Skip to main content

Health and Social Care (National Data Guardian) Bill

Volume 793: debated on Friday 26 October 2018

Second Reading

Moved by

My Lords, the Bill will place the National Data Guardian on a statutory footing and will promote the provision of advice and guidance on the processing of health and social care data in England. It is an honour for me to bring the Bill before your Lordships today.

The Bill is an important step in increasing the public’s and patients’ confidence in the use and appropriate sharing of health and care data. It has gone through the necessary stages in the other place and I extend my thanks to the many people who have helped prepare the Bill, in particular to Jo Churchill for her dedication to the original Private Member’s Bill and to Peter Bone for sponsoring the Bill in the other place and ensuring that it reached this stage. It would be remiss of me to proceed without mentioning and thanking the National Data Guardian, Dame Fiona Caldicott, who has contributed so much to this area. I am grateful to the Parliamentary Under-Secretary of State for coming to listen to the debate. I appreciate the department’s help with the progress we have made so far and the cross-party support for the principle behind the Bill. Indeed, I see that Jo Churchill is also here today and we welcome her. I hope that with that cross-party support, the Bill will go through its stages here as quickly as it did in the other place.

I would like to take some time to reflect on the importance of the role of the National Data Guardian. We all know that when collected and used properly, healthcare data has the potential to be transformative for patients. Sharing data offers immense promise for improving the NHS and the social care system, as well as benefiting individuals through unlocking new treatments and medical breakthroughs. Getting information sharing right can create a better experience for people using services and make care more efficient. Too many people with serious conditions have to tell the same story to multiple people and services involved in their care. Appropriate data sharing could eliminate any unnecessary burden. As well as that, if commissioners have access to data that they need to make the decisions about the best use of their resources locally and nationally, services can be provided where they are most needed and available funds can be maximised and budgets fully optimised.

Of course, our ability to unlock the benefits of data sharing relies on the public having confidence in the health and care system’s appropriate and effective use of data. If data and information is to be used effectively to support better health and care outcomes, the public have to have trust and confidence that there are strong safeguards in place to protect it from inappropriate use. The establishment of the National Data Guardian as an authoritative and independent voice for the patient and service user on how their data and information is used is a crucial element in that. This short but important piece of legislation will promote challenge and build assurance across the health and social care system, enabling the system to access the data it needs to run safely, effectively and efficiently. A statutory National Data Guardian will enable the postholder to speak with increased authority. A statutory basis increases strength of argument, allowing for guidance to be published as standards and good practice to which relevant organisations must have regard.

Importantly, the National Data Guardian is not a regulator. The role is first and foremost to support organisations and individuals who use health and care data to do so in accordance with the relevant laws and good practice. Placing the role on a statutory footing was a manifesto commitment of the Government, and the Government’s support has been clear throughout the Bill’s progress. The Bill will be significant in maintaining public trust and confidence in the appropriate and effective use of health and care data.

I shall give a short summary of the provisions of the Bill, which consists of only six clauses and will establish the statutory role of the National Data Guardian. The Bill also makes provision for the administrative and financial operation of the National Data Guardian’s office. The Bill will give the National Data Guardian the power to publish formal guidance and provide informal advice, assistance and information relating to the processing of health and adult social care data in England. The Bill imposes a corresponding duty on public bodies within the health and adult social care sector and private organisations that contract with them to deliver health and adult social care services. They must have regard to the National Data Guardian’s formal published guidance.

The Bill requires the National Data Guardian to consult with appropriate persons before publishing the guidance and requires the National Data Guardian to produce an annual report including a set of accounts, details of advice given and guidance published in the previous financial year, and the priorities in the forthcoming year. The Bill gives the Secretary of State the power to provide for the commencement of its provisions, and requires him or her to appoint an individual to hold office as the National Data Guardian.

A money resolution to authorise money for the Bill was laid before Parliament on 21 May 2018. The expenditure of £725,000 per annum is necessary for the Office of the National Data Guardian to undertake its statutory function. The cost is based on the current £500,000 per annum provision for the existing non-statutory National Data Guardian office. The overall increase in spend of £225,000 per annum relates predominantly to additional team resources to strengthen the National Data Guardian office’s ability to prepare and disseminate statutory advice and monitor its impact and relevance, amid anticipated increased demand for independent legal advice and assurance, along with a further responsibility for communication and engagement, including delivery of formal guidance, production of an annual report and accounts, and raising the profile of the National Data Guardian’s website.

