Mr Mudie

- Hansard -

Copy Link

- - Excerpts

I read with interest about the right hon. Gentleman’s unfortunate nose. He makes an important point.

My point is that there will eventually be a breach of security. It is inevitable, given the size of the database and the information stored in it. The human cost to the patient whose identity and medical history are made public is potentially disastrous. Careers could be ended, jobs lost, insurance refused and relationships destroyed if sensitive medical facts are made public or used by private firms, other people or, indeed, the media.

Mr Mudie

- Hansard -

Copy Link

- - Excerpts

The hon. Gentleman makes an important point, which I will cover when discussing the second issue that I identified. At the moment, I am dealing with security, but I will come on to the opt-out arrangements, which are far from satisfactory.

A further reason for concern is that the information will not be available for analysis and research in the national health service alone, but will be made available to non-NHS organisations. A Library note describes an interesting situation in which, without the consent of individuals, the information given can identify patients:

“In most cases, researchers can carry out their studies using information that does not identify you. Occasionally, however, medical researchers need to use information that does identify you. Only researchers who have obtained your permission or who have been granted special approval are allowed to access your identifiable data… The CAG approves requests where it is not possible to use information that does not identify you and it is not possible to ask you. There are a variety of reasons why it might not be possible to ask people; for example, where there are extremely large numbers of patients”—

so it is okay if researchers pinch a lot of patient information and identify the patients, but such patients would have no come-back, because that is reasonable in the eyes of the national health service.

Another interesting but concerning document includes a diagram helpfully provided by the Information Commissioner that describes three different levels of anonymity. First, in the public domain, there is no information—none. It is totally anonymous. Secondly, for approved organisations, whether NHS or outside organisations given permission, there is potentially identifiable data. Finally, organisations that have a legal basis, such as the police, have all the data—nothing is hidden. Interestingly enough, the police will not have to do what they have to do now, which is to get a court order to get the information; they will have an automatic right to it.

NHS England has explained that information given to private researchers will be anonymised before release, but that is undermined by its statement that the standard of anonymity it is using requires it to

“ensure that, as far as it is reasonably practicable to do so, information published does not identify individuals.”

That is hardly reassuring.

All those instances could be dismissed as speculation, but we should be aware that NHS England and the Government see the whole exercise as an opportunity for the UK to become a major player in medical research, with both the NHS and the private sector seeing strong economic growth and income from the use of the data. I forgot to mention that in the database will be included people’s national health service number, postcode, date of birth, gender and ethnicity. With all that information—particularly the postcode—it will be fairly easy to identify someone.

I turn now to the question of permission. This genuinely makes me very cross. The handover from GPs will take place in March—one month’s time—and after three months, depending on opt-out numbers, 100% of records will be on the national database. That should have happened already, but the Information Commissioner stopped the process late last year because the NHS had not consulted or, in the commissioner’s view, given enough information to the public. The commissioner ordered the NHS to postpone the process and take steps to give more information on both what was happening and the right to opt out. It has been given £2 million to do so, but it is far from clear that it is doing it willingly—it is doing it in bad grace.

I should mention the summary care record, another IT exercise that was carried out five or six years ago, more limited in its function but with the same organisational structure. A key element was that, unless a patient objected, their records would automatically go on the database. That tactic of forcing people to opt out rather than in was successful and with summary care records only 1% of patients in the pilot schemes opted out. There was a discussion about what system should be used for opting out for the new, greater system, a report was written, and surprise—officials chose the opt-out. With no real publicity, involvement or consultation, they have reckoned from the pilots that that might be the result nationwide. I thoroughly object to that.

NHS England published a leaflet, which might have come through Members’ doors, that supposedly meets the Information Commissioner’s request, but it is so bland, patronising and uninformative that it seems to have been written, miraculously, by a dead author—Enid Blyton. It is an insult to the general public. Opting out is not actually spelled out within the leaflet. NHS England is demanding that people go to their doctor’s surgery, discuss the matter with a doctor or practice manager and then give their decision on opting out. The House knows how busy doctors are and how busy their surgeries are. Is somebody going to take a day off work to go and see their doctor not because they are ill but because they want to discuss opting out? It is not sensible.

I suggest that NHS England is not serious about involving and empowering the general public. That is the second reason why real questions should be asked about this plan. The leaflet does not make the point that there are two opt-out options, one for giving the information out within the health service and one for giving it out outside the health service, or that people can obtain a form, fill that in and send it in to a practice.

I am taking up time and I know that a colleague wants to speak. I want the Minister to take his lead from the Information Commissioner and postpone the introduction of the scheme to allow further consultation and discussion about whether there should be an opt-in or an opt-out, about what information is being shared and about the security of that information. If the medical records of members of the public are going to be given out, they should have knowledge of that and should have had the opportunity to opt out.

Mr George Mudie (Leeds East) (Lab)

- Hansard -

Copy Link

- - Excerpts

I compliment the hon. Member for Bromsgrove (Sajid Javid) on a thoughtful speech. At one point, I disagreed with him and at other points I found myself very pleased with the sentiments that he expressed. The Backbench Business Committee deserves congratulation for tabling the motion and I hope we will have more opportunities to discuss the subject in Government time. We must reach consensus if we are to get this right.

I worry, particularly against the background of what is happening in Ireland, that we are going too slowly. There was an argument in the beginning that we should not do things in haste and that was sensible, but three years on from the time Northern Rock went down we should be starting to implement some of the measures, not merely discussing them. I know that there is an international context, but on the domestic front we should be further forward than we are.

The Government’s amendment mentions matters such as “regulatory architecture” and “prudential regulation”, both of which are part of the package that is going through the Select Committee on the Treasury and that will eventually come to the Floor of the House. I am not sure that they alone will matter. Basel III, according to the Governor of the Bank of England, “won’t prevent another crisis”. I think that is fair.

So, Basel III, regulatory architecture and prudential regulation are what the Government initially—certainly in this low-key debate—are putting forward as important. They are secondary to an acceptance by those who are in the banks and who own the banks of the fact that they need regulating and that they should share the objectives of the regulators. Sadly, in the past three years I have not seen any signs that that has been accepted at a senior level in the banks. If we were to look for one person, organisation or thing that started or caused the crisis, we would be wrong, but central to it were the banks’ securitisation exercises and adventures, which paralysed the whole financial structure and the wholesale markets. They must be accepted as a major part of where we are now and of what we have gone through.

Mr Mudie

- Hansard -

Copy Link

- - Excerpts

The hon. Gentleman makes a very powerful point which links with a point I was about to make. I have described the regulatory structure. There are differences between regulators throughout the western world, but the fact that they were all caught out shows that structure is secondary and that changes to structure alone will not prevent another crisis. We have all been affected despite those different structures, so one cannot attack regulatory structures or see them as a salvation. I regard such restructuring as simply rebuilding the Maginot line: it shows the public that we are doing something, that we are hard at work and that there is something concrete, but when it comes to effectiveness, it would suffer from the same deficiencies as the original Maginot line, so I do not think that structure matters.

If the banks, the bankers and their shareholders do not accept that they have to change their practices then what do we have? We have no regret from the banks and no acceptance that they played a part in events. Let us consider their behaviour over bonuses.