Skip to main content

Health and Social Care (National Data Guardian) Bill

Volume 644: debated on Friday 6 July 2018

Bill, not amended in the Public Bill Committee, considered.

Third Reading

I beg to move, That the Bill be now read the Third time.

You will be pleased to learn, Mr Deputy Speaker, that with 266 days until we leave the European Union, I will not mention red lines or anything like that. But I congratulate my hon. Friend the Member for Lewes (Maria Caulfield) on navigating her Bill through this place. The Government have clearly been listening to her, because I understand that at Chequers today all the mobile phones have been confiscated.

It gives me great pleasure to promote this important Bill, and I am grateful for the cross-party support. I am keen to get through Third Reading as quickly as possible because there is another important Bill to follow, and hopefully there will be time for that debate.

The purpose of this Bill is to put on to a statutory footing the office of the National Data Guardian for Health and Social Care, and to promote the provision of advice and guidance on the processing of health and social care data in England. Many people have helped me in preparing the Bill, and I would like to thank some of them.

It would be wrong not to start with my hon. Friend the Member for Bury St Edmunds (Jo Churchill). She was one of the Bill’s original sponsors but, because she has been promoted into the Government, she can no longer speak on the Bill. It is due to her tenacity that the Bill is now being considered for the Third time. If she were able to say something, she might say something like this:

“The confidence that a statutory National Data Guardian brings, allows for more responsible and innovative uses of data to work towards cures for cancer and other conditions.

The Bill will empower the National Data Guardian to ensure that cancer researchers can take full advantage of the future possibilities of genomics and Artificial Intelligence, and whatever comes after genomics and AI, where every patient can have confidence that their data will be used in a way which is consensual, safe, and transparent.

For the vast majority of patients (98%) who are happy for their data to be used, it also helps them have confidence that not only can their data be used, but that it will be used, responsibly, for the purposes patients already expect.

It is important that this brief but important piece of legislation gives patients the confidence they need to engage with health data for not only their own care pathways but also giving them choice in sharing when they wish.”

I am grateful for all her efforts behind the scenes to get us to Third Reading.

I also thank the Secretary of State for Health and Social Care, who kindly wrote to me yesterday:

“Placing the National Data Guardian on a statutory footing is significant in increasing public trust in the appropriate and effective use of health and care data, in promoting challenge and building assurance across the health and care system, and enabling the system to access the data that it needs to run safely, effectively and efficiently.

I would like to once more confirm the Government’s commitment to the Bill.”

I am grateful to him for that letter.

The excellent Minister at the Dispatch Box, the Under-Secretary of State for Health and Social Care, my hon. Friend the Member for Thurrock (Jackie Doyle-Price), has been so helpful in the preparation of this Bill. She has put more work into this than she had to, and I really appreciate her help.

The National Data Guardian’s role is to help to make people safe and to give them confidence that their information is securely safeguarded. Dame Fiona Caldicott is the National Data Guardian. I do not know whether hon. Members have met her, but she is a formidable lady. There are Caldicott guardians in every hospital, and we are now putting her role on a statutory footing. Her help in preparing the Bill has been immense. I hope she will go on for many years but, when she does retire, there will be a new National Data Guardian—that will definitely happen.

The priority of the National Data Guardian is to build trust in the use of data across health and social care. The Data Guardian is guided by three main principles:

“encouraging clinicians and other members of care teams to share information to enable joined-up care, better diagnosis and treatment;

ensuring there are no surprises to the citizen about how their health and care data is being used and that they are given a choice about this; and

building a dialogue with the public about how we all wish information to be used, to include a range of voices including commercial companies providing drugs and services to the NHS, researchers discovering new connections that transform treatments, and those managing the services”.

I am also very grateful to Baroness Caroline Chisholm of Owlpen, who will be taking the Bill through the House of Lords, should it receive its Third Reading today. She will be known to many on the Conservative Benches, as we had to deal with her when she was head of candidates, so many of us here will appreciate her greatly. I also want to give particular thanks to the Labour Opposition and to the shadow Minister for all his support. I am in a difficult position, in that my Bill got its Second Reading after the Bill that would change the parliamentary constituencies. Every week at Prime Minister’s questions, the public think it is about party political point scoring and that we never work together. Of course that is not what happens; the vast majority of Bills that go through this House are improved by what the Opposition do, as is the case with my Bill. I particularly want to thank the Opposition for not blocking this Bill. I have to say that when the Speaker was in the Chair and this Bill, standing in my name, came up for its Second Reading, he paused for a very long time, expecting someone to object—presumably he thought it would be someone from our side. It would have been quite appropriate if the Labour Opposition had objected to my Bill if they had wanted to do so because it went ahead of their Bill, which had already got its Second Reading. I am therefore very grateful to the Opposition. I have chosen today for the Third Reading so that there are still opportunities for that Bill to proceed, if it is given its money resolution.

I do not want to take too much more time, because I understand the pressure we are under today, but I wish to mention a couple of things that were raised in Committee. I am grateful in particular to my hon. Friends the Members for Christchurch (Sir Christopher Chope) and for Shipley (Philip Davies), and the hon. Member for Rhondda (Chris Bryant) for their involvement in the Committee. I was brave to put those three on a Committee, but the hon. Member for Rhondda asked a particularly difficult question. The Minister answered it well, but, on reflection, I can now provide a bit more clarification. This Bill says that it extends to the territory of England and Wales, which it does, but it applies only to England. The logical question was, “Why on earth did it apply to England and Wales then?” In layman’s terms, the answer is simply that as a legal entity in Parliament England does not exist, and England and Wales are lumped together. We can have a Bill that extends to England and Wales; to England, Wales and Scotland; or to England, Wales, Scotland and Northern Ireland. That is the answer on this point, and this Bill applies only to England. On reflection, I recall that I am a fellow of the Institute of Chartered Accountants in England and Wales. I do not think I quite managed to get the answer across on that point in Committee.