I will reflect on a few points which have been raised in discussions over the past couple of weeks. With regard to whether the statutory National Data Guardian will have access to the Information Commissioner’s Office, the National Data Guardian already has a formal understanding and close working relationship with the Information Commissioner’s Office. That is covered by a memorandum of understanding. We would expect to see this updated to reflect the statutory footing. The statutory role allows the opportunity to build on the relationships already developed with regulatory bodies, including the Information Commissioner’s Office, the CQC and NHS Improvement, and to support them in their responsibilities around ensuring that appropriate practices are being adopted by regulated organisations.

I draw your Lordships’ attention to the fact that the Act would come into force,

“on such day as the Secretary of State may by regulations appoint”.

Regulations to this effect made under Clause 5 are to be made by statutory instrument. The Bill contains no other regulation-making powers. There is no intention to amend this.

Lastly, the Bill’s provisions extend to private sector providers that contract with public bodies to deliver health and adult social care services. These must have regard to the National Data Guardian’s published guidance. Data held by privately arranged and funded health and adult social care providers is not covered by the Bill. However, private providers of healthcare will have access to NHS patient data in the vast majority of cases—for example, where patients give their consent for their records to be shared—but this alone will not bring them within the scope of the Bill. The NDG’s remit extends to all health and adult social care data but purely private bodies are not required to have regard to published guidance.

Placing the National Data Guardian on a statutory footing is important for many reasons. This is a significant time in the history of health and care and it is critical to maintain and strengthen public and patients’ support. People want to know what their data is being used for, who it is being shared with and why. A statutory National Data Guardian will be key in ensuring that citizens’ confidential information is safeguarded securely and used fairly and lawfully. I thank everyone for their help so far and I hope that we can make swift progress with the Bill. I beg to move.

My Lords, I am very pleased to support the Bill. It is a simple Bill, which has been a long time coming. I pay tribute to two friends: Jo Churchill and Dame Fiona Caldicott, both of whom I know extremely well. Dame Fiona Caldicott has been a staunch guardian of the public interest so that patients can have confidence that whenever their data is kept and used, it is secure and used responsibly and transparently. In 1997, after her first review, she established what became known as Caldicott Guardians in every hospital in the land. As somebody who was involved in the use of patient data at that time, I can tell your Lordships that you had to satisfy the Caldicott Guardians—they were no pushover. They were there to make sure that patients’ data was used appropriately and responsibly and that the purpose was clear. It is because of this that all the professional bodies—the royal colleges, the GMC, the researchers and research organisations, and all others—back the Bill.

It is a simple Bill. It is necessary to put on a statutory basis what has been working extremely well on a non-statutory basis. Following the disestablishment of the national governance board, there was no statutory body to be the arbiter and the guardian of patient data. Putting the National Data Guardian on a statutory basis will provide that. As has been laid out clearly and in detail by the noble Baroness, Lady Chisholm, it is there to give guidance and help and to work on behalf of patients and the public so they can have confidence that the data about them or their health is used appropriately and for a clear purpose. This becomes even more important as we go further in using data to develop genomic information to improve healthcare and to develop things such as artificial intelligence for diagnosis. The National Data Guardian will therefore have an extremely important role to play.

I support what the noble Baroness, Lady Chisholm, said: we must not confuse the Bill with taking over any of the role of the Information Commissioner, or, for that matter, the Data Protection Act. This is completely different from them. It is focused on health and care data—how it is used and who is the guardian of that information in the public interest. I strongly support the Bill and hope that we will not hold it up in any way whatever. It would be a great pity if the Bill failed because of some misunderstanding of what it is all about.

My Lords, I too very much welcome the Bill and the way that it was introduced by the noble Baroness, Lady Chisholm, with appropriate detail and clarity, and the speech by the noble Lord, Lord Patel. Like them, I agree that it is important to give the authority of a statutory footing to the National Data Guardian, Dame Fiona Caldicott.

I remind your Lordships of my interests in respect of my part-ownership and administration of a company called xRapid. Without wanting to go into any kind of long advert for its technology, it demonstrates why I am excited by health technology. This particular technology uses an Apple iPhone attached to a microscope to allow diagnostics, such as of malaria. It works in the same way that a laboratory technician does: it recognises what it sees through a microscope and gives a diagnosis. To be able to do that the computer has to be trained, which is done by it looking at a series of images so that it can learn what the parasites look like. That is health data which has to be collected in order for the machine to be trained. But I see the huge social benefit of that technology—in the end, of that data being used—to provide much cheaper and much more accessible and affordable access to diagnostics around the world.

