Official Report: Minutes of Evidence

The Chairperson (Ms Maeve McLaughlin): I welcome Professor Roy McClelland, chairman of the Privacy Advisory Committee and Dr Colin Harper, assistant director of the Law Centre. Thank you for coming to the Committee today. I will hand over to you to make your opening remarks, after which we will open the meeting up for questions or comments.

Professor Roy McClelland (Privacy Advisory Committee): On behalf of the Privacy Advisory Committee for Northern Ireland, I thank you for the invitation to present our consideration of the draft Bill. Dr Harper and I, while representing our respective organisations, have a high measure of agreement on our comments. This reflects more than 10 years of common endeavour in this area, including serving at separate times on the committee responsible for administering and implementing the corresponding legislation in England and Wales. To avoid unnecessary repetition, I shall focus primarily on the case for having legislation, and Colin will focus primarily on the proposals in the Bill.

We have noted the various issues and concerns that have been raised by members of the Committee and by some of your MLA colleagues. At the outset, I will put my hand up concerning the present proposals. The Privacy Advisory Committee has been pressing the Department for some time to bring forward legislation. I must also acknowledge Dr Harper, whom we commissioned to evaluate the evidence around the need for legislation. That said, the Privacy Advisory Committee sees its role as a champion of information privacy and patient confidentiality throughout the health and social care family. On a personal note, I have been closely involved with patient confidentiality in the health service for the last 20 years, first as chairman of the Royal College of Psychiatrists' privacy advisory committee and most recently as a member of the General Medical Council (GMC) task force, reviewing its confidentiality guidance to UK doctors.

Given some of the concerns that have been raised about the Bill's proposals, evidence from the work and the experience of the Privacy Advisory Committee might assist you in your appraisal of the Bill. One of the tasks of our committee has been to develop and keep up to date a code of practice on confidentiality. I believe that this provides the context to the question on the need or otherwise for legislation. The code of practice was first introduced by the Department in 2009 to provide practical guidance to assist decision-making concerns on the uses and disclosures of service user information. One objective of that code of practice has been to provide clarity on the differences between the sharing of service user information in order to provide a person's care and treatment on the one hand and, on the other, any proposed use of someone's information for other health and social care purposes — however important that use may be — commonly referred to as secondary uses.

As stated in our submission, the Privacy Advisory Committee has not, over nine years of its work, found any proposed use of personal information for secondary uses that would justify breaching the common law duty of confidentiality. However, there are many situations where there are important health and social care interests at stake for the secondary use of patient or service user information where the consent of service users cannot practicably be obtained. Secondary uses are increasingly required for a rational approach to providing and managing our health and social care services, for evidence-based practice and for assuring the effectiveness and efficiency of our current and future services.

I will provide you with one or two examples in a moment. First, I would like to give you a brief overview of what we consider possible ways forward, including the need or otherwise for legislation. One key option is optimising the use of de-identified information. Again, the code of practice is quite clear on this. It says:

To further this, the Privacy Advisory Committee has been advising the Department on a policy steer to establish safe haven and honest broker provisions — essentially, a de-identification service. This was for health and social care data that is already being held for direct care purposes. As you are now aware, the Department and the board have recently established an honest broker service for the health and social care family. Many of the requirements for secondary uses presently unmet, therefore, could and should be addressed through this provision in future. However, situations arise where it is not possible or practicable to obtain consent or to anonymise personal health and social care information. With optimal, honest broker services, I expect the need for legislation to be quite small. Such situations include clinically important national and regional audit and inquiry such as inquiries into asthma-related deaths, suicides and perinatal deaths. They also include work that could be achieved with specific disease registries such as the cancer registry or the cerebral palsy registry. In these situations, specific consent requirements may not be obtainable or may not have been foreseen.

One or two examples illustrate what is at stake and what the issues perhaps are. One recent example is from the Confidentiality Advisory Group (CAG) for the England and Wales legislation, for which approval was sought and given. It is the national asbestos study carried out by the Health and Safety Laboratory. Here, permission was sought by the national laboratory from CAG to contact individuals whose names and addresses were on the national asbestos register. In the case of deceased persons, permission was sought to access mortality and cancer data. The purpose was to monitor the long-term health of asbestos workers and to help determine whether the Asbestos Regulations 1969 were effective in reducing the risk of asbestos-related ill-health.