The answer to that, of course, is that those places have devolution and it is up to them to make their decisions. Obviously, I believe that what we are doing in England is best practice and I am sure they will take note of it. At that point, I ought to conclude. I thank everyone for their help so far, and I hope we can make progress later on.

I congratulate the hon. Member for Wellingborough (Mr Bone) on his success in making progress on this Bill in pretty quick time—as he candidly said, quicker than some other private Members’ Bills, which may well be down to the Government’s view on the merits of particular Bills. As the hon. Gentleman said, there are other Bills that we would like to see make progress, but that is not to detract from the merits of this one.

As I said when we last debated the Bill, the Opposition welcome the decision to put the National Data Guardian for Health and Social Care on a statutory footing. As we know, the use of data has the potential to improve every aspect of the NHS, from transforming the way in which we diagnose illnesses such as cancer to improving the patient experience by ensuring that every clinician at every stage has the complete picture. We know from experience that the use of data in the NHS can be controversial at times, and patients sometimes raise concerns. Those concerns are not unfounded.

Official figures show that more than 100,000 patients were caught up in NHS data blunders in 2016-17. The number of serious data incidents has doubled in a year and they are now occurring at a frequency of one every three weeks. It emerged last year that NHS Shared Business Services had failed to deliver just under 709,000 letters from hospitals to GP surgeries, with the correspondence being left in an unknown warehouse. Such examples show the importance of an effective, modern data protection system with robust safeguards, which is central to securing public trust and confidence in the NHS.

The hon. Gentleman might or might not be aware, but in Cornwall we have a higher proportion of cases of glaucoma than any other place in the country, and we know no reason why. Does he agree that sharing information on that could help us to understand why some of these complex conditions occur? Does he also agree that when the Data Guardian is in place, they might be able to look at and break down the data to work out why some of these conditions exist?

The hon. Gentleman is absolutely right that there are many variations in conditions and, indeed, outcomes throughout the whole country. The importance of data in establishing patterns cannot be understated.

The British Heart Foundation recently said of the research environment that “too much” of its researchers’ time

“is taken up with unnecessary red tape and bureaucracy. The weight of this form-filling is slowing down vital discoveries”.

Does the hon. Gentleman share my hope that putting this role on a statutory footing will help to address such concerns?

Whenever we speak to anyone in the NHS, particularly GPs, they express concern about form filling, but it is important that due processes are followed and that there is a clear audit line. I am sure that the hon. Gentleman can have a word with the Minister about what practical steps can be taken to deal with some of the British Heart Foundation’s concerns.

We support the establishment of a statute-backed Data Guardian because it is one way to improve confidence in the way data is used. As I said in Committee, we are concerned that the Bill does not include an absolute obligation for data controllers to act on advice—only to have regard to it—and there appears to be no requirement for organisations to state proactively how they have dealt with such advice. Responses to question 5 of the Government’s consultation were overwhelmingly supportive of such a provision. In that question, the Government proposed that

“organisations holding health and care data which could be used to identify individuals should be required to publish all materials demonstrating how they have responded to advice from the National Data Guardian.”

In their response to the consultation, the Government said:

“Responses were supportive of the proposal that the national data guardian should be given formal advice giving powers.”

That would certainly provide reassurances that the National Data Guardian will have real authority and act as an independent voice for patients. Without statutory backing, it is foreseeable that the National Data Guardian’s authority and independence could be undermined. Without a requirement for organisations that receive advice to provide evidence of their response, it could be difficult to be sure that the National Data Guardian is effective in doing the important job required by the Bill.

I am sure that Members will recognise that the requirement for a body to have regard to advice does not always mean that the body acts on that advice. We know that how clinical commissioning groups interpret the guidance of the National Institute for Health and Care Excellence leads to some variations in the way in which treatments are dispensed and that advice does seem to be ignored with impunity by CCGs.

I know that the hon. Member for Wellingborough does not see the need for additional powers to be handed to the guardian and does not want to see effectively a regulator, which is the road that my proposals may be taking us down, but it is important that, when the Minister responds, she gives us some indication as to what yardstick she proposes will be used to ensure that the concerns that I have set out will be effectively judged by the guardian.

In conclusion, although I have set out some concerns, we are not intending to oppose the Bill as it is currently drafted today.

It is a pleasure to be called so early in this debate to speak on the Bill. I particularly wanted to do so to give it my fulsome support, but also because I had the pleasure—and it was a pleasure—to serve on the Bill Committee for the Data Protection Act 2018. We had 10 sittings over five days, and fascinating it was, too. What came out of that Committee was a much improved Bill, or Act as it now is. What my hon. Friend the Member for Wellingborough (Mr Bone) does with this very important Bill is to create a vital adjunct to that Act. This is designed to work hand in glove with the Data Protection Act and the two will work together, which is why I am delighted to be able to make a contribution here.

I want to echo what was said in congratulating not only my hon. Friend on this Bill, but the mother of the Bill in its previous form, my hon. Friend the Member for Bury St Edmunds (Jo Churchill), who, now that she is my Whip, I am bound to say is an extraordinarily wise Member of this House. If nothing else, this Bill should be known as one that she has helped in its genesis.

Apart from the procedural reasons that my hon. Friend the Member for Wellingborough cited for why we are bringing this Bill to the House today, there is also another reason why it is extraordinarily appropriate, which is that today is, of course, the 70th anniversary of the national health service. It is absolutely right that we take a moment to remember that and to thank all of those who work so hard in it. How appropriate it is that we hope to progress this Bill today on this auspicious anniversary, because it will have a very significant role to play in the future of our national health service.