I have huge excitement around the potential for machine learning and other artificial intelligence to be able to spread some significant health benefits. I want that excitement to build and for others to share it but I am also aware of the worries that people have about the privacy of their data. I share those worries, especially about the inferences that can be drawn from data when it may not have been collected for a specific health purpose, as in this case, but is then mashed with data that has been collected with consent for health-related purposes. Inferences and intelligence are then drawn from what is found and analysed.

I was supportive of the Data Protection Act, as it now is, but at the time of its passing I also pointed out the limitations as I saw them, in that it is a consent-based regime. It is very difficult to give consent about information if I do not know that you have it, because you have inferred it from analysing various sources of data that I might not know about. That is why I have previously talked in this House about the need for us to explore mechanisms such as data trusts and a statutory duty of care on technology companies, similar to the duty of care that they have in the physical world in respect of environmental protection or health and safety. In that way, they can then be held to account in a more general way for how the technology is used for social good.

Those concerns are good reasons for our needing a National Data Guardian in respect of health. I had some initial concerns about how that guardian would relate to the regulators but as set out by the noble Baroness, Lady Chisholm, in her speech I am satisfied that there would be a reasonable relationship—one whereby the National Data Guardian issues guidance, and the trusts and other health bodies would adhere to that guidance. If they did not, then it might be referred to the regulator.

I also remind the House of my interest as one of the chief officers at Tes Global, a large education business. I guess that my only question—if the Minister is in a position to answer questions when he responds—would be around the remit of the National Data Guardian. At Tes, we hold all sorts of data on teachers’ behaviour but we do not really hold any for children. I understand from my relationship with education the particular sensitivities that we have around the collection of children’s data: how it is held, who it is shared with and what happens when there are data breaches in respect of children. I am aware that there are 25,000 schools in this country collecting data on a systematic basis, many of which are led by people who are struggling to understand their obligations under the Data Protection Act and GDPR. I think that they would welcome guidance from a National Data Guardian, if such a person had a remit that extended to children and vulnerable adults. If the Minister were able to give any thoughts on it, has any consideration been given to extending the role of the National Data Guardian or finding another body that could perform a similar function in respect of children and vulnerable adults’ data as a whole?

I very much welcome the Bill and hope that it proceeds quickly, as the noble Lord, Lord Patel, said. We should get this on to the statute book quickly so that these protections can be put in place and it becomes part of a range of what has to be ever evolving legislation where we, as policymakers and legislators, are continuously keeping an eye on an ever evolving technological landscape. That will allow us to live in a society which can realise the excitement that I have around health technology and other social technologies, with the confidence of knowing that our rights as individuals in respect of the privacy of our data are being maintained.

My Lords, I refer noble Lords to my registered interests, particularly as founder and chair of the 5Rights Foundation. Like the noble Lords who have already spoken, I very much welcome the Bill. Dame Fiona Caldicott’s role is important and if by putting her guidance on a statutory footing we give it more weight, then that can only be a good thing. I want to raise some things that are not covered in the Bill. I have one substantive point about the value of the data that the NHS holds and a couple of questions for the Minister.

The longitudinal data gathered by the NHS since its inception is one of the most valuable health datasets in the world. Within it lie clues to the next generation of drugs and treatments, and entirely new ways of thinking about prevention, treatment and cure. Equally, the gathering of data across health and social care could revolutionise the provision of services. If we knew the impact of meeting, or failing to meet, the social needs in the community on health outcomes, or could accurately predict the social care resources required for certain health conditions, it could help government to provide the right service at the right time to the right people, most probably at less cost.

While using data to improve health and social care outcomes is an exciting prospect, I believe we need to do it in a way that benefits the NHS and the British people. In 2016, the Royal Free London NHS Foundation Trust allowed DeepMind, an artificial intelligence company owned by Google, to access 1.6 million patient medical records in a trial of its Streams app, which was an alert, diagnosis and detection system for acute kidney injury. Subsequently, the arrangement was found to have been given on an “inappropriate legal basis” that broke data protection laws and revealed swathes of highly personal information without patient consent. The following year, Taunton and Somerset NHS Trust partnered with DeepMind on the very same app. In spite of a freedom of information battle and a data audit done by Linklaters on the instruction of the ICO, we still do not fully understand the financial or IP benefits of this deal to the NHS. But we do know that, earlier this year, DeepMind stated that while it was currently providing its development resources free to the NHS,

“it would determine how much to charge the NHS … later”.