A second example also comes from a recent CAG and concerns out-of-hospital cardiac arrest. It was an evaluation by the London Ambulance Service on the effect of different airway management strategies on patient survival and their quality of life. Permission to obtain names and addresses was sought for purposes of seeking consent to participate and, for those who had died, permission to obtain mortality information. I could give you further examples nearer home, but perhaps I can leave that until our discussion. In order that such health and social care purposes can be considered, the Privacy Advisory Committee advised the Department back in 2008 and advised the Minister again in 2013 that a statutory basis for setting aside that the common law duty of confidentiality is required.

I will finish with two brief final observations. First, the proposals mostly parallel the statutory provisions that have been in place in England and Wales since 2002. Secondly, the present proposals address a gap in the law's current provision for protecting the privacy rights of users of health and social care services in Northern Ireland. Thank you. I will stop there.

Dr Colin Harper (Law Centre (NI)): I want to talk a bit more about the Bill as it is before the Committee. The amendments with respect to social care seem to me to be lifted almost entirely from the English legislation, and it is perhaps not always drafted as helpfully as it could be. The first clause does seem a bit confusing around what the law is for and its potential scope. I can see how Committee members, MLAs more generally and indeed members of the public might have concerns about just what this legislation might be used for.

From drilling down into it, it is very clear that it relates only to health and social care purposes and that, for example, if people wanted to access confidential information for road traffic management or for crime prevention, this legislation would not provide any lawful basis for doing so. It has to be a health and social care purpose. It is difficult to define more narrowly what that would be. The experience in England and Wales since 2002 gives a very extensive list of examples of the kind of measures that this legislation could deal with.

It is not enough that it has a health and social care purpose. The use of the information also has to be in the public interest. It cannot be just in the interest of the health trust or the Department. It has to serve the interests of the public of Northern Ireland as a whole. The Bill states that it makes provision for:

Although the English law has a similar phrase, I understand that it has never been used to require the processing of information. It is certainly our view that that is not appropriate; it is not clear why that was in the English legislation or why it is in this Bill. The provision should be permissive, making it possible to process confidential information rather than giving a power to anyone to require that. Other stakeholders have made written submissions to the Committee on the same point.

Obviously and understandably, confidentiality of health and social care information matters to patients and service users. It is very sensitive information that relates to some of the deepest aspects of our humanity and the most sensitive aspects of life. In England and Wales, the committee has adopted a procedure whereby anyone who objects or wants to opt out should have that opt-out respected. However, that has only the status of committee practice. The three committees, as they have existed, have all required that an opt-out should be granted in particular applications. It seems to us that, if there has never been any need to override that, the opt-out should be enshrined in the primary legislation, namely that this provides no get-out from the obligation of confidentiality if the individual service-user or patient has said, "I do not want my information to be processed in this way". I believe that that is a very important human rights safeguard, the individual's right to a private life. They can recognise the public good and it, quite rightly, recognises the public benefit from these secondary uses, but, when it comes down to it, individual patients and service-users should have a right to say, "No, I don't want my information to be used in that way". Whether that is for a good reason, bad reason or whatever reason, it should just be a protection. I think that having that right to opt out would reassure patients and the public as to what this legislation is for.

This legislation is not going to create a massive increase in confidential information flowing. These confidential information flows currently take place. Our health service could not function if these information flows did not take place. At the minute, they take place on the basis of a judgement that the public interest in disclosing the confidential information outweighs the public interest in maintaining confidential information. The duty of confidentiality is not absolute; it has always been balanced against other considerations. The difficulty with this is that there is a lack of clarity in the law. People are not aware that this takes place with their information. There is a lack of independent scrutiny of decision-making around when that balance, properly weighed, means that information can be used and disclosed. The Bill's proposal to have a committee provide that level of individual scrutiny is a real advance in the protection of the privacy and the privacy rights and interests of patients and service-users.

Those are just a couple of opening points that I wanted to make about the benefits of this legislation. There will probably be some more uses because there will be a clearer basis, whereas, at the minute, there is a risk that we are missing out on benefits because the processes that could take place if the legal basis was clearer are not taking place. However, this is not going to open the floodgates to massive flows of confidential information that are not currently taking place, in my view.

The Chairperson (Ms Maeve McLaughlin): First, thank you both for that. You know where this Committee is coming from around some of the issues around the definition of social well-being and the public interest. I suppose my question is very direct at this point. In both your views, would it be illegal, at this stage, to use that confidential data for any purpose other than what it is initially approved for? Would the Bill make it illegal to do that? Would sanctions be in place if data were to be misused? May I have your thoughts on that?