The Bill seeks to ensure that particular care is taken in the health and social care system when it comes to the holding of private data. It is something about which, rightly, there is huge public concern. Here is why. That sort of data and the technology on which it relies will have a massive role to play in our healthcare system. Technology will revolutionise the way in which we provide health and social care services in our communities. I have to say, on a personal note, that it is of particular benefit to rural areas such as North Devon, where we have particular geographic challenges. Quite simply, many people have to make long journeys to physically access the sort of healthcare provision that they have a right to expect in the 21st century. What this sort of technology does—the Bill goes a long way to protect people’s data as part of that—is, in effect, to put a doctor in the palm of someone’s hand through smartphone technology. It is slightly odd that we have just had a debate about the evils of smartphones in one aspect of our social policy thinking, as now we are debating an area where smartphones are having a definite and precise benefit.

There is something more precise though, and that is artificial intelligence and the way it is used to improve healthcare provision. AI has the capacity to provide bespoke treatment for individuals who are suffering from cancer, for example. Scientists at the University of Stanford have done a remarkable trial that has shown that artificial intelligence is extraordinarily accurate in identifying skin cancer, for instance. We are reaching a point where it is no longer necessary for a doctor, nurse or medical professional physically to examine a patient: there is now artificial intelligence that is able to do that remotely. I understand from the research that has been done that it has a very high degree of accuracy in identifying skin cancer. This sort of technology could help to improve healthcare dramatically. Not only can artificial intelligence identify cancer, but developers are currently working on utilising it to help with treatment as well. It can assess factors such as the patient’s genetic history and lifestyle choices, for instance, to identify the most effective course of treatment. In fact, the Government intend to use AI to prevent more than 20,000 cancer-related deaths by 2023, but its long-term potential is much greater than that.

However—this is the crux of the matter—for these sorts of innovations to work and for us to be able to embrace this sort of technology securely and safely, and with peace of mind for the general public, a great deal of very personal information will need to be securely processed and stored while ensuring that it cannot be misused. That is what causes a great deal of concern among the public. If we want to ensure that individuals are going to take full advantage of these new technological breakthroughs that allow such improvements in healthcare, we have to be able to provide them with the absolute, copper-bottomed assurance that, when they provide the data that allows this sort of technology to intervene in their healthcare, they can be absolutely sure that they have confidence in the system of data storage, and confidence in the way in which their data will be processed, used and protected. We must achieve this through the instigation of a system that ensures the minimum possible data breaches, with robust guidance on good practice and established procedures to minimise damage. This Bill, working in partnership with the Data Protection Act, will go a long way towards achieving that.

The main purpose of the Bill is to establish the National Data Guardian for Health and Social Care to promote the provision of advice and guidance about the processing of data. Specifically, and really importantly, the Bill establishes the National Data Guardian as a statutory office holder. We have such an official at the moment, as my hon. Friend the Member for Wellingborough said, but the Bill puts the post on a statutory footing.

That is important for two reasons. First, it gives the public absolute confidence in the system, because there is no higher degree of official backing for what the National Data Guardian is and does than to have it on a statutory footing as passed by this place. Secondly, it maximises the post holder’s accountability to this place. I am pleased that there is provision not only for a regular review of the work of the National Data Guardian but a suggestion that she—at the moment, it is a she—should produce an annual report and is accountable for reporting that review to this House. That is why it is absolutely vital that those provisions are in the Bill, and I am extremely glad that they are.

Does my hon. Friend hope that the Data Guardian will focus primarily on ensuring that data is being appropriately used? Does he share my hope that she will go further and seek to actively promote data sharing for use particularly in research applications?

I hope for both. It is really important that we do not rest on our laurels and simply say that the powers currently held by the guardian are sufficient. She must be given the right to look forward to ensure that in future, as technology changes and advances—as it inevitably will—she is able to encourage other stakeholders, lawfully and in a secure way, to ensure that the data that is provided by NHS patients is used by the many organisations that would need to share it in a secure and safe way.

In my view, one of two things was going to happen after the Cambridge Analytica scandal: either individuals would be in charge of their own personal data or, as the Government have rightly done, we would have a national database that is under one person’s ownership and guardianship. As my hon. Friend the Member for Croydon South (Chris Philp) said, that information can then be used to promote and encourage technological innovation to help people with some of these conditions. Does my hon. Friend agree that, in rural areas such as his and mine, that would be hugely beneficial?

That is absolutely the case. I touched on why the new technology that will be used for healthcare provision is so important, particularly in rural areas such as ours, in North Cornwall and North Devon. We need to ensure that everybody is sure that their data is securely held, processed and used. In areas where these healthcare technology advances would be particularly beneficial, such as my hon. Friend’s constituency and mine, people must not be prohibited or inhibited from giving the necessary data simply because they are not sure how secure it will be. Such a situation might mean that they do not get the healthcare treatment using this new technology that they can specifically benefit from due to the geographic challenges we have discussed in our areas.

Although the role of the National Data Guardian for Health and Social Care was established in November 2014, it was always the intention that it be put on a statutory footing, which is why I am so pleased that we have reached this stage. That was also, I am bound to say, a commitment in the Conservative party’s 2017 manifesto, on which this Government were elected. I am really pleased that here we are, a year on—a relatively short space of time in the proceedings of this place—only a short step away, I hope, from enacting that manifesto commitment.

The Bill has cross-party support. As my hon. Friend the Member for Wellingborough said, all the Opposition parties have shown their full support for the Bill, which is really important. Devolution was mentioned in an earlier intervention. It is right that the Welsh Assembly and the Scottish Government look closely at adopting a similar position, and they have, if I might say so, the perfect blueprint for doing so thanks to the hard work of my hon. Friend the Member for Wellingborough and, before him, my hon. Friend the Member for Bury St Edmunds.