The costs of healthcare have become distorted with drug companies and private providers demanding eye-watering sums from the NHS. I wonder whether this Bill is an opportunity to start redressing the imbalance because, if the national data guardian Bill ensured that the value of the IP that emerges from our health data was properly recognised, that data could, with the consent of the patient, be shared or sold on a basis that that could revolutionise the financing of our struggling health service in the future.

Without a clear mandate, individual trusts with crippling budget deficits may be tempted to commoditise patient data in exchange for cash injections offered by corporations with far deeper pockets. The breakthroughs and advances that patient data makes possible may well then be sold back to the NHS at inflated prices, creating the risk that they will be out of the reach of the very people upon whose data they were built. To understand the value of the data in the NHS, we need only look at the share price of data-rich companies, even those with no revenue. The Secretary of State for Health and Social Care is particularly well placed to understand the value of what we hold. I would love to see the Government use this Bill to give the National Data Guardian a duty to develop binding and enforceable guidelines for the sale and exchange of health data for research and development. Those guidelines should fully reflect the sensitivity of the data and the singular value of the NHS dataset.

In addition to this point, I would like further details about the powers of the National Data Guardian. Will the Minister say what duty health providers have to comply with the National Data Guardian’s guidance and to demonstrate how they have done so? As noted by the shadow Minister in the other place:

“Without a requirement for organisations that receive advice to provide evidence of their response in a way that can be easily disseminated, there is no way we can be sure that the Data Guardian will be effective”,


“to ‘have regard’ to advice does not always mean that they take action in respect of that advice”.—[Official Report, Commons, Health and Social Care (National Data Guardian) Bill Committee, 6/6/18; col. 7.]

If, as has been explained, the purpose of putting the National Data Guardian’s role on a statutory footing is to give it weight, which we all welcome, surely a requirement to prove that the guidance has been acted upon is essential.

In looking at the information about the Bill, I found it hard to establish how the National Data Guardian will decide what guidance is needed. A positive obligation to provide the NDG with information about current data-sharing arrangements through report or audit would enable her to identify and anticipate potential issues and to address them in her guidance. Perhaps the Minister will explain why this obligation does not form part of the Bill.

I understand that children’s health data is covered by the Bill but not children’s social care data because that is covered by the Children and Social Work Act 2017. This carve-out raises the question of how family social care data will be considered, especially with regard to decisions made about one family member that can be made only in full sight of the family’s circumstances. I am sympathetic to the Government’s concern about conflicting guidelines, but the absence of guidance for children’s social care may well create greater conflict than a judicious overlap. The Association of Directors of Children’s Services, the Local Government Association and medConfidential are just some of the many organisations which have said that without children’s social care data in scope the National Data Guardian role is “a risk”, “perverse”, “not sensible” and “not a data guardian”.

The challenge we have about data in the 21st century is about its flow between one environment and another. Its value, beneficial and malign, lies in the fact that it can be amalgamated to reveal patterns of information and create new intellectual property. For that reason, it is frustrating to see children’s data being treated on a sector-by-sector basis. Has the Minister given any thought to how the partial coverage of children in this Bill fits with the Government’s other activities in this area, including the age-appropriate design code, potential outcomes from the Centre for Data Ethics and Innovation and the long-awaited internet safety strategy? Once again, I am afraid, I must put on the record my deep regret that the Government have deliberately chosen to deprioritise children by removing the UK Council for Child Internet Safety’s child focus, which could have served as a single point of expertise to consider children’s needs across all sectors.

I conclude by acknowledging the kindness of the noble Baroness, Lady Chisholm, in discussing the scope and purpose of the Bill in the run-up to today’s debate. I hope that I will receive comprehensive answers on all of these points, if not this morning, then certainly before the Bill progresses.

My Lords, I thank the noble Baroness, Lady Chisholm of Owlpen, for introducing this important little Bill. From these Benches, we support it. Patient data is precious to each and every patient, and it is vital to the success of treatment that it is shared appropriately with those who have care of the patient. As the noble Lord, Lord Patel, said, it is also precious to the NHS as a resource for research into new treatments and for monitoring the effectiveness of existing treatments. As such, it has a value, which raises the ethics of how it is used by the NHS and others. These two aspects of data make it highly desirable that we have a person, backed by an office and adequate resources, who can establish best practice and ensure it happens.