Professor McClelland: I suggest that, from the code of practice perspective, there is a clear line in the sand between direct care and other health and social care uses. When our advice has been sought, we have not found any justification for permitting a health and social care purpose that would breach the common law duty of confidentiality. In other words, it would sufficiently tip the balance that Colin referred to, except in one circumstance that we have had to deal with. That concerned information processing in relation to maternal and child deaths, a very tragic and uncommon set of circumstances. In order to improve the lot and the risks associated with perinatal care, there are many benefits from national audits and inquiries. Our advice has been sought on whether there could be a sharing of information from deceased individuals' records. We explored with the Public Health Agency how that might take place. Over recent years, in order to incorporate and learn from the shared information from England, Scotland and Wales, an officer from the board will extract information from the records of deceased individuals — a child or mother — and put it in an anonymised form with a unique identifier so that it can be combined with the national data sets. The learning information coming through on that is then made available nationally and locally without breaching confidentiality. But that officer has to go in with an honorary contract with a given trust to extract that information. We, as a privacy advisory committee, found ourselves trying to weigh up the benefits of respect for confidentiality. Confidentiality persists after death, but consent is not an option. We considered that that was a reasonable justification for allowing that processing to occur. No identifiable information was leaving Northern Ireland. That is the only example that, in our experience, we have ever felt tipped in favour of protecting the confidentiality in that very narrow sense and allowing the processing to take place.

The Chairperson (Ms Maeve McLaughlin): So, effectively, there is a line in the sand through the code of practice, except in this particular circumstance.

Professor McClelland: There is, but that is on our advice and guidance only. It is simply a dialogue; there is no statutory authority on which we can speak. There are individuals who may not wish to approach the committee and may make their own personal calculus.

The Chairperson (Ms Maeve McLaughlin): This is a general question, but, nonetheless, in terms of that clarification or line in the sand that happens through the code of practice, is it not better to have that very specifically in a Bill?

Professor McClelland: We are suggesting that the legislation would provide the means and the kinds of thresholds that ought to be sustained to give a publicly accountable process that would be human rights-proofed, rather than a kind of ad hoc arrangement. With the best will in the world, we are not, on a statutory basis, making those kinds of recommendations.

Dr Harper: The Bill states that any processing would still have to comply with the Data Protection Act, which, obviously, has an extensive range of sanctions around different breaches of its provisions. The one piece of information is subject to the Human Rights Act, the Data Protection Act and the common law on confidentiality all at the same time. Those different laws interact in different ways. The Data Protection Act has a general requirement that processing be lawful, which includes, not exclusively, that it comply with the common law on confidentiality. It is now a breach of confidence. Anything that was a breach of the common law on confidentiality would fall foul of the Data Protection Act as well in that respect, so that could trigger the full range of potential sanctions, including fines and imprisonment, that that Act holds. The Bill does not do away with the common law on confidentiality; it modifies it.

Generally, to avoid a successful action on breach of confidence, you need to have consent, there has to be a statute saying that you can process the information, or, in a situation such as child protection, there has to be an overriding public interest that justifies disclosing the person's health and social care information. In a way, the Bill creates a fourth way in which confidential information can lawfully be disclosed, namely with the approval of the committee as outlined.

However, if someone were to process information without that approval, if they did not respect some of the requirements of the process that the committee imposed, or if the Bill were amended to contain a right to opt out and someone had expressed a desire to opt out but that was not respected, the common law remedies for breach of confidence would still apply, so you could sue someone for breach of your confidentiality, just as you currently can. If I tell my doctor something and she tells her neighbour, I can sue for breach of confidence.

Similarly, if a secondary process were taking place in spite of my objection, that would be a breach of confidence too, so the common law remedies and Data Protection Act remedies as they currently exist would still apply. I am not entirely sure, in drafting terms, how additional sanctions might be added to that, because, as I said, it is not a replacement for the common law on confidentiality; it is an amendment to that. There may be ways, if the committee felt it appropriate, that breaches of the committee procedures could be added, or, for flagrant breaches, there might be some way in which a sanction could be added to further reassure people.

The Chairperson (Ms Maeve McLaughlin): In relation to the issue around the public interest, in the first clause of the Bill, 1(1)(b) has caused much of the conversation around the definition of "public interest". I think, Mr McClelland, that you had talked about that paragraph being incorporated into the preceding subsection, which would then read:

You think that "public interest" should be defined as medical.

