This site is intended for health professionals only

GP patient data ‘inappropriately’ shared with immigration officers, MPs find

The agreement between NHS Digital and the Home Office to share GP data for immigration purposes is ‘entirely inappropriate’, an influential group of MPs have declared.

The report, which follows a House of Commons Health Committee inquiry, said NHS Digital paid ‘little regard’ to ‘ethical implications’ of the 2017 Memorandum of Understanding.

The MPs’ findings were backed by GP leaders, who said the Home Office was ‘treating GP patient data like the Yellow Pages’ and urged NHS Digital to put a stop to the sharing of patient information.

This comes as Pulse revealed this week that immigration officers from the Home Office asked a GP practice to confirm a patient’s address, with LMC leaders urging practices to resist such requests.

Under the MoU, the Home Office is allowed to request data from NHS Digital for the purpose of tracing immigration offenders and vulnerable people who may be at risk.

But the health select committee’s inquiry, which took evidence from the BMA, GMC, the National Data Guardian, Public Health England and medical charity Doctors of the World, concluded that the MoU brings risks to patient confidentiality and public health.

The report said MPs had sought ‘a very much more convincing case for the continued operation of the MoU than had been presented so far’.

It added: ‘We regret that we did not hear such a case. Instead, we have been left with serious concerns about the ability of the chair and chief executive of NHS Digital to understand, and act in accordance with, NHS Digital’s role as a steward of health and social care data.

‘The leadership of NHS Digital has not been sufficiently robust in upholding the interests of patients or in maintaining the necessary degree of independence from Government.’

The committee said it also held ‘serious concerns about Government policy on the confidentiality of data collected for the purposes of health and social care’.

Following a review of NHS Digital’s ‘back office’ administrative work in 2016, the Department of Health agreed to review the NHS’s 2013 Code of Confidentiality to clarify what information is to be classed as confidential and to clarify the definition of a serious crime.

The health select committee’s report concluded ‘that NHS Digital should suspend its participation in the memorandum of understanding until the current review of the NHS Code of Confidentiality is complete’.

But the Government has previously rejected calls from the health select committee to suspend the MoU, with the argument that patients should have ‘a reasonable expectation’ that their non-clinical data is shared between departments.

Article continues below this sponsored advert

Commenting on the concluded inquiry, committee chair Dr Sarah Wollaston said: ‘There is a clear ethical principle that address data held for the purposes of health and care should only be shared for law enforcement purposes in the case of serious crime.

‘NHS Digital’s decision to routinely share information with the Home Office with a lower threshold is entirely inappropriate.’

Dr Wollaston, herself a former GP, added that this ‘calls into question NHS Digital’s ability to robustly act on behalf of patients in the event of other data sharing requests’, with the report expressing concern that patient data could be shared with other governmental departments in future.

Dr John Chisholm, a GP and the chair of the BMA medical ethics committee, said the MoU has ‘serious public health implications if people suffering from infectious conditions avoid seeking medical treatment’.

He said: ‘We have already seen the impact that the MoU is having on doctors working on the front line, with just this week a GP in London receiving a letter from the Home Office requesting information about a patient for immigration purposes.

‘This example of a doctor being asked to effectively act as an enforcer for the Home Office is wholly at odds with a doctor’s primary role to promote the best interests of their patients.’

RCGP chair Professor Helen Stokes-Lampard said: ‘The Home Office is displaying a blatant disregard for the trusted and vital GP-patient relationship, and its casual approach to confidential patient data risks alienating highly vulnerable patients.

‘It is treating GP patient data like the Yellow Pages, and we are calling on NHS Digital to take urgent measures to suspend the agreement that is allowing them to do so.

‘The scale of the examples we’re hearing about are becoming increasingly alarming – and if all are true, paint a terrible picture. We fully agree with the health select committee that any harm being inadvertently caused must be quantified, explicitly discussed and rigorously evaluated before any data sharing agreement can continue.’

But NHS Digital chief executive Sarah Wilkinson defended her position, saying: ‘We will consider the health select committee’s report carefully and will take into account any new evidence as it becomes available, but we have been through a rigorous process to assess the release of demographic data to the Home Office.

‘This has established that there is a legal basis for the release and has assured us that it is in the public interest to share limited demographic data in very specific circumstances.’

A Government spokesperson said the data that is shared under the MoU is ‘strictly controlled and only shared if there is a legal basis to do so’.

They added: ‘The Memorandum of Understanding simply formalises existing processes and does not involve additional data being provided to the Home Office.’