I agree with the noble Lord, Lord Knight of Weymouth, about the importance of knowing that we have proper and accurate data collection to enable us to exploit the enormous potential of artificial intelligence. When I left university more than 50 years ago, I worked at the Christie Hospital reading cervical smears. My job is now done much faster and probably more accurately by a computer, and there are many other opportunities to speed up diagnosis and make it more accurate. That is one of the many reasons why this Bill is needed.

The measures that have been taken over the last few years, since the debacle of, to protect patients’ data and privacy have been very helpful, and I hope this latest step will go a long way to countering the lack of trust in some quarters which followed the data breaches of the past. Fundamentally, to have confidence in the system, patients should be able to know how data about them is used. That is necessary if the NDG is to be meaningful.

Currently, many patients who want to see how data about them is used go to While it has a very negative title, it is not an official NHS site. The launch of the new NHS app would be a great opportunity for the NHS to make full and accurate information available to every patient. Patients understand how important it is that their data should be shared appropriately between health and care workers who are providing services to them. Indeed, it is highly desirable that all who have care of patients have relevant information on which to act. We have all heard of cases where this has not happened. I hope the Minister will be able to assure us that, with the safeguards that will be in place when this Bill becomes an Act, the quality, capacity and interoperability of IT provision in the NHS and care systems will be up to the job.

However, patients are perhaps less aware of the value of anonymised data to researchers. Without access to it, medical research would be put back a long way. The first figures from the national data opt-out designed by the National Data Guardian are now available. They show that while hundreds of people made a consent choice each month using the online service, thousands of people did it at their GP. The latter option has now been taken away by Department of Health and Social Care. Is this the Government’s idea of a successful digital service? Is it not vital to have an effective public information scheme so that patients understand the issues surrounding their consent, what is being done with their data and how to make their choice? The figures suggest that that has not been done so far, but it is early days.

I hope that when the Bill becomes law the Government will be making an effort to explain to patients how their information is being protected and why they can now have confidence that when they allow their data to be used it will be done in an efficient and ethical manner in the interests of all patients now and in future.

Turning to specifics, I think it is welcome that the NGD may not only issue statutory guidance but provide help and information to assist health and care organisations not just to comply but to achieve excellence in the way they handle patients’ data and any constraints on their use of that data in generating income. Clause 4 provides that the Bill extends to England and Wales only. However, the Bill’s Explanatory Notes state that Clause 1, which provides for the NDG to publish guidance and give advice, information and assistance, applies only in relation to the processing of health and adult social care data in England. Given that health is devolved in Wales, can the Minister please explain this for the record as it has been explained to me behind the scenes?

I turn to the issue of cost. The Explanatory Notes state that the Bill may result in some,

“implementation costs for the bodies and individuals required to have regard to the Data Guardian’s published guidance, in that they will need to review and assess the relevance of the guidance”.

Given that NHS trusts, GPs, local authorities in respect of adult social care and so on are all under financial stress, what is being done to provide for these costs? It is not just a matter of assessing the relevance of the guidance, as the notes say; there may be a need to put in place new systems for ensuring that they are compliant with the guidance, and that also has a cost.

In Committee in another place, Chris Bryant MP made the point that MPs often have confidential information about constituents’ health given to them willingly by the patient when asking for help or making a complaint about their treatment, and that sometimes applies to Peers too. He asked whether the NDG would be able to advise MPs about the handling of this data even though they are not covered by the Bill. The answer from the Minister was not very helpful: she said she hoped health organisations would be open and helpful to their MPs about these issues. That is all very well, but it did not give Mr Bryant the assurance that he was seeking about help and guidance for Members, so can the Minister do so now?

Having asked these various questions, I assure the Minister that we on these Benches are very supportive of this mainly uncontroversial Bill.

My Lords, I pay tribute to the noble Baroness, Lady Chisholm, for bringing the Bill before us today. I join her and others in paying tribute to Dame Fiona Caldicott. The Bill has the support of these Benches.

The purpose of the Bill, as noble Lords have said, is to establish a statutory footing for the National Data Guardian for Health and Social Care. This role is responsible for providing advice and guidance to all the relevant parties regarding the processing of health and adult social care data in England. I agree with other noble Lords that the NDG is vital in helping to ensure that confidential health and care data is used and shared appropriately, upholding and protecting high standards for medical confidentiality. As the noble Lord, Lord Patel, said, it is very important that the organisation that is already providing this crucial function has wended its way into this position. We welcome the fact that that is to be recognised in statute.