Professor McClelland: I think the Privacy Advisory Committee's concern was that the impression given by the draft Bill was that there were two separate issues going on. One was for a health and social care purpose, a medical and health care/social care purpose, or a public interest purpose. Clause 1(1)(a) and 1(1)(b), with the "or" between them — either for improving the health service or for public interest — tended to convey that the public interest was a separate interest. As Dr Harper said, it might be other kinds of public interest, like public protection, police inquiries or whatever. That is a major source of confusion. That is not what I understand to be intended. Our committee was simply suggesting a form of words to try to make it clearer that the "and" is conjunctive, not disjunctive. It has to be for a health and social purpose and it has to be in the public interest.

The Chairperson (Ms Maeve McLaughlin): OK. That is useful to hear. In England and Wales, the Secretary of State must publish the views of the advisory committee. It seems to be proposed that the regulations "may" provide for the publication of authorisations given by the committee. Do you believe that those authorisations should be published in all instances?

Professor McClelland: There is a very strong argument for transparency. That would be in the spirit of trying to go forward. Obviously, how we manage that is downwind of the primary legislation, but I think that very serious consideration must be given to visibility.

Dr Harper: It is very important that people understand what is done to their information, particularly if there is a right to opt out in some shape or form. The right to opt out is meaningless if people do not know that there is something that they need to consider opting out of. Full transparency around the permissions that are given to process information and the kind of processing that takes place should of course be in the public domain so that patients and service users are able to make an informed judgement about interference with that fundamental right. There are also Data Protection Act requirements for processing requirements, which mean that people have to have a fair chance of understanding the processing that takes place with their sensitive personal data. I think that providing full information about what has been permitted by the committee would be necessary to comply with the Data Protection Act in that respect.

The Chairperson (Ms Maeve McLaughlin): You talked about an open-ended definition of processing and said that that is concerning. That is what I am hearing: examples of information being sold.

Dr Harper: I cannot remember exactly which clause that is, but it was not clear to me what else could be in mind. I think that it said "use, disclose or obtain information". That seemed to me to cover all legitimate possibilities but, of course, there are other possibilities. There may be others, but the one that occurred to me was selling information. If that is left open, the Department might consider whether it is a health and social care purpose to improve health and social care. It might say, "We are going to sell this information to better fund health and social care services. That is a health and social care purpose. We think that it is in the public interest." Aside from the rights and wrongs of that, the public, patients and service users would see it very differently where a private interest is benefiting from their confidential health and social care information. Closing it precludes that, or a clause might be added to say, "Nothing under these regulations can permit the use of information for commercial purposes."

The Chairperson (Ms Maeve McLaughlin): Do you think that that would be enough? That is what I am getting to. If there were a specific reference in the legislation to say bluntly that information could not be sold, would that be enough? In your view, are there other things that could be interpreted more widely?

Dr Harper: Selling is one form of using. Selling is not excluded formally and, clearly, that is always a possibility. The private interest will benefit. For example, if health and social care services in Northern Ireland are working jointly with a private company in the development of new treatments, that private company will, down the line, ultimately derive some benefit from accessing the information, but it is within a framework of taking place within health and social care services to the benefit of health and social care services in Northern Ireland. For example, a university employs researchers. The university is a private institution that will benefit from the commercial value of that research. I do not think that it is possible to exclude it completely. The public would be concerned that their information could somehow be gathered up or sold to a company and used further. I do not know whether the word "selling" is enough. Maybe the phrase would have to be something like, "private bodies deriving commercial benefit." I am not quite sure of the exact way that it would need to be drafted, but I would like to close that definition so that it is not open for the regulations to add to that list of using, disclosing and obtaining. In the primary legislation, that should be a closed definition.

Mr McCarthy: Thank you very much for your presentation. I have a couple of questions. One is for Roy and one is for Colin. Roy, could you comment further on how the Bill — I think that you mentioned it — would facilitate research work connected to registries such as the cancer register?

Professor McClelland: The first issue is to get registries on a proper legal footing. At present, for example, the large cancer registry, which is based in Queen's University Belfast, receives information from patients who have been diagnosed with cancer. They will have already told you in evidence that they have very strict security arrangements and that their management is impeccable, but the reality is that that information is obtained without patient consent. The cancer registry does an enormous amount of important work as a registry in its own right, and there is a need to put it and other similar registries on a statutory footing that recognises that, in many instances, express consent may not be readily obtainable in the real-world situation. They have to try to address this as best they can and provide an information leaflet to all patients who receive any cancer-related diagnosis. That leaflet contains information that points to the possibility that, if they have concerns about the use of their information on the cancer registry, they can either get more information or can opt out. It is called an opt-out provision, but that is different from consenting in. The countries in the UK have sought to address that by putting the cancer registry on a separate statutory footing from the other kinds of work that the advisory committee normally deals with. There is a case for considering cancer registration or registration of other conditions within the total frame of these provisions. We have other registries, like the cerebral palsy registry, and a congenital abnormality disorders registry is trying to get airborne in Northern Ireland, but there is a recognition that, now that the code of practice is out there, there are serious problems. The work of the registry would be on a much better footing, let alone all the research-related outreach, which would require either consenting in or some form of clearance through a statutory body.

