National Data Guardian 2022-2023 report

Question 1

1.  Introduction by National Data Guardian for health and social care, Dr Nicola Byrne

Accepted Answer

Dr Nicola Byrne, National Data Guardian for health and social care

Sailing on a sea of change remains a constant for health and care staff across England.

In my last annual report, I set out that one of my key priorities for 2022-23 would be to intervene wherever changes were happening to ensure confidentiality and public trust in data use remain a priority for decision-makers.

As this report outlines, with the fantastic ongoing support and expertise of my office team and panel of advisors, I hope I did that successfully on behalf of the public we serve. I’ll leave you to be the judge. As you’ll read in sections Influencing data policy and advice and guidance to the system, some interventions we made were ‘quick fixes’, others more orientated towards the longer-term horizon.

This report covers the financial year 1 April 2022 to 31 March 2023.

The change most notable for me over this period was the establishment of NHS England as the new national custodian of our health and care data following the merger with NHS Digital. Over the course of the year, we provided advice to staff in the Department of Health and Social Care, NHS England and NHS Digital as they prepared for this change, including feedback on the legislation and its supporting statutory guidance. We aimed to ensure that NHS England established itself as a safe and effective guardian of people’s data collected from NHS and adult social care services.

Aside from advising the system, we also progressed our own projects.

The piece of work my team and I were most proud of was the publication of our guidance, What do we mean by public benefit? Evaluating public benefit when health and adult social care data is used for purposes beyond individual care.

The guidance aims to improve evaluations of public benefit when health and care data is used for planning, research, and innovation. It is meant for those applying to use the data, and data custodians making decisions about data access. By defining and standardising the concept of public benefit, the guidance will enable more precise interpretation and understanding.

Studies show that for the public to consider a particular use of health and care data for reasons beyond their care acceptable, that use must deliver a benefit to the public. We spoke to the public to find out more about this in 2021. Building on this work, our guidance will aid organisations in interpreting ‘public benefit’ in a way that aligns with the public’s views. This guidance is already being used across the system. Notably, the Health Research Authority’s Confidentiality Advisory Group is using it to inform its work, and it has also been integrated into the Health Data Research UK’s Innovation Gateway.

In 2022-23, we secured funding for, and began procuring a research partner for, our current project: Creating Reasonable Expectations. The concept of ‘reasonable expectations’ has become important in the common law of confidentiality in recent years. It is used as a standard to measure cases where there is a disagreement about whether information about a person should be shared or kept private.

The concept, specifically how it relates to the use of confidential patient information for reasons other than providing individuals’ own care, has been explored by the NDG team and panel for some years through seminars, articles, and a citizens’ jury. This project aims to further the discussion on this topic. Our Creating Reasonable Expectations update outlines the project’s context, goals, methodology and planned outputs.

You can read about our priorities for 2023-24 later in the report. These are the things we are working on currently. There will be much to do, as ever, over the remainder of 2023-24 to support the system. We’ve already spent considerable time on the NHS Federated Data Platform, which remains one of the most significant ‘events’ in the health and care data landscape (the details of our input and interventions during the financial year 2023-24 will sit in our next annual report).

Whatever the rest of this year brings, I will endeavour to ensure that confidentiality and public trust remain at the forefront of healthcare leaders’ minds, and that processes and safeguards around data are as strong as we should all rightly expect.

Question 2

2.  About this report

Accepted Answer

The Health and Social Care (National Data Guardian) Act 2018 states that the NDG is required to produce an annual report that includes advice given and guidance published during the previous fiscal year, as well as upcoming priorities.

This report satisfies these obligations and focuses on the work completed by the NDG between 1 April 2022 and 31 March 2023, with some notable activities from the drafting period also included. It documents the progress made in priority work areas set by Dr Nicola Byrne, the National Data Guardian, in last year’s annual report, as well as the unplanned and reactive work that consumes much of her and her team’s time.

During the reporting period, the NDG was supported in delivering her duties by the Office of the National Data Guardian and a panel of independent advisers known as the NDG panel. Biographies for panel members, terms of reference for the NDG panel, and panel meeting minutes are available on the NDG’s website.

Question 3

3.  What the NDG does

Accepted Answer

3.1 Vision

The NDG’s vision is for improved health and care outcomes for all through the safe, appropriate, and ethical use of people’s health and social care information.

3.2 Mission

There are two aspects to the NDG’s mission, the second of which builds on the first:

to preserve public trust in the confidentiality of our health and social care services
to help ensure that healthcare data is used in ways that benefit the public

To support their mission, the NDG advises on the safe, appropriate, and ethical use of people’s confidential health and social care information. They do so in line with the eight Caldicott Principles and findings from public attitudes research.

3.3 Strategic objectives

Four long-term strategic objectives support the NDG’s mission:

Safeguard trust in the confidentiality of our health and social care system
Encourage safe and appropriate information sharing for individual care
Support understanding and engagement about how and why data is used
Encourage the safe, appropriate, and ethical use of data in system planning, research and innovation that benefits the public.

Question 4

4.  Projects: NDG led and with partners

Accepted Answer

During 2022-23, two of the NDG’s three priority work areas involved projects driven and led by the National Data Guardian and her office.

4.1 Supporting better public benefit assessments

Publication of guidance on public benefits evaluations

In December 2022, the National Data Guardian published guidance to help organisations conduct better public benefit evaluations when they are planning to use, or grant access to, data collected during care delivery in their planning, research, and innovation projects.

The guidance provides a clear interpretation of what public benefit means – one that can be uniformly applied by those evaluating the public benefit of secondary data uses. The definition is informed by a public dialogue, and so following it will help organisations interpret and apply the concept of public benefit in line with people’s views on how trust is established in this context.

Many stakeholders from across health and care helped the NDG to refine early drafts of the guidance to ensure that it was relevant, helpful, and capable of achieving its aims. This included members of the public, data custodians and data users who will apply the guidance.

Public benefits are a prerequisite for public support

This is the second output from a project that started in 2020, with the aim of making it easier for organisations to evaluate and demonstrate how projects that use data collected during care delivery will make a positive difference to society.

Improving the system’s ability to conduct better public benefit evaluations will help to build trust in secondary data use.

It is indisputable that the health and care system can improve patient outcomes through the safe, appropriate, and ethical use of data in planning and research. However, studies that investigate the public’s attitudes to health and care data use consistently demonstrate that people only support secondary uses where they deliver public benefit (or, in the case of exploratory research, where they have the potential to).

Given this, it follows that where an organisation is seeking access to data, it must evaluate and demonstrate public benefit clearly and transparently. However, the concept of ‘public benefit’ has always been fuzzy – and without a clear and consistent interpretation, it is difficult to explain what one is. This, in turn, makes it difficult to apply a standard approach to prevent inconsistency. The lack of a shared interpretation by organisations evaluating public benefits can lead to duplication of the same public benefit evaluation, creating unnecessary delays. This project sought to fix this by better defining and standardising the concept.

Guidance informed by a public dialogue

Public benefit is not a technical concept that can be captured in a neat formula. Thus, to determine how to define and interpret it most accurately, the NDG (together with partners Understanding Patient Data and UK Research and Industry’s Sciencewise programme) conducted a public dialogue project to let people have their say.

People were asked: What counts as a public benefit? What is fair? And what different factors must be weighed when organisations use data for planning and research?

People described how they would balance the benefits and risks of uses of data, and judge which benefits count as ‘good enough’. They also identified some behaviours they considered essential to the credibility of public benefit evaluations: in particular, the importance of transparency about how evaluations are undertaken, how decisions are made and decision outcomes. They advised that if this information were not made available for public scrutiny, it would not inspire trust in the project or organisation’s integrity.

This investigation enabled the NDG to define public benefit to best reflect people’s values. The report from that dialogue, Putting Good into Practice: A public dialogue on making public benefit assessments when using health and care data, was published in 2021.

Use across the system

The NDG has been pleased to see that the intended audience for this guidance is finding practical value in it. The Health Research Authority’s Confidentiality Advisory Group now uses the guidance to inform its work. It has also been implemented in the Health Data Research UK’s Innovation Gateway (a portal enabling researchers and innovators in academia, industry and the health service to search for and request access to databases, tools and resources for research). Furthermore, the NHS Centre for Improving Data Collaboration has also incorporated it into its Value Sharing Framework for NHS data partnerships.

4.2 Testing whether reasonable expectations can be created

In 2022-23, the National Data Guardian launched a new project, ‘Creating Reasonable Expectations’. The concept of reasonable expectations in relation to the use of health and social care data for secondary uses is something that the NDG has previously explored in some depth, through seminars, articles, and a citizen’s jury.

The NDG is now partnering with the Screening Quality and Assurance Service (SQAS) and a population health management programme to undertake a proof-of-concept project, which will examine whether reasonable expectations can be created for two specific uses of patient information collected through care delivery.

