My Lords, we are enormously grateful to the noble Baroness, Lady Thornton, and the noble Lord, Lord Clement-Jones, for their Amendments 20 and 24 to one of my own amendments to Clause 7. These amendments seek to ensure that patient information can be shared by an appropriate authority only if the individual has given their explicit or informed consent, respectively. I completely recognise the commendable intent behind both amendments to safeguard and protect patient safety. Their intentions are benign but they are absolutely not necessary.
My lived experience for the past year has been completely aligned with the words of the noble Lords, Lord Clement-Jones and Lord Freyberg. Data is absolutely key. I have spent my time outside the Chamber working on little else: clearing the path for patient recruitment to clinical trials, so that therapies can be designed to save lives; getting data on long Covid patients from primary care to those researchers and clinicians who are trying to help them, which is an extremely complex and onerous task; getting central tracing data to local infections teams, which means transferring it between various jurisdictions; getting people to record the tests they take, which is a legal requirement but legally and technically difficult to implement; and getting test results from those who have taken them into their GP records. Most bizarrely, to me at least, I have been getting data-sharing agreements in place so that local authorities, which are crying out for the data—as their representatives here in this very Chamber cry out to me at the Dispatch Box for it—can access the dashboards with those legal agreements; or getting the data on those who may need support isolating into the hands of those charities and local authorities which are keen to support them.
Every step of the way, there has been an onerous set of legal, ethical and bureaucratic barriers. Speaking on the back of that experience, I wonder whether scientific deduction and patient safety are sometimes sidelined by other considerations. I therefore warn about measures that are driven by prejudice or secondary principles, rather than the priorities of trying to save lives and pursue science. Their unintended consequences can have a profound, stifling effect on patient safety, medical research and innovation, and on the effective running of a modern healthcare system. I can think of so many incidents where the need for data-sharing agreements, legally obtuse patient consents and all sorts of rarefied ethical reviews have caused major life-threatening obstacles and troubling issues in our response to Covid.
I know that the measures in these amendments are well intended, but I assure noble Lords that they are not necessary. For instance, Clause 7 accounts for the rare instances where it is necessary for the MHRA to share identifiable patient information internationally to support our commitment to upholding patient safety. I take this opportunity to assure noble Lords not only that this will be done only with the informed consent
of the patient but that the practical implementation of some of the very measures in this Bill, such as the medical information system, will require these kinds of measures. It seems counterproductive for us to be undoing the benefits of our own information system.
Amendment 21 in the name of the noble Baroness, Lady Thornton, seeks to broaden the definition of patient information to include information that could enable identification. I reassure the noble Baroness that the MHRA absolutely follows the Information Commissioner’s gold standard practices on patient data anonymisation. In order to be truly anonymised under GDPR, sufficient personal data is always stripped out so that, not only can the individual not be identified, but reasonably available means could also not enable the recipient to re-identify the individual. As such, if patient information to be shared still enables the patient to be identified, for example due to the unique nature of their condition, the amendment in my name will provide sufficient protection by requiring that patient’s consent be sought before sharing their information. The MHRA keep anonymisation processes under review in line with the ICO’s guidelines and continue to monitor advances in data technology.
We have heard from the noble Baroness, Lady Thornton, and the noble Lords, Lord Patel and Lord Clement-Jones, on their Amendments 18, 36 and 57, which seek to limit the purpose for which information can be shared internationally under the powers. It is important to highlight that we could only disclose information under this power where disclosure is required in order to give effect to an international agreement or arrangement concerning the regulation of human medicines, medical devices or veterinary medicines. In that regard, the clause already allows disclosure only for a particular purpose. As international co-operation in this area is important and a good, even necessary, thing, such agreements or arrangements would be in the public interest by default. The UK meeting its international obligations under these agreements and arrangements would be even more so. Furthermore, the MHRA and VMD do not share information for commercial gain—on that point I want to be absolutely categoric. Therefore, I am persuaded that these amendments are accordingly unnecessary.
We have introduced a number of amendments to these powers to clarify the types of person with whom information can be shared and, for those instances when it is necessary to share identifiable patient data internationally, introduced a lock that ensures that data can be shared only with consent. These amendments are, of course, in addition to existing data protection legislation and ICO guidance. I can assure the noble Lords that we are not complacent when it comes to the safe and appropriate use of patient data. We understand that, as technology advances, we will need to continually review the way in which we anonymise data to ensure that it remains just that.
I hope this provides noble Lords with assurance that the Bill and the additional amendments in my name provide robust safeguards to protect patient information, alongside long-standing data protection legislation already in place, and that they will not press their amendments.