Mr McCarthy: Colin, could you comment on how the Bill would enhance research into social care but also protect individuals?

Dr Harper: It is really the same issue. The Bill would allow for confidential social care information to be accessed in the same way. In many respects, social care lags behind medical and healthcare research, but the same issues apply to discharges from hospital into community care, and, given the general policy shift towards care in the community, social care obviously has a particular role in that. If you want to research how well, for instance, some kind of step-down service for discharging patients from hospital is working, it is not always possible to obtain the consent of everyone who has gone through those services in order to compare outcomes and make sure that the policy direction of services is developing correctly.

There are no issues in the Bill with respect to the distinction between health and social care information. There may be a different basis in the Data Protection Act for processing social care information compared to healthcare information, but that is really an issue for Data Protection Act compliance, and, obviously, this legislation does not modify the Data Protection Act in any way. There is a bit more clarity there, but only when it comes to specific proposals. The only point at which it is clear whether or not what is proposed complies with the Data Protection Act is when an application is made to the committee to do x, y or z. Obviously, the value of social care is another research topic. You may want to assess whether half-hour visits in domiciliary care are much better than 15-minute visits. Of course, our gut feeling would be that they are. Given the cost, however, do we not need an evidence base that ensures that our social care services are as effective and efficient as possible?

Mrs Dobson: I also thank you for your briefing. You say that, over the six years since the introduction of the Department's code of practice, you have observed a shift in standards, which you later go on to describe as "gradual". Could you explain for us in more detail what you mean by that?

Professor McClelland: When the Privacy Advisory Committee was established in 2006, our brief was to introduce a code of practice and, from our interactions with quite senior officers in the health service, including senior clinicians, it was apparent that there was quite a range of views as to what was appropriate when striking a balance in the public interest. There was a general failure to recognise the high status of patient confidentiality and the place of consent in decisions for anything else than direct care. Consent is the key, and the code of practice has tried to get that message across in a number of ways. We are responsible for ensuring that all data guardians receive proper training, and the code of practice is part of their training. We meet on a yearly basis with data guardians, and our conversations with them and the questions they put to us reflect the values that the code of practice is trying to promulgate.

It is our firm impression over the years that the level of ownership of the values in the code of practice, which I have tried to make reasonably clear to you, differs quite clearly across direct care and secondary uses, and other public interests, by the way. I think that it has taken several years of buy-in to recognise. I think that there were — in fact, I know that there were — data flows that today do not take place. There are issues around data-sharing agreements, for example, that now incorporate the requirements of the code of practice that were not there before. That is a sea change, and I think that that sea change then creates the fact that there is a problem because some of this processing is really very important. The question then is this: how do you gate that? That is why we felt increasingly that the evidence, including Colin's research for us, shows that there is a case for legislation to provide a narrow provision.

Mrs Dobson: I am very interested to hear how you feel this Bill fits in with this gradual, in your words, shift in standards. Coming back again to that gradual shift, in your opinion, is one sector of the health service performing better than another? What are the best and worst, in your opinion, regarding the shift in standards?

Professor McClelland: I do not see any particular silo of the health service that functions low on a scale of nought to 10 and another that functions high. I think that the ad hoc comments and recognition of the status of confidentiality that the code of practice brings to the table is now accepted at the level of departmental officials in trying to cooperate in national-type work of local clinicians trying to do important outcome research, for example on intensive care. The kinds of letters that we get for advice show a recognition that was not there five years ago.

Mrs Dobson: Finally, you referred to your submission to the Minister in 2013 and the recommendations on safe haven and honest broker provision. I think that you referred to a de-identification service as well. You outlined your personal opinion that it is encouraging to see the progress. Can you update us on what you feel the response was to your submission in 2013?

Professor McClelland: It was an acknowledgement of our submission.

Mrs Dobson: That was it.

Professor McClelland: That was it.

Mrs Dobson: OK. Finally, you went on to talk about Northern Ireland-wide safe haven and honest broker provision. How do you envisage that working in practice and what do you see as the major benefits?

