Department of Health bids to make sharing patient data safer

DoH wants to reduce the risks of individuals being identified through their data

The Department of Health (DoH) has opened up a consultation with the intention to create new safeguards around information sharing within the organisation.

The Parliamentary Under Secretary of State for Health, Dr Dan Poulter, said that the department wants to establish clear rules around the use of data that could potentially identify individuals circulated by accredited safe havens (ASHs) and the Health and Social Care Information Centre (HSCIC).

The department said that its vision was for ASHs to provide a secure environment within which data that could potentially identify individuals can be lawfully processed for "a limited range of approved purposes".

The DoH didn't identify the processes it was referring to but said that it would be put under controls that minimise reliance upon identifiable data.

It ultimately wants to reduce the risks of individuals being identified through their data.

"In line with the Data Protection Act and the Caldicott principles, ASHs will be expected to use only the minimum data necessary for their purposes," the consultation document states.

NHS England's controversial care.data programme is not covered in the consultation paper, but data collected under the initiative could be disseminated to accredited safe havens by the HSCIC, or passed on around broader use of care information, the document said.

The department said that it had become clear that there were significant concerns about the potential for misuse of this information.

"The government continues to learn about the public's attitudes towards the use of their data, including through the work done around the introduction of the care.data initiative, and the research into public and professional attitudes towards that initiative is ongoing," it said.

"In particular, it has become clear that many people are unhappy about information being passed - even in a form where the risk of re-identification of individuals is remote - to insurance companies or commercial bodies that might seek to use it for purposes that many would find unacceptable," it added.

The guidelines suggest that individuals who "opt out" of their personal data being kept to be used should have their objection respected and their data "will not be used".

Poulter said that the DoH intends to make clear, through regulations, that there must be no abuse of trust and that information collected for important purposes like commissioning or delivering public services will be used appropriately and subject to strong security controls.