‘No surprises’ and reasonable expectations as an alternate legal basis

The courts use the concept of reasonable expectations to determine whether privacy has been breached in specific cases, looking at whether a person could reasonably expect their information to be kept private in a particular situation.

However, when it comes to breaches of confidence and misuse of private information, guidance to the health and care sector does not align with legal developments in case law. This is because the health and social care sector does not currently recognise the concept of ‘a reasonable expectation of privacy’.

The reason for this is that the public is often unaware of many uses of health and care data. As such, it is unclear whether people would reasonably expect their information to remain private in relation to that use.

The NDG has long maintained that there should be no surprises for people about how their data is used. However, most people lack awareness of many of the routine uses of health and care data for secondary purposes, as, historically, it has not been something they have needed to think about.

It is this lack of knowledge that makes it difficult to understand what people might currently reasonably expect in the context of uses of their health and care data, and – as those potential uses expand (as data use becomes more sophisticated, at an ICS level for example) – whether a specific use might surprise them.

No surprises is the goal, but demonstrating that the public is not surprised by evolving uses of data, because they have been led to expect them, is a considerable undertaking.

In 2021, the NDG introduced an eighth Caldicott Principle rooted in the concept of ‘no surprises’. It encourages those using and sharing data to consider and inform expectations and promote understanding about its uses. It states:

‘A range of steps should be taken to ensure no surprises for patients and service users, so they can have clear expectations about how and why their confidential information is used, and what choices they have about this. These steps will vary depending on the use: as a minimum, this should include providing accessible, relevant and appropriate information - in some cases, greater engagement will be required.’

4.2.1 Aims and areas of investigation

The eighth principle provides general advice, but this project goes further by examining the concept of ‘no surprises’ with the public at an operational level. The courts have recognised that it is not possible to establish a reasonable expectation of privacy in a vacuum. Rather, it depends on the unique circumstances of specific cases. Therefore, this project will investigate if reasonable expectations can be created in the context of two particular cases: population health management, and quality assurance of the NHS bowel cancer screening programme.

Project partners will co-create and test with the public (through workshops, focus groups and surveys) transparency materials (communications products) that seek to create expectations regarding how they use data. It is hoped that these materials may be able to establish expectations.

However, just because someone is expecting something, it doesn’t mean they accept it. The project will also investigate what factors are instrumental in people’s acceptance of data use. The aim is that the materials created will enable people to understand how their confidential patient information (CPI) is used in a particular project, such that they are not surprised that data collected during the delivery of care is used in this way. Or in other words, they do not expect their information to be kept private regarding this particular use.

This is a proof-of-concept project. It will determine whether and how expectations can be created and maintained. The evidence it generates could hold valuable insights about the viability and limitations of reasonable expectations as an alternative legal basis.

4.2.2 Outputs and impact

Transparency products for programme partners

The project will result in evidence-based transparency materials for the two national health and care programme partners, which they can use to ensure their patients are well-informed about the use of CPI. As a result, this will improve awareness of CPI usage in national screening and population health management programmes more generally.

Report on qualitative and quantitative research outcomes

The project will also contribute to the understanding of secondary CPI use in other health and care programmes. This is because it will explore and analyse the universal factors that influence people’s expectations and acceptance of data usage. As such, the findings will be transferable to other programmes wishing to improve their transparency materials. To achieve this, the project team will collaborate with the research provider to generate a report on the qualitative and quantitative research outcomes for their broader use and application.

General policy advice for the sector on creating reasonable expectations

If appropriate, once the research evidence is collected the NDG may draw on the report’s findings to produce general policy advice about the creation of reasonable expectations (and the acceptability of data uses about which expectations have been created). Together with the project’s academic partners, the NDG will delve deeper into the fundamental principles emerging from the research. These principles will serve as a basis for other programmes wishing to establish clear expectations about data use.

Project partners and governance

This project is co-funded by the Department of Health and Social Care. The NDG will be working with members of the public (a representative sample of the population) and two NHS programmes to co-create the transparency materials. Thinks Insights & Strategy will support the research phases of the project.

The project’s oversight group includes stakeholders from health and social care bodies and academic experts in the field of regulation of health and social care data and the legal analysis of the concept of reasonable expectations. Additionally, a project working group, involving a range of the stakeholders and significant lay representation, will assist in steering the project and its guidance.

Question 5

5.  Influencing data policy

Accepted Answer

5.1 Advising on the transfer of NHS Digital’s data functions into NHS England to ensure strong data safeguards

5.1.1 Background

An independent review conducted by Laura Wade-Gery in 2021, Putting data, digital and tech at the heart of transforming the NHS, recommended that NHS Digital’s data and technology responsibilities should be transferred to NHS England to accelerate digital transformation.

In response, NHS Digital was abolished in February 2023, and its statutory responsibilities were transferred to NHS England. This change gave NHS England the sole authority for digital technology, data, and healthcare service delivery in the NHS.

Over the years, NHS Digital had implemented strong measures to protect people’s data and ensure transparency, accountability, quality, and consistency in how it collected, used, and shared data. Its Data Access Request Service (DARS) oversaw and scrutinised data applications (including those from NHS England) and, significantly, was supported by an independent oversight body: the Independent Group Advising on the Release of Data (IGARD). IGARD provided an essential safeguard for public trust.

Some parties, including the NDG, expressed concerns about what the abolition of NHS Digital would mean for data. They were worried that not separating the data arm of health and social care from its operational arm could lead to problems. For example, conflicts of interest resulting from NHS England becoming its own data customer. However, Department of Health and Social Care (DHSC) officials, whilst acknowledging this concern, assured the NDG that it would maintain strong independent oversight and transparency in the governance of data handling after the transfer of data responsibilities to NHS England.

Lord Kamall, Parliamentary Under Secretary of State for Technology, Innovation and Life Sciences at the Department of Health and Social Care, subsequently pledged to consult the NDG formally and informally on the draft regulations that would affect the transfer – to ensure that the protections previously provided would not be eroded or compromised.

5.1.2 National Data Guardian support during 2022-23

The NDG provided advice and practical support to the government, NHS England and NHS Digital as they prepared for this change.

The government used the powers in the Health and Care Act 2022 to make regulations to transfer the statutory functions of NHS Digital to NHS England.

Regulations are a mechanism for incorporating something into legislation. They are known as Statutory Instruments. In this case, the Statutory Instrument was The Health and Social Care Information Centre (Transfer of Functions, Abolition and Transitional Provisions) Regulations 2023. These regulations abolished NHS Digital and made NHS England legally responsible for running the key national IT systems that support health and social care, as well as the collection, analysis, publication and dissemination of data generated by health and social care services.

The government also published statutory guidance to support the Statutory Instrument. Statutory guidance supplements legislation, filling in the gaps and providing a more comprehensive understanding of what is required. In this case, the guidance clarifies how NHS England should exercise its new statutory functions. It offers more detailed information on the measures it needs to take to safeguard confidential information while performing the transferred data functions.

The NDG and her team were consulted about the draft Statutory Instrument and statutory guidance and given opportunities to comment. NDG feedback focused on ensuring:

NHS England would be operating with the same degree of transparency as NHS Digital did in relation to the collection, analysis, publication, and use of data
possible conflicts of interest arising from the conjoining of the data arm of the NHS and the operational arm of the NHS would be identified and addressed
NHS England would establish and respect mechanisms for obtaining independent advice, and that the group it was establishing to advise on data release would operate with the necessary independence, rigour and expertise
there is clarity in the mechanisms NHS England uses to access and analyse data within the organisation for its own purposes
there are continued protections for independent oversight for data access, following the abolition of NHS Digital’s Independent Group Advising on the Release of Data (IGARD)

The NDG encouraged the DHSC to include in the Statutory Instrument a stipulation that would oblige the Secretary of State to publish statutory guidance instructing NHS England that it must have independent oversight for its data functions. Without this stipulation, the future protection for independent oversight would have been lessened, and arguably at the discretion of individual Secretaries of State.

The statutory guidance says that there must be a group to provide guidance to NHSE on data access and use. This group should have a majority of independent members and an independent chair. An interim data advisory group has been established to replace NHS Digital’s IGARD. The NDG further suggested that the group retain some IGARD members to preserve valuable organisational memory and ensure consistency of experience and expertise. She is glad to see that this has been the case.

The group has transitioned from a wholly independent membership to a ‘hybrid model’ containing NHSE staff members. This hybrid model has advantages, such as the ability to receive immediate clarifications or explanations from important NHSE leads in the room. However, the NDG advised that this could also lead to an uncomfortable shift in power dynamics and present certain challenges.

