My Lords, I shall speak to Amendment 22, in my name and that of the noble Lord, Lord Kakkar, and Amendment 25, which is in my name. Both relate to personal data, and seek assurance from the Government that, whatever processes are put in place, they will respect the need for confidentiality and trust. While I absolutely recognise the value of transferring individual health data when the patient is receiving treatment, and the need to do so, it is also important that the Bill provides powers to protect personal and health data.
Access to personal health data should be limited to healthcare purposes. Currently, the General Data Protection Regulation imposes restrictions on the transfer of data, which we may not have after we leave the EU. A separate issue is the definition of “authorised persons”, which, when they gave evidence, both the BMA and the Academy of Medical Royal Colleges referred to as concerns.
I am also unhappy about the mechanisms that will operate for patients to consent to having their data transferred. Amendment 25 refers to Clause 4(6), relating to data processing. It says:
“In this section—‘authorised person’ means”.
Paragraphs (a) to (e) then define who the authorised people might be. Amendment 25, which I tabled only to get an explanation from the Minister, suggests that paragraph (e) should be deleted. It says that,
“any other person authorised, or falling within a description of persons authorised, by regulations made by the Secretary of State for the purposes of this section”.
That sounds too wide to me. In this country we have clear protocols and guidelines about who should be transferring patients’ data and to whom. It is not to anybody not clearly defined as an authorised person. I beg to move.