Professor McClelland: It is early days, and one of the important components that I was very pleased to see established is a governance arrangement. A member of our Privacy Advisory Committee was chair of the governance committee, and it was setting a very high threshold for the kinds of expectations. I should say that it is modelled on another important database in Northern Ireland that I perhaps should refer to, namely the Northern Ireland Longitudinal Study database. It is established in census legislation, so it does not come under this consideration. It has sought our advice over the years, and we have seen it as an exemplar of good practice. I am pleased to note that the Department and the board, in establishing this safe haven and honest broker service, are modelling it on the Longitudinal Study database. Basically, that information can only go in in identifiable form; it cannot come back out again in that form. It is called two-way encryption, and that is the way in which we want to see this service run. I think that the possibilities for our health service are enormous.

The reality is that only so much of our personal information is held centrally in a database; I think that all the paediatric records, for example, are. A lot of our healthcare records are kept electronically in trusts, but the more that is kept centrally, the more this safe haven becomes a possibility, and a lot of the work that you would otherwise need legislation for becomes unnecessary. That is why I keep emphasising that I think, with a good safe haven working and an honest broker service, that would be the first port of call for any requests. There is a need for this body to make provision to set aside the common law to be smaller and smaller as time goes on, depending on the effectiveness of the honest broker service.

Mrs Dobson: Thank you for that succinct submission.

Mr McKinney: Thank you both for your presentation. Earlier, you referred to confusion around the opening clauses: do you think that there was any confusion in the minds of the drafters?

Professor McClelland: The privacy advisory committee is at arm's length from the Department, and we have not been short in challenging it. That is why I put my hand up at the start. It was reluctant to go down this road. Perhaps part of the reason is the difficulty in getting our heads round it. Once you open that can of worms, people do not realise just how much information-sharing goes on. My honest observation is that its intent around this is as we have tried to explain today. We have been in discussion with it about the confusion conveyed over the way in which this is drafted. This is an issue around drafting, rather than intent.

Dr Harper: This seems to be lifted straight from the English legislation, certainly the 2006 version, which goes back to 2002 and is probably the same. Certainly, clause 1(1)(a) —

— seems to me to be redundant and potentially misleading, because it creates the idea that, somehow, this is going to be a permissible disclosure of confidential information, either about improving health and social care or that it is in the public interest. I think it possibly encourages a misreading in that sense, whereas, of course, improving health and social care is clearly in the public interest and should be achieved whenever possible.

Really, subsection (1)(a) falls within subsection (1)(b). The way in which it is drafted is not ideal, but the important thing to remember is that it is for only health and social care purposes, which is the opening phrase. It is not for other purposes, even where there is great public interest, like the prevention of crime, national security and economic well-being — all those public interests that are listed in article 8.2 of the European Convention. It cannot serve those. It has to be for health and social care purposes. Even if there is a great public interest, if it is not a health and social care purpose, the legislation cannot be used. With regard to the word "requiring"; again, for some reason, that word was put in the English legislation, but, as far as I am aware, it has never been used to require disclosure. For that reason, there is no need for it and, if there is no need for it, it should not be there.

Mr McKinney: The English legislation has allowed for — somehow or other — 700,000 patients' information to be released, despite them opting out of the process. Are you aware of that?

Professor McClelland: I am certainly aware of information leaks, but I am not aware of leaks that were the consequence of this statutory provision.

Dr Harper: As well, opt-out tends to be very, very low. I am not aware of the figure, but I would be surprised at that figure, because people do not opt out in those numbers. I cannot see how it could have proceeded with that level of opt-out. If you have 50,000 records, you might have fewer than five people opting out.

Mr McKinney: Just to be clear, it is the Health and Social Care Act 2012 as governs the health and social care information centre. Apparently, 700,000 patients had their information shared despite opting out of the process. It might be worthwhile investigating that issue.

Dr Harper: In that situation, if opt-outs were not respected, then the requirements imposed by the committee that had given the permission were not respected: and that disclosure is not lawful. Unlawful disclosure of information can happen in other areas of life and the law cannot prevent that. All those people could sue whoever disclosed their information for breach of confidence.

Mr McKinney: Of course; but if it is happening in one or two cases, you might think it was all reasonably robust, but if it is happening wholesale, then that is a problem with the law and not with some contestability between the individual and the —

Dr Harper: It is not that the law allowed that to happen. It sounds like a breach of the law. Basically, people broke the law.

Mr McKinney: Or the systems that the law allowed to be put in place that allowed that to happen.

