commonly used drugs; one of the first ones on the market was called practolol. I used to prescribe it commonly. In a rare instance, it caused a very nasty, often fatal fibrotic disease idiosyncratic to that particular drug. It took us years to tumble to that because the clinical trials did not pick it up; it was too rare to be picked up at a clinical trial.
Coming closer to home is Vioxx. I suspect people in this room might have been prescribed Vioxx, a very commonly used anti-arthritis drug. It is very good at treating arthritis and actually reduced some of the risks of arthritis treatments—it reduced the risk of bleeding—but unbeknown to us was killing people from heart attacks. Again, it took years and thousands of deaths before that penny dropped. We are sitting on that data. It is there now. Had we been able to mine the data in the way that is proposed, we could have got those answers very much earlier and saved lots and lots of lives. The obvious one about lung cancer has already been made.
There are numerous examples historically of where not having access to patient data has caused thousands of deaths. If you want numbers put on it, let’s say there is a drug that causes one in a thousand people who take it to die. You won’t pick that up in a clinical trial because you would need to run a clinical trial of thousands of patients—hundreds of thousands maybe—to pick that up as a statistically significant impact. On the other hand, let’s say that drug has been prescribed to 10% of our population, and you can think of drugs that are now. I do not want to point a finger at any particular class of drug, but there are drugs out there that are prescribed to about 10% of the population. That means 10% of our 60 million population. If you do the maths, that is 6,000 deaths that are going to occur as a consequence of that prescription. The only way we will pick that up is by access to huge‑scale patient data—not just a few thousand but the millions of patients who are on our NHS database. So it is crucially important that we are able to make those links. I would suggest that in any other situation, where we were causing 6,000 deaths, there would be outrage if we did not know about it and if we were not monitoring data. If it was a series of air or road crashes, it would be on the front pages of all our papers all the time, but because it is unseen to all of us, yet it is in our data, we do nothing about it.
Finally, to wrap this up, we spent a huge amount of money on research. We had a big impact on cardiovascular health. A lot of our research is slowing down now because of the difficulties of getting to patient data. It is becoming harder. When we can do it, it always pays off, but it is getting harder and harder—and that was before the recent problems. We are wholly behind the concept. We are worried about the execution because it is frightening people off and I think they don’t understand the sort of arguments I have articulated today against the arguments we have heard earlier articulated, and there has to be a way of striking that balance and getting it right.
Chair: Right. We need to move on.
Q12 David Tredinnick: We have touched on what I am going to ask about, but I would like to formally put the question. The start date for data collection has been put back by six months. What do you want to see happen in this newly extended period before the database becomes operational?
Nick Pickles: The first point is around what the process is for getting access to data, who has had access to data previously, audits of security and data use—for example, the insurance issue that we learned about yesterday and how that happened. Then, going forward, it is worth noting that the Caldicott review was April last year and we are due to have an HSCIC code of practice for confidentiality, which I understand still does not have a publication date. So there are some quite important elements of the confidence structure that are not in place yet, and then we can talk about telling patients with a letter, sending an opt‑out form, to make sure they know what is going on.
Q13 David Tredinnick: You would very much welcome this pause.
Nick Pickles: Yes.
Phil Booth: I would pick up very specifically on something that Nick said in terms of our transparency and oversight. What has become very clear in recent weeks is that the processes at HSCIC are simply not fit for purpose for the sort of scale and sensitivity.
Q14 Chair: In what respect?
Phil Booth: Very specifically, when a potential customer comes to HSCIC to ask for individual level patient data in various forms, they will request this and then possibly be bumped off to different bodies. One of those is the Data Access Advisory Group, which sits on requests for what is internally termed sensitive data. Another possible avenue is going straight to the asset owner—the people in charge of that particular dataset—if it is not considered sensitive. Given that we only get sight of those decisions that are made by this Data Access Advisory Group—which is, by the way, we believe, just four people, two of whom are HSCIC, one of whom is the Department of Health and one other—and that we are finding out that there are unminuted, out‑of‑committee decisions being made about access to data, in one instance by the Cabinet Office, I think it was, and we are seeing now other instances where data have clearly gone out from HSCIC and there is just no record of what it is, we would want in this six‑month period, as Nick says, a complete, comprehensive historical record of what actually has gone out. Where has our data gone in the past? If we are going to move forward, we need to be very clear about the process by which people—companies, organisations, what have you, bodies—can then apply. We would recommend a body much more along the model of something like the Confidentiality Advisory Group, which has now moved to the Health Research Authority, a fully independent body which presides over and looks at applications for what is called regulation 5 or section 251 support, which is when the duty of confidence is set aside so that identifiable patient data can be used without consent. Let’s treat all of our country’s data—the data of every man, woman and child in England is going to be in this database if it proceeds—with the sort of sensitivity that it should demand. Okay, HSCIC say they are putting some of this out in pseudonymised form, but I am afraid this is not anonymous statistics. There remains a risk of re-identification because of the way it is treated, but it is in the nature of episodic health information about a person that it is re-identifiable because you can go at it in lots of different ways.
Q15 David Tredinnick: I know colleagues want to come in on this quite obviously, but through you, Chair, I would like to go down the line, as it were, and hear all your answers to the question that I have asked before we have the secondary questions, please. So, Dr Nagpaul?
Dr Nagpaul: The most important thing we would like to see is to have public confidence and trust. As a GP, that is what I want. I want my patients to walk through the door feeling confident. For that, you have to have a fit‑for‑purpose public information campaign, not a leaflet advertising campaign, which is what we got. It needs to allow patients and the public to have true informed choice of whether they want their data extracted or not, but they need also to understand the benefits we have heard. The risks also have to be understood, but they also need to know what is extracted and about the limits of what that data will be used for—not something that says, “It may be used for this today and something else tomorrow.” They need to know exactly what those limits are at this moment in time. We also need to have absolute assurance around the governance of that data and who can access it. We would want to see an independent scrutiny of the use of data from the HSCIC. We believe that there should be independent scrutiny of its use.
I also want to talk about something very particular to GPs that we want to see happen. GPs are in a seemingly impossible position. On the one hand, they have an obligation under the Health and Social Care Act to upload confidential patient data without patient consent. That puts us in a very difficult position. At the same time GPs are duty-bound legally as data controllers under the Data Protection Act. Therefore, if we upload that data under the Act but if our patients are not aware that that data is being uploaded, we could face a legal challenge and a complaint. This is an important issue that is affecting GPs. We would want to see some indemnity if GPs, having done what they ought to do, faced a legal challenge. It would be completely wrong if they unfairly had to face legal consequences for doing everything they could because of the Act’s requirements.
Q16 Valerie Vaz: Where is your duty first—to the patient or to the Government?
Dr Nagpaul: That is a problem. There are doctors who have suggested that they would not upload data unless it was an opt‑in, who have been threatened with breaches of contract and breaking the law. So we are in a difficult place.
Sharmila Nebhrajani: I would like to divide my asks, if you like, into two populations: the things where execution needs to improve and the things where communication needs to improve.
First, in execution, I really think NHS England are in a bit of a muddle about this, and they need themselves to be clear about how data will be managed and the relationship between HSCIC and care.data and the existing research relationships before they start to talk to other people about it. Some of the difficulty we have is because they are trying to explain something that they have not themselves decided is their settled will. That is a recipe for disaster. The first thing is backing themselves to work out what is in and what is out.
Being more specific, it is really important that they are clear what purposes are legitimate, ethical uses of research data and what are not, and they need to say that. The second element of it is that they need to set out who are legitimate users of this data and who will not be. In fact, that is related to purpose. There has been a lot of conversation, for example, that insurance companies should not have access to this data to help them to mitigate or pursue their own commercial objectives. I would agree. I think the same thing applies to the Department for Work and Pensions actually. Being clear about what is in and what is out by purpose I think is very important.
The second thing NHS England need to be clear about is what safeguards they themselves are going to put in place to protect privacy and security. Then they need to tell the public about that. The public know—in the same way that they know that no medicine is 100% safe—that no data system is 100% safe. Again, the conversation that has to happen with the public is all about risk and benefit—the goods and the harms—and we need to have that in a reflective way that allows the public to come to their own informed decision about whether they want to participate or not.
The third thing is on the right to object. As I currently understand it, the right to object is not a legal right. The public can express an opinion, and, by discretion, the Secretary of State will adhere to that opinion. That may be fine, and you as the Committee will be able to judge that, but we should tell the public that that is the case. That is the third bit of wiring that needs to be sorted out.
The fourth thing that needs to happen is to be really clear what opting out means to the public. For example, if my data has gone into the system, has then gone out to Dr Nagpaul to do research and I then withdraw my consent, does he have to give my data back? Can he keep it? That is unclear. We need that degree of clarity before the public can have confidence in the system. If I opt out before he gets the data, can the HSCIC say, “We are going to delete it and it will never go out again?” Again, we just need to be clear. I think the public understand the precepts of research. They are supportive of it and they will make their informed view, but it has to be informed in what is and is not going to happen.
Q17 David Tredinnick: Through you, Chair, lastly, Professor Weissberg.
Professor Weissberg: Yes. I will try and be brief because I agree with everything that Sharmila has said there. The whole issue here is that the issue of being able to use patient data for management of the health service and for research is too important to get wrong. We welcome the six‑month pause because it was going wrong; it was going wrong for a variety of reasons—some appropriate, some inappropriate—and we do need to take stock. You ask, “What do we want to see happen in that time?” I would like to see much better information for patients that articulates the benefits, which are clearly able to be articulated. We can give numeric examples, and I have given you some, of where the benefits accrue. We should also articulate what the risks are, but there needs to be proportionality there. We all know that there is a risk to any of our data that can be acquired, whether it is from the DVLA or any other number of databases that hold our data, but the issue really is: what is the likely risk that somebody is going to hack into a system to identify your personal data in this situation and use it against you? It is a real risk, but the issue, compared with the benefits of the whole, is a relatively low risk, I would suggest. But that has to be argued and articulated. There does have to be absolute clarity as to how the data flows, who has access to it and who doesn’t.
In answer to the question that was put to my GP colleague a minute ago, “What is the priority—your responsibility towards your patient or your responsibility towards collecting the data?”, I would say they are equivalent. I am a doctor who sees patients as well in hospitals. I have a priority to look after that particular patient, but I also have an obligation to try to use the information I glean from doing so for the greater good of other patients that come on afterwards. All of us who go and see a doctor are benefiting from the research that has been done on patients before us, and, admittedly, nearly all of it done through a rather laborious and heavy‑handed consent process that has limited our ability to get that information. I think the public are very aware of the fact that we need their data to make patient care better in the future. They just need to be given the facts in a clear way so that they can make a sensible judgment.
Chair: I don’t think there is a member of Committee who has not been seeking to catch my eye. I am going to go to Barbara, Charlotte and then back to Grahame.
Q18 Barbara Keeley: It is the second part to this second question, and I think it is more or less directed at medConfidential and Big Brother Watch. Could you tell us more about your view of ways to handle the patient data safely? The thing I am interested in—I think you have not mentioned it in detail yet—is the idea of only having one primary copy of the database so that those wanting access, if they have a plausible use that is allowed, could then submit their query or queries to people who would run that for them. That seems to me to get over the problem that Sharmila has just referred to about somebody withdrawing their consent after a copy of the data has gone out to somebody. You seem to have illustrated perfectly well the reason why there should only be one copy, the people responsible for it should keep that copy, and the customers for this—if we have to call them that—should submit queries which are then run by the independent experts. That seemed to me to have a lot to recommend it, but could you tell us more?
Phil Booth: This was simply a suggestion that we have made based on what is becoming good practice in some areas of handling what are called big data datasets—certainly ones that I think have been handled with regard to some Government gathering of that data. Essentially, the idea is that this is so sensitive that you can’t be handing out chunks or copies of the datasets to allow another third party to then do processing on it themselves. That is inherently risky. Once you have got lots of copies out there, quite evidently there are more vectors for attack, more possibilities of breach and so forth. The idea is of keeping this completely contained in one place where you can put the top levels of security in—I mean, really high levels—and then, as you say, having a process whereby there is independent, expert scrutiny. It will not just be, “Oh, we want to use it for something,” but a direct request or query that is going to be done on this database so that that can be looked at, people can have an informed guess at what is likely to come out, but then that data can be checked on its way out and treated in many of the ways in which people are very used to now, pseudonymisation being one of those ways. The query coming in is checked first, the access to the database is tightly limited, and any data coming out—this is just the answer to a query, not a copy of a chunk of the database—can then be checked for its safety, again independently, before it leaves the facility. That is tightly locked down, and we are clearly talking about the extreme other end of the scale to what is going on at the moment, but we certainly think that the public would have much greater confidence in a scheme that treated their and their family’s data as that sort of precious asset rather than some sort of tradeable asset, frankly.
Q19 Barbara Keeley: Is that principle already in use in Government systems?
Phil Booth: Certainly so. The ESRC has commissioned some sort of facilities for academics to use, I believe in university. I can write to the Committee about specific installations or what have you afterwards.
Nick Pickles: The specific point that is important there is that, when the Data Protection Act was transposed from European law, there is legal opinion that the way the UK transposed that directive left a loophole that did not criminalise re-identification. That is not consistent across the rest of the European Union. I understand it is a specific problem for the UK and Ireland, but, to speak to your problem, if you are allowing data out and you have not criminalised deliberate re-identification, then you are magnifying the risk. If you keep it in one place, you don’t then rely on the need to change the Data Protection Act as well to close that loophole for third party re-identification, and, as Phil says, the more copies that exist, the greater that risk becomes.
Q20 Chair: Could we just have the other side of the house? Is that a workable solution from a researcher’s point of view?
Sharmila Nebhrajani: It might be; I think it might be. The key thing is what the impact is on the patient. On your point about if the data has gone out, once it is in a researcher’s dataset, it is in a researcher’s dataset. It is hard to disaggregate that from once the consent has been withdrawn. A simpler answer, and I am no technical expert, is just to be clear with people when they opt out as to what happens, and, if that opt‑out happens some way down the line—or, as the leaflet puts it, “You can change your mind” as often as you like—what the risks are about what data can be removed and what data will not be removed. It is not something that there is necessarily a technical solution for. There has to be a recognition that, once data has gone into a project, it has gone into a project.
Chair: Can we then go to Charlotte?
