Health and Social Care Bill

My Lords, I have Amendment 348C in this group, which relates to the National Information Governance Board being disbanded and a national information governance committee being formed and being part of the CQC. There is concern over the way that that will happen. The National Information Governance Board currently advises the Secretary of State on access to confidential patient information without patient consent when it is for medical purposes, under the Health Service (Control of Patient Information) Regulations. These are made under Section 251 of the National Health Service Act 2006 and give rise to applications from researchers for access to confidential patient information. The Patient Information Advisory Group, or PIAG, was established and later became the Ethics and Confidentiality Committee of the National Information Governance Board. This provides advice when people who are not the doctors or professionals involved in the care of a patient wish to access information from medical records that are potentially identifiable without the knowledge or consent of those people. It is permitted legally through the exercise of discretionary powers of the Secretary of State. The Ethics and Confidentiality Committee of the National Information Governance Board has an advisory function. It is not a regulator and has no powers to stop disclosure. It helps disclosers of information to know the risks and whether to seek statutory protection. If they are given that protection, they are protected from liability under the common law duty of confidentiality. Clause 274 abolishes the National Information Governance Board but also omits Sections 250A to 250D of the 2006 Act. In those sections, one of the functions established for the National Information Governance Board is to advise the Secretary of State on particular matters relating to the processing of patient information by any person. This advisory function will not transfer to the Care Quality Commission under Clause 274(3). The Care Quality Commission might be regarded as not being the ideal home for the governance board for reasons concerning its own expertise and current performance. This is important because there is a need to reconcile two conflicting public goods. The first public good concerns medical purposes and is described in Section 251 of the 2006 Act, which allows access for the purposes of preventive medicine, medical diagnosis, medical research and general care and treatment and also allows the health service to access information to inform individuals, if necessary, about their physical or mental health condition. That conflicts with the other public good, which is maintaining confidentiality. It is in the balancing of those two public goods that the current Ethics and Confidentiality Committee has established expertise. I know that the current chairman, Andrew Harris, has written to the Secretary of State expressing concerns about the transfer. The functions of that committee which involve research will transfer to the Health Research Authority, which seems to be appropriate as we have all been very concerned about the need to process research applications more quickly and to have a streamlined process. The difficulty is that there are many other times when information is sought. The research decision is in concert with the recommendation of the Academy of Medical Sciences, but there is concern about the remainder of the patient information. That concern relates to applications from the NHS, from the Department of Health and, in particular, from commercial contractors and how the information gained will then be handled, what will happen to it and what will happen to patient confidentiality. One of the other difficulties is that the process of pseudo-anonymisation, or making data not identifiable in relation to someone, is technologically moving so fast that it becomes quite easy to unscramble pseudo-anonymised data. The gold standard for interpretation of the advice and the processes involved rests with the Information Commissioner's office. There is not a residue of expertise in the Care Quality Commission, which is why there is a suggestion in the wording of the amendment that there should be answerability to the Information Commissioner’s office rather than to the CQC. The fragmentation of the current committee’s function carries risks which would be reconciled by having answerability to the Information Commissioner’s office where the Information Commissioner would then liaise with the research ethics committee functions of the Health Research Authority. Therefore, you would get a read across in the quality of decisions and you would maintain speed for research applications, but you would draw on the expertise of the Information Commissioner’s office. The Government have a transparency agenda and it is assumed that that will concern only non-identifiable data. The difficulty is that, without investment in the appropriate pseudo-anonymisation technologies, data are potentially identifiable. An independent oversight of the use of disclosures is needed when we do not have consent from individuals for their data to be used. There are extensive provisions in relation to making patient information freely available throughout the NHS and central Department of Health bodies. Those are laid out in Clauses 230 and 253, which provide protection for NICE and for information centre staff from personal liability. I just draw the attention of the House to the contrast between that and the 2006 Act, in respect of the NHS Counter Fraud and Security Management Services, whereby heavy penalties were introduced not only for failure to provide information but also for misuse of the information by their staff. I return to the need to assess the risks of this change and to balance the two goods that I outlined. I note that the noble Baroness, Lady Williams, expressed some concern over the boundaries of patient confidentiality in her previous intervention. The abolition of the National Information Governance Board is a given, but one has to consider data protection both through the common law duty of confidentiality and the need to be able to access information, and through our responsibilities under EU Directive 95/46/EC, which are currently met through the Data Protection Act. It is through that Act that decisions on research access to confidential patient information must be seen to be consistent. The new committee could find a natural home in the Information Commissioner’s office and could co-ordinate clearly with the National Research Ethics Service. I ask the Government to consider whether the Bill and the current plans are correct or whether there are better ways both to safeguard patient confidentiality and to encourage and foster the very important research agenda that the Government have given an enormous commitment to and that has been universally welcomed.