These challenges can partially be addressed by clearly defining the group’s terms of reference. The NDG was glad to support the group in developing its terms of reference and standard operating procedures, which will likely require refinement as the group learns through experience. Given the move from a wholly independent membership, committing to transparency of process for the public is an even more important guiding principle here. Ultimately, however strong its foundations, the advisory group can only advise on what NHSE chooses to bring to it. Given this, it is crucial to establish transparency and clear rules around what items are brought for discussion to the whole group, sub-groups, or individual group members (and what gets reported back to the entire group and publicly minuted).

The NDG notes that the staff working on the transfer of functions listened carefully to advice, demonstrated good intentions, and showed a commitment to acting with integrity. Nevertheless, for NHSE to be seen as trustworthy, this integrity and good intent must be hardwired into its operational infrastructure. Building and maintaining trust at an organisational, rather than simply personal level, will require time, investment, and iteration. And transparency. To support this, NHSE plans to publish an annual report that assesses its effectiveness in safeguarding patients’ confidential information, which will undergo scrutiny from the advisory group and the NDG.

5.2 Establishing a policy position: national data opt-out exemptions and national patient experience surveys

5.2.1 The process for considering opt-out exemptions

Since the national data opt-out (NDOO) was first introduced, the Health Research Authority’s Confidentiality Advisory Group (CAG) has been responsible for considering any applications from programmes that want their work to be exempt from having to apply the NDOO. Those requesting an exemption must clearly demonstrate to CAG that there will be a negative impact to patient safety if the opt-out is applied. If, after thorough analysis, CAG concludes that an exemption is appropriate, it will recommend it to the Secretary of State. The NDG has always supported this approach.

Proposed change to the process

In 2022-23, NHS England (NHSE) sought the NDG’s feedback on a policy proposal for some NHS national clinical audit and national patient outcome programmes to be granted an exemption from the opt-out without first having to go through CAG’s approval process.

NDG position on the proposed change

The NDG advised NHSE that implementing this policy alongside CAG’s existing process would introduce a two-tier process for opt-out exemptions. The NDG made it clear that she did not support a two-tier process, and that future exemption requests should continue to be heard by the CAG, so that it can continue to apply its tried and tested criteria for determining any impact on patient safety.

5.2.2 Advising on opt-out exemption transparency

Separate to this, the NDG has advised NHSE how it might improve the transparency information on its website about programmes with a national data opt-out exemption. Together with the HRA’s CAG, the NDG made suggestions about the format and level of detail appropriate to communicate the exemption process to the public properly. NHSE has been asked to provide adequate detail for all projects with an exemption; it is hoped that it will do so in the coming year.

5.2.3 Exemptions for specific national patient experience surveys

A blanket exemption for existing surveys when opt-out was introduced

When the national data opt-out came into force in 2018, government ministers agreed to permanently exempt all national patient experience surveys that existed at the time from having to apply the opt-out. Its application would have had a significant detrimental effect on the surveys. This is because it is not possible to ‘adjust’ results to make them representative of the wider population. There would have been an inherent bias in statistical results if the opt-out had been upheld. This, in turn, would have had a detrimental effect on the quality and safety of patient care.

Approach to opt-out exemptions for subsequent surveys

The Children and Young People’s Cancer Patient Experience Survey (U16 CPES) was later established in 2020 to understand the experiences of cancer and tumour care among children and their parents and carers. The results help improve children’s cancer services across England. The U16 CPES was granted a temporary opt-out exemption until the end of June 2023, and in 2022, NHS England asked for the NDG’s views on two proposals:

granting a permanent exemption to the U16 CPES
a wider policy position to exempt all future national patient experience surveys

NDG position on handling opt-out exemptions for surveys

Whilst the NDG supported a permanent exemption for the U16 CPES, she did not support a policy change to exempt all future surveys without an opportunity to review the impact of the opt-out on that particular survey. She advised that the ability to override an opt-out should only be available in rare circumstances. Those circumstances should be of such significance that, on balance, it is considered acceptable to set aside patient choice.

Rather than support an exemption to all future national patient experience surveys, the NDG informed NHSE that she would prefer to adopt a survey-by-survey review for proposed future surveys. This would allow her to determine if it is appropriate for the NDG to support its exemption from the opt-out. In undertaking this review, the NDG can consider:

who is administering the survey (and how patients might feel about hearing from them)
the contents of any proposed patient communications materials about the survey, such as its invitation letter and information posters

5.3 Consultation: police requests for third party materials

In June 2022, the Home Office began a consultation on police requests for personal data from third parties, such as the NHS, when investigating crimes. The consultation considered requests for information from third parties to be important and essential; however, it recognised that some of those requests can be highly intrusive, disproportionate, or even unnecessary. The Home Office welcomed responses from organisations or individuals involved in requesting, or fulfilling requests for, this type of information.

The NDG responded to the consultation with support from the UK Caldicott Guardian Council (UKCGC). The response strongly supported the introduction of measures (legislation or guidance) that would support the police in making requests for patient information that are proportionate and necessary and consider the legal and ethical duties of health and care professionals. It advised that when thinking about what is required and proportionate, the matter should be considered from three key angles:

the perspective of the individual and their expectations of confidentiality in health and social care services
what this means with respect to the common law duty of confidentiality
what is advised in the Caldicott Principles

The response was submitted to the Home Office on 11 August 2022 and published on the UKCGC website. The Home Office published the consultation outcome on 20 January 2023.

In 2022, the National Data Guardian provided written and oral evidence to The Science and Technology Committee’s inquiry: The right to privacy: digital data.

The inquiry sought views about sharing data across a wide range of different organisations, such as government departments, other public bodies, research institutions, and commercial organisations. The NDG’s response addressed the sharing of health and adult social care information.

The response acknowledged that improving the collection and use of health and care data will unlock further opportunities to benefit people’s health and wellbeing and ensure the sustainability of the health and care system. It also pointed out that achieving this will require a deep understanding of the uniquely sensitive, confidential nature of health and care data. Namely, data is provided by patients and service users within the context of a reciprocal relationship with the health and care system based on trust. It stated that the public should not be asked to simply trust how their data is subsequently used. Instead, the onus should be on the system to demonstrate its trustworthiness through a commitment to good governance, engagement and transparency, data security, the provision of authentic public choice, and ensuring that the public is involved in decision-making.

At the time of drafting this report, the committee had not yet published findings from the written or oral evidence they had received as part of their inquiry.

5.5 Consultation: Serious violence duty guidance consultation (PCSC Bill)

In July 2022, the NDG provided a written response to a Home Office consultation on the draft statutory guidance on serious violence duty issued under the Police Crime and Sentencing Courts Act (PSCSCA) 2022.

Many elements of the guidance fell outside the NDG’s remit. As such, the NDG’s response only focused on the aspects relevant to the health and adult social care system: namely the sections on information sharing and sector-specific guidance for health. The comments provided were aimed at helping the Home Office produce more precise guidance that was easier to interpret.

Overall, the NDG welcomed this important guidance, which will support the vital work required to tackle serious violence, allowing it to be undertaken consistently, and in a way that maintains trust in the confidentiality of our health and social care services.

5.6 Medical examiners system: confirming direct care as the lawful basis for accessing a deceased person’s medical record

Medical examiners are senior medical doctors who provide independent scrutiny into all deaths not being handled by a coroner (known as non-coronial deaths). Medical examiners’ offices in England are located in hospital trusts and previously only focused on the certification of deaths within the boundary of their own organisations. However, in June 2021, NHS England announced plans to extend the scope of medical examiners offices to cover all non-coronial deaths, wherever in the community they occur.

Legal basis for medical examiners’ patient record access

Medical examiners located in the same hospital trust that cared for the patient can lawfully access their confidential information on the basis of implied consent for direct care. However, if a person was not a patient at the same trust, the legal basis is less clear. To provide clarity for the system, NHSE sought section 251 support from the Health Research Authority Confidentiality Advisory Group (CAG) to permit them to set aside confidentiality lawfully.

This section 251 support is in place until 31 March 2024 and enables healthcare providers, including GP practices, to share the medical records of deceased patients with medical examiners. The approved application can be found on the Health Research Authority’s website (ref: 21/CAG/0032).

It is anticipated that new primary legislation will be enacted to provide legal certainty on this matter, removing the need for CAG section 251 support. However, this has yet to take effect.

In August 2022, the Royal College of General Practitioners (RCGP) approached the NDG with a question about the medical examiners’ legal basis. They wanted a combined NDG and UK Caldicott Guardian Council (UKCGC) opinion on whether accessing confidential patient information to investigate a person’s death could, in fact, be considered in-keeping with the definition of direct care. If so, this would enable medical examiners to function lawfully without needing section 251 support or new legislation.

