MPs criticise 'entirely inappropriate' sharing of patient data with Home Office

The Commons health and social care committee has published its first report on NHS Digital and the Department of Health and Social Care’s agreement to share NHS patients’ confidential information with the Home Office, to help track suspected illegal immigrants.

Since the agreement came into effect in January 2017 NHS Digital – the designated “safe haven” for NHS patient data – has passed thousands of people’s non-clinical confidential information to the Home Office such as their address and registered GP.

The report, published today, follows tense committee hearings earlier this year when NHS Digital executives refused to suspend data sharing.

The report said MPs had “serious concerns” about government policy on the sharing of confidential patient information and “NHS Digital’s role as a steward of health and social care data”.

The committee said the arrangement with the Home Office could lead to “more widespread” sharing with other government departments.

“The committee continues to have serious concerns about government policy on the confidentiality of address data collected for the purposes of health and social care and in particular the risk that data sharing without patients’ knowledge or consent could become more widespread,” the MPs said.

The agreement also contradicted the NHS and General Medical Council codes of confidentiality and NHS Digital’s own guidance, which only allows for the sharing of this information when a “serious crime” has occurred – a standard immigration offences failed to meet, the report said.

The report continued: “As demonstrated by the Care.data experience, the success of such data sharing depends crucially on public consent and confidence in NHS Digital’s commitment to respecting confidentiality. Its actions in this case risk undermining that confidence.”

Committee chair Sarah Wollaston said: “NHS Digital’s decision to routinely share information with the Home Office with a lower threshold is entirely inappropriate. This behaviour calls into question NHS Digital’s ability to robustly act on behalf of patients in the event of other data sharing requests including from other government departments in the future.”

The committee repeated its demand to suspend sharing of patient information with the Home Office until a review of the NHS code of confidentiality was completed.

Responding to the report, NHS Digital chief executive Sarah Wilkinson reiterated that the sharing of patient data with the Home Office was lawful.

She said: “We will consider the health select committee’s report carefully and will take into account any new evidence as it becomes available, but we have been through a rigorous process to assess the release of demographic data to the Home Office. This has established that there is a legal basis for the release and has assured us that it is in the public interest to share limited demographic data in very specific circumstances.”

During the hearings, the committee heard evidence that the agreement had undermined public trust in the NHS, could discourage migrants from seeking NHS care, undermine public health and set a precedent for further data sharing.

The national data guardian, Public Health England, the British Medical Association medical ethics committee and several migrant support groups have all raised concerns about the agreement.

John Chisholm, chair of the BMA medical ethics committee, said the report showed the data sharing “risks undermining the very foundation of the doctor-patient relationship”.

He added: “Most immigration offences clearly do not meet the high public interest threshold for releasing confidential data, which according to NHS England, the GMC and even NHS Digital’s own guidance, should be reserved for cases that involve ‘serious’ crime.

“We must therefore question NHS Digital’s ability to act as a trusted custodian for the data it holds and its assertion that it prioritises patients’ best interests when handling their data.”

Royal College of GPs chair Professor Helen Stokes-Lampard said: “The Home Office is displaying a blatant disregard for the trusted and vital GP-patient relationship. Its casual approach to confidential patient data risks alienating highly vulnerable patients.

“It is treating GP patient data like the Yellow Pages. We are calling on NHS Digital to take urgent measures to suspend the agreement that is allowing them to do so.”

A government spokesperson said: “Non-clinical information is shared on occasion between health agencies and the Home Office to locate individuals suspected of committing immigration offences. This data is strictly controlled and only shared if there is a legal basis to do so.”