Healthcare (International Arrangements) Bill Debate
Full Debate: Read Full DebateDepartment: Department of Health and Social Care
Baroness Jolly
Main Page: Baroness Jolly (Liberal Democrat - Life peer)Department Debates - View all Baroness Jolly's debates with the Department of Health and Social Care
Healthcare (International Arrangements) Bill
Baroness Jolly ExcerptsTuesday 19th February 2019
(5 years, 2 months ago)
Lords ChamberRead Full debate Healthcare (European Economic Area and Switzerland Arrangements) Act 2019 View all Healthcare (European Economic Area and Switzerland Arrangements) Act 2019 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: HL Bill 155-II Second marshalled list for Committee (PDF) - (19 Feb 2019)
Baroness Manzoor
I fully understand the point made by the noble Baroness, Lady Brinton. I always believe in a simplified place, but those are the accounting rules that we have for government and therefore they remain. We have gone the additional mile by saying that we will place on record a ministerial Statement at the end of each financial year and that this will include the areas I have indicated.
Baroness Jolly (LD)
The Minister referred to arrangements being put into NHS organisations to make this happen—but what about GP practices? If you talk to GPs, they will tell you that they are in private partnerships. Presumably the Government are talking to the Royal College. The last time I had a conversation with GPs was five or six years ago, when they were totally averse to collecting money for their services. Can the Minister clarify whether things have changed?
Baroness Manzoor
I can clarify that NHS trusts are funded on the basis of existing agreements and will provide additional funding for any new agreements reached within the powers of the Bill. The same thing will apply to GPs where charges need to be made for people who are not entitled to that care and do not fall within the reciprocal arrangements that we have in place. The procedure would apply as it currently applies and such people would be charged as appropriate. If they are part of the reciprocal agreements that we have, whether bilaterally or multilaterally, such charges will not be incurred.
Lord Patel
My Lords, I shall speak to Amendment 22, in my name and that of the noble Lord, Lord Kakkar, and Amendment 25, which is in my name. Both relate to personal data, and seek assurance from the Government that, whatever processes are put in place, they will respect the need for confidentiality and trust. While I absolutely recognise the value of transferring individual health data when the patient is receiving treatment, and the need to do so, it is also important that the Bill provides powers to protect personal and health data.
Access to personal health data should be limited to healthcare purposes. Currently, the General Data Protection Regulation imposes restrictions on the transfer of data, which we may not have after we leave the EU. A separate issue is the definition of “authorised persons”, which, when they gave evidence, both the BMA and the Academy of Medical Royal Colleges referred to as a concern.
I am also unhappy about the mechanisms that will operate for patients to consent to having their data transferred. Amendment 25 refers to Clause 4(6), relating to data processing. It says:
“In this section—‘authorised person’ means”.
Paragraphs (a) to (e) then define who the authorised people might be. Amendment 25, which I tabled only to get an explanation from the Minister, suggests that paragraph (e) should be deleted. It says that,
“any other person authorised, or falling within a description of persons authorised, by regulations made by the Secretary of State for the purposes of this section”.
That sounds too wide to me. In this country we have clear protocols and guidelines about who should be transferring patients’ data and to whom. It is not to anybody not clearly defined as an authorised person. I beg to move.
Baroness Jolly
My Lords, the NHS in England has a long history and a good record of data governance. In 1996, Fiona Caldicott was called in and asked to look at the whole issue of NHS data. It must be said that the data was not as digital then as it is now. Her review came up with a group of principles—I think there were seven—and that was then followed by Caldicott 2. More recently, there has been another look at NHS data and we are now down to three principles. It is not just the Caldicott guardians. When he was Secretary of State at DCMS, Matt Hancock announced the data ethics framework and then we had GDPR. There is a really rich background of caring for patients’ data.
The provisions in the Bill authorising the sharing of data appear wide—that is probably the best way to put it. Clause 4(1) provides:
“An authorised person may process personal data held by the person in connection with any of the person’s functions where that person considers it necessary for the purposes of implementing”,
the Act. The words,
“that person considers it necessary”,
are a very wide formulation for the exercise of a function such as this. They seem designed to make a challenge in court almost impossible.
Among others defined as an authorised person is a “provider of healthcare”, so the authority extends beyond the NHS to all organisations that provide NHS care but might not be NHS organisations. So it would include commercial organisations as well as public authorities. Can the Minister confirm this and give an example, to better understand how wide the scope is?