As noble Lords know, the Information Commissioner’s Office is the regulator for compliance with the general data protection regulation and the Data Protection Act, but there is no equivalent national regulator for the confidentiality of personal healthcare data—information provided by a patient to a healthcare professional for the purposes of receiving care or treatment—despite significant public interest in maintaining a confidential healthcare service. We on these Benches support the creation of a statutory basis for the National Data Guardian’s role, given the hugely important role that it plays in this area. I thank noble Lords and the National Data Guardian for the consultation and discussions that all stakeholders have been able to take part in in preparation for the Bill. We have appreciated that.

That is in sharp contrast to the conduct regarding the Mental Capacity Bill. If I might swerve slightly for a moment, I was shocked to learn that the Minister and his colleagues have rejected a freedom of information request about the consultation that they carried out before the Mental Capacity Bill was introduced to the House, which was also in sharp contrast to the level of transparency and consultation by the Law Commission when it looked at mental capacity. I feel I need to say to the Minister that he really could learn a few things about how to manage complex policy issues from the National Data Guardian and indeed the Law Commission.

I return to the Bill. The circuitous route to get here, which was mentioned by the noble Lord, Lord Patel, has actually been beneficial to where we have ended up and what we have before us. I welcome the fact that the Bill includes the social care data and the importance of protecting patients’ data wherever they find themselves in the health and social care system. I echo and agree with my noble friend Lord Knight’s remarks and questions, and I share his excitement about the use of data and the benefits that it can bring to patients and their families.

I have received a briefing from the National AIDS Trust. I do not wish to delay the Bill but I think this briefing raises some important points about it. The National AIDS Trust agrees with the rest of us in strongly welcoming and supporting the Bill. Given that HIV stigma and discrimination are still prevalent in society, people living with HIV need to be assured that appropriate protections around confidentiality are in place when they access health and social care services. Indeed, the NDG herself has proved to be an invaluable source of expertise and advice when it comes to the health and social care system maintaining that essential balance between confidentiality and communication for this group.

The concern that the trust wants me to raise on its behalf is that in Clause 1 the Bill provides for a legal duty on relevant public bodies to have regard to guidance published by the NDG,

“about the processing of adult health and social care data in England”.

In Clause 2, “Interpretation”, “health and social care data” is defined. The NAT’s concern is that this definition of health and social care data could be interpreted to exclude non-clinical, demographic data that relates to an individual—for example, home address and family details—from the scope of the NDG’s guidance. Individuals do not distinguish between the kinds of information that they provide to health and social care services and, of course, expect all their information to be treated confidentially. Polling undertaken by NHS Digital recently found that the general public consider it as important that the NHS keeps their address confidential as their clinical information. I would be grateful if the Minister could give a clear assurance that the wording of the Bill, particularly at Clause 2(6), includes within the scope of health and social care data, and thus of the National Data Guardian’s guidance, all data, including non-clinical data, held on individuals by health and social care bodies.

The National AIDS Trust talked about asking to have the Bill amended. That is almost certainly not necessary but I would like the assurance that it seeks. I would also like to be assured that the definition, and the clarity that is required in regulation, is there. This is one of those Bills where the regulations are going to be very important. I hope the Minister will be able to assure the House that, when the regulations are drafted, a proper consultation, including with Members here who have expressed an interest, takes place.

Finally, I entirely agree with the noble Baroness, Lady Kidron, about the value of NHS data. It is of value to patients and families, but it is also hugely valuable to organisations that want to exploit it and, if they do so, that should be for the benefit of the NHS, not for private benefit. I suspect that the Bill is not the place to solve that problem, but the noble Baroness was absolutely right to put that issue on the record. We had a very good debate a few weeks ago about precisely this matter, which a group of us wants to discuss with the Government on a cross-party basis: how we ensure that the nation as a whole benefits from the fantastic NHS database that we have in this country because our NHS has existed for so long. It should benefit not only us but the whole world. I also echo the noble Baroness’s question about PALS and children.

Noble Lords on these Benches absolutely support the Bill. We welcome it, we want it to speed through the House, and we look forward to the discussions that we probably need between now and its final stages.

My Lords, it has been with great interest and pleasure that I have listened to the discussion on this important Bill, introduced by my noble friend Lady Chisholm, and I speak on behalf of the Government in support of it here today. I join other noble Lords in congratulating my honourable friend Jo Churchill on her efforts in introducing the original Private Member’s Bill and on being a mainstay in keeping attention on it after it fell at the last election; my honourable friend Peter Bone, who has worked closely with Jo and many others in the other place to get the Bill to this point; and my noble friend Lady Chisholm on introducing it so lucidly and bringing to life the importance of its provisions.