Both the NDG and UKCGC consider that direct care extends after death. This means that irrespective of where the patient died, the role of the medical examiner in relation to them is in keeping with the existing definition of direct care. It also aligns with the duties of a doctor as outlined by GMC guidance in relation to care after death. The NDG continues to work with the Department of Health and Social Care and the death certification team to ensure clear messages are communicated to the system on this important issue.

5.7 COPI notices and the processing of data post pandemic

Four Control of Patient Information (COPI) notices were issued at the start of the pandemic to require the processing and sharing of confidential patient information (CPI) amongst health organisations and other bodies where it was needed to support the response.

On 30 June 2022, DHSC let three of the notices expire. However, a fourth was extended so that essential data could still be accessed for ongoing COVID-19 purposes. This was the COPI notice to general practices in England whose IT systems are supplied by The Phoenix Partnership (TPP), Egton Medical Information Systems (EMIS), or NHS England and NHS Digital. It was extended until 31 October 2022 and then again until 1 July 2023.

The NDG has continued to engage with the system about the extended COPI notices. The notices permitted approved researchers to continue using the OpenSAFELY secure analytics platform. This enabled them to access pseudonymised data stored in GP IT systems to support the health and care service’s response to COVID-19.

5.7.1 Legal basis for ongoing processing after 1 July 2023

Research and planning

Many of the uses of confidential patient information which relied on the COPI notices during the pandemic will be able to continue under Regulation 3 of The Health Service (Control of Patient Information) Regulations 2002, as the purpose of processing this information is for communicable disease or other risks to public health.

NHS England consulted with the NDG prior to issuing a data provision notice (DPN) transitioning the legal basis for the use of OpenSAFELY for COVID-19 purposes to the COVID-19 Public Health Directions 2020. The NHSE team clarified the scope of the DPN following the NDG’s review.

Direct care

A COPI notice was not needed to support the sharing of people’s data for their own care, as this already has an established legal basis: implied consent. However, COPI was considered a useful mechanism for expediting or accelerating the sharing of information for direct care in non-standard ways. For example, it allowed additional information to be uploaded into people’s Summary Care Records nationally. For these programmes, which have now taken root as standard practice in the NHS, the appropriate legal basis is implied consent. The NDG has provided specific advice to two direct care programmes that benefitted from increased take-up as a result of the COPI notices (see below).

In January 2023, the NHS Digital Summary Care Records (SCR) team visited the NDG panel to discuss a change in policy position around Additional Information in SCRs (SCRAI).

Core Summary Care Records contain basic information from a person’s GP record about their medication, allergies, and any bad past reactions to medication. They can be seen and used by authorised staff in other areas of the health and care system involved in the patient’s direct care. They are particularly helpful when someone needs emergency care.

Before COVID-19, some patients, including many with long-term health conditions, had agreed to have their core SCRs enriched with additional information (AI). This included: significant medical history (past and present), reasons for medications, care plan information and immunisations. The policy position – set in 2010 and communicated via a public-facing campaign – was that patients must give explicit consent for AI to be uploaded to their SCR.

Additional information supporting COVID-19

Because of its helpfulness in a medical emergency, additional information was automatically uploaded to people’s Summary Care Records during the pandemic. It was done without patients’ explicit consent unless they had previously stated they did not want a SCR or only wanted a Core SCR. The COPI mechanism had been used as the simplest and quickest way to communicate the changes to Summary Care Record Additional Information during a national crisis. However, when the COPI notices expired, it was sensibly determined that additional information should remain a part of SCRs. Whilst this sharing is already legally permitted under the basis of implied consent for direct care, it does contradict the original 2010 policy stance communicated to the public: that additional information would only be added with their explicit consent.

The role and value of SCRAI today (post COVID and COPI)

57.5 million SCRs now benefit from additional information, a significant increase from the 3 million before the pandemic. This increase has proven beneficial, and many clinicians now rely on SCRAI. It has become an integral part of the way NHS delivers care, providing better and safer care to patients during emergencies or unplanned situations. As a result, SCR usage has risen by 70%, and all clinicians surveyed strongly advised against its withdrawal. The NDG believes that reversing this change could hinder the sharing of crucial clinical information and create a barrier to quality care.

NDG position on policy change

Patients expect the staff treating them to have access to up-to-date information about their health and care. This is a consistent finding in public attitudes studies, including the citizens’ jury that considered SCRAI as a case study. Because it enables this sharing, SCRAI falls squarely within people’s reasonable expectations. As such, the NDG supports a permanent policy change away from explicit consent towards implied consent (noting that consent is still respected, and individuals can still opt out of AI – or having a SCR at all – if they wish).

Advice on communicating with the public

The SCR programme publicly stated in 2010, ‘Additional information will only be included in your SCR after discussion between you and your GP practice, and only if you give your permission’. And ‘We will only consider expanding the content of the Summary Care Record when we have built trust in the system and when patients request that we do so’.

Explicit consent is not usually necessary for staff to access the information they need to provide care. Still, these statements make it difficult to remove the commitment to explicit patient consent without communicating this change in policy. However, as times and expectations have moved on since 2010, the NDG advised the programme that any public and professional communications should not be burdensome: they should be proportionate and pragmatic, focusing on benefits to the NHS and highlighting that an opt-out still exists.

GP Connect allows authorised clinical staff outside of an individual’s GP surgery to see a read-only version of their records, and to share clinical data between IT systems quickly and efficiently. It makes information in a patient’s record available to all appropriate clinicians and care workers, wherever needed, to support that person’s care. It also enables GP appointments to be shared across primary care networks and with NHS 111 and updates about a person’s treatment to be sent back to their GP.

GP Connect was implemented across England at an accelerated pace during the pandemic when it was agreed that it should be enabled in all GP practices to allow better data sharing across organisations nationally. This arrangement was facilitated by a Control of Patient Information Notice (COPI Notice). However, after the COPI notice expired, NHS England wanted to make sure that data sharing via GP Connect for direct care could continue nationally rather than just within local data sharing catchment areas.

As such, it was decided that NHSE would develop a single GP Connect National Data Sharing Agreement (NDSA) to which new organisations seeking to use GP Connect could sign up. It would set out the data sharing requirements and obligations for all parties using the GP Connect tool. This was preferable to the pre-pandemic arrangement, which relied on multiple, point-to-point local data sharing agreements between organisations.

National Data Guardian position on continuation post COPI expiration

In 2022-23, the GP Connect team approached the NDG to seek feedback on and support for its plans and the new NDSA. The NDG strongly supported the national continuation of the GP Connect programme for direct care and the new NDSA, saying:

‘In line with Caldicott Principle 7, we are supportive of systems which allow health and social care professionals to share confidential patient information where this is necessary to provide care and treatment to the patient. However, in promoting this aim, the other Caldicott Principles should also be adhered to. To demonstrate adherence to these principles, the governing access to information in this system should clearly set out how the principles of necessity, data minimisation and justification of purposes should be met in the use of the system.’

National Data Guardian advice to GP Connect

The NDG supports the expansion of GP Connect to share information with clinicians and staff who need it to provide care to their patients and was assured by the programme’s clear commitment that GP Connect would solely be used for direct care.

The programme asked if the NDG felt a public-facing communications campaign about retaining national use of GP Connect was necessary. The NDG did not, as it is firmly within people’s expectations that their data should be shared to support their own care.

However, the NDG asked the programme to consider if and how the NDSA might address any expansion of access to GP Connect to ‘lesser expected’ health and care settings, so that arrangements around restricted access and patient communications might be considered.

5.10 NHS Secure Data Environments

Secure Data Environments (SDEs) provide a safe, highly controlled way for users to remotely access better-linked information while ensuring the right person, with the right permissions, gets the right data in accordance with their data sharing agreement.

The NDG supports moving away from data dissemination (sending physical copies of health and care data extracts to users) towards giving people safer, tightly controlled access in SDEs. This offers much stronger privacy, oversight, and security protections for people’s data.

As such, she welcomes the opportunity to play a part in overseeing the development of the guidance and policies that will govern how SDEs operate. This will involve reviewing and providing input into the guidance for the system and supporting the development of an accreditation framework to ensure that all SDEs meet a set of minimum requirements. The NDG wants to ensure that information governance, training, and patient and public involvement and engagement are well considered.

SDE Guidelines

In 2022-23, the NDG was invited by the team to review the draft Secure Data Environment guidelines and provide feedback. Some of the points made by the NDG included:

adding clarity around the target audience and purpose of the document
maintaining consistency of language throughout the document, particularly when describing the different use cases for SDEs for research and analysis
when addressing how SDEs will protect patient information, the guidelines should explicitly mention the Common Law Duty of Confidentiality, specifying that it must be met when accessing or using confidential patient information
emphasis on patient and public involvement and engagement needed to be strengthened, particularly regarding the decision-making processes that govern who can access data in SDEs and how it is used. Feedback made clear to the team drafting the guidelines that being transparent with patients is not the same as actively involving them in decision-making
being clearer that data will be used for public benefit throughout the document, noting the NDG’s recent guidance on public benefit
the need for intended policy or technical documents, including the promised accrediting framework, to add more detail and clarity to how the guidelines will be delivered

The team listened to the concerns of the NDG and published the guidelines in September 2022. The NDG will continue to engage with NHS England on SDEs in 2023-24, reviewing further draft project documentation as and when it is published.

