Question to the Department of Health and Social Care:

To ask the Secretary of State for Health, what estimate he has made of the number of (a) NHS organisations, (b) academic institutions, (c) private sector organisations and (d) non-academic charities which hold databases containing (i) patient-identifiable and (ii) pseudonymised data; and if he will make a statement.

Any organisation wishing to receive identifiable or pseudonymised data from the Health and Social Care Information Service (HSCIC) requires a Data Sharing Agreement. This agreement outlines how the data can be handled, stored and used.

Since April 2014, the HSCIC has published quarterly registers detailing the instances where it has provided data under a data sharing agreement. The registers list each organisation, the type of data released, the legal basis for release and the purpose for which the data was provided. The quarterly registers can be found here:

http://www.hscic.gov.uk/dataregister

The HSCIC also published the Partridge Review, a review of data releases by its predecessor body, the NHS Information Centre, in June 2014. As part of this review a listing was released of recipients of data from April 2005 to March 2013. This release can be found here:

http://www.hscic.gov.uk/datareview

Data held by the HSCIC represents a small portion of patient identifiable data held by the wider system. For example, all providers of direct care will collect and hold patient identifiable or pseudonymised data in order to deliver their services. Academic institutions may also hold patient identifiable data that they have collected direct from patients with their consent. The HSCIC is not required to hold information about all instances of data sharing across the system and is therefore unable to comment.