Phil Booth: Very quickly, Sharmila reminded me of what I was trying to say. The opt‑out process at the moment does not delete data—even data that is held at the HSCIC. This sort of approach would allow someone to provide, say, their NHS number, identify all the data that had been taken up and to delete it at source. So you are absolutely correct. That is one major guarantee that could be given to patients to provide them with some confidence, because at the moment it just isn’t there. At best, we have heard under a Freedom of Information request that data may be anonymised prospectively if you say you want to opt out after it has been uploaded.
Q21 Rosie Cooper: Bearing in mind what we talked about before, can we just ask what does opt‑out mean? What does it really mean, because there is actually no such thing as “opt‑out”, is there?
Phil Booth: We now understand from what the Secretary of State has written to us today, and what the director of clinical and public assurance at HSCIC wrote to us last Tuesday, that, if a patient does what is called a type 1 opt‑out, they have a code added to their GP record. As of today, we have the assurance of the Secretary of State that no data will be taken from their GP record. What will happen is that the total number of those objection codes will be counted up for each GP practice and just that aggregate number will be sent to the HSCIC. The other code, which the GPs are being asked to administer but is not actually anything to do with them, is that, if you want to opt out of having your identifiable data passed on by the Health and Social Care Information Centre, because of course it gathers data from all sorts of places that are not your GP record, you send what is called another objection code up to the HSCIC, and that must carry with it—and only this piece of information—the NHS number. Using the NHS number, then the HSCIC is able to identify your information as it comes in, and that is the way in which it is going to be able to stop it going out. Without some sort of way of identifying the data that goes in—just logically—it would be impossible for HSCIC to identify your data coming from a clinic, a pathology lab or a hospital or what have you, but, to be very, very clear, no other data. This is a separate extraction. If you are opting out of having the HSCIC pass on your data, the way it should now work is that they literally only take up the fact of your objection and the NHS number, which is used only for the purpose of identifying incoming data.
Q22 Rosie Cooper: So those people have opted out already.
Phil Booth: Yes.
Q23 Rosie Cooper: Which bit will they be in or out of?
Phil Booth: If they have had one, other or both of the codes added, that is how they will operate.
Q24 Rosie Cooper: A member of the public doesn’t know 1 or 2, or code or not. They say, “I want to opt out.” Where are they?
Phil Booth: Exactly.
Q25 Rosie Cooper: They have not seen the Secretary of State’s statement today, and neither have I. My understanding, up until you had just spoken, was that the information would go, but not be—
Phil Booth: This is the problem. We contend it has been presented misleadingly to the public. There have been these two codes and that has been miscommunicated, but it has been misleading because the position when we read the “Privacy Impact Assessment” that was published by NHS England was that they said there, in terms, on page 9, that if you opted out clinical data would still flow. That is why we got in contact with the Secretary of State, why we have been basically trying to pin this down, and why we are glad today that those people who already have opted out, using both codes for the full protection, if you like, and one or other for protecting—
Chair: Rosie, we can’t have a dialogue.
Q26 Rosie Cooper: If I write and say, “I opt out,” what does the Secretary of State take that to mean?
Nick Pickles: This is the issue for GPs. If you download a form from either of our websites that says you want to opt out, that goes to your GP. There are two opt‑outs. Is the burden on the GP to ask you which one you want?
Chair: Dr Nagpaul?
Dr Nagpaul: I think what we need to do is use this very sensible pause. I would commend that Government use pauses more often in the future, but, you know—
Valerie Vaz: They keep getting it wrong.
Dr Nagpaul: We are asking the wrong question. We now have an opportunity to get it right—for patients to understand what opt‑out means and to make it simple for GPs to administer. I would also want to suggest this from the BMA’s perspective. Last week we had a debate and we wanted to introduce the idea of pseudonymisation at source, which would mean that when the data leaves the GP practice it cannot be identified and it would be replaced with a key. There is a technical way of doing it, but that, again, would assure my patients that, in fact, at least their data could not be identified. I am not a technical person and there are probably pros and cons around this, but it is certainly something to consider. I would like to say that we should use this opportunity. We don’t have an opt‑out form at the moment. For the opt‑out process actually there is no form. At the moment, as we speak, you would not have a form to complete.
Rosie Cooper: No, I have opted out. Under that system, I would opt in, but I think we are taking the great British public for granted and it is an outrage.
Q27 Charlotte Leslie: I think we have just learned that we don’t know what an opt‑out means and that is what we need to do in the six‑month period, haven’t we?
Sharmila Nebhrajani: It is one of the things we need to do in the six‑month period.
Q28 Charlotte Leslie: Yes, one of the things. I have a very quick question. Do you think there would be any merit in a more granular approach to opt‑out? If the data is completely anonymised, in many ways people are not so fussed about their data and there might not be such a need for an opt‑in option. If it is identifiable data, there is definitely a need for a very informed opt‑in option. If it is in the middle and pseudonymised, then maybe you have the in‑out option. Do you think there is a need for a granular opt‑in/opt‑out, or do you thank that is overcomplicating things?
Phil Booth: I am afraid you are looking at the end of the process.
Charlotte Leslie: Yes.
Phil Booth: That would make the opt‑out even more complicated. The opt‑out has been split into two, but using both of them is probably the best or the safest you are going to be. The data, if you do not opt out, that goes up from your GP practice is identifiable. That is without dispute. The opt‑out has to operate basically in the way that we now hope it does. We think it should be made simpler, because it is a nonsense, frankly, to say that someone has to choose twice to opt out of something when, clearly, if they have concerns, or concerns enough, that they don’t want their GP record to be going up to this central database, they would be perfectly happy for data gathered from anywhere else. That seems to indicate that the opt‑out was designed not for patients but for the institutional demands of NHS England in its care.data programme because it wants data to flow.
Sharmila Nebhrajani: Can I make a brief comment? In this world, terminology is really important. When you are talking about “identifiable data” and he is talking about “identifiable data,” you are not talking about the same things, I think. The first thing to say is that I don’t think there is any break at the moment on the use of anonymous data. The opt‑out is completely alien from the concept. We have no rights over our anonymous data in the current world; it just goes up.
Genuinely identifiable data that says “Sharmila Nebhrajani, Brighton BN2 1NA” should be absolutely tightly controlled. What we are talking about is this issue in the middle of pseudonymised data, which I think would be better described as “could be identifiable” or “coded.” Again, going back to my point about this being a bit of a blinking muddle, getting the terminology right across all elements of the NHS when we describe things would help us decide what we wanted, and we are not even clear about that.
Just to come to the opt‑out point, there are three things about that. No. 1, it is not an opt‑out; it is a right to object and it does not have legal force. We need to form a view about whether that is the right thing or not.
The second thing is that, at the opt‑out stage, one has to have a sense of, “Do I want my data to leave the GP?”, and then, “Do I want my data to leave the information centre?” Those are the two-stage opt‑outs. I think that is very complicated for the public to understand. Again, if we were not starting from here, we might design a different way of cutting that process so that it was clearer, because you still have the ability to use, as you describe, pseudonymised or key‑coded data in a sensible way.
The third thing I would say is we have a really awkward conflation of identified/pseudonymised/anonymous and data security. They are different things. We need to design a system for the use of data that works and then expect that some people will try and break the system, and we need safeguards around that. But at the moment we have an awkward conflation of securities, hackers, system failure and system complexity, and we need to solve those two things separately.
Q29 Grahame M. Morris: You have come to the real crux of it—identifiable data. Would you clarify for my benefit and that of the Committee, from a research and service provision point of view, for what reasons pseudonymous data is preferable to anonymous data, and then, for Nick and Phil, from a privacy point of view, what are your concerns about pseudonymous data? I can’t even say it.
Sharmila Nebhrajani: It is a dreadful word.
Grahame M. Morris: Can I ask your opinion as well? I have sat very patiently? You were talking about identifiable data. You are in the confidence of the Secretary of State and you obviously have information that I have not; I am just a Member of Parliament. A section 251 exemption now allows the use of identifiable data for commissioning purposes. You might say that is a good thing in terms of identifying trends in some of the examples that you gave, but, nevertheless, this identifiable data is currently being made available at a national level to NHS England, at regional levels to NHS England area teams, and at a local level to clinical commissioning groups and local authorities. What is your view in terms of the privacy there? Is that something we should be addressing?
Phil Booth: On that very particular point Dame Fiona Caldicott specifically said she did not accept the proposition that identifiable data was required for commissioning purposes. So we are stunned, frankly, to see that it was given section 251 support.
Q30 Grahame M. Morris: And for audit and invoicing purposes as well it is not required, or it should not be, should it?
Phil Booth: Yes. This is the case—that things have got all out of order. We do not have clarity and we do not even have a system that is clear. Data was imminently to be uploaded, and thank goodness it is now pushed back at least until the autumn. But, despite that, NHS England applied for and was granted section 251 support—this exemption to pass around identifiable data—back in April of last year. By October, none of that data had actually flowed, bizarrely, given that they said this was critical for their purposes, and we now learn in the minutes of the Confidentiality Advisory Group that this has been extended and will probably be extended again. What we have here is a pathway which has been kept open for the passing of data that contravenes the recommendation of the Caldicott 2 report, and that, for us, is absolutely stunning.
Q31 Grahame M. Morris: Is this an example of mission creep potentially?
Phil Booth: Absolutely. If you are starting to bring up identifiable data—and by “identifiable” here I mean stuff that is tagged with your NHS number, your full postcode, your date of birth, your gender and your ethnicity, which is more than enough to identify pretty much any person in the population—that identifiable data will be going up to HSCIC, and, if it is the case that NHS England already has the section 251 support to pass around identifiable data, the public has once again been misled, because in the documents and the leaflets being sent out it is being presented as if your identifiable data will only be used in the case of a public emergency.
Q32 Chair: I think from their facial expressions, not all your fellow witnesses agree with all you are saying.
Sharmila Nebhrajani: I don’t disagree with what you are saying, but you are talking about a very narrow bit of section 251 and identifiable data. I want to come back to the crux of your question, as you put it, that we are really in danger of throwing the baby out with this rather grubby bathwater. I don’t work for NHS England and I am not apologising for what they have done, but I think it is really clear that we remind ourselves why this linked data is so important—and that is not section 251 and not identifiable data. That is not identifying me, Sharmila Nebhrajani; it is linked data and it is important for two things.
I will give you two examples. No. 1, a long‑term study that looked at the prescribing of oral contraceptives in GP practices, looking at data that came from GP practices, was able to link with mortality data and cancer outcome data in hospitals. You were able to link those two and find out whether there was or was not a risk link for the use of oral contraceptives for those patients. You would not be able to do that if there was not some way of matching those data. You did not need to know it was me taking the pill, but you did need to know that that piece of data there was linked to that piece of data there, and that is a really important resource. It would be a disaster, I think, from a research perspective, if that concept and that asset were lost in this muddle.
Phil Booth: I don’t think anyone disputes that.
Q33 Barbara Keeley: The difficulty I have is that this is not the time to be emphasising the benefits when there is so much wrong with the structures, the privacy, the lack of consent and the security. Frankly, it is just a waste of time. They are nice examples, but—
Sharmila Nebhrajani: What is a waste of time?
Barbara Keeley: It is a waste of time to spend the time now. Until we have the security, the privacy and the consent issues sorted out—and you have given loads of examples of things that should have been thought about months ago—it is just a waste to be talking about benefits, because, frankly, I think most patients should be scared to death of the mess that this is.
Sharmila Nebhrajani: Let me just reiterate my comments at the beginning of this meeting, which is that this is a really great system stymied in its execution. I do not mean to minimise the difficulties that have to be solved, but what I am simply saying—and I am sure the Committee would accept this—is that in any decision there needs to be a balance of the benefits and the risks.
Q34 Barbara Keeley: But you can’t balance that against the loss that there would be, the loss of privacy—
Sharmila Nebhrajani: I will leave it with you then.
Q35 Chair: We have allocated an hour to this. Professor Weissberg has not had a say.
Professor Weissberg: I am not going to counter anything that has been said up until now other than what I said at the start, which is that this is so important it is essential we get it right. But you may or may not know that your hospital data has been doing this for the last 20‑odd years.
Valerie Vaz: Exactly, which is why we need something different.
Professor Weissberg: It has been in a form which, if somebody wished to, could be tracked back to you personally, but, by and large, people don’t because they don’t want to; they have no reason to. That has brought huge benefits. There is a real risk, if we get this wrong, that that benefit goes too, and there is a real possibility here that throwing the baby out with the bathwater is an understatement. We have benefited immensely from a system that has worked for 20 years. It is trying to expand that out. Sharmila’s point is right: this is about being able to link databases. In other words, there is not much point in having a good hospital database if you don’t know what happens when that patient leaves hospital. As a consequence of the hospital data, we have much better outcomes of heart attack in this country than we have ever had before and in many other countries, because we have audited it. We have been auditing it through MINAP in minute detail. We know how many patients wait how long before they get their primary angioplasty and what drugs they go home on. After that, we have no idea what happens to them because we can’t link those data to the GP data.
Q36 Chair: Our primary purpose in an evidence session is to hear from our witnesses, but I have three colleagues who have not opened their mouths yet and I am not going to get to the end of this session alive if that remains the case. Dr Nagpaul, then Andrew Percy and then Andrew George.
Dr Nagpaul: I just want to say that I think there is a difference between GP data and hospital data. GP data is 10 times more rich in terms of patient information. Patients come to their GP to share confidential information. They entrust us with all levels of detail about their personal lives, their social lives, their psychological states as well as their medical details. It is very different from episodic care in hospitals. I think that we actually lose that trust at our peril, and for all of those benefits—which I think are absolutely well made—we need to get it right for the reasons you have described. Therefore, I think we are all saying in fact the same thing. The emphasis for this next six months is about getting that sense of confidence and trust right. In order to do that, there needs to be absolute clarity around the data issues, its security, its governance and how you opt out once it has been uploaded, as Sharmila mentioned earlier. That is what we need to be focusing on. We need to get to that point of trust. But I do want to reiterate that GPs are different. We have a legal responsibility around the data controller role which is different from a hospital doctor. If we get it wrong, we are legally liable for extracting data without the consent of patients or without their awareness. So it is a different role.
Chair: Andrew Percy?