We have here the solution to a potential challenge. If we get this right, it could revolutionise the way we are able to treat people in our health and social care system in the future. Data and privacy are without a doubt two of the big issues of our age. If we get this right, the potential to improve services and patient outcomes is huge. The Bill is a very important step forward in doing that. I wholeheartedly support it.

It is a pleasure to speak in support of this extremely important private Member’s Bill. To pick up where my hon. Friend the Member for North Devon (Peter Heaton-Jones) left off, data—data ownership and storage—is one of the big questions that society and this House will have to grapple with in the decades to come. I have noticed when talking to younger constituents how increasingly aware they are of where their data on social media goes and, most importantly, who the owner of that data is. Does the owner remain the subject of that data, or does ownership transfer to whoever is holding it? These are important conceptual issues that I am sure the House will have to continue to grapple with in the years ahead, and I am pleased that my hon. Friend the Member for Wellingborough (Mr Bone) has contributed to us moving in this direction.

I first had to come to terms with issues around personal data when I went into public policy research about 10 years ago. Two things became immediately clear. First, although the Government were collecting a lot of data on individuals, the way that they felt obliged to keep that data meant that they were extraordinarily bad at joining it together. We had very good information on children, for example, but rather lousy information on families. Building that context around an individual is absolutely vital if we are to build a decent series of research questions and answers that allow us to interrogate the causes of particular problems, or to see what positive influences in somebody’s life might have led them to avoid certain problems.

On a professional level, although the Bill does not deal with children’s data—children’s safeguarding is covered by different legislation—when I worked on child protection I saw powerfully the consequences of poor data sharing and safeguarding services. I read a large number of serious cases reviews that were published in the event of a child being killed or suffering serious harm, and time after time the findings of those serious case reviews were that agencies had failed to share data at key moments. Time and again, recommendations were made that better information sharing procedures should be created. We had a series of organisations which, albeit with the best intentions, were in effect working in silos, and by not working together they were missing opportunities to protect children, and in some cases to save their lives. That reluctance to share data was not laziness or professional neglect; it was often because agencies were scared of the potential legal consequences of sharing private information with other professional bodies.

The hon. Gentleman is making a good point. Over the past two or three years we have had this problem of child abuse and so on. One thing that struck me is the fact that agencies do not co-operate with one another or share information in the way they should. As a result, something that could be prevented is not prevented. Does the hon. Gentleman agree?

I absolutely agree, and I am grateful to the hon. Gentleman for that important intervention. If we create a framework that helps agencies to share information about vulnerable individuals safely, that enables those agencies to become greater than the sum of their parts, and to combine and enhance their professional interrogations, so that they can join the dots and create a true picture of what is happening in someone’s life.

As I saw earlier in my career, however, if done incorrectly such an approach can be taken to dangerous lengths. In about 2008-09, the Government proposed to create a service for children called ContactPoint. The programme was well intentioned, and it intended to bring together all the information on all children in one single place. However, it would have given access to that information to around 350,000 professionals nationwide, and civil rights campaigners immediately became concerned that that would effectively put all information about all children into the public domain, that it would not take long for that information to be out in the public space, and that once there, the process would be irreversible.

Today we are seeing exactly the right civilised and sophisticated approach to data handling. As I understand it, the National Data Guardian will work with professional bodies to ensure that they understand what they can do. She will be in a position to work with the public and ensure that they understand how their data is shared, and how it might be shared in future in order to improve services. Like my hon. Friend the Member for Wellingborough, I believe that the National Data Guardian will ultimately help people to choose whether they want their data involved in this sort of analysis.

I draw the House’s attention to a very significant initiative taking place in New Zealand. Using this sort of sophisticated data handling arrangement, the New Zealand Government have built the Integrated Data Infrastructure, which brings together pretty much all public, and some private, data held on individuals. It combines it by creating unique identifying numbers for each individual, taking out their names so that all records become anonymous, and then matching the data. This is done in a way that prevents track-back to the individual, while allowing large amounts of interconnected and complex data to be analysed by researchers, so that they can better understand the causes of social complex problems and how it is that some individuals with similar characteristics do not suffer from the dangerous long-term outcomes that some of their peers do.

This is groundbreaking stuff. The fact that the New Zealand Government have managed to do it in such a way as to take the public with them to create a world-class research resource gives us all hope that it can be done. When I talked to the people who lead the project in Wellington, I asked them how they got over the public’s concerns. They said that when they first took it to public consultation a lot of the public said that they rather assumed their data was being used for decent purposes already and found it very strange that their private data was not being used anonymously to solve the big health questions and social problems of the day. Yes, they wanted guarantees that their private information would not end up in the public sphere, but they said, “For goodness’ sake, get on with it.” I think there is a very important lesson for us all in that.

I very much hope the Minister will take a moment or two in her remarks to reflect on how the National Data Guardian may be able to help us in our jobs as MPs. As Members, we often have to handle sensitive information, and we are often responsible for the exchange of sensitive information. I therefore believe the National Data Guardian will perform a service to this House in due course. I am absolutely delighted to support the Bill.

It is a pleasure to follow my hon. Friend the Member for Brentwood and Ongar (Alex Burghart). He makes the very important point that if people do not trust the way in which we keep data, they simply will not share it with the people who need it to keep them safe. The Bill is a great way to celebrate the 70th birthday of the NHS. It will be really valuable in protecting patient data in the NHS and will contribute to improving the trust that will enable people to be treated in a more efficient and effective way. Data protection may not be a sexy topic, but it is critically important, as is data sharing, of course.