5.11 Prehospital Emergency Medicine feedback

Many might be surprised to learn that once an ambulance or air ambulance staff member hands over their patient to a hospital, they don’t routinely learn what happened to them afterwards. This means they don’t know how beneficial their treatments were or how accurate their diagnosis was, making reflection and professional improvement a challenge. As feedback is vital for learning, safety and staff wellbeing, different regions across the country have devised mechanisms to ensure it can be requested lawfully.

In the East of England, this is handled by the Prehospital Emergency Medicine (PHEM) Feedback project: a collaboration between hospitals and prehospital care teams that helps prehospital clinicians learn from their previous cases. The feedback service is provided by NHS clinicians working within hospitals to:

improve clinical judgment
provide an opportunity for learning and self-reflection
debrief on atypical, critically unwell, uncertain, or emotionally intense cases
enable a higher standard of patient care by the care provider in future

In 2022-23, the NDG engaged in discussions with the PHEM project – which currently operates with section 251 support – on the legal basis for information sharing in this context. Various aspects were explored, such as patient consent, reasonable expectations, and to what extent the work can be considered direct care. These discussions are set to continue in 2023-24, with the expectation that any useful findings or decisions made about this project will also be applied more broadly across other NHS organisations.

Question 6

6.  Advice and guidance to the system

Accepted Answer

6.1 Advising NHS England on the NHS Federated Data Platform

The update provided below only covers the period until March 31, 2023. However, since then, the NDG has provided significant advice to NHS England concerning the NHS Federated Data Platform (FDP). This advice will only be reported in her 2023-24 annual report. However, given the current and considerable public interest in the FDP, the NDG wishes to signpost interested parties to what she has said publicly in 2023-24.

The NHS Federated Data Platform: the importance of building bridges with the public

Making better use of NHS data: Where we’re at with the Federated Data Platform

These public statements provide a more current view than the information below.

Work to 31 March 2023

During 2022-23, the National Data Guardian has been briefed about, and has scrutinised plans for, the new NHS Federated Data Platform (FDP) and provided advice and guidance to the programme team at NHS England (NHSE) responsible for procuring and implementing it.

The NDG supports the goals of the FDP. Improving access to high-quality data to facilitate better decision-making (ultimately improving public health and care outcomes) is a long-stated NDG ambition. However, the NDG has also raised some concerns and remains mindful of the public, professional and media criticism this programme is already attracting and the impact the programme could have on public trust.

6.1.1 Background: what the Federated Data Platform will do

The FDP will bring together data to assist staff in planning, coordinating, and providing better care for people. As currently planned, the software will ‘sit on top of’ existing IT systems and connect them, making it easier for staff to access information in one secure environment to better coordinate, plan and deliver care.

The software will be ‘federated’. This means that different providers and integrated care systems will have their own platforms that can connect and interact with each other as a ‘federation’. In theory, this will allow health and care organisations to work together more effectively by using data in a consistent structure.

The FDP will be used for the following purposes:

population health and person insight
care coordination
supply chain management
vaccination and immunisation
elective recovery

The procurement of a supplier went live in May 2023.

6.1.2 Advice given to NHS England in 2022-23

Communication is essential to public and professional acceptance

In 2022, the NDG advised NHSE that for the platform to succeed, it would be crucial to get the support and trust of the public and professionals across the system. The NDG was very clear about the need for communications and engagement. It was put to NHS England that it should find a way to explain the procurement process and rationale to key audiences. Those communications should set out why, to realise the benefits, NHS England was proposing it must use a single platform provider (rather than a small number of providers who are able to scale nationally and incorporate existing local and national technology).

Later in 2022, the NDG further advised that NHSE must dedicate enough time and resources to effectively engage with people’s concerns. This would enable the programme to develop an approach and a communications strategy that listens and responds to people’s worries whilst also being honest about the risks and trade-offs the programme entails.

The NDG also repeated that in its communications with the public, the FDP programme must be transparent and always strive to provide clear, easy to understand explanations of how the platform will work and what it will do. This information should be publicly available, easy to find, and accessible. The NDG advised that future communications should clearly explain:

the core functions of the platform
what data it will use
how it will use it
who can see it
the benefits of the programme and, just as importantly, the risks
the choices people have regarding the use of their data in the programme
the relationships, links, dependencies, and communications of this FDP to other national data programmes

Commercial involvement in data: the conditions for public trust

Regarding public nervousness around third-party involvement in the FDP, the NDG reminded NHS England of the findings from past research, which say that public is more likely to accept commercial involvement in data projects if the following conditions are met and clearly demonstrated:

there is a clear and logical rationale for engaging a commercial organisation
the selected organisation is demonstrably trustworthy to the public
public benefit outweighs private profit
adequate safeguards are in place

The NDG wrote about this in a blog post in November 2022, in which she echoed earlier advice given to NHSE – that during the procurement, it should remain mindful of NHS core values, and how the track record and values demonstrated by any organisations procured to deliver on a large-scale data programme align with them.

Communicating with the NHS workforce is equally important

The NDG also advised building professional trust for the FDP programme. To gain the support of the intended users, it was suggested the programme must devise a strategy for communicating effectively with the workforce, prioritising those most affected by the implementation. The NDG emphasised that a well-planned campaign using clear messaging would help mitigate negative staff reactions by clearing up uncertainty and confusion. Professional support is inextricably linked to public support. It is also essential for both uptake (and thus value) and the smooth implementation of the FDP across the sector.

Learning lessons from past national data programmes

The NDG advised NHS England to heed the hard lessons learned by the General Practice Data for Planning and Research (GPDPR) programme, when it failed to communicate to public and professional satisfaction about its plans for their data.

The FDP programme was urged not to ignore factors affecting public trust. Recent events have shown what happens when the media raises data privacy concerns about large national data programmes. The fallout can be very damaging for the NHS: public disquiet, a rejection of the initiative, suspicion of government motive, and, ultimately, damage to people’s trust in the system’s ability to keep their data confidential.

Consequently, this results in increased opt-outs, which has serious and lasting implications for the better use of health and care data for planning, research and innovation. Another significant rise in opt-outs will affect the quality of datasets, and potentially the reliability of conclusions that can be drawn from research carried out with that data. Data and the rich insights it holds are our shared national asset. To protect its integrity and immense potential to serve the public good, NHS England and the government must take all necessary measures to avoid a repeat of GPDPR.

Other key considerations

The NDG has also drawn attention to concerns expressed by members of the public and professionals about:

potential vendor lock-in
comprehensive information governance guidance, clear governance frameworks and security measures for the platform
providing clarity about the choices people have regarding the use of their data in the programme and their ability to opt out
explaining the relationships, links, and dependencies of this FDP to other significant national data programmes via cohesive (not siloed) communications

The NDG will continue to advise NHS England and Department for Health and Social Care officials and government ministers on this issue, whilst engaging with the perspectives of other stakeholders, professionals, and the public about it.

6.2 Helping to develop better information governance guidance: Health and Care Information Governance Panel working group

As part of the Health and Care Information Governance Panel (HCIGP) Working Group, the Office of the National Data Guardian has continued to help shape the national guidance that staff access on the NHS Transformation Directorate Information Governance portal.

The portal is an important resource as it brings together in one place clear, consistent national guidance to help staff use information appropriately to support care. Each piece of guidance has sections aimed at patients, frontline staff, and information governance professionals. The group reviews and provides input into guidance drafted by its members before receiving approval for publication from the Health and Care Information Governance Panel Working Group. This year, it has produced guidance on:

National information governance templates

The group also contributed to a suite of universal IG templates created by a dedicated ‘task and finish’ group to support the lawful use of data within health and care. The NDG and her team supported the development of the following templates:

data sharing and processing agreement
data protection impact assessment
privacy notice
information assets and flows register

Rooted in best practice, the templates will improve quality and standardisation by replacing many locally produced templates. It is not mandatory to adopt the templates. Still, all organisations using and sharing health and care information are encouraged to use them to reduce duplication and facilitate collaborative work across the system.

In partnership with NHS England, the Department of Health and Social Care has developed a What Good Looks Like framework to support the use of digital technology in adult social care. It supports local authorities and care providers on their digital transformation journey by setting an agreed standard of what good digital working looks like across seven success measures.