If you are not aware of it, and I have told you about it, then I do not know whether it is worthwhile exploring it further, other than that we would need to have some further investigation.

Professor McClelland: If I can just make an important point; we talked about the concept of safe haven and honest broker. This is how Scotland has proceeded: the information centre required a special statutory provision, and that only happened very recently. When Colin and I, at separate times, were members of the committee dealing with that, the precursor of that — the hospital episode statistics database — which is the largest database of health information in the world, it had to get approval from the approval committee every year, and there was great concern that it needed to be on a statutory footing.

The problem with the database is that a person's health information that you want to put up there has to move from being in a confidential relationship with the care providers to a new structure that is not a care provider. It is already moving out. The safe haven is inside our health service, and the skill of a Northern Ireland-wide electronic development is to keep the information inside the health and social care services and create a safe haven that can then provide access such as the longitudinal study database. So, you are not moving information out. That would require a special statutory arrangement. There would be no leak because it is not leaking anywhere. That is how Scotland does it.

Mr McKinney: Just to be clear, that is not what has been proposed.

Professor McClelland: We are not proposing a separate external information centre at all. That is not what is being proposed.

Mr McKinney: At what point does the Bill introduce the safe haven?

Professor McClelland: It does not. It is already up and running, and it is not on a statutory basis, because it is simply health service information inside the health service. It can anonymise information and allow someone outside, perhaps from the Department of Health, to ask, "Can you advise me on the relationship between this treatment and that outcome?" and you put the query up and the information goes on inside the database.

Dr Harper: With a view to minimising the need for any disclosure of confidential information.

Professor McClelland: Yes, totally anonymous.

Dr Harper: I think that this is a very good example with which to test the legislation, because the question is this: Would the Bill make the situation better? Would it mean that there is more or less protection for people's privacy?"

At the minute, for example, something like cancer rates proceeds on the basis that the staff involved are forming a judgement — and in no way am I disagreeing with that or with their good faith. They have formed a judgement that the public interest is in our knowing whether cancer rates are going up or down in Northern Ireland and whether the kinds of cancers that people are presenting with are changing in Northern Ireland. The public interest in our knowing that is such that, subject to their security safeguards, their review and informing people and granting them an opt-out, which does not have a basis in law, it makes what they are doing lawful. This legislation would remove that decision from them, and it would say, "There is going to be an independent committee which will have the power to decide whether that use would be lawful. You would have to convince the committee that you cannot proceed by just using anonymised information. You would have to convince it that you cannot go to patients and seek their consent, and you would have to reassure it about your security arrangements and make the argument that the public interest in your project and the activity you are proposing is sufficient to permit it.

So, there is an element of people being judges in their own case at the moment. I am not saying that anybody has made the wrong judgement, but there is a procedural dimension lacking in what is happening. I think that the independent scrutiny to authorise it at the outset is needed, and the ongoing monitoring to see whether it continues to be necessary. As technology develops, the need for using confidential information should get less and less. As the electronic care record is used increasingly, the need for people to see the information should get less and less. So, when those decisions are made, they will be subject to annual or regular review to say, "You no longer need confidential information, therefore your legal basis, under this legislation, to access it is now removed".

There are always risks, and there have been lots of disclosures of information, including from the voluntary sector. Personal information has been breached. But, the question is this: is it less likely? Are people's privacy rights and interests better protected when there is that kind of mechanism in place and that kind of level of independent scrutiny? Health and social care staff who process information for those purposes are universal in welcoming this because they do not see it as their job to be making those kind of balancing decisions, by and large. They want to make proposals. They see what is in the interests of Health and Social Care patients and service users and they want to have a clear structure within which they can make the case for doing what they believe is necessary and then have the confidence to proceed to improve our Health and Social Care services in that context.

Ms McCorley: Go raibh maith agat, a Cathaoirleach. Thanks very much for your presentation. Most of the points have been covered, but this is obviously a complex area. When we looked at this initially, there were some aspects of the explanatory and financial memorandum that raised concerns, and I would like to hear what you have to say about them. For instance, under the heading 'Policy Objective', in paragraph 3, it states:

which is OK, but then it states:

That just seems to be so wide and open that it could mean anything. Do you have concerns about that? What is your view?