We have had a data guardian in the NHS since 2014. My hon. Friend the Member for Wellingborough (Mr Bone) described Dame Fiona as a formidable character. I have known her well for some years now. She chairs the Oxford University Hospitals NHS Foundation Trust, with which I have a loving but strained relationship over the future of Horton General Hospital. She will be retiring next year. I do, therefore, have considerable experience of her at work and I know she is extremely exacting. She takes all of her various roles very, very seriously. There could not be a better person to help increase public trust in the way their data is shared. She is as keen as the rest of us for her position to be on a statutory footing. I know the Government want to be able to use data more intelligently in the future. In fact, that is essential if the NHS is going to be fit to serve us for the next 70 years.

I have various local examples of data sharing not going as well as it should. One problem we find in Oxfordshire is that we are close to the boundaries of many other counties, not least Northamptonshire, which my hon. Friend the Member for Wellingborough has the pleasure to represent. I alluded earlier to the difficulties we have had locally with the—we very much hope—temporary closure of the maternity unit at the Horton General Hospital, where I and many of my constituents were born, and where we hope many more will be in future.

The unit closed temporarily last summer. This means that most Banbury babies are now born at Warwick Hospital, with some being born at the OUHFT, which Dame Fiona chairs. The mothers of the babies who are born at Warwick experience very real difficulties with the data sharing between Banbury and Warwick. All prenatal appointments are supposed to take place in Banbury, but because the two systems do not seem to communicate properly, it transpires that most of my constituents now have to travel to Warwick for those appointments. However, if they choose to have their babies in the John Radcliffe Hospital at the moment, it is part of the same hospital trust so the communication is easier and that seems to work relatively well.

I turn to care at the other end of life and our award-winning neck of femur service as my second example. The average age of patients treated there is about 85, so it is very much the other end of the age spectrum from maternity. The difficulty in this instance is communication between the hospital and adult social care. The service is fantastic—it was first in the country last year for neck of femur. It specialises in providing a pathway in which patients are greeted at the hospital, put on a special mattress, X-rayed in a special way and treated in a special way. The aim is to get these elderly people out of hospital as quickly as possible with the right care package at the other end.

When I was talking to the very effective nurse—we should be so proud of these nurses—who runs the ward where most of the patients spend most of their time in hospital, she said that when she looks at the postcodes as the patients come on to her ward, her heart sinks if they live in Northamptonshire. As my hon. Friend knows, Northamptonshire is a truly wonderful place and bits of it are very close to Banbury—in fact, my parents live in Northamptonshire, just up the road from Banbury—so it is obvious that many Northamptonshire postcode patients will be treated in the Horton General. The difficulty is that when they come in, the communication with adult social care services is not nearly as good. We have an Oxfordshire person in that unit all day every day, working to move these patients on and get them out as soon as possible, which we know is in their best interests in health terms, but we do not have such links with Northamptonshire. The nurse who runs the unit told me recently that she can get Oxfordshire patients through in as little as four days—with them having had a really major operation—whereas Northamptonshire patients can take as long as 20 days. It is such a shame, and that is why this data sharing is so important to people’s actual health outcomes.

I know that my hon. Friend the Member for Bury St Edmunds (Jo Churchill) feels strongly about GP data and the ways in which GPs communicate with hospitals. That was what led her to drive forward this reform when she came into Parliament. GPs talk to me an awful lot about the way that they keep data. I had an email today from one of the practice managers of a GP surgery in Bicester, who told me that an unintended consequence of general data protection regulation was that whereas he used to be able to charge £50 for solicitors’ photocopying, he cannot do so now under GDPR so the practice is losing out. I will write to Ministers separately about that—[Interruption.] The Minister sighs weakly—she hears an awful lot from me, largely about the Horton General Hospital.

In short, as I do not wish to detain the Minister any further, I am proud to have been able to speak in support of the Bill. It is an important reform that will provide some level of trust among the public at a time when people are more cautious about sharing their data, but when it is ever more important that we use their data effectively.

It is a great pleasure to follow my hon. Friend the Member for Banbury (Victoria Prentis). I congratulate my hon. Friend the Member for Wellingborough (Mr Bone) on all his hard work taking the Bill through the House, and I commend him for steering it through Committee without amendment, which I think reflects the importance that the whole House places on this topic.

As my hon. Friend the Member for Wellingborough has said, the National Data Guardian, Dame Fiona Caldicott, has already done much work to promote good practice in handling medical data, and I am sure that putting her role on a statutory footing will enhance that further. I join my hon. Friend the Member for Banbury and others in paying tribute to Dame Fiona, who has played an excellent role and been a strong voice for patients as our first National Data Guardian.

I am particularly pleased to speak in the debate because of my long-standing interest in the fourth industrial revolution, and because of the report I recently released, supported by my right hon. Friend the Secretary of State for Health and Social Care, on how we can better use technology and data to improve the NHS’s performance. This week, as we celebrate the 70th anniversary of the NHS, there is no better time not only to look back at its successes, but to look forward and consider how we can safeguard its future through the use of good data.

The NHS has been a long-standing user of good data, even since its infancy. In the 1950s it was data from 20 London hospitals that first proved the link between smoking and lung cancer, which has certainly saved many lives in the years since. Fast-forward to 2018, and the potential for using medical data to improve lives has certainly grown exponentially.

Despite the clear and unquestionable potential of the fourth industrial revolution, and the new technologies associated with it, many members of the public remain sceptical about its benefits. They, like me, have seen a number of attempts to digitise health services fail, from the national programme of IT under the previous Labour Government to the WannaCry hack last year. There is still much work to do to win over a sceptical public. That is why my argument, and my support for the Bill, is clear. I believe that shared data saves lives, and I believe that the National Data Guardian has an important role to play in spreading that message.

