My Lords, I beg to move Amendment 14, and your Lordships will be pleased to hear that I will be brief.
During the passage of the Bill, considerable concerns have been raised by a number of noble Lords about the use and sharing of data within the NHS. It is a hotly contested subject, and one of the best briefings on it is from our Library, prior to a debate on 6 September initiated by the noble Lord, Lord Freyberg. It unpacks a number of the concerns and issues about data within the NHS, and I am sorry that I have been unable to be at Second Reading or in Committee to expand on some of those issues.
During our Select Committee inquiry into artificial intelligence, there were a number of witnesses who talked about the use of data in the NHS, and we drew a number of conclusions, namely that the data was not in good shape to be utilised for beneficial purposes such as research, diagnosis and screening. That is another issue, however; what concerns noble Lords is the question of sharing. Now that we have seen Amendment 1 pass, maybe we will deal only with countries where there is a level of data adequacy which gives us an assurance about the use of NHS data. As the King’s Fund said last year in its report, Using Data in the NHS:
“National policy has to keep a balance between responding to legitimate public concern about the security and confidentiality of data and enabling data to be shared and used by NHS organisations and third parties. It is also essential that NHS national bodies are transparent with the public about how patient data is used”.
It went on to suggest that the level of opt-outs for patients would be key to the quality and validity of future research, and that NHS England and NHS Digital should keep this under review. One of the issues in the NHS is that there are several organisations responsible for NHS data. It is not just NHS England, NHS Digital, the National Information Board and Public Health England. The Caldicott Guardian—the national guardian for health and care—has a responsibility as well. It is quite a disparate, rather balkanised issue.
I was reassured on reading what the noble Baroness, Lady Manzoor, had to say when she responded, as the Minister, to this set of amendments in Committee:
“Under the Bill, personal data can be processed only in accordance with UK data protection law, namely the Data Protection Act 2018 and the general data protection regulation, which will form part of UK domestic law under the EU withdrawal Act 2018 from exit day”.
I am not going to go into all the questions about data adequacy and so on. I take what she said as quite reassuring, but it was less so when she later responded to what was then Amendment 23—this amendment is identical. She said:
“I assure the Committee that the Government are committed to the safe, lawful and responsible processing of people’s data”.
However, she then said:
“As the noble Baroness, Lady Jolly, and my noble friend Lord O’Shaughnessy noted, the Caldicott principles and the Government’s Data Ethics Framework are admirable standards to apply to the handling of patient data. Both of these non-legislative frameworks are in line with the Data Protection Act and the GDPR, which are enshrined in the Bill”.—[Official Report, 19/2/19; cols. 2261-63.]
That is not unequivocal in terms of those standards applying. As the Minister knows, we discussed this between Committee and Report. I had hoped to receive correspondence from her, but sadly I have not done so. She may need to repeat whatever text of the letter she may be able to find in her outbox. I hope she can give the House reassurance that the national data ethics framework and the Caldicott principles will apply to any sharing of data. The data ethics framework is a cross-government standard, of course, but the Caldicott principles are specific to the NHS. It is important to make sure they apply both domestically and internationally.