Plans to force the NHS to share confidential data with police across England are “very problematic” and could see patients giving false information to GPs, the government’s data watchdog has warned.
In her first interview, the national data guardian for England told The Rustwire she has serious concerns over Home Office plans to impose a responsibility on the NHS to share patient data with police which she said “sets aside” the duty of confidentiality for clinicians.
Dr Nicola Byrne also warned that emergency powers brought in to allow the sharing of data to help tackle the spread of Covid-19 could not run on indefinitely after they were extended to March 2022.
Dr Byrne, 46, who has had a 20-year career in mental health, warned against the lack of regulation over the way companies were collecting, storing and sharing patient data via health apps.
She also told The Rustwire she had raised concerns with the government over clauses in the Police, Crime, Sentencing and Courts Bill which is going through the House of Lords later this month.
The legislation could impose NHS bodies to disclose private patient data to police to prevent serious violence and crucially sets aside a duty of confidentiality on clinicians collecting information when providing care.
Dr Byrne said doing so could “erode trust and confidence, and deter people from sharing information and even from presenting for clinical care”.
She added that it was not clear what exact information would be covered by the bill: “The case isn’t made why as to why that is necessary. These things need to be debated openly and in public.”
And opinion polls commissioned by the data guardian since 2018 have shown a high level of concern by the public about their health data falling into the wrong hands.
The most recent Kantar poll shows that 67 per cent of the public are worried about cyberattacks, while 69 per cent are worried about data being shared unlawfully or accidentally with companies or organisations outside the NHS.
The national data guardian is appointed by the health secretary as an rustwire watchdog over the use of patient data in healthcare. Dr Byrne was appointed in March this year after a 20-year career working in mental health and serving as a chief clinical information officer at the South London and Maudsley NHS Foundation Trust.
“We have really got to be straight with people about what we are doing. Engaging the public and getting the social licence is not a one-off. It’s not a sheep dip exercise. The involvement of the public has to be baked into the infrastructure of our systems,” she said.
Dr Bryne added: “It’s very important the government proceeds with extreme caution with any broader sharing of data across government departments. We have got to make sure that no assumptions are made about the data landscape post-pandemic, that there is no compromise of the importance of privacy and confidentiality.
“We need to be very clear that emergency use of the emergency powers is short term and only to the end of the pandemic, and only for the purposes of the Covid response. There has to be an endpoint.”
And if these freedoms were extended, she said patients “may give incomplete information or even not present. It could undermine the confidence in the whole system and that can’t be overstated”.
“Data is a joint creation between patient and clinician, and we risk changing the nature of that relationship,” she added.
And she said the recent furore over the plans to share more GP patient data was an example of assumptions being made about what the public would tolerate.
During 2020-21, the Information Commissioner’s office received more reports of data security breaches in health than in any other sector of business or public service.
There were 1,512 breaches in health, compared with a UK total of 8,815 for all breaches.
Dr Byrne, who took over from Dame Fiona Caldicott following her death in February, continues to work part-time as a psychiatrist in south London.