One of the principles of the National Data Guardian is the need to build a dialogue with the public about how we all want information about us to be used. Although the NHS is rightly introducing a wide range of digital services, I have no doubt that the service most coveted by patients and our constituents, especially those in the smartphone generation, is the long-awaited NHS smartphone app. Anyone who has used NHS digital services will know that a wide variety of options are available to patients.

One of the key recommendations of my report was that the NHS should introduce a one-stop shop, with an overarching app that would allow patients across the whole of England to book appointments, order repeat prescriptions, control access to data and seek advice on medical problems. The app would operate 24/7 so that patients could access the NHS at their fingertips, from the comfort of their sofa or their place of work.

My long-term vision is for a smart NHS that personalises medicine and treatment, and provides advice in one integrated place. That is why I was delighted that the Secretary of State recently announced that he will be taking forward plans to build this new NHS app, to ensure that the smartphone generation have access to healthcare at their fingertips. As the Secretary of State, the Minister and their colleagues at the Department of Health and Social Care begin the work of designing and implementing the app, I think that the National Data Guardian can play an important role in shaping its future. She should call for full integration of the app with paperless records to ensure that digitisation takes place across the whole NHS. Only by ensuring that the app is available to everybody can the NHS reach its full potential, delivering all the services envisioned in my report.

In conclusion, the healthcare of tomorrow will be powered by artificial intelligence, big data, automation and increasing digital connectivity. That is why the NHS must be a global leader in this field. At the same time, we must ensure that informed consent is not put at risk, and that the patient voice is kept at the heart of all treatment. Key to that is the role of the National Data Guardian, which is why I am very keen to see her role placed on a statutory footing. I am therefore delighted to support the Bill.

It is always a great pleasure to follow my hon. Friend the Member for Havant (Alan Mak), who speaks with great authority about technology, which is really what the Bill is all about. I pay tribute not only to my hon. Friend the Member for Bury St Edmunds (Jo Churchill), but to my constituency neighbour and hon. Friend the Member for Wellingborough (Mr Bone). He has done many things in this House over the years, but I think it fair to say that this is probably the first time he has managed to take a Bill to Third Reading, so today is a historic moment in his parliamentary career.

One of the things of which my hon. Friend can be particularly proud is the fact that his Bill has managed to unite so many different charities in its support: the Academy of Medical Sciences, Arthritis Research UK, the Association of Medical Research Charities, Asthma UK, the British Heart Foundation, Cancer Research UK, Genetic Alliance UK, Macmillan Cancer Support, MQ, the Richmond Group of Charities, and Wellcome. That is an eclectic mix of health charities, which I think speaks volumes about the way in which the Bill is perceived by the charitable sector and the difference that the sector believes it will make.

I see the Bill as a big step forward, but I also see it as very much a tidying-up measure that puts on a statutory footing something that is, in large part, already happening. This whole approach makes eminent sense to me, not least because the effective use of health and care data and information has the potential to contribute significantly to improved outcomes for individuals and service users.

That can happen in many different ways. For example, sharing an individual’s health and care data between all the providers involved in that individual’s care will ensure that the best possible care package can be delivered. Too many people with serious conditions such as dementia have to tell the same story to multiple people and services involved in their care. Effective and appropriate data sharing could eliminate an unnecessary burden which causes distress not just to the individual concerned but to their loved ones—their friends and families. That, I think, is a welcome step forward in its own right, but it is also the case that researchers will have much better access to appropriate data, which is crucial to the development of new medicines and treatments.

If commissioners have access to the data that they need to make decisions about the best use of their resources locally and nationally, services can be provided and located where they are most needed. The impact of available funds can also be maximised and budgets fully optimised. I do not think anyone could possibly object to that.

The Bill also presents a real opportunity for us to achieve something about which my local clinical commissioning groups, Nene and Corby, talk to me all the time—better integration between health and social care services—which is very welcome in itself. That, I think, is where our direction of travel should be if we are to improve patient care.

I hope that the Bill will also help with the prevention agenda, in which the use of technology is clearly paramount. Like many other people out there, I am the proud owner of a Fitbit, which has made me think much more carefully about some of the decisions that I make from day to day in relation to my health and wellbeing. I now think about being physical, getting active, being out there, and doing the right thing to take care of my own health. Any measure that places a greater onus on individuals to take responsibility for their health and care needs can only be a good thing. It means putting the patient in control, while at the same time providing suitable protections to ensure that people’s data is handled sensitively and with care.

The Bill is timely as well. I think that all Members recognise the significance of the excellent care that the NHS provides for all our constituents day in, day out, and I pay tribute to the remarkable NHS staff in Corby and East Northamptonshire, who work tirelessly to make people better and meet their health needs. I commend that quality of care. Sometimes Members of Parliament only hear about things that have gone wrong, but the vast majority of care that we see in the health service is excellent. One of the things that often frustrates me in this place is how often we debate the issue of money. Obviously money is important—it is vital that we ensure that the health service has the financial resources that it needs in order to provide the care that people require—but I think we should focus more on outcomes. It is outcomes that really matter, not necessarily monetary value.

I believe that it is in the greater use of technology and the integration of health and social care that the future of healthcare lies. Of course we must ensure that the health service has the resources that it needs, but we should make the most of technology, maximising the opportunities that it presents to improve patient care. I think that in the next 70 years, that will be one of the big focuses in the NHS.

I am conscious of time so will be brief.