Q37 Andrew Percy: I am concerned at the tone of this debate because I think a lot of people out there in the public have become very fearful now of this and think it is going to be used to market products at them in a way, and that is deeply damaging. Some of the things that have been said today have added to that and really concern me. I don’t think we have focused necessarily on the benefits of it, and when I hear people saying that we should not focus on the benefits I am, frankly, gobsmacked and my jaw is wide open at the idea, because this is really important. I am very concerned at the way in which this debate has been—
Grahame M. Morris: Do you have a question?
Andrew Percy: Plenty of other people have had plenty to say today and I have sat here quietly; thank you. So I really am very concerned.
My question for you two is who is making those arguments, and has any assessment been made that has been put out there publicly as to what this will actually mean in terms of improved patient outcomes? I have not heard any of that. All I have heard is a lot of fear—and important data issues, of course, have to be addressed and I want to see that happen—but we don’t seem to be having a balanced debate in terms of what the advantages are. I know from a couple of constituents who have contacted me on this that there is a lot of fear and there is not really the understanding of what the benefits are.
Sharmila Nebhrajani: Can I have a go at that? There are two things. First, medical research charities have put out their own information and we have a dedicated website— patientrecords.org—to try not to sell the concept of the benefits, if I can characterise this side of the house, but to set out enough information so that people come to their own informed view about whether they want to participate or not. It does talk about benefits and it does talk about some of the risks, so there is some of that conversation out there.
My real anxiety is that the reason why we have so much fear and so much worry is because the basic communication of the project has been poor and NHS England has underestimated, I think, the importance of getting the public’s trust and confidence.
Rosie Cooper: Arrogance.
Sharmila Nebhrajani: That vacuum has been filled with a lot of misinformation, a lot of worry and a lot of extreme examples. We have talked a bit today about section 251. It is really important to get that right, but it is only a tiny sliver of the spectrum of things. Nature abhors a vacuum and the vacuum has been filled by some of this sort of scaremongering. If the communication worked better, there would have been more balance in the debate, but I go back to my original point that the reason why the communication has not worked well is because the thinking is not yet fully done. If the thinking were fully done, it would be better and easier to communicate. I hope that in the six months—and I can see loads of shakings of head but I will just finish my thought—
Q38 Valerie Vaz: I think you are going too far when you say scaremongering. We have a duty as elected Members of Parliament. There is no information out there.
Andrew Percy: Even you were accused of scaremongering.
Valerie Vaz: There is no information out there and to accuse us of scaremongering is absolutely ridiculous. People are raising legitimate concerns, and the Secretary of State has dealt with it but in a private letter. He has not chosen to share it with elected Members of Parliament.
Sharmila Nebhrajani: I have not seen it either.
Q39 Valerie Vaz: I think the problem that is happening now is that NHS England believe that they are beyond the law even and they don’t bother to share things with us. They go off and do whatever they want to do without sharing it with elected Members or even with the public. That is the concern. So I think you should withdraw that.
Sharmila Nebhrajani: And that might well be true. I cannot comment—
Q40 Valerie Vaz: This is raising legitimate concerns.
Sharmila Nebhrajani: And I share those legitimate concerns. I can refer back to my initial—
Valerie Vaz: So there is no scaremongering.
Andrew Percy: I will say there has been some scaremongering. I am quite happy to go on the record.
Valerie Vaz: No, there has not.
Andrew Percy: There has been scaremongering.
Chair: Order, order, order.
Rosie Cooper: There is huge arrogance.
Chair: Order. Andrew George?
Andrew Percy: People are allowed a different opinion.
Q41 Andrew George: If I may, thank you for allowing me to speak. As this is probably the last question or the last area of questions, I want to try and characterise what I understand has been well emphasised by the witnesses today. The medical charities clearly understand the benefits of this and favour, clearly, the possibility and see the patient benefit from the kind of data sharing that is proposed under the care.data policy. I fully understand the nervousness of GPs in wanting to retain patient trust above all else but can recognise the benefits that this will bring. I also fully understand the position that the civil liberties organisations have about the risk of the state and companies snooping into people’s private lives. The issue which I really want to raise is in relation to Mr Booth and Mr Pickles. How far are you prepared to push this, and do you see any merits at all in the policy or are you implacably opposed?
Nick Pickles: We are not sat here today saying that patients should not be able to see the mortality rates of different hospitals. That is an eminently good policy. We are not here saying that research shouldn’t happen. The pseudonymisation point is an excellent example. If the codes were public, then we would not be having this discussion—if NHS England just published the codes. The policy and NHS England have become two very different things. I think the fact that NHS England, for example, chose to publish the leaflet before its own advisory group had met to consider research use of data, shows NHS England have been lacking in this.
Q42 Andrew George: To save a bit of time, there are a lot of nitty‑gritty, granular issues about the procedure and the mechanics of what has happened and some of the things clearly which should not have been handled in the way that they have, and that is something which we will no doubt reflect on. But let’s imagine a situation where the Government have dealt with all of those granular issues, the mechanics and the procedure. We now have a situation which addresses all of those. Do you recognise that there is any merit to this procedure and the patient benefits that might arise from it?
Nick Pickles: I do not think we have ever denied that.
Q43 Andrew George: You have said it is laudable, which is not in itself a—
Phil Booth: We have never denied the research benefits. What is going on here is the conflation of a whole bunch, as Nick says, of policies. The condition that we require, or would require, to stop is, as you say, all of these nitty‑gritty things being dealt with, but it must be trustworthy. We would like to see all dataflows, not just care.data, in the NHS that are going into it, across it and out of it to be consensual, safe and transparent. If we don’t get to that position, I am afraid it is not down to what we say. Patients are just not going to trust it.
Q44 Andrew George: Let me be absolutely clear in that case. You are saying that, even if the care.data policy were resolved, you would still oppose this because of its interrelationship with other data handling issues.
Phil Booth: No, not at all. That is not what I have said. I have said get care.data right, but that means a fundamental re‑engineering of process, transparency and oversight. Some of the bodies are just inappropriate here around the data and how the data is being handled.
Q45 Andrew George: So a complete re‑engineering of the entire way in which the NHS handles data. You want to go back into the—
Phil Booth: NHS England has had two six‑month bites at the cherry of trying to get this right now. There was a delay before from their original September upload of last year. Now we have had another delay. This is not just a matter of poor communication. It is a fundamental problem with the system that they are trying to sell to people and not selling very well.
Chair: Can we capture that point?
Q46 Andrew George: Even to the point where—and you have heard the research charities saying—thousands of deaths are avoidable. Okay; you are prepared to push this to a point where actually we will have thousands more deaths as a result of your opposition to this.
Nick Pickles: No, not at all. The point is it is not a good thing that we are sat here saying that for 20 years this has gone on and no one knew about it. That is not a good thing.
Q47 Andrew George: That is going back to the past. We are dealing with what is now.
Nick Pickles: So let us deal with the fact that the public know about this; they understand how it works and so they see the benefits. There are benefits, but let’s not rush ahead and try and do this, because if we get this wrong—
Q48 Andrew George: We’ve got a pause, so we can sort these things.
Nick Pickles: —it will affect everything else.
Phil Booth: I need to jump in. A colleague and I sat down with representatives of the AMRC, and I spoke at the Wellcome trust last year. This is not happening now. We were around well before this all came to the public’s attention, and we sat down and said in terms, “Be very careful about hooking yourself up with the care.data programme because the way it looks to us, no. 1, you probably won’t get the consent that you need and, no. 2, you probably won’t get the data quality that you need—not for a while anyway—and you could get dragged into a situation where, by hooking yourself up with something that is going to be a bit of a mess”—and it was predictable—“you are going to undermine the research enterprise.”
Chair: Valerie Vaz. Then we need to move on to the second panel.
Q49 Valerie Vaz: This is quite a technical one which follows on from what you have been saying with regard to the Data Protection Act. There is a controller of data. Who is the controller of data under this system?
Phil Booth: Well, it has changed.
Dr Nagpaul: The GP is the data controller for the data that is held by the GP practice. So for that first extraction that takes place the GP has to be comfortable that patients are aware of that data leaving the practice. When it then goes to the information centre, the information centre becomes the data controller for that data.
Phil Booth: It has changed in the last few days obviously.
Dr Nagpaul: Okay. I think we are getting to a place where most of us are agreeing that it is of course important for the benefits to be articulated.
Q50 Valerie Vaz: No, no, I really don’t want speeches because I understand that.
Dr Nagpaul: Sure, but that is the answer and that is a problem for GPs. We need assurance that our patients understand what it is that is being extracted—the benefits as well as the risks—to make an informed choice.
Q51 Valerie Vaz: So once the data leaves you, it then goes to HSCIC.
Dr Nagpaul: Yes.
Q52 Valerie Vaz: Then they become the controller.
Phil Booth: Can I jump in? So this has changed in the last few days. It was the case that the Information Commissioner had come to an arrangement with NHS England and HSCIC and that HSCIC was essentially the nominated data controller. But, in reality, because NHS England is defining the purpose for which the data is being processed, it is a data controller. So you can split it out if you like into the body that is deciding what is done with something versus the body that is doing something with it. Now, my understanding is—and we will write to the Committee about this—that very recently the Information Commissioner has agreed that, basically, NHS England and HSCIC are joint data controllers for care.data.
Q53 Valerie Vaz: So does that absolve GPs?
Dr Nagpaul: No.
Phil Booth: No, not at all.
Dr Nagpaul: The first extraction—
Q54 Valerie Vaz: So we have three people who are liable now, have we?
Phil Booth: Yes.
Dr Nagpaul: The GP still remains the data controller of that first extraction of data that leaves the GP practice.
Q55 Valerie Vaz: If patients want to complain, who do they complain to—their GPs or the HSCIC, or what?
Nick Pickles: Complain in what sense, sorry—to opt out or to say they did not know about it?
Q56 Valerie Vaz: If they think that something has happened to their data or they don’t know or they want to stop their data flowing, who do they go to, apart from us?
Dr Nagpaul: If uploads were to occur today, and if half the population are not aware of the existence of care.data, and a third have seen the leaflet, and then they complained en masse that their data had been uploaded without their awareness, consent and understanding, that would put us in a very difficult position as GPs because we would not have fulfilled our responsibility, which is why we are looking forward to in the next six months enabling our patients to be properly informed both of the benefits and the risks so that they can make an informed choice about whether their data should be extracted or not.
Q57 Valerie Vaz: In the meantime, are the BMA taking legal advice about what your position is?
Dr Nagpaul: Absolutely. One of our recommendations, and what we would want, is indemnity for GPs. If GPs do everything they should—and remember we are compelled to upload that data because of the Health and Social Care Act’s requirement that we upload—we are put in this very difficult place of on the one hand having to stick to the law and on the other hand having to be data controllers. We would like to ensure that, where GPs do what they should do, they are indemnified against any legal action, which is absolutely a fair thing to be asking for.
Q58 Valerie Vaz: I have one last question. In The Daily Telegraph yesterday—I do not know if you read that, Andrew—there was an incidence where data has been sold to an insurance company. Are you satisfied, with your reassurances that you have had—that neither the Committee nor any Member of Parliament has had—that that won’t happen again?
Phil Booth: No, I am not satisfied at all, because the assurances we have had are about simply the operation of the opt‑out. It is not about, as I say, putting in proper oversight, proper transparency and proper processes at the HSCIC. It is my understanding at the moment—this is looking at what has happened historically—that there still appears to be, within the definitions that we have read anyway, wriggle room for these further research—let me step back. At the moment the use of care.data has been approved only for commissioning purposes, so no research purposes have yet been approved. The process of applying for research uses is basically ongoing. At such point as research purposes become approved for it, it will open the door to commercial companies as well as private sector research organisations and all sorts of people. There does not appear to be any way, certainly in the legislation that we have seen, to prevent one particular class of people, certainly not with any statutory power; there may be some internally‑imposed guidelines. But, frankly, then why wouldn’t a pharmaceutical company or an insurer sue their way in? If the data is that valuable and other commercial companies are able to get access to it, it seems a bit of a weird one. We have not seen any language about that that would exclude them.
Q59 Chair: Is that a view shared by Sharmila?
Sharmila Nebhrajani: I have two things I want to say in my concluding remarks. The first thing is to say I was really clear at the start that there are huge execution issues, and one of those is about who can use the data, including insurance companies and actually Government too. It is very, very unclear. But the question that needs to be asked is not about the identity of who is using it but the purpose for which they are using it. I would submit that I would not like an insurance company to have access to my data, but neither would I like the DWP to. So we have to be really clear about purpose as well as identity.
The second thing is that I want to correct Phil Booth’s assertion there that somehow medical research charities and the AMRC were—I think the words used were—“hooked up” with care.data. Nothing could be further from the truth. Medical research charities are hooked up only with research. So we are hooked up with our patient groups, we are hooked up with the research benefits, and we have been really clear in this Committee about the risks and the harms. I know you are going to talk later on in your second session about how to rewire some of this. I hope that you can help to rewire it because it is very important that it works better. But it is really important not to lose the benefit that can come from this system if properly executed, if properly wired, and if properly explained and discussed with the public.
Valerie Vaz: I think identity and purpose are important.
Q60 Rosie Cooper: Can you tell me how people like Synexus can write to patients and say—for example, it happened to me—“We would like to invite you to join a research programme on cartilage problems”? If they are not getting this information now, how do they do that? How do they identify me?
Sharmila Nebhrajani: We have talked about this. Caldicott 2 identified that there is a real problem here in what they call the consent-for-consent issue. A researcher needs to find who he can ask if he would like to be involved in the research but he can’t do that without seeing these data. So there is an issue about consent for consent, and one of the ways of tackling that is this pseudonymised thing.
Q61 Rosie Cooper: Yes, but here we go. You are telling me it is not happening now and I can tell you that—
Sharmila Nebhrajani: I don’t tell you it is not happening now. I am telling you we need to get it right now.
Q62 Rosie Cooper: Nobody has permission to do it right now and it is happening. You want to get everybody to join in, and, in principle, I would like it, but if you can’t do it right when you are not supposed to be at it, what are you going to do when you have got any power?
Sharmila Nebhrajani: I agree. I read The Daily Telegraph article too. I agree with you that it has got to be right; it has got to be right.
Q63 Rosie Cooper: Do you actually think that Atos is a fit and proper company to be extracting care data?
Sharmila Nebhrajani: I don’t[1].
Rosie Cooper: It is outrageous.
Chair: On that note, we will draw this spirited session to a close—thank you—and move on to the second panel.
