'Worrying' review into NHS data sharing deal with Home Office

NHS Digital, which describes itself as a “safe haven” for patient data, has finally published an internal review into its sharing of confidential NHS data with other government departments, including to help the Home Office trace illegal immigrants.

The review, completed more than a year ago but only published last week, found while NHS Digital was not legally obliged to share patient’s personal information with the Home Office, it had an obligation to act in the “public interest”.

The report said: “This review also acknowledges concerns of using personal data for these purposes, but it also accepts there is public interest in maintaining effective immigration control.”

Speaking to HSJ this week, former NHS Digital chair Kingsley Manning said the review’s conclusions were “worrying” and did nothing to alleviate concerns, raised by Public Health England and others, that the data sharing could dissuade vulnerable people from seeking healthcare

Mr Manning was chair of NHS Digital, then called the Health and Social Care Information Centre, when the review was commissioned in 2012. He previously said he fought the Home Office for years over the legality of sharing private records. Theresa May was home secretary during this period.

He told HSJ this week the review did not present any evidence to support NHS Digital’s position that sharing patients’ data was in the public interest.

He said: “The review, after three and half years in the making, doesn’t move the argument on at all.

“The fundamental concern of undermining NHS Digital’s role as the ‘safe haven’ remains and is unanswered. It remains deeply worrying.”

Chaired by a succession of NHS Digital board members, the review was the basis of a heavily criticised memorandum of understanding, signed in November 2016, which has allowed NHS Digital to continue to send private information on thousands of potential illegal immigrants to the Home Office.

Under the agreement, the Home Office can request a “trace” on a person’s name and last known address, their date of birth, primary care service area code and GP contact details, as well as their date of registration with the NHS. No clinical information is shared.

In the year to end of August, the Home Office made 6,613 requests with NHS Digital sharing patient information on 4,712 occasions.

The office of national data guardian Dame Fiona Caldicott, who has previously raised concerns about the data sharing, said the “publication of the… report is a step forward in improving transparency about the releases of data made by NHS Digital’s tracing service”.

However, Dame Fiona would “continue conversations with relevant stakeholders about this issue, particularly in relation to the releases made to help law enforcement agencies”.

The publication of the review comes days after the Migrants Rights Network lodged a submission with the High Court challenging the legality of sharing NHS patient data with the Home Office, claiming it violated privacy and put immigrants at risk.

It also comes as the government grapples with questions about how much control patients should be given over sharing identifiable health data, in the wake Dame Fiona’s third review in July 2016.

In the summer, the government committed to establishing a national scheme for allowing patients to “opt out” of sharing identifiable personal data by March 2018, but it has not revealed details of scope of this system.

While the review endorsed sharing patient data with the Home Office and law enforcement agencies, it also made several recommendations.

These included:

• Removing the category of “asylum seeker” as grounds for Home Office “tracing” requests. Twenty nine requests were made under this category but reviewers were concerned as it is not a criminal offence to seek asylum. The reviewers were assured all 29 requests involved some type of immigration offence.
• Within two years Public Health England should review whether data sharing dissuaded groups targeted, such as potentially illegal immigrants, from seeking healthcare. PHE said this review would be completed by January 2019.
• Creating a clearer process for other government bodies to request to trace a person’s NHS records.

NHS Digital chief executive Sarah Wilkinson, who was the Home Office’s chief information officer until August, “welcomed” the review’s publication.

“Numerous parties have requested that this document be made available in full in the public domain. I feel it is useful and appropriate to comply with this request to ensure complete transparency,” she said.

NHS Digital did not respond to further questions from HSJ.