I welcome this Bill’s Third Reading and congratulate my hon. Friend the Member for Wellingborough (Mr Bone) on getting it this far—and, indeed, it is just the first of his private Member’s Bills on the Order Paper today. I pay tribute to my hon. Friend the Member for Bury St Edmunds (Jo Churchill) too; she has also played a huge role. I get to talk to her quite a lot in her current role, although, sadly, because of that post she cannot say anything about this Bill today.

I hope the Minister in her closing remarks will reflect a bit on how she sees the guardian being used as a champion of patients and of ensuring that their data are protected: given that this Bill covers some of the most sensitive data people have—their healthcare data—how we can make sure we get the benefits such new technologies offer to be able to analyse and find trends and patterns of disease we might never have found before; and how patients can be reassured that someone is acting as their advocate and champion in ensuring those data are used only for reasonable purposes, which we all want. It is right that we are looking to pass this law to enshrine such a role in statute; being the guardian of data, particularly across the NHS, is a key role, and I hope this Bill receives its Third Reading.

I took on board the explanation by the Bill’s promoter of why it says it covers England and Wales, even though it will cover only England, but I hope a relationship can be developed with the devolved health systems so that the data sharing benefits the entire UK. Given the time, however, and the fact that the Minister will wish to respond to the debate and other Members wish to speak, I will conclude by saying that I fully support the Bill.

As many Members have said, this is the 70th anniversary week of the NHS, and there is no better time to talk about this Bill. I will focus in my brief speech on three areas.

The first is that personal medical data about ourselves and our families is, to many of us, the most important thing we have. It is personal and emotional information, which if stolen would be incredibly valuable to criminals or nefarious organisations that may wish to use it for their own purposes. It is therefore critically important that by establishing this post in statute we strengthen the security of that personal information and data that we all cherish so much.

Connected with that is the question of trust: trust from our constituents—the people of this country—that their data will be handled securely in a world where online crime and other dangers to that data are proliferating far beyond what we could have imagined 10, 15 or 20 years ago. Establishing the post in statute will significantly improve the trust individuals have in the system and in the protection of their own personal data.

Finally, there is the question of accountability. One of the difficult aspects of being a Member of Parliament is that we are often called to account for things we do not control, or indeed the Government do not control. This Bill sets out the accountability of the individual responsible for safeguarding individuals’ data. That accountability helps contribute to trust, and what better way to achieve that than by establishing the post in statute?

We heard from my hon. Friend the Member for Havant (Alan Mak) about the importance of technology in the NHS, and indeed in the world, today. The NHS’s data source—aided not just by the people of this country and their various ailments but by the structure of the NHS—is an incredibly valuable resource for improving the lives of people in this country, because of what we can do with that data in the context of technology. The Bill will help to strengthen that position.

It is a great honour to speak in the debate on this Bill. There are three things that I would like to say, and I shall say them very briefly as I know that others wish to speak. First, I am grateful to my hon. Friend the Member for Banbury (Victoria Prentis), who is not in her place at the moment. Many of the issues that are relevant to the north of my constituency are the same as the ones that she has raised. Her comments on the transfer of data between the Horton, Chipping Norton and Warwick hospitals apply to me as much as they do her, so I will not repeat them. I will simply associate myself with her comments.

Secondly, I want to pay tribute to the hard work of all the NHS staff in the Witney and West Oxfordshire constituency, particularly at the community hospitals at Witney and Chipping Norton and at the GP surgeries. It is extraordinary that, in this day and age, they are unable to share their data freely, that people therefore have to repeat their stories to different practitioners and that those practitioners cannot see all the relevant medical records quickly and easily online, as they should be able to. We should enable that to happen as soon as possible.

Thirdly, technology has a huge role to play in ensuring that we wring every last penny out of the NHS budget. As my hon. Friend the Member for Havant (Alan Mak) rightly said, we should be getting to a place where people can have an app that enables them to look at their records, book appointments and hold consultations over the internet using their phones. That will help to save their time and spread the budget as well as we can to ensure that we get best value. It will also help us to make the best use of the hard-working staff who do so much in our NHS.

I thank all hon. Members who have contributed to the debate today. I particularly want to thank my hon. Friend the Member for Wellingborough (Mr Bone). I cannot believe that this is the first private Member’s Bill that he has taken through to Third Reading, as he has had so many. I am delighted to have collaborated with him on achieving this. It is quite an achievement. He was typically generous about me in his comments, which was completely undeserved. He was quite right when he said that thanks need to go to my hon. Friend the Member for Bury St Edmunds (Jo Churchill), who was the inspiration behind the Bill.

I want briefly to set out why the Government view the Bill as an important measure and why we are keen to see it progress and to put the National Data Guardian on to a statutory footing. The Government are committed to ensuring that the health and adult social care system in England realises the full benefits of sharing health and care data in a safe, secure and legal way. We have talked a lot today about the benefits of such data sharing. However, if data and information are to be used effectively to support better health and care outcomes, it is essential that the public have trust and confidence that safeguards are in place to protect the data from inappropriate use. That is the ethos behind the establishment of the National Data Guardian. The guardian will be an independent, authoritative voice for individuals on how their data should be used. At the heart of this is the relationship between health providers and individuals, and we need to maintain an appropriate balance between safeguarding and privacy as well as underlining the serious principle of informed consent by patients.

I should like to clarify the scope of the legislation. The National Data Guardian’s remit covers all health and adult social care data, which is defined in the Bill as essentially the same as “patient information” under section 251 of the National Health Service Act 2006. That basically enables the National Data Guardian to influence anything that impacts on the processing of health and adult social care data held by all the organisations listed in the Bill. This will enable the promotion of good challenge and the building of assurance across the health care system, as well as enabling the system to access the data it needs in order to run safely, effectively and efficiently.