Examination of Witnesses
Witnesses: Dr Daniel Poulter MP, Parliamentary Under-Secretary of State for Health, Tim Kelsey, National Director for Patients and Information, NHS England, and Max Jones, Director of Information and Data Services, Health and Social Care Information Centre, gave evidence.
Q64 Chair: Minister, you don’t need any introduction to most members of this Committee because you were once, not very long ago, a member of it, but could I ask you to introduce your two colleagues, please?
Dr Poulter: Yes, certainly. We have Max Jones from the Health and Social Care Information Centre and Tim Kelsey from NHS England.
Q65 Chair: Thank you very much. Could I begin by referring back to the session we have just had where we had representatives of those who have expressed serious concerns about the conduct of the care.data programme, the chairman of the BMA GP committee and also two representatives of medical research charities? I think the striking thing was that all five witnesses said that they were in favour in principle of better handling of data and the use of data for research, and indeed improved patient care, which was perhaps the theme that was under-represented in that panel, but all five were in varying degrees critical of the way the care.data programme had been handled, and all five argued that it needed to be rewired to a greater or lesser degree—in most cases a greater degree. Do you agree with that analysis?
Dr Poulter: In terms of the way that the programme has been communicated, I will leave that to Tim Kelsey from NHS England to talk you through, but it is undoubtedly the case that this is a positive programme. It is one that, as you have outlined, Chair, has huge benefits, if we can link data effectively, in better helping us to understand how to integrate and join up the health and care system. It helps us to understand the basis of illness and disease processes much more effectively, not just in designing and improving care pathways in conditions like coronary and chronic obstructive pulmonary disease, heart disease, but also in getting a better understanding about the effects of medications and the damage that can be caused by various toxins to the system. There is no doubt that we would have known much more about the dangers of smoking and the like if we had had better joined‑up data in the first place.
Q66 Chair: Could I interrupt you because I think we need to get into the heart of this? Exactly the same case was made by Sharmila Nebhrajani from the Association of Medical Research Charities. Exactly the same argument was made, but it was she who said that the programme is flawed because there is no definition of who the legitimate users are, there is no definition of what the safeguards are that patients should be able to rely upon, and there is no legal foundation for the right of a patient to withdraw from the programme. So it is the definition of the safeguards that is in danger of derailing exactly the objective that you and I think the majority of people probably would share.
Dr Poulter: I don’t agree with the analysis that has been put across. A lot of it has been perhaps down to the more recent issues to do with how perhaps the message has been communicated, and I hope that today we will be able to bring some reassurance about this matter. The basis for the information centre in this is in the Health and Social Care Act, as we are all aware. There is a statutory basis for it, and safeguards for the use of information have been strengthened by that Act to make sure that information is used when it is used for the benefit of the health and care system. There are also requirements on the Health and Social Care Information Centre in sections 263, 264 and 265 of the Act to have rigorous processes in place for ensuring that data is used in the right way.
Q67 Rosie Cooper: So why do you sell it to insurers? Don’t make statements and have no evidence base to them.
Dr Poulter: The safeguards that are in place in the Act mean that the data can only be used for the benefit of the health and care system.
Rosie Cooper: So why did you sell it to insurers?
Chair: One by one. I will come to that point.
Dr Poulter: In terms of where we actually are with how those safeguards are, they have been put in place by the Act, which means that the Health and Social Care Information Centre is run with much stricter—
Q68 Rosie Cooper: Who is getting sacked for selling it to insurers then?
Dr Poulter: Let me finish. The Health and Social Care Information Centre has much stronger safeguards in place than the NHS Information Centre did, which was the predecessor body, because of the 2012 Act. I have tried to outline to you some of the safeguards in there and I was interrupted in the process. For example, there needs to be a code of practice set forward by the Health and Social Care Information Centre on making sure that information is kept. Confidentiality, I think, is under section 263 of the Act. There also need to be regular updates. These are new things that are in place that were not there before, and there are much stronger safeguards in place under that Act, and making sure that for the first time information that is used can only be used if it is being used—
Rosie Cooper: By health insurers.
Dr Poulter: No, for the benefits of the health and care system, except under very specific statutory exceptions, of which that would not be recognised as one.
Q69 Charlotte Leslie: Might I come in? You have mentioned section 263 of the Health and Social Care Act quite a bit and talked about the safeguards of the HSCIC. As you will know, under section 263, the HSCIC are required to publish a code of practice. You would have thought when you are embarking upon something that is quite risky in terms of patient confidentiality that you would have made sure this code of practice was in place before you embarked on the system. But, as you will know if you have read section 263, it requires that, and there is no code of practice. Can you tell us why there is no code of practice and when there will be a code of practice? If you can’t give me specific dates, could you possibly write to the Committee?
Dr Poulter: Mr Jones can talk you through the process in place, but the fact of the matter here is that this is not a revolutionary sudden change in the way the data is being used. In 1989 we had hospital inpatient data being put forward—
Charlotte Leslie: With respect, you are not answering my question, Minister.
Dr Poulter: In 2003 there was the use of outpatient data. In 2007‑08 was A and E data, and now we are going to be putting together general practice data into the mix.
Rosie Cooper: Were you listening before because it would help?
Charlotte Leslie: It is a shame you were not here for the previous session because you would have heard some of the concerns. Basically, the session was about all the questions that have not been answered before this scheme has actually rolled out. So it seems to have been done the wrong way round. One of the things that a code of practice would have answered is most of the questions that came out of the last session, so I repeat—
Andrew George: I suggest we let Mr Jones answer that.
Q70 Charlotte Leslie: Why have we not got a code of practice?
Dr Poulter: I am coming to that and Mr Jones will cover this. This is a body that has been in place as a new body for less than a year. It has been in place for 10 months. As that body, they have then taken on board as part of evolutionary development, and the move from being what was previously the NHS Information Centre, into the Health and Social Care Information Centre, additional responsibilities, some of which are coming in towards the end of the year. In terms of developing the code of practice, it needs to reflect how this new data will be used in the system.
Q71 Charlotte Leslie: But most people would have thought that you would develop a code of practice and develop your mechanisms before you switch the machine on. It seems like you have a half‑built machine, but you have switched the machine on, and, of course, the product that comes out is very flawed and is alarming a lot of people.
Chair: Shall we let Max Jones answer that question?
Charlotte Leslie: Of course, sorry.
Max Jones: Can I take you through some of the very helpful steps we have taken that can reassure you about the seriousness with which we take the obligation to control access to this data and to protect it?
We have implemented processes for controlling access in line with the ICO’s code of practice on anonymisation and the Data Protection Act and, as the Minister said, the Health and Social Care Act. Access is very clearly, under the Health and Social Care Act, dependent upon the purpose for which you wish to use it. That is a fundamental shift in the way in which information access is controlled. So we need to have reassurance that the purpose for which this information is being used is to support the better implementation of health and social care. We also need to make sure that only the minimum amount of information is released for the purpose which is approved, and specifically for care.data the only purposes which are approved are for commissioning. That is a very significant further clarification that we have in respect of the care.data programme.
In addition, there are two categories of information, both de‑identified and personal confidential information. For personal confidential information, we would require specific patient consent, or a section 251 exemption, or in the case of a public emergency.
Q72 Chair: So is it untrue that this information has been sold to an insurance company, to take Rosie Cooper’s point?
Max Jones: It is indeed untrue. If you are referring to the recent press—
Q73 Rosie Cooper: Are you suing The Daily Telegraph then? Are you going to the press complaints or whatever it is these days? Are you going to sit there and—
Max Jones: There has been a variety, I think, of misrepresentation of the facts, and if I can help to set some of those out then I will. As a public sector organisation, the Health and Social Care Information Centre does not seek to make a profit from selling data. It operates on a cost‑recovery basis only. We did release some data to the Institute and Faculty of Actuaries, which is a not‑for‑profit organisation—
Rosie Cooper: That is all right then.
Max Jones: —but that information was released by the predecessor organisation prior to the current statutory controls in place. It was not released by the Health and Social Care Information Centre.
Rosie Cooper: So who would get fired for this?
Q74 Barbara Keeley: Before you leave the point, Chair, could I ask for a point of clarification? You are talking about non‑profit organisations. Is it just that all industries like the insurance, pharmaceutical or life sciences industry—to take examples that are involved—have to do is set up a non‑profit body of some sort to be the front, and then you will say, “This is a non‑profit body. I can let them have this patient data for a very cheap price”?
Max Jones: Absolutely that is not what I am saying. I am saying that this was approved prior to the Health and Social Care Act being in place and prior to the existing organisation, the Health and Social Care Information Centre, had been formed.
Q75 Chair: So it would not be approved now.
Max Jones: Today this would not be approved because it does not meet the criteria for the benefit—[Interruption]
Chair: We will let Charlotte finish.
Q76 Charlotte Leslie: I am just conscious that this is a very key point. What you have told us is very interesting but you have not answered my initial question, which is why you have not published a code of practice within which this would have been published, and a lot of the questions that were raised in the last session would not have needed to arise. Why haven’t you, and when will you, because it is in section 263 of the Health and Social Care Act? Of course, if you had published a code of practice, what you are about to tell me about how things have changed would be set out because it is not clear exactly how things have changed. No rules and regulations are pointed to. If you had published that code of practice, everything that we are talking about here would have been set out. So I will just ask one more time and I want a yes and a no and/or a date. Why have you not published the code of practice and when will you? If you are not prepared to answer now, please could you write to the Committee and give us a date on which that code of practice will be published because that will be the first stepping stone in putting to bed a lot of the questions that are causing public lack of confidence? Can I have an answer possibly, please?
Max Jones: The code of practice is being drawn up. The Health and Social Care Information Centre, under the obligations of the Act, has to consult widely on that proposal, but I will be happy to come back to the Committee with a note on when we expect that to be.
Q77 Chair: Could you write to us with a timetable for the publication of a draft and then the later adoption?
Max Jones: Indeed.
Q78 Charlotte Leslie: And some details on consultation partners.
Max Jones: Indeed.
Charlotte Leslie: Thank you very much.
Q79 Andrew Percy: Just on the story that was in The Daily Telegraph, which is the one that has gained some public traction in the last few days, I want to be clear. I want to see data used and shared if it is for health benefits. I don’t want to see it flogged off to insurance companies. You have said very clearly that the data that has been reported on that was released to whatever the actuarial group was would not have been made available under the new regime. So that is very clear.
Max Jones: Yes.
Q80 Andrew Percy: What was the previous regime and where does the statutory framework for that date back to then? When was it released? When was the data released?
Max Jones: The contract was in 2012, but, as this refers to a predecessor organisation, I am not sure that I can directly answer the question—
Rosie Cooper: Own goal.
Max Jones: —about what the situations were at that point in time.
Q81 Andrew Percy: No. I wanted to know what the previous regime was and what piece of legislation underpinned the release of data under the old system.
Dr Poulter: The Health and Social Care Act 2006, I believe.
Q82 Andrew Percy: So the 2006 Health and Social Care Act allowed the release of this data. The new rules would not allow the release of this data. That is very clear, is it?
Dr Poulter: Yes.
Q83 Andrew Percy: Obviously this has now been conflated with the new regime, so the concerns are raised around the current—
Dr Poulter: I think that is an important point because clearly we are dealing with different regimes that were set up, and I think that the changes that were put in place under the Health and Social Care Act strengthened the safeguards, which—
Q84 Chair: Could we understand precisely what the changes are compared with the 2005‑06 regime and how it changes with the 2012 Act?
Dr Poulter: First, there is an express requirement that information has to be used for the purposes of health and social care for the NHS, for the benefit of the NHS and the health and care system effectively. That is very clear from the Act. But there are also additional safeguards in place, and we discussed, to some extent, the guidance that needs to be put in place. The protections at sections 263, 264 and 265 specifically talk about making sure that there is a rigorous and ongoing assessment process that is required of the Health and Social Care Information Centre to make sure it has safeguards in place about confidential data and protecting it.
Max Jones: If I might also offer, the board of the Health and Social Care Information Centre at its meeting, I think, in January also required that we publish on a quarterly basis details of all those people to whom we make information available, on what legal basis and for what purpose. That is anticipated in advance of the HSCIC’s board meeting in April.
Q85 Charlotte Leslie: Could you possibly send us a copy of the old rules and the new rules to clarify? Also, can I clarify whether the insurance company will have deleted the data that they have in line with the new rules? Can I just get clarification that you will send us the old rules and the new rules?
Max Jones: We will indeed.
Q86 Rosie Cooper: You said this was issued in 2012. Why did you do it? Have you given actuaries and insurance companies this information before? Is this setting out a mindset? It does not matter what the rules were; you actually did it. Why did you do it?
Max Jones: For the avoidance of doubt, we the Health and Social Care Information Centre did not.
Q87 Rosie Cooper: Who did it then?
Max Jones: The previous information centre which was in existence prior to April 2013.
Q88 Rosie Cooper: Who are they? Who are these anonymous people? Are you all recycled into this new organisation?
Max Jones: I was not part of the old information centre.
Q89 Rosie Cooper: Who headed up the old one?
Max Jones: Its chief executive was Tim Straughan.
Q90 Rosie Cooper: Who?
Max Jones: Tim Straughan.
Rosie Cooper: Can we have him visit us, please?
Chair: Well, maybe.
Rosie Cooper: No, it is quite important. These people are making decisions.
Q91 Chair: Can we be clear that the position now, Minister, is that the rules have changed? This is information that was made available within the law at the time to an insurance company. The law has now changed and it would not be made available in future. Is that an accurate summary of the position?
Dr Poulter: That is an accurate summary of what we have discussed, yes, and we will write to you, as discussed, giving an outline of what the previous arrangements were under what I believe is the 2006 Act, as Andrew Percy has asked for, and then we will make sure that we then indicate how the 2012 Act has put in place enhanced safeguards in terms of confidentiality and how—
Q92 Charlotte Leslie: I am just slightly confused because, as I understand it, the ISIS insurance report from the actuarial company has the new 2013 HSCIC logo on it. Can you comment on why that might be if it was under the old rules?
Max Jones: They asked for permission to use a logo to indicate that there was copyright for the information.
Charlotte Leslie: That is very confusing.
Q93 Chair: So who owns the copyright to this information?
Max Jones: I think we will need to write to you and clarify that.
Rosie Cooper: So basically it is, “The old lot did it. We wouldn’t do it today, but you can have our stamp to make sure everybody knows it is kosher.”