The NDG was invited to engage in the development of the framework, providing feedback on initial drafts and offering expert input on the use of data. Though the framework’s value was recognised, the NDG felt that the advice on information governance could be made clearer by improving the distinction between data use for direct care and data use for secondary purposes. After sending detailed written feedback to the project team, Office of the National Data Guardian staff met them to suggest an approach to enable clearer messaging about the IG requirements for local authorities and care providers.

6.4 Advising on a redraft of the 2011 Good Practice Guidelines for GP electronic patient records

In 2011, the Department of Health and Social Care (DHSC) published The Good Practice Guidelines for GP electronic patient records - version 4. These guidelines are a reference for all those involved in developing, deploying and using general practice IT systems.

In 2020, DHSC began an update to the guidelines, and the Office of the National Data and Guardian and UK Caldicott Guardian Council (UKCGC) are supporting this work. In 2022, they reviewed and advised on sections relating to information governance. Members of UKCGC led on providing feedback on two chapters: Subject Access Reviews (SARs) and Consent to Record Sharing. The updated guidelines are still awaiting publication.

6.5 Responding to ICO anonymisation, pseudonymisation and privacy enhancing technologies guidance consultation

The NDG continued to work with the system to provide feedback on draft guidance published for consultation from the Information Commissioner’s Office (ICO) on anonymisation, pseudonymisation and privacy enhancing technologies. This guidance will fill a significant gap in the available advice on ensuring that anonymisation is effective.

In 2013, the NDG’s Information Governance Review urged NHS and social care organisations to, wherever possible, use information rendered anonymous in line with the ICO’s Code of Practice on Anonymisation. But as technology and the regulatory landscape have developed with the introduction of new data protection legislation, the 2013 Code has become outdated, leading to the ICO’s current updated suite of draft guidance.

The NDG collaborated with other key stakeholders on the Health and Care Information Governance Panel (HCIGP) to provide joint responses to the consultation, which closed in December 2022. In response, the ICO said it intended to change the guidance significantly.

It has now separated the guidance into two distinct products:

It will also include more case studies to demonstrate effective methods for achieving anonymisation. The request for more case studies has been a recurring theme across health and care, so the NDG welcomes this decision. The ICO is working on a health-specific case study on synthetic data with the HRA.

The anonymisation and pseudonymisation guidance has now been paused for review from 2023 to 2024. This is to ensure the ICO can consider any changes which may need to be made to it as the Data Protection and Digital Information Bill progresses through Parliament. As this work resumes, the NDG will continue to work with the HCIGP to offer joint advice and feedback to the ICO relating to the processing of confidential information in health and adult social care.

6.6 Advising the General Practice Data for Planning and Research project through its advisory and assurance boards

The NDG continued to support the ambitions of the NHS England’s General Practice Data for Planning and Research (GPDPR) programme. GPDPR proposed to replace the 10-year-old system that currently collects GP data, the General Practice Extraction Service (GPES), with an improved solution. It intends to put in place a new system for GP data collection that provides stronger privacy protections for data and reduces the workload of general practices. Notably, GPDPR intended to replace 300 individual collections with one single collection.

However, the programme was paused in 2021 after public and GP concerns led to a significant increase in opt-outs. The NDG and others advised a delay to the launch of GPDPR so that the public could be told more about it and trust could be regained. As a result, the government pledged only to commence data collection after four conditions had been met. This included implementing a secure data environment (for safer access to that data) and delivering an engagement and communications campaign.

Since the pause, the NDG has continued to advise the programme through active membership in the groups it established to provide expert assurance:

GP Data Check and Challenge Advisory Group

GPDPR IG Expert Liaison Group

GP Data Patient and Public Engagement and Communications Advisory Panel

The programme has made some good progress, particularly in the formal quantitative and qualitative public attitudes research it carried out with the public and professionals. However, it has not yet met the four conditions it set.

The NDG will continue to support the programme’s ambitions in 2023-24.

6.7 Advising Integrated Care Boards: ensuring appropriate legal bases for local shared care record data processing activities

Integrated care systems (ICS) have the potential to revolutionise joint working in local areas by connecting hospital and community care, physical and mental health and health and social care services. Fostering collaboration between health and social care partners is a worthy goal that the NDG supports. Ensuring that frontline staff feel confident to share relevant confidential patient information (CPI) across health and social care organisations where this is appropriate for individual patient care is also an important aim wholeheartedly supported by the NDG.

Processing of CPI in ICSs for secondary purposes

To fully maximise the potential of integrated care, CPI must be used in demonstrably ethical and legal ways to win the trust of healthcare professionals and patients alike. However, over time, the NDG and UK Caldicott Guardian Council both received reports that some local shared care record schemes were processing CPI for specific secondary activities without first ensuring that the processing did not breach confidentiality. These activities included risk stratification and population health management.

To address this problem, in September 2021, NHSX wrote to data protection officers. They were reminded that sharing patient and service user information for purposes other than direct care requires careful consideration, and that joint data controllers within ICSs and partnerships must ensure that all data processing for secondary purposes is lawful.

A year later, the problem persisted. And so, in November 2022, the NDG and the UK Caldicott Guardian Council chair wrote a joint letter to all senior information risk owners of integrated care boards. The letter provided guidance on how organisations can safely process CPI to avoid breaching confidentiality. It identified four specific processing scenarios and advised on the scope of existing legal gateways for each. The Office of the National Data Guardian then attended the Information Governance and Data Forum to answer people’s questions about the letter. The forum is hosted by NHS England and attended by information governance representatives from all integrated care boards.

With regard to risk stratification and population health management, the NDG is engaging with the Health Research Authority’s Confidentiality Advisory Group and NHS England’s Transformation Directorate, who are working with ICBs to help them understand the current requirements and assurance for existing section 251 support for risk stratification. Together, these organisations are developing a coordinated action plan that considers future support for existing and planned risk stratification activities.

6.8 Advising the team accelerating citizens’ access to their GP records through the NHS App

The NDG continued to support and advise the Accelerating citizen access to GP data programme in 2022-23. The programme aims to empower patients to keep track of their own health information by using the NHS App and other patient online services to view their information in real-time as it is added to their GP record. This is known as prospective access, which means people only see information added after the date their online access was enabled.

The NDG is eager to see this programme succeed. She has long been a proponent of encouraging people to actively participate in their GP records. The best way to support individuals in better managing their health is by ensuring they can do this in an informed manner. However, she has consistently emphasised that record access must happen safely. This means ensuring the GP workforce is prepared. Practices must feel equipped to deal with the change and reassured that risks have been addressed so that record access does not compromise patients’ physical and mental well-being.

NHS England was due to enable access on 1 November 2022 for all patients over 16. However, this date was revisited after concerns were raised by the British Medical Association (BMA) and the Royal College of General Practitioners (RCGP). GPs felt the change was landing at a time of unprecedented pressure for them. They wanted more time to prepare and stronger reassurances around clinical safety. NHS England agreed to continue to work closely with the GP community to address remaining concerns.

The NDG has been monitoring NHSE efforts, outlined below, to address the concerns raised by the community.

Changes to implementation: Instead of a single national switch on, NHS England moved to a phased deployment, starting with practices that identified themselves as ready. In February 2023, 1406 practices were enabled, giving 12.5 million people access. Practices were closely monitored, and many reported no increased workload or clinical incidents. As of August 2023, 1,637 practices (25.9%) had enabled access for their 8.1m patients (27.9%). Furthermore, GP contract changes made in March 2023 require all practices to provide prospective access by 31 October 2023 unless exemptions apply to individual patients. They can do this using national capabilities provided by the programme, or manually. The changes also require GPs to enable online access to full historic records if a patient requests it in writing.
Improved guidance and support for GPs: To better support GPs, NHS England worked with the RCGP to produce national guidance, a suite of tools and a practice support package.
Assurance on clinical safety and safeguarding: An independent agency completed a clinical safety case. This is a requirement of healthcare organisations when they design and implement changes to IT systems; they ensure that the system’s use in its operating environment is acceptably safe. Two groups were also formed to advise NHS England on the safety case and implementation: the Safeguarding Reference Group (made up of GP safeguarding leads) and a Clinical Advisory Group (made up of RCGP and BMA members).

The NDG will continue to support and monitor the progress of patient GP record access and looks forward to finding out more about the development of services enabled by records access based on the evidence of the benefits for patients and practices.

6.9 Developing learning and training for Caldicott Guardians

6.9.1 elearning for Caldicott Guardians

In partnership with the UK Caldicott Guardian Council and Health Education England, the NDG published the final sessions in the elearning programme The Role of the Caldicott Guardian. The e-learning programme offers three, audience-specific modules:

a module for new or existing Caldicott Guardians – explaining how the role fits into the broader information governance assurance framework, it is intended to help Caldicott Guardians arrive at lawful and practical decisions regarding the protection and sharing of data. It also looks at what support and resources are available to them.
a module for senior leadership team members – intended for those who appoint, work alongside, or otherwise support a Caldicott Guardian. This module explains the significance of the role, including how their work represents the best interests of patients and service users and how they impact the organisation’s decision-making processes.
a module for all staff – intended for the general workforce, to improve people’s awareness of the importance of Caldicott Guardians and confidentiality in health and care.