I cannot emphasise enough the fact that the voice of the patient and the service user is really the paramount principle under which the National Data Guardian will operate, notwithstanding the fact that she will be working through the use of guidance to providers. It is basically taking the position of what is in the best interests of the patient. In so doing, we hope that the guidance she issues will establish confidence on the part of the public that their data is being used effectively.

Much has already been said today about the role of Dame Fiona Caldicott, who is the first National Data Guardian. She has been described as phenomenal, energetic and influential, but I wish to take this opportunity to recognise the enormous contribution she has made. I am sure she will take full advantage of the statutory powers that will follow once the Bill reaches the statute book.

I am delighted to have the support of the Opposition on the Bill, because the use of data sharing is essential to secure the best possible health treatment for all patients. The hon. Member for Ellesmere Port and Neston (Justin Madders) expressed the desire that the National Data Guardian should have real teeth. I emphasise again that she will act in the interests of patients, and that will mean challenging providers. As we all know, some providers are instinctively cautious and defensive about data sharing, and the real challenge is that patients are sure, thanks to the National Data Guardian’s advocacy, that it is the right thing to do. Nor should there be any escape for health professionals and providers.

The National Data Guardian will, as the hon. Gentleman said, use her powers by issuing guidance, and the clear expectation is that everyone will abide by that guidance. We see the aim as one of changing organisational behaviour rather than having rules. The fact that the National Data Guardian will produce an annual report on how she is discharging her obligations, and how the health sector is reacting, will be a powerful tool. We often find that transparency can be much more effective than rules, regulations and laws. Once behaviour that is not delivering the outcomes that we intend through legislation is highlighted, the public embarrassment will be more effective than many of the tools that we have at our disposal. It is heartening to see the interest in the Bill in the Chamber, and we have heard some individual examples of poor practice. I am sure we will have plenty if anyone does not abide by Dame Fiona’s advice.

We expect the National Data Guardian to use her annual report to implement further guidance. We fully expect that the duty for adult health and social care organisations and providers to have regard to that guidance will also be taken into account by the Care Quality Commission and the Information Commissioner’s Office, so it is not just the Government and the National Data Guardian that can hold them to account. We expect a serious change in behaviour in the future.

The National Data Guardian will look at her own operating approaches to see what more can be done to ensure that the role has teeth. That is also part of the reason for putting the role on a statutory footing. The fact that her advice will have legal clout will give it more teeth. She will have day-to-day communication mechanisms at her disposal to highlight areas of good and poor practice, and the statutory duty to consult people she considers appropriate before publishing guidance. That will fuel an important debate about behaviour in this area.

Other issues that have arisen in the debate today and in Committee include concerns as to why children’s social care data is not covered by the Bill. I would like to explain the reasoning behind that and why it is not a weakness in the Bill. Data relating to children’s social care has its own safeguards and protections, which operate under a different legal framework from adult health and social care. Those safeguards and protections are governed by their own statutory guidance, and we would not want to include anything that conflicts with established guidelines.

The context and imperative for using and sharing data to safeguard children is also different, and the most important consideration is whether sharing information is likely to safeguard and protect a child. That is an important point, because with children safeguarding trumps privacy and personal ownership.

Rather than extending the National Data Guardian’s role to cover children’s social care data, action should remain targeted elsewhere on improving timely and proportionate information sharing to keep children safe. Officials in the Department for Education and the Department of Health and Social Care have reached a sensible interpretation of the Bill, which would not preclude the National Data Guardian from engaging constructively with the Department for Education on adult social care data and its interaction with children’s social care data. There has been an exchange of letters between the Departments to formalise that agreement. On safeguarding children, the powers in the Children and Social Work Act 2017 are the mechanism for the Departments to act and to share information.

We worked across Government to amend the Data Protection Act 2018 to introduce safeguarding as a condition by which information can be shared without consent to keep children safe. We will continue to work with local authorities to consider and monitor the impact of the National Data Guardian in this space, where it is appropriate to work outside the remit of the statutory powers set out in the Act in a way that is consistent with the law and regulations as they currently apply to sharing data on children. We will keep a watching brief on that but, at this stage, we should not do anything to disrupt established obligations. We can establish good practice in this area through sensible discussion between the National Data Guardian, the DFE and the Department of Health and Social Care, which is entirely consistent with how we co-ordinate the respective obligations of children’s social care and adult social care services.

I have very little time, but I will touch on one or two other issues before concluding. There was a brief discussion earlier on the territorial extent of the Bill, and I can confirm that the Bill applies only to England. The Bill technically applies to England and Wales because of how we approach legislation in this place, but it extends only to England.

I can also confirm that public health data is included in the remit of the Bill, so that data will also be shared. I also confirm that the Bill covers local authorities where they are actioning services with regard to adult social care and, of course, public health.

I conclude by confirming again the Government’s commitment to this Bill and our desire to see it succeed. I am confident that the Bill will achieve the aims my hon. Friend the Member for Wellingborough and all hon. Members have set out. After today’s important stage, I hope the Bill will make swift progress and will receive Royal Assent as soon as possible.

With the leave of the House, I thank the parliamentary counsel, the Clerks of the House and officials at the Department of Health and Social Care for their assistance in preparing the Bill. I also thank, from my office, Jordan Ayres for the research and Helen Harrison for the drafting of the Bill. I also thank the eight Back-Bench MPs who have taken the opportunity to participate, particularly my hon. Friends the Members for Corby (Tom Pursglove) and for Torbay (Kevin Foster), both of whom sat on the Public Bill Committee.

The last thing to say on the Bill before, hopefully, it is read for the Third time is that, if it makes it all the way through and becomes an Act of Parliament, let us hope it is referred to as the Churchill Act.

There might already be one or two Acts with that name.

Question put and agreed to.

Bill accordingly read the Third time and passed.