Chair: Could we accept your offer of written evidence to cover what happened in this insurance company information? Dr Wollaston wants to pursue that a step further and then we need to move on.
Q94 Dr Wollaston: On that point, I have the Staple Inn Actuarial Society report in front of me, and very clearly it says the “Health and Social Care Information Centre” within it, branded. Are you going to retrieve that information if it is currently illegal for it to have been released? I have to say I am very disappointed. What we are hearing from the panel is that this is somehow a communications problem, and in fact really we would share the objectives that there are huge benefits to be obtained by sharing data, but I am afraid the way it is being presented is fundamentally undermining public trust in this. To come before the Committee and present this as some kind of communications issue when there are very serious underlying problems here that need to be addressed is very disappointing and I have not heard an apology yet for the way this has been presented.
Dr Poulter: Tim Kelsey and NHS England have been handling the information side and it is important to hand over there, but this is something that was debated very robustly and fully as part of the Health and Social Care Act. There was a lot of debate around that Act; we had two standing Committees in the House on that Act and I remember being a part of those Committees. It was very thoroughly debated by the House. All of these processes had huge scrutiny and perhaps more scrutiny than any other Bill has had probably in a generation.
Q95 Rosie Cooper: So Parliament can’t protect us and people will just lose out. That is what you are saying.
Dr Poulter: So there has been very large scrutiny of this, and the benefits were discussed and talked through.
Q96 Dr Wollaston: We are not hearing anything other than this is a communications issue.
Dr Poulter: The point is that this is something that we believe and has to be a good thing for the health and care system because it is about improving research; it is about—
Q97 Dr Wollaston: Minister, can I stop you there? There is a kind of paternalism about this and it has not fundamentally addressed some of the very legitimate concerns about the data.
Dr Poulter: Absolutely there are concerns and we need to talk about those, but, fundamentally, this is a good thing and there is an opt‑out system—it is not a compulsory system—that allows people to say, “Actually I don’t want to do this.” The Secretary of State made sure that that was the case, and that was a very effective way of saying that if people don’t want to be part of this they can opt out. [Interruption]
Valerie Vaz: The leaflets did not go to everyone.
Q98 Chair: Mr Kelsey has some—
Tim Kelsey: Just to explain, NHS England is the body that commissioned this programme from the information centre on a tight legal basis which we have discussed. Can I slightly move this on a bit because the thing that I want to communicate, if I am permitted, is the fact that this is not a communications campaign? This is one of the most important things the NHS is currently doing and this is not some PR exercise.
Q99 Dr Wollaston: Can I take you back on that? It is the way it is being presented as some kind of communication problem.
Tim Kelsey: I took the decision that we were going to extend the period before collections begin for six months precisely to deal with some really big issues that have been raised for my attention by our partners in the BMA, RCGP and by a whole range of stakeholders with whom I have spent an enormous amount of time listening. The three things that I want to communicate to this Committee—
Q100 Valerie Vaz: Not to us.
Tim Kelsey: Actually to some of you in fact.
Q101 Valerie Vaz: You did not do it to Parliament.
Tim Kelsey: Oh no, I’ve been—well, not to Parliament—
Q102 Valerie Vaz: You have talked to everybody apart from Members of Parliament.
Tim Kelsey: Okay. The three things that we, over the next six months, need to get right, because this is such an important programme—I hope I don’t have to explain why, but I will—
Valerie Vaz: No, we know.
Rosie Cooper: We have heard it over and over again. We actually want to deal with protecting the public, and making it work, from arrogant people who are making decisions in their name.
Tim Kelsey: I share that view entirely.
Q103 Rosie Cooper: It doesn’t sound like it.
Tim Kelsey: The three things I heard—
Chair: Mr Kelsey, please go on.
Tim Kelsey: The three things I heard were absolutely that people are concerned about appropriate assurance of the purpose to which their data is being put. We do actually have some very strict legal safeguards but we need to talk about how we can strengthen those assurances. That is really important. That is something that everybody has said and I absolutely share that interest. So we are going to spend time talking with the Government and with as many stakeholders as we can about how we can ensure that appropriate assurance is in place that guarantees the purpose of the Act, which is that this data cannot be used for any other purpose than the benefits of health and care. That is the first thing to address.
The second thing to address is some very real concerns, which I have spent a lot of time on with colleagues in the British Medical Association and the RCGP, about the degree to which GPs under very heavy workloads are suddenly finding that they are needing to communicate about this new programme to patients. They are feeling they have not had enough time or enough support in some cases. They feel they have not had opt‑out forms. There are some basic things that they feel they need more of, and certainly we are going to be talking to them about how we can support them much more closely to make sure that they are equipped with the right information to have a proper conversation with their patients.
The third thing I think, although you have heard it today—and perhaps we are all too close to the benefits in the health service—is to some extent just to explain to the general public, to citizens at large, why this matters so much. I am not sure we have made the case for the benefits of this. Obviously people do have the right to opt out of the programme. We want to persuade them that this is way too important for them to exercise that right, and that is something else that we need to do. This is not a PR exercise, nor is it a stunt. My view is that it is one of the most important public debates we are having and it is about the future of the health service. So I welcome this Committee’s support for the principles of it and am very interested in listening to your views as to how we can ensure that we take the public with us.
Q104 David Tredinnick: I have to say—and I have been in this place a long time—that I think the Minister and you were badly advised not to attend the earlier session. The reason this Committee—
Tim Kelsey: We were in attendance.
David Tredinnick: You were at the back of the room.
Tim Kelsey: No, not personally, but our teams were all here in attendance. [Interruption] I also watched a lot of it on the television.
Chair: Order, order.
Q105 David Tredinnick: I am not chairing this Committee but order through you, Sir. The point I am trying to make is that the reason the Committee, through you Chair, to put it mildly, is excited about these issues is what we have just heard over the last two hours from witnesses who are saying that there are major, major concerns over issues such as pseudonymous data and what it means, what is data, when is data one sort of data and when is it another sort of data. You did not hear this intricate debate, which I think is a great pity.
To sum up the answer to the question that I am about to pose, which is here and I asked the last session, “What do you hope to achieve by postponing the start date for data collection by six months?”, the five representatives who presented to us just now were saying that we have to go back to the drawing board. We have real concerns about the legal definitions of this data. The doctors’ representative was saying that they are in a panic—though he did not use the word—or very concerned as doctors that they have two duties of care: they have duties to pass information up and then it changes its status; they have duties of care to patients who can sue them if they release the data. It did sound like a very serious muddle. The impression we got from them was that they needed six months as a breather, and I hear from Dr Poulter—and I think this is the concern I am hearing round the table, although I am not chairing the Committee—that this is not a public relations exercise. What we have here are fundamental issues and these have to be addressed. I would ask you to comment on this. What are you hoping to achieve by postponing the start date for data collection by six months? What exactly are the key points?
Dr Poulter: I have one comment on that, David, and then I will get Tim to talk about the engagement exercise in which NHS England, we as the Department of Health and the Government have listened to stakeholders. We have been listening to those. We have had those discussions and we listen to things. My belief is that, once we have had further engagement with stakeholders, we will be able to reassure those stakeholders that there are very rigorous safeguards in place under the 2012 Act. I am sure we will be able to do that and to make sure we are in a better place. That is something I believe will be the case. I think it is down to how well it has been communicated as an exercise, and Tim from NHS England has said that. I am sure that, when we have the discussions with stakeholders and we have further reassurances, it will be something we can convey. Obviously, we listen to concerns and take those on board. That is important, and I am sure with those reassurances everyone will feel in a better place.
Tim Kelsey: We worked very closely, when this project was first initiated, with the BMA, the RCGP and other key stakeholders on designing the information that was first distributed to GPs back in the autumn and, subsequently, to the general public. We worked with them on the protocols for the patient and GP helplines. We published data in a whole myriad of different places with, in fact, in the end more than 350,000 patient bodies. So we didn’t do nothing, but it wasn’t enough. Towards the end of January I was picking up—as I say, mainly from GP organisations—real concerns about the degree to which GPs just had not had enough time or resource to have a proper conversation with patients, plus this big issue about the degree to which people were satisfied with assurances in what I think has been a very confused media reporting environment, where things like the illegality of insurance purposes, as it actually is, was lost in a melee of slightly ill‑informed reporting. What we, therefore, intend to achieve now is to work with our stakeholders, all of whom have committed to doing that—the BMA and the RCGP—none of whom have lost sight of the purpose of this health watch. We will be working with them incredibly closely to develop a whole programme that will meet the three things I just mentioned.
The first of those is absolutely to provide more support to the public and the primary care community on raising awareness of the purpose of the programme, the rights that people have to opt out of it, and to be very clear about what the opt‑out means. Another thing that came back to me was that people were not clear about it. What did it mean? It is actually pretty straightforward. It means that, when you exercise the first opt‑out, no clinical data flows from your practice. That message has got lost, so we need to re‑embark on making that clear to people and also making it much easier for them to make that opt‑out. Unfortunately, in some cases GPs got a bit confused and were saying to people that they had to go physically into the practice and so on and so forth. We need to be a lot clearer about that and use available digital technologies to make it easier for people to opt out. Those are things that are real criticisms and I fully accept those. Those were the key issues.
Essentially, for the next couple of weeks or so, we will be working with stakeholders to develop the programme, and then we will be able to make some very concrete proposals to this Committee and more broadly about what we propose to do to meet these criticisms.
Q106 David Tredinnick: I am sure colleagues want to come in on what you have just said, but I also would like to add from what I have heard. What we have heard in other inquiries is that there is not a proper understanding of this priceless asset of a primary and secondary national database—international, perhaps, if we look at devolved Administrations—which other countries, such as the United States of America, do not have because they have all sorts of protections. It is critically important that this is out there, as the professor from the British Heart Foundation said to us earlier on, because then you can work out why elm bark, I think it is, which is aspirin, actually does kill some patients, but you need a massive database to work out which patients get killed by taking aspirin in a certain situation. So you have got to get this message out too about just how important it is that what you have there is fundamentally important to the nation’s health, and I don’t hear that message.
Tim Kelsey: Very quickly on that point, I personally am at risk of colon cancer; it is something that, sadly, runs in my family. I recently went for a procedure in my local hospital in Taunton and I was besieged by the staff at the hospital there asking me why care.data was not happening quicker. [Interruption] Well, we have been very good at understanding lots of useful things about hospital care—
Valerie Vaz: This is anecdotal evidence.
Tim Kelsey: We have been able to improve quality in most surgical procedures because we have used the Hospital Episode Statistics database. Our ignorance of what happens to people outside hospitals is one of the key reasons why, at the moment, sadly, England has one of the lowest cancer survival rates in Europe. Care.data is not just about research. Care.data is also about genuinely saving lives in the NHS—I hope we are all agreed on that—and what I have to do, my job, is make sure that in six months’ time we have the public with us and we have GPs in a place where they feel they have been able to exercise the responsibilities they properly have to inform the public.
Q107 Charlotte Leslie: In the spirit of being helpful, we have had two suggestions for how we might use the six months. I don’t know if you have seen George Freeman’s Bill—
Tim Kelsey: Yes.
Charlotte Leslie: —on insisting that this is all done under a new statutory framework of patients’ rights and that we should also enshrine this idea that patients are responsible and own their own data. Is that something you have considered?
Tim Kelsey: Charlotte, you have known for years that my personal position on this has been absolutely that we need to be very clear that this is patients’ data. It is their data; it is our data; it is people’s data. I have been personally very supportive of George’s Bill.
Q108 Charlotte Leslie: Brilliant. The second thing is that we have a system that has worked well for some time in terms of being pseudonymised at source, and two of the largest companies are providing GPs with this 80% of coverage. TPP, I think, is one of the companies, and it is used in big research technologies, big research projects such as QResearch. This is already working. Why can’t we just do this? Yes, it might mean that the data can’t be because it is scrambled before it goes to the information centre; yes, it might be more difficult to pass on to third bodies such as insurance companies or the police, but this is already working. The public would have more faith in this. Why can’t we just use this?
Max Jones: The technical solution we have at the moment does not implement pseudonymisation at source. I am not yet convinced that pseudonymisation at source will indeed offer a technically viable solution at a national scale. However, we recognise that there is a need for us to continuously look to see whether or not we can find opportunities to do better. So, in November, we started an exercise to listen to some of those key stakeholders and what opportunities there are to further strengthen pseudonymisation, not only at source but also on publication, and we have been engaging with exactly those suppliers but also representatives from other suppliers and stakeholders, and will be looking to see whether or not that offers us some opportunities in the future. At the moment I am not yet convinced that it offers a sensible way forward. It is not only about making sure that we take best use of technology but also that we protect the quality of the data which will result at the end and the quality of the data linkage, making sure that in doing pseudonymisation at source we don’t prevent the ability to link data across datasets. In particular—though GP data may well not be the highest example of this—where you have other care settings that may not have quite as high a presence of NHS number, then pseudonymisation at source may well present some very real qualities to our ability to bring together the shared record and understanding of patient care. We have an open mind but we are not yet convinced.
Q109 Charlotte Leslie: The final recommendation has come to me via someone who wants to use them for research. As I understand it, the data will not be historical but will be taken, I think, from October 2013. Someone who does research said to me that that completely devalues the asset the data might have in terms of research because you can’t see the longitudinal effects of the drug. This is my final question. Is this going to be the case, and if we are going to jeopardise public confidence in where their data is going to go for a greater good—most people agree it is a greater good—could we please have data that is really useful to the research community, that is historical and longitudinal and not taken from October 2013?
Tim Kelsey: From the Commissioner’s perspective, we worked very closely with the BMA and the RCGP on the original specification for care.data, which is not the entire record and also is not the historic data. One of the things I want to do in this conversation is to take the research community to the BMA, the RCGP and other GP colleagues to understand better what the additional labour or burden might be in opening up more historic data. That is a proper real conversation. We are at the beginning of a journey here and this is a new thing for everyone, but that is exactly the kind of conversation we should be having.
Q110 Barbara Keeley: I want to say some things about context because over the last few days I have seen NHS England described as incompetent and arrogant over this database. I think that that is a serious thing because there are some seriously good uses here. It is a pity that you say you listened by proxy somehow to the previous panel. We heard from Dr Chaand Nagpaul that there was a real difference that he can see between GP data, which is personal, confidential and might include information that never would reach a hospital record—about domestic violence, mental health issues and all kinds of things that people would not want to just be out there and found out about them—and the sort of episodic data that is hospital data. I would think that most of us here would want you all on the panel to admit that information—whether or not you want to challenge it—such as the release of hospital data, patient data, to those insurance actuaries has undermined confidence.
