Question to the Department of Health and Social Care:

To ask the Secretary of State for Health and Social Care, what steps he is taking to ensure that the Federated Data Platform protects the confidentiality of patient details outside of (a) clinical and (b) research requirements.

The Federated Data Platform (FDP) will not be the route to access data for research purposes. Secure access to NHS data for research purposes will be provided through the NHS Research Secure Data Environment Network.

The software will provide a very high standard of security due to the purpose-based access controls, limiting access to data to specific individuals for a specific purpose, coupled with new Privacy Enhancing Technology (NHS-PET), which will provide robust protection and a standard approach to support safe data access and use.

The NHS-PET will be procured from a different supplier to the supplier of the Federated Data Platform and the platform will not go live until the PET is fully in place.

The use of the data in the Federated Data Platform will always remain under the full control and protection of the NHS. Patient data cannot be accessed by the company that makes the software.

Primarily, the data will remain within the organisation where the patient receives their care, and there are strict access controls within the NHS to ensure that only those who need to see the data are able to.

All uses of data within federated data platforms must be ethical, for the public good, and comply with all existing law. This includes the UK General Data Protection Regulation, the

Data Protection Act 2018, and the Common Law Duty of Confidentiality. There is a robust Information Governance Framework in place to ensure this.