I also join other noble Lords in recognising the enormous contribution that Dame Fiona Caldicott has made to the area of data safety and security in the health and care service. As the noble Lord, Lord Patel, pointed out, over many years she has had a profoundly positive impact in this area. The Bill’s purpose, and in some ways its genesis, rests on her work and desire to put the issue even more front and centre than it is today. I thank her profoundly for that.

At the heart of our discussion today is maintaining and strengthening the public’s trust in the appropriate and effective use of health and social care data. The interests of patients and the public are at the heart of this Bill and the reason why it is such an important piece of legislation. As we reflect on it, I think it is important to bear in mind two truths. The first is that the NHS remains the most trusted institution in the country for holding and using data. That was confirmed by recent research by KPMG. The second is that in England, we have a world-class, comprehensive health system offering a unique opportunity to bring together an unrivalled, diverse, longitudinal dataset on the health and care of more than 55 million people. Let me be clear: we need to protect the first truth, otherwise we will not realise the extraordinary benefits provided by the latter. Giving the NDG a statutory footing is an important part of realising the same, because we will underpin the trust we need to deliver the healthcare transformation that we all want to achieve.

As the noble Baroness, Lady Kidron, and the noble Lord, Lord Knight, pointed out, the potential gains in front of us from the digital revolution are enormous: improving outcomes for patients, making the health system safer and more efficient, and improving research so that patients benefit more quickly from medical breakthroughs. To secure these benefits, we need to appreciate and act on people’s concerns about how their data is used, who it is shared with and whether that is lawful. People want to understand, and have more control over, how their data is collected and used, and to see the benefits being realised for themselves, other patients and the health system more widely.

The noble Baroness, Lady Kidron, makes an excellent point about the value of data and points out some of the concerning behaviour that we have seen in recent history. I agree with the noble Baroness, Lady Thornton, that the Bill is not the right place to deal with those issues, but there is a concerted effort—heavily influenced by the NDG—going into what is the proper way to value the NHS data asset and then realise that value in a fair way that maintains the public’s confidence. We had a fantastic debate instigated by the noble Lord, Lord Freyberg, about six weeks ago on that topic. In that time, we have published a new code of conduct on data driven technologies, and there will be much more to come. I look forward to working with the noble Baroness on developing that.

As the noble Baroness, Lady Walmsley, reminded us, the ghost of is always present at this feast. Experience tells us that public confidence in the Government’s ability to hold, share and use data cannot be taken for granted. If data and information are to be used effectively and their great potential unlocked, we need to strengthen the public’s confidence in the safeguards in place to protect it from inappropriate use. Of course, this is a time of great technological change, and new uses of data are transforming the type of care that is possible to deliver. There are exciting government initiatives to make the best of this opportunity: local health and care records, global digital exemplars and digital innovation hubs. Meanwhile, academics, clinicians and life sciences companies of the kind mentioned by the noble Lord, Lord Knight, are developing pioneering digital therapies and algorithms that will utterly transform healthcare in the years ahead.

Last week, the Government published the Secretary of State’s new vision and a standards document on the future of healthcare, describing a more tech-driven NHS so that the health and care system can make the best use of technology to support preventive, predictive and personalised care.

The potential is here today, but to fully enjoy its fruits, we need to put in place a bedrock of reassurance. That means improving cybersecurity, as well as clear rules around privacy and data sharing. The National Data Guardian is an essential stratum in this bedrock. It is one safeguard that we already have in place to ensure that the interests of the patient are front and centre of all our deliberations about the best way for the NHS and the UK economy to make the most of those innovations.

Let me be clear, if I have not been already, that the Government strongly support the Bill. As my noble friend Lady Chisholm pointed out, it was a manifesto commitment of my party at the election. By supporting the Bill and putting the NDG on a statutory footing, we are playing our role in ensuring that it has the powers needed to make an even more positive contribution in future, allowing the office to effectively advise and challenge the healthcare system. As such, it represents a significant moment in our efforts to maintain and strengthen the public’s trust in the proper use of health and care data.

The Government want the Bill to succeed. I am confident that it will achieve the aims that my noble friend Lady Chisholm set out. The NDG will, as it has to date, work in concert with the Information Commissioner. There has consistently been cross-party support for the Bill, which I welcome in our debate today, as well as support from professional organisations within the health and care sector, as the noble Lord, Lord Patel, reminded us. I hope that it will make swift progress through its remaining stages.