I did a BBC interview this morning, and the BBC person was on the street in Greater Manchester asking people if they had heard of the care.data database. Not a single person asked had heard of it—not a single one of all the people they stopped. When they had it explained to them what the database was, they said things like, “It is just another way the Government is going to spy on me,” and there was a very particular concern about somebody believing that it would be used either to sell things and so he would be bothered at home with phone calls or that information about possible mental health issues in the past would be disclosed to employers. Those are the real fears. Until and unless you can take those things seriously, even six months won’t be enough.
One other thing I want to say is that there is a great deal of talk in the NHS these days about stakeholders. I think every single patient whose data you want to do something with is the real stakeholder. So that is just a thing about context.
This project is about the personal, confidential medical data of patients, which, as Dr Nagpaul has said, is a thing based on trust, and if you get this wrong—and you are getting it wrong—you can undermine the trust between a patient and the GP, which will in itself be to the detriment of future medical care. Let’s not run away from that. These research arguments about benefits are very, very important, but if you undermine whether somebody will disclose a mental health problem, HIV status, alcohol or other things, then you really have an issue. I want to talk about how you propose to go back to the public and win back the trust you have lost. You have lost it—the organisations. You can say it was a previous organisation but that does not matter to the public at all, and, undoubtedly, the HSCIC has some people that used to be in the previous information centre. Let’s forget about saying, “It wasn’t me.”
There have been suggestions in the previous panel of ways of safeguarding that important single database, ways that you could prevent the re‑identification of data. If you don’t think, Mr Jones, that what has been suggested— pseudonymisation at source—is a way to do it, how will you do it? It sounded a bit like “just me,” and I am surprised that it is just you that takes this decision about how to safeguard data.
The second thing that was raised—and I think this is important—was the system of fines. The fines that people get for misusing personal patient data are derisory. I read an example of somebody misusing data in a GP practice being fined £990. That is a joke. To pharmaceutical companies, small fines are just not worthy. It is being talked about that we have a loophole whereby it is not a criminal offence to obtain and misuse personal data, and that is something for the Government to reflect on, I think. I used to work in IT, and what seemed to me to be very compelling is that, particularly at the start, you could run with a single copy of the database and run queries against that data for the organisations whose medical purposes you approve, not be in the situation of loading personal data out to people, because, as we have discussed in our previous panel, there is this problem, if somebody withdraws consent later, of how you are going to get it back, if you like, if a dataset has gone out to a research organisation.
Those have been put to us as ways of moving forward and safeguarding the data. Could you tell us when you are going to go out with some sort of new offer to the public? Are you going to include any of those safeguards? More than anything—and we have had quite a debate already about what happened with the insurance actuary data and there might be other examples of dodgy applications—will you make available, or certainly will you make available to Parliament, Minister, all the minutes, attendees, and all the applications that were used that perhaps don’t fall within the new rules? Can we know about everything dodgy that went on in the past so that at least people can know and get that out of the way? What is going to kill this is if we keep having insurance actuary stories all the way down the road. There does seem to me to be floating about stories that GPs have been offloading data in exchange for IT systems and other support. There have been various examples of data floating about and being used out there. Let’s make a fresh start, get all of this information in and come clean with it.
Max Jones: Can I respond on a couple of those points very specifically? The GP extraction service that we have in place to support extracting the data from those GP systems for care.data took great care to make sure that we only extract the coded information in those records, not the free text notes which patients may well have shared during consultation with their GPs. In addition, we also created a number of explicit conditions which were excluded from those extractions, and those include HIV/AIDS, sexually‑transmitted infections, termination of pregnancy, IVF treatment, complaints, convictions, imprisonment and abuse by others. So we have already—
Q111 Barbara Keeley: But not mental health issues—
Max Jones: Not mental health issues specifically.
Q112 Barbara Keeley: —attached to which we know there is a considerable stigma.
Dr Poulter: Quite frankly, that is absolutely daft because we have a parity in this country between mental and physical health, and if we don’t have the data collected properly on mental health we are not going to be able to have the evidence in order to improve mental health conditions. So I think it is absolutely important that getting the right data in place is the right thing.
Q113 Barbara Keeley: Can we come on to the other point, because, clearly, in terms of what I said about people being stopped in the street, that is a worry to somebody? They fear that, if that data gets out, it would be disclosed and would affect their future from a whole variety of points of view. There is a real fear in the public. If they come up with that, unprompted in a street interview, then it is a real fear.
Tim Kelsey: I just want to make the point that we are going to be launching a very sizeable programme of activity to do the three things I mentioned, which specifically involve, first of all, articulating the purpose of this programme very clearly, articulating what the safeguards are very clearly and inviting people to make a choice about whether they want to opt out of that programme or not based on what we are saying about the safeguards. That is why we are having the six‑month extension.
Q114 Barbara Keeley: Will you reconsider any of the safeguards I touched on that were put to us in our earlier panel?
Tim Kelsey: I can’t speak for the Government, but, as far as NHS England is concerned, we are taking very seriously the fact that even with the existing provision of safeguards, which are the tightest they have ever been, we are still not satisfying people that somehow the state is not going to do dastardly things with their data, and we need to look very carefully at how we can—
Q115 Barbara Keeley: They don’t think it is the state. We are in a situation where—
Tim Kelsey: Or, yes, that the state might sell their data to some another party.
Barbara Keeley: Yes.
Tim Kelsey: We need to look really carefully at how we can provide appropriate reassurance that that is not going to happen. So the answer is yes. All the stakeholders you have before you I know very well, and, indeed, they are all engaged in the conversation we are having about what happens next.
Q116 Barbara Keeley: But Mr Jones has already told us that the suggested way of preventing re‑identification of data—pseudonymisation at source—is something that he considers not worth while. So already, at the start of the six months, you are seemingly rejecting things that other people have suggested you should look at.
Tim Kelsey: I don’t want to speak for Mr Jones, but—
Max Jones: Can I clarify? We take pseudonymisation as a critical key tool that we use inside the Health and Social Care Information Centre. Under the Information Commissioner’s Office code of practice on anonymisation, we implement and adhere to the limited access safeguards that it sets out, and I will read those to you: purpose limitation, making sure that the information is only available for specific purposes; training of recipients’ staff; personnel checks on those staff; controls over linkage to other data; limitations to specific projects; restrictions on the disclosure of data; prohibition of re‑identification; measures for the destruction of the data; technical security arrangements, including encryption; limited copying of the data; and contractual penalties for breach of rules.
To go back to the comment that you made about the £900 fine, if someone was, let’s say, to do a jigsaw attack against this pseudonymised data, they would fall foul of the Data Protection Act, and my understanding is that, as of 2010, fines of up to £500,000 are possible.
Q117 Barbara Keeley: That would mean nothing to a drug or insurance company.
Tim Kelsey: In addition, they would breach the terms of the contract which they would sign in receiving that data, and then the HSCIC would need to—
Rosie Cooper: G4S. Don’t forget—
Chair: Order, order.
Q118 Barbara Keeley: I don’t expect you to answer these points now. What I am saying is that in the earlier panel a number of additional safeguards were suggested. I would just like to hear that you would think about them, that you would take them away and you have six months to think about them.
Tim Kelsey: Yes, absolutely.
Max Jones: What I was trying to say about pseudonymisation is that, absolutely, we are looking at that with those experts to see whether or not they feel, at a national scale, it is something we could do.
Barbara Keeley: If you think now that a £500,000 fine would stop anybody who had a data interest and a lot to gain from matching up their own data with this data, then you need to think again. It was suggested that there is a loophole in our legislation that we should look at and make it a criminal offence to do that. We are talking about the personal data of a lot of people.
Q119 Grahame M. Morris: I think that is an important point, Chair, and I hope that either Mr Jones or Mr Kelsey would respond to the Committee. If they can’t do it now, perhaps they could consider it and identify the appropriate statutes that members have raised.
I want to ask some technical questions perhaps to Mr Jones and to Mr Kelsey regarding, first of all, the cost of care.data. What is the actual cost of the project? I would also like to ask a few questions about how the system will operate in practice. Is it true—and a number of members have suggested—that Atos will be providing the technology? I wonder if you could confirm or deny that that is the case and whether other IT suppliers would be involved in the mechanics, as it were, either nationally or regionally. If that was the case, are there any technical issues that have been reported to date in respect of problems over compatibility if there are different regional centres using different operating systems, or is that something that you have already addressed?
In terms of the concerns that have been raised—and we all recognise the value of this—the Minister said it was an evolution, but I think it is a revolution in terms of the nature of the data. It is not just a kind of raw data; this is a kind of holistic approach covering all aspects—primary care, hospital care and lifestyles.
My question is this. What is the critical point on opt‑out? If a certain percentage of the population do not have trust in the system, when does the dataset then become of limited value in terms of research and development—something that everybody wants to avoid? Have you made any assessment of that?
Max Jones: I will try and respond to each of those, but I will let Tim probably consider your last one.
Grahame M. Morris: Oh dear.
Max Jones: You are correct that Atos were awarded a contract to be the supplier that extracts the data from the GP systems. That contract was awarded under the old information centre regime. We are working well with Atos, but the data, once extracted from those GP systems, is brought into the safe haven of the Health and Social Care Information Centre. It is processed by our staff in our data facilities.
Q120 Grahame M. Morris: Is that on a national basis or are there regional offices?
Tim Kelsey: That is on a national basis. Although HSCIC does have regional offices, that information is processed and held on a national basis.
Q121 Grahame M. Morris: What about costs? Do you have any information about what it has cost?
Max Jones: I can tell you what we have spent so far if that would be helpful. The Health and Social Care Information Centre has spent £1.17 million so far on the care.data programme. I will let Tim respond to your latter point.
Tim Kelsey: It is very important on the opt‑out. To an important extent, any data at all is useful. Clearly, we want as many people as possible to agree to share their data in the programme. The larger the amount of data, the more use it will be, but there is no point at which the data is of no use. So there is no percentage at which this becomes useful or not. It is useful at every point of its sharing.
Q122 Grahame M. Morris: Mr Jones, as to that information you gave me on costings, would you just double-check it because I have seen a written answer that suggests the estimated cost is £33 million over three years? That might be incorrect, but I would be grateful if you could check. If the information is not correct, perhaps you could advise the Committee.
Max Jones: For the avoidance of doubt, the figure I gave you was our spend to date within the Health and Social Care Information Centre. I don’t recognise that figure that you were referring to.
Q123 Rosie Cooper: What is your budget?
Valerie Vaz: And the cost of the contract with Atos.
Max Jones: I don’t have that figure with me, but I can come back to you with a note.
Chair: Could you write to us with that piece of information, please?
Q124 Valerie Vaz: I want to follow up something that you said, Mr Kelsey. You said the information is never not going to be useful, but suppose 90% of people opt out.
Tim Kelsey: To some extent it depends how important you think this is for the future of the NHS. Do you think the NHS can fly blind in delivery of out‑of‑hospital services? If 90% of the population decide that they would only give the NHS that proportion of their data, we won’t have a health service for very much longer. We won’t be able to run services effectively.
Q125 Valerie Vaz: That is scaremongering.
Tim Kelsey: It is just a view I have. I have had it for a long time.
Q126 Valerie Vaz: Information has been flowing for a while, hasn’t it?
Tim Kelsey: Not in out‑of‑hospital services. In hospitals, of course, it has, and look at the degree to which we have managed to improve outcomes there.
Q127 Valerie Vaz: Don’t let’s go to Dr Foster because actually Professor Black is looking at the way Dr Foster’s figures have come out.
Tim Kelsey: I am not sure that Dr Foster—
Q128 Valerie Vaz: You are not associated with Dr Foster any more, are you?
Tim Kelsey: No, I am not.
Q129 Valerie Vaz: There is some concern about the information that is coming out of it.
Tim Kelsey: Obviously 90% would not be a good position for us to be in.
Q130 Dr Wollaston: We heard from the last panel that the concern was not just about the identity of those accessing this data but the purpose. One of the specific examples given was whether or not Government would access the data, like the DWP, and what the purpose would be. As you will know, there are many sensitivities around Atos in any case, so I think it is reasonable to see how the public could be concerned about that. Are you going to have a very clear, concrete offer to the public at the end of this six‑month delay as to how these requests will be handled, how transparent that will be and, therefore, they can see if their data is going to be accessed by the DWP, because I suspect a lot of people would choose to opt out at that point? I accept that that might not be for purposes that would be harmful, but it is what the public believe and I suspect they would not trust that. They need to be able to see that very clearly. Also, it would be helpful if they could see this information backdated, and the point has already been made by another member of the Committee. Will you set out who up to now has made requests for data, how it has been adjudicated on and the minutes of those meetings, so that we can have a clear transparency about who is making these requests and how it is being decided upon? Will you give us a clear guarantee that that will be in place?
Tim Kelsey: I can’t say. The information centre handles, as it were, the process for applications, so I am sure that Max will give you some assurance about that. Can I just say that, for certain, for care.data—that programme—there will be full transparency of all uses and all users will be audited? In terms of time scales, we have delayed the initial collections till the autumn. The actual linked data files will not be shared for some time after that. We can give you the project plans as those develop. The timetable for the initial collections will be 1 October, from that point onwards. But from the moment at which data is shared, I give the assurance that there will be complete transparency of all organisations and of all uses to which that data is put and that there will be appropriate audit of those organisations to ensure that they can be properly regarded as safe to handle this kind of information.
Q131 Dr Wollaston: Are you planning currently to share this information with the DWP?
Tim Kelsey: At the moment we are completely prohibited from doing that unless the DWP can make a case that somehow it is helping health and social care.
Max Jones: Reading directly from the Health and Social Care Act, this has to be “in the interests of the health service in England or of the recipients or providers of adult social care in England.” That is the test that would be applied.
Q132 Dr Wollaston: But you could see a situation in which the DWP might argue that it would be quite helpful for them to contribute to the process, say, for example, in fitness to work. Would you say now that you would not be giving other Government Departments that data?
Dr Poulter: The Act is, in my view, very clear about the purposes for which data can be used, so I think the purposes you are describing do not fall within what is written in section 254(2)(b) of the Act.