6.9.2 Professional standards and training courses for Caldicott Guardians

The Office of the National Data Guardian (ONDG) is helping the UKCGC to deliver its priorities for 2022-23. This includes improving the information available on the professional standards expected of Caldicott Guardians, and enhancing accessibility and standardisation of training courses for Caldicott Guardians. To this end, in January 2023, the UKCGC established a working group, with support from the ONDG, to consider training courses and professional standards.

6.10 Advising the Association of the British Pharmaceutical Industry on trust and transparency

In July 2022, the Association of the British Pharmaceutical Industry (ABPI) published five principles for the analysis and use of health data. These principles build upon the existing regulations and safeguards which govern access to secure and de-identified health data. ABPI members will follow them when using NHS data for research purposes. They aim to support transparency in the industry’s use of health data to build public trust.

The ABPI is keen to engage with stakeholders following the publication of its principles to understand how it can most usefully support public engagement and dialogue around the use of health data. To this end, it hosted a meeting of representatives from patient groups, health and care systems, medical research charities and clinical groups to help determine how the industry could work with system partners to communicate how and why the pharmaceutical industry uses health data to improve patient outcomes. Staff from the Office of the National Data Guardian attended. They highlighted the findings from the NDG’s public benefit guidance. This included the importance of transparency and demonstrating public benefit wherever a use of data has both a public and a private (e.g., commercial) benefit.

6.11 Helping urgent community response teams to access patient information safely and appropriately

In June 2022, the clinical advisor to the central ambulance team at NHS England contacted the NDG and the UK Caldicott Guardian Council (UKCGC) with a question about access to confidential patient information (CPI) by urgent community response (UCR) teams.

UCR teams provide clinician-led, NHS-commissioned individual care to patients. Before an individual enters their care, they need access to their clinical information to assess whether they are suitable for the care services they provide. They sought the NDG’s view on whether UCR teams’ access to CPI, to support this assessment, was appropriate and proportionate.

The NDG and UKCGC confirmed that providing clinicians with access to a person’s clinical information to assess if a particular service is suitable for their needs is essential to providing appropriate care. However, they reiterated the need to follow the Caldicott Principles, considering both what is proportionate in the context of emergency care, and what is possible within the system’s capabilities.

6.12 Supporting the development of guidance for organisations impacted by the August 2022 cyber-attack

In the summer of 2022, Advanced, a software systems supplier to NHS Trusts and many care organisations, experienced a ransomware cyber-attack. As a precaution, some of the systems that Advanced provide to the NHS were taken offline, including Adastra, which supports staff in emergency care and NHS 111 call centres. While some of the impacted systems were reconnected quickly, others remained unavailable for a number of months.

The attack disrupted many organisations’ day-to-day operations, leaving many care professionals without access to systems. NHS organisations implemented business continuity measures to ensure safe care for patients continued to be available, however these processes were more laborious and created a backlog of handwritten clinical notes. These business continuity measures were generally designed for more short-term outages and the length of the outage placed significant strain upon these measures.

NHS England (NHSE) officials kept the National Data Guardian updated on the cyber-attack and sought advice as the various organisations dealt with the issue. Detailed feedback was given by the NDG on draft guidance for organisations affected by the confidentiality breach.

The NDG remains concerned about both the breach of confidentiality (and the damage done to patient trust), and the clinical safety risks arising from not having access to critical systems and accurate patient records. NHSE is conducting a review of the attack, its impact, and the response, and the NDG awaits its findings.

6.13 Supporting the Healthcare Safety Investigation Branch (HSIB) investigation: Access to critical information at the bedside

The Healthcare Safety Investigation Branch (HSIB) undertakes investigations to identify factors that have harmed or may harm NHS patients. Sparked by a case concerning the misidentification of a ward patient with serious consequences, it undertook a national investigation to explore the factors affecting staff’s ability to access critical patient information at the bedside.

The investigation found variations in what information is visible to identify patients at their bedside on hospital wards. Each hospital had information governance policies, but staff described confusion and ambiguity when interpreting what identifying information could be made visible. The investigation aimed to improve patient safety by supporting staff in accessing critical information about patients at their bedsides in emergency situations.

The HSIB worked with the NDG to develop one of the safety recommendations in the report:

“The Office of the National Data Guardian supports local interpretation of the Caldicott Principles to give organisations and staff the confidence to display full patient names at the bedside to support correct patient identification for safer care.”

The NDG welcomed this recommendation. She confirmed that hospitals displaying a patient’s full name above their bed or on the door of their room, so that they may be correctly identified in an emergency, is consistent with both Caldicott Principle 7 and the Health and Social Care (Safety and Quality) Act (2015). The NDG then worked with the HSIB communications team in February 2023 at the launch of the HSIB’s report Access to critical patient information at the bedside to help promote the message to frontline staff.

The NDG also considered the display of other critical patient information to be important, but more complex. It would be for individual organisations to determine what information is critical and appropriate to display in an emergency. This depends on the local context, clinical situation, patient wishes, and whether it is necessary for information to be displayed where it might be visible to those not providing care.

In its data strategy, Data saves lives: reshaping health and care with data, the Department of Health and Social Care (DHSC) committed to producing a data pact with the public, saying it would engage with the National Data Guardian (NDG) during its production. This pact would outline how NHS England will use health and care data, and what expectations the public can have regarding the handling and use of their data.

During 2022-23, the NDG provided guidance to the DHSC on the pact’s production process and themes it might explore with the public to inform its contents. Initially, DHSC was committed to delivering the pact by December 2022 and presented a draft for review in September of the same year. However, both the NDG and the National Data Advisory Group suggested that the DHSC should rethink its approach. It was felt that more time and thought were needed to ensure the public was adequately involved in the production process.

The NDG hopes to see suitable public involvement in the data pact in 2023-24, so its content represents what people would expect and accept.

6.15 Supporting the Data Security and Protection Toolkit team

The Data Security and Protection Toolkit (DSPT) is an online self-assessment tool that allows organisations to measure performance against the National Data Guardian’s 10 data security standards. All organisations that have access to NHS patient data and systems must use this toolkit to demonstrate that they are practising good data security and handling personal information correctly. It is the standard for cyber security and data protection across health and social care. In addition, it is an effective mechanism for communicating with organisations about things they must do around cyber and information governance.

DSPT annual returns: findings for 2021-22

The NDG is always interested in the findings from the DSPT annual returns, and in September 2022, the team visited panel to discuss the results of the 2021-22 submissions. Over 48,000 organisations completed DSPT in 2021-22, a 10% rise compared to the previous year. About two-thirds of NHS trusts met or exceeded the standard, and the majority of remaining trusts that had not met the standard had agreed improvement plans in place. For NHS trusts, the most challenging areas were: ensuring 95% of staff data security trained annually, assurance for connected medical devices, training for boards, security patching and cyber business continuity planning.

Adult social care engagement continued to grow, with nearly 19,000 new organisations completing it for the first time in 2021-22. However, social care – particularly smaller organisations such as care homes – frequently struggle with the basics, such as appointing a nominated data security lead or putting basic security measures such as encryption and system patching in place. The NDG was reassured to learn the information about where these issues sit that can be taken from these statistics, enabling the data policy team to understand better where support and services are most needed at a system level to help organisations – particularly smaller ones – tackle those challenges.

Compliance with national data opt-out policy

At the time, compliance with national data opt-out policy was not yet mandatory. Nevertheless, the panel was interested in the team’s information on compliance and was encouraged by the number already confirming it:

NHS trusts and CSUs – 82%
CCGs, DHSC and ALBs – 86%
Social care, pharmacies, opticians, dentists, charities, hospices, suppliers, researchers and others – 72%
GPs – 75%

They are interested in seeing how this develops for 2022-2023 DSPT submissions now that opt-out compliance is mandatory.

NDG input into the DSPT team’s work

During 2022-23, the NDG’s team participated in discussions about changes to the DSPT, including ideas for improvements and new requirements. They also reviewed and provided feedback on 10 DSPT assessment guides, which provide more information on each data security standard, including suggestions and examples of how they might be achieved.

6.16 The ‘Maternity and neonatal services in East Kent: Reading the signals’ report: engaging with the review team about data

In February 2023, Dr Bill Kirkup and John Cairncross attended the NDG’s panel to present the findings of their review: Maternity and neonatal services in East Kent: ‘Reading the signals’. Published in October 2022, the report covered the significant clinical safety failings of maternity services in two hospitals between 2009 and 2020.

