Public Services > Central Government

Health Select Committee takes on ministers over ‘serious concerns’ about NHS Digital’s data-sharing MoU

David Bicknell Published 15 April 2018

Health and Social Care Committee worries over NHS Digital’s ability to protect personal data in MoU with Home Office and DHSC regarding tracing of immigration offenders.


The House of Commons Health and Social Care Committee has said it has ‘serious concerns’ over NHS Digital’s ability to protect personal data after producing a report into a Memorandum of Understanding (MoU) on data-sharing between NHS Digital and the Home Office. 

In its report, the committee said confidentiality lies at the heart of good medical practice and patients share data, including their addresses, with clinicians in good faith that this will be held in strict confidence.

But, said the committee, there are serious concerns about the ability of NHS Digital’s leadership to act as the steward of this non clinical data. The committee’s report examines the MoU that exists between the Home Office, the Department of Health and Social Care and NHS Digital regarding the tracing of immigration offenders.

The committee said it is not satisfied that the chair, Noel Gordon, and chief executive, Sarah Wilkinson, of NHS Digital have been “sufficiently robust” in upholding the interests of patients, understanding the ethical principles underpinning confidentiality, or in maintaining the necessary degree of independence from government.

The report follows the committee taking evidence in January 2018 and subsequently writing to NHS Digital to request that it suspend its involvement in the MoU and undertake a more thorough review of the consequences and wider implications of sharing addresses with the Home Office for immigration tracing purposes.

However, the government rejected the request, leading to the chair and chief executive of NHS Digital being summoned to give further evidence to the committee. The committee said it regarded their response to the concerns raised during the session as “wholly unsatisfactory” with the committee again calling on NHS Digital to suspend the sharing of address data. The committee said it continues to have serious concerns about government policy on the confidentiality of address data collected for the purposes of health and social care and in particular the risk that data sharing without patients’ knowledge or consent could become more widespread.

The report repeats the conclusion of the January 29 letter that NHS Digital should suspend its participation in the MoU until the current review of the NHS Code of Confidentiality is complete. It said this should include proper consultation with all interested parties, and with the full involvement of experts in medical ethics.

The committee’s chair Dr Sarah Wollaston said, "There is a clear ethical principle that address data held for the purposes of health and care should only be shared for law enforcement purposes in the case of serious crime.

“NHS Digital's decision to routinely share information with the Home Office with a lower threshold is entirely inappropriate. This behaviour calls into question NHS Digital’s ability to robustly act on behalf of patients in the event of other data sharing requests including from other government departments in the future.”
She continued, “It is absolutely crucial that the public have confidence that those at the top of NHS Digital have both an understanding of the ethical principles underpinning confidentiality and the determination to act in the best interests of patients."

The committee said the review of the NHS Code of Confidentiality should consider and consult upon the statement of government policy on data-sharing which was contained in the Ministers’ [of both the Home Office and the Department of Health and Social Care] response to its letter of 29 January, and advise Ministers on whether it is an appropriate statement of policy on the sharing of data collected and held for the purposes of health and care.

The committee said, “We are deeply concerned that accepting the government’s stated position would lead to sharing non-clinical data such as addresses with other government departments. We believe that patients’ addresses, collected for the purposes of health and social care, should continue to be regarded as confidential “and only shared where this is in patients’ best interests or, in exceptional circumstances and only on a case by case basis, where a serious crime is under investigation.”

Responding to the Health and Social Care Select Committee's report, NHS Digital's chief executive, Sarah Wilkinson, said in a statement, "We will consider the Health Select Committee's report carefully and will take into account any new evidence as it becomes available, but we have been through a rigorous process to assess the release of demographic data to the Home Office. This has established that there is a legal basis for the release and has assured us that it is in the public interest to share limited demographic data in very specific circumstances."


We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.