Valerie Vaz: What is the definition of “the interests”?
Dr Wollaston: But how will that adjudication be made and will that be very clear to people so they can opt out at that point? We will have a clear offer to the public. Thank you.
Chair: Ultimately by a court.
Andrew Percy: Can I ask one point?
Valerie Vaz: No, sorry.
Andrew Percy: But I had my hand up.
Q133 Valerie Vaz: I actually did too. What is the definition? Who is going to decide what is in the interests of people? You read out a definition. Who decides that?
Max Jones: I do, or I did, but I am not a lawyer and we will obviously, during this period, want to provide further evidence to assure the public that they can work through case studies and understand all the steps that we will take to show people.
Q134 Valerie Vaz: Are you doing it now?
Grahame M. Morris: Is it you that decides?
Max Jones: I am sorry. The board of the Health and Social Care Information Centre does have a responsibility at the moment to make sure that it is adherent to the terms of the Health and Social Care Act.
Q135 Andrew Percy: Just on this issue of Government Departments—and I share the concerns of the DWP accessing some of these records—would the old system have allowed Government Departments to access that information or not, because obviously we understand that this flogging of information to the insurers that happened under the old regime could not happen now? Would the old regime have allowed Government Departments to access that information?
Max Jones: I am not aware of any cases where other Government Departments have had access, but I will be happy to come back with a note that clarifies if—
Andrew Percy: That would be helpful because it is very clear we want to know what the new regime allows—which I think was Barbara’s request earlier—as opposed to what the old regime would have allowed. The two have been conflated in a very dangerous way.
Barbara Keeley: We did not have this data—
Q136 Andrew Percy: I accept you are accessing different data, but we are still dealing with people’s personal data. I understand we did not have the GP data but we had plenty of other information which was incredibly personal, so it would be important to know what the difference is.
Dr Poulter: Chair, we would be very happy to clarify that in the note. There has been a lot of conflation of what things were before the 2012 Act and how things are and operate now, and I think that has led to some of the misunderstanding that has been about. I hope that we have brought some reassurance today and we will do so further in writing. It is important just to clarify that point, and it cannot be clearer in the legislation, that it must “be in the interests of the health service in England or of the recipients or providers of adult social care in England.” That is very clear; that is not about DWP. It is about the health service and social care.
Q137 Valerie Vaz: With the greatest respect, Minister, I have been a lawyer for the Government previously and I had to make a definition of what is in the public interest that was as wide as possible.
Dr Poulter: It is not “the public interest.” It is “in the interests of the health service.”
Q138 Valerie Vaz: But “in the interests of” has an extremely wide definition.
Dr Poulter: That is a very narrow definition, that the health service, the NHS in England and the social care system in England, which is very—
Chair: Valerie wishes to pursue the point.
Q139 Valerie Vaz: Not particularly that, but others, and I do want to pick up something. I want to put this to you. If someone has already opted out, what happens under the new regime? Are we going to have to opt out again?
Tim Kelsey: Opted out of what?
Valerie Vaz: I have already opted out of care.data UK.
Tim Kelsey: You won’t have to do so again, no, no.
Q140 Valerie Vaz: I won’t have to do it again, even though you are coming up with a new system with new safeguards and you are discussing—
Tim Kelsey: It is not a new system. We are not going to change the mechanics of opting out, nor, for example, the definition of the datasets being collected from GP practices. So, if you have opted out, that remains; you are opted out.
Q141 Valerie Vaz: Could I ask you, Mr Jones, were you told to commission the dissent codes in such a way as to flow any data whatsoever from GP records who have opted out?
Max Jones: For the type 1 opt‑out, so this is someone who does not want their patient—
Q142 Valerie Vaz: Don’t do type 1 and type 2. You need to explain.
Max Jones: Which is what I am about to do. If you choose to opt out of information at a patient level going to the HSCIC, then the HSCIC will not extract anything associated with your patient record through that GP extraction service I have just described. We will extract a count of the number of people in each practice who have objected. That will not contain any details about individuals. That will be to help us in monitoring the way in which opt‑outs are proceeding.
Q143 Valerie Vaz: But once you have opted out, that is it: your data can’t be extracted at all, all the way up the chain.
Max Jones: That is correct, yes.
Q144 Valerie Vaz: On what basis will you NHS England, or you HSCIC, decide to allow patient data to be shared outside the European Union, say, for example, in America, which has a much more relaxed attitude to data protection? [Interruption—someone asking “Does it?] Yes, I also advised the Government on that.
Chair: Let us stick to the question.
Max Jones: We are clearly bound by the Data Protection Act and, though I am not an expert, it does provide guidance on the European economic area and safe harbour.
Q145 Valerie Vaz: On what basis will you allow it to flow out?
Tim Kelsey: On the basis that we have established that this data can only be used in the interests of the health service.
Q146 Valerie Vaz: Sorry?
Tim Kelsey: This data can only be used on the basis of the Health and Social Care Act. We have just had the discussion about what a health service means.
Q147 Valerie Vaz: Suppose you get an American company, for example, who will be outside the jurisdiction.
Tim Kelsey: I think we need to do a note on this because I am pretty convinced that we are specifically only allowed to handle this data in the UK.
Q148 Valerie Vaz: This is why I am asking. I want clarity.
Tim Kelsey: I will come back on that, but I am pretty certain that is the case.
Grahame M. Morris: What about the application of the Transatlantic Trade and Investment Partnership?
Chair: Order, order.
Q149 Valerie Vaz: My colleagues have also made an important point about the transparency of the people who apply to you. Will you be publishing a list of people who have actually applied to have data on your website?
Max Jones: That is what I said earlier on. In fact, in advance of any of these kinds of discussions or requests to attend this Committee, the board of the HSCIC, in a bid to increase transparency and thereby public confidence, had already asked for us to produce, ready for its April board, a very clear set of transparent information and to do so on a quarterly basis such that we could reassure the public about who was having access, for what purposes and under what legal basis.
Q150 Rosie Cooper: Would it be on the website—public?
Max Jones: Yes, public.
Tim Kelsey: For the avoidance of doubt, can I confirm now that the data connected to care.data will not be allowed out of the United Kingdom? Let me confirm that before we have further hares running.
Chair: Yes. Can we allow Valerie to pursue her line of questioning and then others can come in?
Q151 Valerie Vaz: Rosie, what did you want to say? It was really that and you answered that very carefully. So we will know who has applied for the data and what reason they have applied for the data.
Max Jones: And the legal basis upon which we have provided it.
Q152 Valerie Vaz: Okay. So your discussion with what you call stakeholders, and Barbara actually mentioned discussion with patients—
Tim Kelsey: Yes, people.
Valerie Vaz: —are you going to do that?
Tim Kelsey: Yes.
Q153 Valerie Vaz: How are you going to do that?
Tim Kelsey: I will come back with the plans in relation to public‑awareness raising and all the things I have discussed, but I am literally having a variety of engagement with people in all sorts of different kinds of respects, whether as individuals, voluntary organisations or as professional bodies. NHS England has at its core a fundamental commitment to prioritising the patient in every decision it takes, and that is not just rhetoric—it is actually the way the organisation operates. I will demonstrate—we will collectively demonstrate—that the importance of this data and its implications for patients will be promoted, and the choices people have to opt out if they want to are promoted by the very broadest sort of coalition of different organisations. But I can’t give you specific details because we are starting on it now.
Q154 Valerie Vaz: Okay. So I suppose my question is why had you not started on it before?
Tim Kelsey: As I tried to explain, we did do this in good faith. We spent an awful lot of time with, as you would expect—
Valerie Vaz: I understand that, but—
Tim Kelsey: Through a conflation of media and all sorts of things, we ended up with a level of confusion, suspicion and anxiety, which I needed to bring to a halt and, in a sense, to restart the awareness process. We also recognised that there are some very real issues that people have with assurance around access to the data, which we have discussed.
Q155 Valerie Vaz: But the reason why you needed to put a stop to it was because you did not do it in the first place. That is the point. You did not explain it and that is why people were confused. They were not confused for any other reason. You did not explain it.
Tim Kelsey: In the end you are right; I can’t deny that is the case. For many people, let’s be clear, many GPs did and are doing a fantastic job and making it absolutely plain to their patients. My own GP has a website on which you can opt out. There are lots and lots of GPs who have done a really good job in doing exactly what they are supposed to do, and patients, I think, are having a proper level of informed choice about whether they want to participate. But I am not denying that there are lots of people who don’t feel in that position, so we need to do better. But please don’t think for a minute we did not, at the beginning of this and throughout it, engage with all the people you would expect us to engage with. The BMA and the RCGP helped us to write the infamous leaflet which landed on people’s doorsteps during January.
Q156 Valerie Vaz: Or did not land on people’s doorsteps.
Tim Kelsey: Or did not land on people’s doorsteps.
Q157 Valerie Vaz: You were not here—you had people in the room—previously, but the point was made about who is controlling the data. Who is the data controller? There is a conflict of who actually does do it and at which point. One of the queries that came up—and I am asking you because you have not had this conversation presumably with the BMA or the RGCP—was whether you will be indemnifying any GPs.
Tim Kelsey: I went to the General Practitioners Committee of the BMA to talk about what we were going to be doing.
Q158 Valerie Vaz: I am just asking a question. Will you be indemnifying them, because that is what they want to know?
Tim Kelsey: What I understand—
Q159 Valerie Vaz: Just a yes or no is fine.
Tim Kelsey: I don’t know at the moment.
Q160 Valerie Vaz: You don’t know; okay.
Tim Kelsey: No, because I think there is a misunderstanding. I don’t know.
Chair: Are you finished?
Valerie Vaz: Yes, thank you.
Chair: Could we go then to Sarah, please?
Q161 Dr Wollaston: Can I please be picky, Mr Jones, and say that I welcome that you are now going to start publishing quarterly, but could you just confirm to the Committee that this is going to be a retrospective process—that there will be transparency about previous, perhaps inappropriate, data releases? If we just see a drip, drip, drip of negative stories, that will be very damaging. Putting this in the public domain now would be very helpful. Are you able to confirm that there will be a retrospective release of the data around who made decisions, who the data has been released to and why?
Max Jones: For the HSCIC, yes.
Q162 Dr Wollaston: And for your predecessor body?
Max Jones: I don’t think I can say that.
Q163 Dr Wollaston: But for everything that the HSCIC has adjudicated on.
Max Jones: Yes.
Q164 Dr Wollaston: I would like to see it for things like this document, which clearly had your branding and logo on. I personally find it very disappointing that you are not going to be able to do that for your predecessor bodies, but you are definitely going to do it for the HSCIC.
Max Jones: Indeed.
Q165 Dr Wollaston: Thank you. Can I just turn to the issue of GPs? As you will know, GPs are under huge pressure at the moment, and the process is that you are encouraging people to go and speak to their individual GPs. I have heard from people who have told me that they have contacted their GP practice only to be told that it is nothing to do with them. So even GPs themselves in some parts of country clearly are not aware that this is their duty. How would somebody check? I e‑mailed this person back and said, “Why don’t you contact the practice manager?”, to which the response was, “It was the practice manager.” How are people going to have confidence where they have asked to opt out that it has been put in place—that they have been opted out? How will people check? As you say, you are going to allow people to opt out through online routes. I certainly would not want to have to go in person to see a doctor about this.
Tim Kelsey: Many practices already offer that.
Q166 Dr Wollaston: Will you allow people to opt out by telephone as well?
Tim Kelsey: They can already do that.
Dr Wollaston: That is very reassuring to know.
Tim Kelsey: But you are right. Some GPs just do not seem to realise that that is what—
Q167 Dr Wollaston: They have not engaged at all is the message I am getting, in which case do you not think that, in retrospect, the programme of informing GPs was inadequate? This is not just an issue about poor communication to the public; it is also about poor communication to the individuals who you were asking to put this in place.
Tim Kelsey: I am not trying to be defensive here because I recognise all the things you have said, but we did work very closely with the BMA and the RCGP on their channels of communication with practices. They provided editorial input and all the various informational resources and so on. I think you are right—and what I have learned through this process is—that, even though you send everybody all these things over and over again, with quite a few of them something does not happen when it should do. We need to think about different strategies for engaging with the general practitioners, who, as you say, are working under incredible stress and all the rest of it, so I can understand why things get lost and key issues may not land. I am also anxious, in a sense, not to suggest that this is necessarily very widespread. Many, many of the GPs that I am aware of and in my own local area have done exactly the thing you would expect, which is to provide people with online forms and all the rest of it. So I am not sure at the moment that we really have enough data to decide just what proportion of GPs are doing what or are not doing, but I think the point about this extension to the point at which we begin collections gives us a chance to properly make sure that GPs are fully aware.
Q168 Dr Wollaston: Can you confirm that people will be able to check that if they have asked to opt out that really has happened—that they have actually opted out?
Tim Kelsey: Yes. We have agreed with the BMA that we are going to have a sort of committee that will review both areas where there are very high levels of opt‑out exactly for that reason, just to review how things are going.
Q169 Dr Wollaston: But can patients check whether their instructions have been followed? That is the question I asked.
Tim Kelsey: I will take that away. That is a good question. They should be able to, but I will take that away.
Q170 Dr Wollaston: For the record, I think this is a fantastic project and I will not be opting out, but I do think it is very important that we make it clear to people that they have absolute trust and confidence in what is happening.
Tim Kelsey: I agree.
Q171 Charlotte Leslie: I want to go back to some of what we have covered in terms of governance systems. Mr Jones, I think you referred to the HSCIC as a safe haven. Of course, most of the debate is as to whether people can be confident that it is a safe haven. What we have embarked upon is very ambitious and can do great good but also carries great risks. In that light, I am slightly puzzled about some of the actions that HSCIC has taken and NHS England. As you know, there was the Independent Advisory Group which looked at data going into the HSCIC, and there was a Data Access Advisory Group which looked at data going out and where that goes. What puzzles me is that, in embarking upon a potentially very risky data gathering, these organisations should be disbanded. You would think there would be more governance and scrutiny, but the advisory group was disbanded; then someone realised this was a bad idea and they were asked to re‑assemble, but only for six months until November. On the DAAG, which has only four people on it, two of those, I understand it, have now gone. Can you explain why, at a time when you would need more governance, actually we have less scrutiny about data going in and out?
Max Jones: It is very clear that we need to provide assurance to everybody that what we are doing is sensible and to make sure that, in taking important decisions, we have effective governance mechanisms in place to do that.