The presentation outlined the underlying problems that led to the review and set out its four proposed action areas. Of most interest to the NDG was ‘Key Action Area 1: Monitoring safety performance – finding signals among noise’, given the part that better data could play in alerting organisations to safety concerns sooner.

Dr Kirkup is hoping to set up a project to develop a maternity signalling system, which will include outcome measures. Other specialties, such as cardiac surgery, have shown that this can be done, and the same techniques, with modifications, could also be adopted by maternity services. Dr Kirkup was awaiting a formal response to his review but reported that NHS England was keen to take this work forward.

The NDG agreed that the review’s findings clearly illustrated that better routine visualisation and use of data is needed to identify unacceptable variation in care and to help prevent catastrophic failures. The NDG has a strategic priority to encourage the safe, appropriate, and ethical use of data and so fully supports the review’s recommendation on data use.

6.17 Engaging with the Health and Justice Information Services

The Health and Justice Information Services (HJIS) is a national programme of work to upgrade the clinical IT system in England with access to NHS Spine services. The system is used for adults and children in the secure and detained estate, such as prisons and youth offender institutes. NHS England commissions and funds both the system and programme.

In June 2021, the team had attended panel to request a NDG review of the programme plans and in 2022 the NDG sought an update on how those plans were progressing. The programme attended panel in September 2022 to inform the NDG of its project to allow the electronic transfer of a patient’s medical record into and out of the secure and detained estate. Before this change, those treating patients in the secure and detained estate only had access to limited information about them through their Summary Care Records. There was no transfer in of their full electronic medical records.

Thanks to the HJIS team, this has now changed. If a patient chooses to GMS register (register with a GP), their full electronic patient record can be transferred across the estate, and then back out to their GP in the community following their release. This change currently only applies to the adult male and youth offender estate, with plans to roll it out to the adult female estate in quarter 4, 2023-24.

The NDG and panel members voiced strong positive support for the progress made in facilitating continuity of care for those in the detained estate, many of whom are recognised to have significant mental or physical health challenges. The NDG looks forward to continuing to advise and advocate for this exemplary programme in the coming year.

6.18 Engaging with the Centre for Improving Data Collaboration

[The Centre for Improving Data Collaboration (CIDC) sits within NHS England and was created to support the health and social care sector to enter into data-sharing partnerships that benefit the NHS, patients and the public. The Centre has a public and policy mandate to get ‘fair value’ back for the NHS from NHS data and NHS knowledge assets.

In 2022-23, the NDG continued regular engagement with CIDC. To ensure that the NHS is joined up and aligned in its terminology, the Office of the National Data Guardian consulted the CIDC during the production of its public benefits guidance. CIDC staff advised on the appropriate language to use to describe fair terms, and the recognition of the value of NHS data in commercial agreements. This ensured NDG guidance was appropriately aligned with CIDC’s Value Sharing Framework. In addition, CIDC attended the NDG’s panel to discuss its commercial principles for data access.

6.19 Supporting engagement with the public on data use for AI

Data stewardship involves deciding who gets to access data for research and development purposes. Current approaches to data stewardship often lack adequate and appropriate participation from the public, which is a particular problem when it comes to health data use in artificial intelligence (AI), given the ethical risks that AI systems pose. The public must have a voice in these conversations, as public scrutiny can increase transparency and positively influence the design and accountability of complex AI systems.

In 2022, The Office of the National Data Guardian joined the oversight group for a public dialogue programme commissioned by the NHS AI Lab’s AI Ethics Initiative. The dialogue sought to understand the risks and benefits of specific data stewardship approaches from a public perspective, including expectations of how the public should be engaged in decisions about data access for AI purposes in health and care.

The findings were published in November 2022 and were used to inform the specification for a piece of research put out for tender in February 2023. The supplier awarded the research contract will ‘design and assess the feasibility and merit of data stewardship models that could increase visibility over health data, transparency over its use, and empowerment of patients and the public in decisions about granting access to it for AI purposes.’

A member of the NDG team has been invited to sit on the oversight group for the next phase of the project, which will undertake quantitative and qualitative research to involve users (including patients and the public) so that their opinions inform the design of the data stewardship models.

6.20 Engaging with the National Disease Registration Service and National Cancer Registration and Analysis Service

The National Cancer Registration and Analysis Service (NCRAS) is part of the National Disease Registration Service (NDRS) at NHS England (was NHS Digital). It provides comprehensive, quality-assured data services covering the entire cancer pathway of all patients in England. NCRAS collects data about, and then follows up, all patients diagnosed with cancer in England each year, building a longitudinal, health-care event-based linked dataset on every cancer patient. This data is vital for cancer care planning and research into new treatments (and the effectiveness of existing ones).

The intelligence provided by NCRAS is deemed so crucial that it has an exemption from the national data opt-out. However, the service still offers a bespoke opt-out system to accommodate those who feel strongly about their data being on the register.

In May 2022, representatives from the NDRS and NCRAS attended NDG’s panel to provide their annual summary of activity surrounding the bespoke opt-out, explaining how it is managed and how they handle inquiries. Additionally, they discussed communications and engagement, including plans to develop a new website with a section for patients.

In November 2022, the NDG was invited to review the NDRS beta website and praised the team’s work, especially the inclusion of data stories, which effectively explain the benefits to patients. The NDG and her team, including panel members with communications expertise, reviewed the website and suggested enhancements.

Question 7

7.  Supporting the system through board and panel membership

Accepted Answer

The NDG provides much of its advice and guidance through regular meetings and participation in different boards, panels, and groups. In the year 2022-23, the NDG or her representatives attended the following (some of which have since been disbanded):

Question 8

8.  Priorities 2023-2024

Accepted Answer

The priorities below describe the work the NDG and her team in the Office of the National Data Guardian (ONDG) will deliver in 2023-24 to support their strategic objectives.

8.1 Supporting the system with advice and guidance

Consistent with the priorities set for the financial year 2022-23, the majority of the ONDG’s time in 2023-24 will be spent supporting and advising the health and social care system – at policy and programme level – to ensure that uses of confidential patient information are demonstrably trustworthy. Below are some of the highest priority programmes, policy areas and initiatives, but this is not an exclusive list:

progress towards commitments made in Data Saves Lives
the NHS Federated Data Platform
revising opt-out policy
how appropriate access is given to data for planning and research
implementation of the NHS Research SDE Network and data access policy
influencing delivery of DHSC’s large-scale public engagement commitments
systems and processes that enable better sharing for direct care

8.2 Reactive work

Throughout the year, the ONDG handles a significant amount of reactive work generated by requests for advice and support from both the system and the public. While it is impossible to account for this in advance, it will be reported on subsequently in the annual report for 2023-24.

8.3 Reasonable expectations research project

As previously mentioned, the ONDG has initiated a significant research project involving the public to understand better whether it is possible to create clear expectations regarding the use of confidential patient data for purposes other than care delivery. Specifically, this project will look at two existing NHS planning activities: population health management and the quality assurance of NHS bowel cancer screening services. The NDG will work with its NHS project partners and specialist research partner, Thinks Insight & Strategy, to determine what actions might be required to create those expectations. In addition to its core work advising the system, this project will remain the NDG’s principal focus for the next two years.

Question 9

9.  Financial statement

Accepted Answer

The National Data Guardian (NDG) is a non-incorporated office holder who does not employ staff, hold a budget, or produce accounts. The Department of Health and Social Care (DHSC) holds the budget and reports expenditure through the DHSC Annual Report and Accounts.

The budget meets the costs of:

The Office of the NDG, hosted by NHS England
the work of the NDG and the advisory panel
the work of the associated UK Caldicott Guardian Council
events, public engagement, and legal advice
the remuneration of the NDG

Except for the NDG’s remuneration (the NDG is paid as a public appointee), the NDG has the flexibility to determine the allocation of the available budget according to in-year priorities.

For 2022-23, the budget was £788,208.

Question 10

10.  Appendix A: NDG panel members

Accepted Answer

The following panel members supported the NDG during 2022-23:

Dr Joanne Bailey
Dr Chris Bunch
Sam Bergin Goncalves
John Carvel
Professor Ian Craddock
Dr Arjun Dhillon
Dr Edward Dove
Dame Moira Gibb
Dr Fiona Head
Mr Adrian Marchbank
Maisie McKenzie
Eileen Phillips
Rob Shaw
Jenny Westaway
Professor James Wilson

Read NDG panel member biographies.

Panel members who left part-way through this financial year:

Andrew Hughes
Rakesh Marwaha

Cookies on GOV.UK

Applies to England

1. Introduction by National Data Guardian for health and social care, Dr Nicola Byrne

2. About this report

3. What the NDG does