Moreover, it is left to bodies such as the NHS to define for themselves the level of staff who should have this degree of authority. Will the Minister confirm how data is handled with devolved states and within the island of Ireland? How are we intending to communicate clinical data with organisations in the EU, and in the rest of the world, once the Bill has been enacted? Are there issues about shared datasets? We are fairly confident about sharing research data, but clinical data will be absolutely key here.
Baroness Thornton
My Lords, I have an amendment in this group. I support the noble Lord, Lord Patel, and the noble Baroness, Lady Jolly. Clause 4 of the Bill provides the legal basis for processing personal information and data about patients to facilitate patient information and payments for reciprocal healthcare after Brexit—whether as part of an agreement with the EU, an agreement with a country outside the EU or in connection with contingency plans arising from a no-deal scenario. It also seeks to ensure that the key safeguards which should always be at the heart of systems that use and exchange patients’ sensitive personal and medical data are in place. The noble Lord, Lord Patel, is right to press this issue. It was almost the first thing that he and I spoke about when we talked about the Bill, which made me look at and ask why he and other noble Lords, particularly those in the medical profession, were very concerned about this.
At Second Reading the Minister acknowledged that there were deep concerns raised by noble Lords on data processing provisions in Clause 4, and promised to address them—but unfortunately she ran out of time on that day. We look forward to her catching up with that. We know that the noble Baroness has special expertise and experience in this field, so I look forward to hearing her talk about how she envisages the necessary robust standards, security and safeguards applying in post-Brexit healthcare deals with the EU and the rest of the world, and how those will be achieved.
In the Commons, my colleagues pressed this matter with the Minister, Stephen Hammond. He gave an assurance that the powers to access personal data would be limited, and committed at the time to provide a briefing. I wanted to raise that with the Minister—my colleagues in the Commons certainly have not received that, but I thought that she might raise it with her colleague and see what the briefing might have said. I am sure that we too would be interested to receive it.
When I raised this issue at Second Reading, I mentioned that I had been in touch with the National Data Guardian for Health and Social Care, who, as we know, has a vital role in ensuring that confidential healthcare data is used and shared appropriately in protecting the high standard of confidentiality. Pursuing that question is whether the Minister has been in touch and sought her guidance on this matter.
Lord O’Shaughnessy (Con)
My Lords, this has been an important discussion on an area that is, of course, of growing concern not just for people in Parliament but for the general public. Noble Lords will also know about my interest in this issue; we have had many discussions over the last few years about it. It is critical that we get this right, to allay any fears—because there are fears that attend to the use and movement of data for various purposes.
The noble Baroness, Lady Jolly, makes the point in her amendment about the Caldicott principles and so on. I was pleased from the Government’s point of view to be able to bring the National Data Guardian on to a statutory footing, as well as other measures that we took to provide that level of reassurance. My understanding is that these are all part of the scaffolding around the Data Protection Act, which is the GDPR as put into our legislation. They are a way of translating the general provisions of that into healthcare purposes. I ask the Minister to confirm that, because the Bill clearly states that the Data Protection Act is the governing piece of legislation here, it therefore follows that things such as the NDG, the principles and other things apply. They, in effect, derive from that and apply to all aspects of healthcare, including reciprocal healthcare.
Baroness Jolly
We are talking about exchanging health datasets, but in this world we are talking about our EU partners, the EEA and whoever else in the world we make a healthcare arrangement with. Are there mechanisms—this is a question I do not know the answer to—whereby datasets can be standardised so that any method of recording healthcare information that we might use would be recognisable to somebody in the States, Canada or France?
Lord O’Shaughnessy
That is an incredibly important point and it goes to the question that I was about to ask my noble friend. My reading of it is that it will not be possible for us to make reciprocal healthcare arrangements that involve the flow of data with another country unless we deem that country to be adequately complying with the GDPR. That is absolutely right and it is a high bar. It does not just provide a degree of regulatory compliance and standardisation; there are also international healthcare codes that underpin it, as the noble Baroness will know. It would be useful if my noble friend could confirm that, because it is clearly a really important point that will, in a sense, allay some of the fears that have been raised tonight about just how the powers in the Bill, once they extend beyond the European Union, Switzerland, the EEA and so on, might be used.