Q172 Charlotte Leslie: Can you tell me how that feeds into—
Max Jones: The Independent Advisory Group is a group which still exists, which we have committed to, which continues to operate and we see as extremely valuable. It provides a representation from across a wide number of organisations, including the BMA, the RCGP and the BCS—
Q173 Charlotte Leslie: I understand the BMA IT Committee was disbanded and dis‑invited to discussions. Is that correct?
Max Jones: Not that I am aware of. We see IAG as continuing as being important. On the other hand, during this six‑month period it would be helpful, I think, for us to review those arrangements and see if there is anything we can do further to reassure the public that there is greater transparency and also that we have representative representation. That is something that we would want to do and will do during this period.
Q174 Charlotte Leslie: Will the two members who currently remain of the Data Access Advisory Group be subject to scrutiny and accountability on how they make their decisions and who these people are and any conflicts of interests that these individuals might have?
Max Jones: As to the Data Access Advisory Group, you are correct to say that there were four people on that group and that two of those are either leaving or have left. Those two have been replaced with new members to help make sure that we have an advisory function there that can help us. That function provides an additional level of scrutiny only in the circumstances where this is pseudonymised data and, in particular, where there are consent or sensitive data item issues. It is not a “general everything that goes out of the HSCIC committee,” so it is a fairly—
Q175 Charlotte Leslie: One of the things that I think is very apparent is that the cart seems to have been put before the horse and the implementation before the planning. Can you explain to me why the original GP extraction service, which I think cost about £40 million to build and was the result of a long, long consultation process, has been scrapped, sort of ridden over in a sense, particularly when the original GP extraction service was defined by purpose? As I understand it, and correct me if I am wrong, the GP gave consent for a particular data stream to be given out based on the purpose. Why was that scheme, which would seem—
Max Jones: For the avoidance of doubt, that scheme was not disbanded. It is exactly that scheme which we are using. The IAG that you referred to is the committee which acts to make sure that the decisions we take on extracting that data are done with the relevant—
Q176 Charlotte Leslie: It was very particular data streams simply on the basis of purpose, but that decision now has been taken out of the GP surgery and centralised to the HSCIC.
Max Jones: No, not at all. All those protections which were in place through the original designs on that GP extraction service are still in place and, for the care.data extracts, will be available to GPs. It is quite a complex set of arrangements that are in there to allow GPs to have confidence in the way that that information is extracted, and they can be notified about extracts and they can look—
Q177 Charlotte Leslie: So GPs will be informed of the purpose for which the data is required and will release that data based on whether they agree with the purpose.
Max Jones: Yes.
Q178 Charlotte Leslie: Finally, my last question. In terms of confidence of people opting out, there was a rather concerning Tweet recently by the health research authority, which said, and I quote, that it will “provide expert advice on applications to access patient information without consent.” Can you explain to me what they are doing?
Max Jones: My understanding here is that the CAG committee, which advises on section 251 exemptions, is hosted by the HRA, and that will be what they are referring to. So that is actually their purpose and they make recommendations to the Secretary of State. But I would be happy to come back to you with a note that clarifies those arrangements.
Q179 Charlotte Leslie: Tim, did you want to come in?
Tim Kelsey: No. I was just thinking it is a completely separate issue—section 251.
Q180 Charlotte Leslie: So you are comfortable with the fact that there is an organisation which is specifically designed to advise people who want data which patients have not consented for them to have access to. Does that seem—
Max Jones: For the avoidance of doubt, that is under regulation 5 of the Health Service (Control of Patient Information) Regulations 2002. That is exactly what it does.
Q181 Charlotte Leslie: You feel that this contributes towards public confidence in the system.
Max Jones: Yes.
Tim Kelsey: Yes.
Charlotte Leslie: I wonder how many would agree. Thank you very much.
Chair: Rosie.
Q182 Rosie Cooper: Mr Kelsey, I have had a number of constituents write to ask me to put to you a number of questions, which we have almost examined as we have gone through today. I wondered about decision making in NHS England and how the six‑month delay or postponement took place. I was very interested in your use of language. The record will show you said, “I took the decision.” So is it you or is it a board? How are these decisions being made and, if there are no reports and things like that underpinning what is happening, then that would almost exemplify why.
What I hear from the panel is that everybody is confused except NHS England. I really do think that people watching today will see probably more clearly than ever before where the shift of power is. The Minister has been relatively silent, and two people representing anonymous boards are using language like, “I took the decision.” It is no wonder, therefore, that they are seriously concerned about the issues.
I would ask: who makes the decisions? But, Mr Jones, you listed things which would not be going out with GP data, and I did not take them all down—terminations, HIV, domestic violence and all that. Can you tell me how you worked out what should be on that list and what should be excluded? Were they the more sensitive things, and would that really reflect your fear that people will be able to attack the data? If that kind of stuff got out, you would be sued to high heaven and I would be right behind those people.
Surprise, surprise, I actually think this is a brilliant idea. I have opted out. Why have I opted out? Because I don’t trust you. I don’t trust the performance I have seen here today and I don’t consider myself to be a commodity to be bartered around by a group of anonymous people. Let me tell you, without all this—the Committee know—I have a cartilage problem with my knee, and Synexus wrote and asked if I would like to be part of a clinical trial. How do they know I’ve got a dodgy knee? If that kind of thing is happening now, then God help us when you lot get going with this.
My questions are: who is making the decisions? “I took the decision” How are you going to get that confidence? By what definition, did you get those medical conditions which will not be on the list to be transferred? If you don’t have the confidence that can assure you that you will not get sued if that gets out, it tells me you really do not have a system here at all.
Tim Kelsey: Shall I just take those? Absolutely, the Board of NHS England, which is accountable in the normal way, took the decision to proceed with this programme. We have public board meetings. Those are live streams.
Q183 Rosie Cooper: The record will show you said, “I took the decision.”
Tim Kelsey: No, can I just continue? Yes. NHS England approved the programme in the first instance. I am the national director responsible for it, and in terms of operational decisions I obviously consulted with colleagues on the board before my decision was taken and my recommendation was approved to go ahead with the extension. We are absolutely carrying on with the programme. As discussed, we need to listen to what people are telling us about how to make this programme a success rather than running into it, rushing it in a way that I think would not have led to its successful conclusion. Just to be clear, this is absolutely an NHS programme for which I am responsible as the national director for patient information.
In terms of the determination of which fields were included or not excluded in the proposed first collection, those were determined by clinicians, the BMA and RCGP and clinicians within NHS England on the grounds that sensitive data was going to be excluded. We can come back to the Committee with a note on precisely which those fields are; it is in the public domain, but the intention was to ensure that what are classified as sensitive fields were excluded from this first collection.
Q184 Charlotte Leslie: Do you mind if I query something very quickly? The Health and Social Care Act gave permission for the HSCIC to collect data, but it did not explicitly mandate it. Tim, often I have heard you say that Parliament mandated or requested this collection of data, or is it NHS England using that permission? It is quite an important point.
Tim Kelsey: The way this works—the Act is really clear on this point, and again we can come back with some annotation on the Act, if necessary—is that NHS England has the statutory authority or right to direct the information centre to go to collect data. The information centre separately has the right to extract that data from whichever health provider it has received directions to do that for. That is how it works.
Q185 Charlotte Leslie: So it is NHS England using a permission which is granted to it by the Health and Social Care Act, not Parliament mandating the—
Tim Kelsey: No, no, it is not Parliament. Parliament’s intention was that this data should flow in order to improve services and commissioning, and the way it did that was by creating a legal construction which said NHS England and other bodies that have the appropriate statutory authority can direct the information centre that separately has a statutory authority to extract it from the health and care system.
Q186 Charlotte Leslie: So Parliament gave an opportunity which NHS England was then at liberty to use or not.
Tim Kelsey: Yes, I suppose that is true.
Chair: Sarah, then Valerie has a small point, she assures me, and then I think the Committee is exhausted.
Q187 Dr Wollaston: Can I go back and ask a few more picky questions, please, Mr Jones? I want to be clear. Was the transfer within this Staple Inn Actuarial Society document legal? If it was not legal, who will be held to account for that data transfer? Was it completely within the rules for that to have taken place, first of all?
Max Jones: I will need to supply you with a note on the detail, if I can, from the predecessor organisation. My understanding was that it was shared under a contract and, therefore, we should be able to provide you with some assurance.
Q188 Dr Wollaston: It was legal to do that and presumably not the only time that such a transfer has occurred, just the only time that an investigative journalist has turned it up. Can I ask how many people are members both of the NHS Information Centre and the Health and Social Care Information Centre? How many individuals is that? I think my colleague Rosie touched on this as well. Sometimes you can change the brand name over the door but actually it is the same individuals involved. How many people who were members of the NHS Information Centre are now making these same decisions?
Max Jones: Today, the HSCIC is 2,577 individuals, of which 427 are secondees.
Q189 Dr Wollaston: I missed that. Can I stop you there? So you have 577 individuals employed by the Health and Social Care Information Centre.
Max Jones: It is 2,577, of which 427 are secondees. The Health and Social Care Information Centre was formed on 1 April 2013 out of 12 organisations, I believe it was. There was the NHS Connecting for Health organisation, the old Information Centre, and there were 10 Strategic Health Authorities, which had IT staff who were part largely of the local service provider implementations.
Q190 Dr Wollaston: Of those people who tend to make the decisions, so the key decision makers around data transfer, how many of the members of the HSCIC who are carrying out that role—not the wider organisation—were carrying out the same role under the NHS Information Centre?
Max Jones: Of the 2,500 staff—
Q191 Dr Wollaston: No, we are talking about the key staff who were the decision makers around how to release data. I am not talking about the wider organisation. I accept it is an amalgam of three, but what I am trying to focus down on is those people who made decisions around whether data could be transferred. Are these the same individuals now who were making those decisions under a different brand?
Max Jones: The executive directors of the HSCIC with responsibility for this area were not part of the old information centre.
Q192 Dr Wollaston: So it is completely new individuals making the current decisions.
Max Jones: There are individuals in the new organisation, as you would expect out of 2,500 staff, who were part of the old information centre.
Q193 Dr Wollaston: I accept that, but I am talking about the individuals who are involved. In other words, are the individuals who made the decision that it was appropriate to transfer this data making decisions today about transfer of data?
Max Jones: On that particular case, I would need to go back and look at the records and come back to you with a note. But the very senior management in the HSCIC is not the same as the very senior management that was in the IC.
Q194 Dr Wollaston: Yes, I am interested in not so much the management, but the decision makers around data transfer. I know that you have said that you will backdate all the decisions back to the start of the HSCIC.
Max Jones: Yes.
Q195 Dr Wollaston: You have made clear that you will not do that for your predecessor organisation.
Max Jones: Yes.
Dr Wollaston: Do we, Chair, have powers to call people to release that evidence to us?
Chair: We certainly have power to invite people to give evidence to us. It is an area of dispute as to precisely what subpoenaing power we have.
Dr Wollaston: So we can’t insist on that information. In other words, there is no way, as a Committee, that we can find out about other potentially inappropriate data transfers.
Rosie Cooper: What about the fraud squad or the National Audit Office?
Dr Wollaston: Particularly as we have been told it was legal under a contract, I think—
Chair: It also took place under the term of the current Government, for which current Ministers are responsible.
Q196 Dr Wollaston: That puts Dr Poulter in the hot seat. Is this information that we can have access to about other data transfers that people might feel uncomfortable with, because they are certainly very uncomfortable with this one?
Dr Poulter: Certainly, there is a commitment already made about the current organisation, and that is something that can be dealt with very simply. You potentially, of course, can write to the Secretary of State, and then we will be as helpful as we can be.
Q197 Rosie Cooper: What does “as helpful as you can be” mean? Either you know what you have done or you don’t.
Dr Poulter: We will be as helpful as we can be because the organisation you are talking about does not exist any more.
Rosie Cooper: You have not binned all their records. Is there not a requirement to keep them?
Chair: I have made—
Rosie Cooper: Weasel words.
Chair: I have made an observation about where ministerial accountability rests, which is no more than current practice, and I will write to the Secretary of State and pursue it.
Dr Wollaston: Thank you.
Q198 Valerie Vaz: I have one tiny technical question and I am happy for you to write to us if you want. The Statistics and Registrations Service Act 2007 has certain protections for sensitive data. Will that apply to care.data? It will. Could you say it instead of just nodding?
Max Jones: I am not entirely sure, so I will need to come back to you with a note on that.
Dr Poulter: To clarify, we have said very clearly that there are various pieces of statute; there is the Data Protection Act, the 2006 Health Act, and there is previous legislation. Then there is the 2012 Act, which puts in place much more robust safeguards.
Valerie Vaz: I am asking about this specific piece of legislation.
Dr Poulter: We will write to you with a note on that to make sure that we can absolutely clarify for the Committee how things are now different under the 2012 Act, what the previous pieces of legislation were and how they play into the current order of things.
Q199 Valerie Vaz: Do they apply? It is not “play.” It is do they apply to care.data?
Dr Poulter: Whether it is “play” or “apply,” we have already agreed that we will write to you about that.
Q200 Valerie Vaz: I don’t want a play. I want to know whether it applies or not.
Dr Poulter: We have said that many times and I have given many reassurances throughout the Committee today, as have the other members here, that there are stronger safeguards under the present 2012 Act, but we will of course make sure that we—
Q201 Valerie Vaz: Do you know whether it applies now?
Dr Poulter: My understanding is that there would be application of—
Q202 Valerie Vaz: It does apply now.
Dr Poulter: There would be application, yes, but we will absolutely clarify that to you in writing when we write to you to confirm that so that there is no inadvertent misleading about which bits may or may not apply and what may do. We will write to you.
Valerie Vaz: That is all I ask; thank you.
Rosie Cooper: You will be sending us a book of evidence. I have never been to a Select Committee where there is so much information going to come in a book.
Chair: That is a line you use at the end of quite a lot of Select Committee hearings.
Rosie Cooper: I have not actually used that ever before. It is amazing how much information we haven’t got today.
Chair: Thank you very much for your attendance this afternoon.
Oral evidence: Care.data database, HC 1105 24
[1] Note from witness: Due to interruption and noise levels, this question was misheard. The witness heard the question as “Do you think Atos should be a recipient of this data?” and answered it as shown above. The witness does not have a view to Q63 as asked in this transcript.