Our data isn't safe with the NHS - NHS Digital must be rebuilt
Confidentiality of patient information is one of the most ancient and important principles of medicine. If doctors tell other people what we tell them, many of us would avoid healthcare and as a result get sick, and possibly die. Infectious diseases would spread in the population unchecked. That’s why there are well established rules in law and medical ethics both to require confidentiality and also lay down the rare circumstances where confidentiality might be breached.
NHS Digital is the central body which receives vast quantities of our patient information from GPs and hospitals. It is meant to be a ‘safe haven’ for that information, operating to the highest standards of confidentiality. There was shock, therefore, in 2014 when it emerged that for many years NHS Digital and its predecessors had been secretly providing the immigration authorities with the addresses of migrants. This practice clearly breaches the rule applied everywhere else in the NHS, that such information should only be provided to the authorities in relation to serious crimes against the person such as rape and murder. None of our data is safe if NHS Digital can decide secretly and unilaterally to pick on certain people and share their data, irrespective of how the rest of the NHS operates.
Faced with this inconsistent practice by NHS Digital, the Department of Health proposes that the rules should change so that the authorities would be able to access NHS records of all of us (not just migrants) when investigating minor crimes. That’s always how it goes – human rights are indivisible. In attacking migrants you attack us all.
At NAT we led a campaign to end this immigration tracing service, which culminated in an inquiry this January by the House of Commons Health Committee. The Health Committee were clear and forthright in their view that the practice is unacceptable, calling on NHS Digital to suspend the tracing service immediately.
In response, NHS Digital have refused to suspend the tracing service. This despite the fact that the service is challenged not just by the Committee but by the National Data Guardian, the General Medical Council, the BMA and a swathe of charities and Royal Colleges. The system does not consider a patient’s individual health risks; indeed, no clinical input is required. And it is just as well that doctors are not involved in processing Home Office requests to trace migrants, as doing so would risk compromising their ethical guidance.
The decision to defy the Health Committee recommendation demonstrates starkly that NHS Digital has no real independence but is part of Whitehall, to be leant on by the Home Office or any other government department at will. It has failed totally in its duty to protect patient data, and indeed to understand the basic principles of medical confidentiality which it is meant to champion.
It’s time for a new national body to receive and protect our patient information, one which is genuinely independent and stands up for patients.