Let me just deal with some of the questions raised today and, I hope, provide the reassurance that noble Lords are looking for. The noble Baroness, Lady Thornton, asked about demographic data. I can confirm to her that where issues surrounding demographic data have the potential to impact on or form part of the processing of health and adult social care data, this would fall within the NDG’s statutory remit and it would be able to publish formal statutory guidance on the topic, with organisations having a corresponding legal duty to have regard to that guidance. I hope that that provides the reassurance that she was looking for.

The noble Lord, Lord Knight, and the noble Baroness, Lady Kidron, asked about children’s social care data. Children’s health data is of course covered in the remit. The reason that their social care data is not is that it has its own safeguards and protections which operate within a different legal framework and is governed by its own statutory guidance. However, I can tell noble Lords that my department and the Department for Education have reached a sensible interpretation of the Bill which would not preclude the National Data Guardian engaging constructively with the DfE on adult social care data and its interaction with or effect on children’s social care data. There has been an exchange of letters between the departments to formalise this agreement. I am happy to provide more reassurance on that front, but what I can say now is that this relationship is already being developed and we are finding a sensible way to interpret the powers within existing regulatory frameworks to make sure that there is a much more joined-up system. I should also mention that the Department of Health and Social Care is working closely with the Home Office on its online harms White Paper so, again, we are making sure that there is a cross-government approach to dealing with this issue.

I will just quickly deal with some of the other issues that have been raised. The noble Baroness, Lady Kidron, asked about the duty of health providers. They have a duty to have regard to this statutory guidance, but this is of course the sort of thing that is inspected by the CQC and NHSI. It is worth pointing out that when the National Data Guardian provided her feedback on the WannaCry attack, it directly led to 10 data standards that are now embedded in the NHS contracts, so that gives you a sense of the kind of response that the system has to the high-quality advice that comes from the National Data Guardian when there are problems. I confirm to the noble Baroness that it will be up to the National Data Guardian to decide on her priorities.

The noble Baroness, Lady Walmsley, asked about the national data opt-out. I tell her that we ran an extensive public campaign in May, which has continued from then. It is now much easier to opt out oneself rather than, as she pointed out, having to go through GPs as in the past, which not all GPs were wild about, it has to be said. Nevertheless, the service is in a public beta at the moment, so we are honing and improving it and are always keen to have feedback. One thing that I found reassuring about the introduction of the new single data opt-out is that we have seen people who have previously opted out who are now opting back in. I find that rather encouraging; it is quite a good metric of whether we are doing the right thing. I therefore think that there is some cause for encouragement but I of course take the noble Baroness’s advice seriously.

In terms of how this relates to Wales, it will be up to the Welsh Government to implement with the same statutory force that the NDG will have in England, because health and care are devolved issues. That is something that the noble Baroness may be keen to impress upon the Welsh Government.

On the costs of implementation, all authorities have a responsibility to take standards into account—that is part of their normal, everyday life—but I should point out that there are major investments going into the IT space in health and care. For example, a big investment, which was centrally funded, has gone into replacing unsupported IT systems following the WannaCry attack. So there is central funding support for some of these changes.

Helpful advice and guidance is something that I would need to speak to Dame Fiona about personally. I am sure that she would be willing to provide it; it is certainly within her ability to do so and she is not precluded from that.

To conclude, I hope that I have been able to reassure all noble Lords that the Government take seriously and are dealing with the points that they have raised. This Bill is an essential building block in the foundation of trust that we need to have in this country in order to make sure that the public are with us on this extraordinary technological journey that we are on at the moment, which will transform the way that we deliver health and care and will deliver radically better health outcomes for patients. That is something that I am sure we all want to see. I close by once again thanking my noble friend Lady Chisholm for introducing this Bill. I look forward to its swift passage through this House.

My Lords, I thank noble Lords for their contributions today and support for this Bill. I must say, my life this morning has been made much easier, because my noble friend the Minister has answered all the questions raised, which I thought I was going to have to do. I feel that I have got off rather lightly, and he has done it so much better than I could have.

The NDG Bill is significant at a time when we must ensure that we maintain and strengthen public/patient support on the use of data for health and social care. As your Lordships know, it is in the greater use of technology and the integration of health and social care that the future of healthcare lies. I look forward to continuing dialogue with your Lordships as the Bill progresses. I ask the House to give the Bill a Second Reading and beg to move.

Bill read a second time and committed to a Committee of the Whole House.