Dr Harper: This has to be about health and social care. There has to be some kind of public interest connected to health and social care. It is an entirely different Bill if it says that there are other public goods, such as road safety or cutting costs of government administration, or whatever it is, that do not have a health and social care purpose. The explanatory memorandum refers to some other public good, but that seems too broad to me. Clause 1 is not framed that broadly. However, later on, as I say, the list of processing is as follows: obtaining, using, disclosing and any other — but what potential "other" might there be? The Bill needs to be tightened up in that regard and, certainly, public goods beyond health and social care should be excluded. For example, in confidential information, if you include mental health records and what people tell their psychiatrist or therapist, then that might include information about criminal conduct, such as drug taking, for example. You could argue that it would be a public good for that information to be shared with police so that a prosecution could be pursued. However, that should not be the balance: there is, obviously, a public interest in maintaining confidentiality too, so that people go to services and disclose.

That should not be a possibility; it should be narrowed to health and social care purposes. That kind of purpose, no matter how great the public good, should not even be on the table as a possible use of this legislation. Maybe it should be considered in other respects, but I think that this Bill needs to be kept narrow and focused on health and social care purposes. So I do not think it is appropriate to include broader public goods. I do not think that the Bill, as drafted, matches that statement in the explanatory and financial memorandum.

Ms McCorley: Yes, but that is the sort of concern that people have. Their personal and medical information is so private. Once you allow it to move to a secondary source, where will it go after that? That is the fear. When you see these loose phrases, it immediately makes people think: "My God, what could happen?" Somebody could come along and say: let me do A, B, C or D. That is the fear and that is my concern. I would like to know why that is in there.

Dr Harper: It also mentions:

However, there are lots of things that could be public goods. You can have 10 different public goods, only one of which is in the public interest. So the notions of "tangible benefit" and "public good" seem to be a very different kind of standard to the idea that it must be clearly in the public interest.

Professor McClelland: In keeping with Mr McKinney's question to me; from my dialogue with departmental officials I do not think that that was the intent, but the wording has ended up making it look like that, just as this public interest, separated from health and social care senses, gives you the same. We can fully understand why, as a Committee, you have these concerns because of the way that this has been communicated to you. However, we think that the intention is narrow and we would be very concerned that it would refer to anything other than just health and social care purposes in the public interest. The legislation will lack public confidence to do what it needs to do if it is not tightly bounded.

Dr Harper: The fundamental thing is that there is no health and social care information unless patients, members of the public and service users disclose it. The legislation needs to strike the proper balance, whereby it does not undermine the confidence of the public in health and social care. People need to know that when they tell their doctor something she is not going to tell her neighbour and disclose that information willy-nilly or inappropriately. There will be no information for public health purposes if people do not have confidence that their privacy will be respected.

At the same time, there needs to be a balance in the ways in which health and social care can be improved and made more efficient and effective for the population. The legislation is about getting that balance; it is not about balancing the public interest in health and social care services against other public interests.

The Chairperson (Ms Maeve McLaughlin): That has been very useful, particularly in relation to the very clear question about the definition of the phrase "public interest" for health and social care purposes. Clause 1(10)(b) states:

Clause 1(11)(b) states:

Is that too broad as well?

Professor McClelland: In the Bill, there is an attempt to explain social well-being. The term has been picked up from the 1969 Act. That is where the term is used, and it is not defined. I think we know the information that we want the legislation to allow for, namely information already being provided by people for their direct care. That is referred to as "health and social care information". That information is about their health and social care for non-direct purposes, and that is the end of it.

The Department, in relying on social well-being and then trying to define these kinds of examples, is getting into a quagmire that is perhaps unnecessary, and it may be retreating to "health and social care" as the terminology, because that is all that is being referred to in our proposals to bring forward legislation.

The Chairperson (Ms Maeve McLaughlin): So, in essence, those two subsections of clause 1 that I read out should be clearer on the purposes of health and social care.

Dr Harper: Yes. When I read the definition, it seemed a bit convoluted. The attempt in the drafting is quite clear, because the outcome of healthcare is health, but the outcome of social care is —

The Chairperson (Ms Maeve McLaughlin): Anything.

Dr Harper: — not so clear. The phrase "social well-being" is taken from other legislation, as Professor McClelland said. Someone might just be having a social care intervention and not a healthcare intervention. That may not be common, but it is certainly possible. The drafting needed some term to describe the outcome of social care interventions. So, if you have someone who has a certain condition or is living in a certain way, and you have a social care intervention and an outcome from that intervention, which is hopefully positive for the person, you will want to capture, reasonably, information relating to the condition that the person had at the outset and information about the condition they are in after the intervention.

The phrase "social well-being" seems to me to be the term that has been picked up, and it comes from other Northern Ireland health and social care legislation. That is the term of art, if you like, to try and describe what social care interventions aim to do. The law has to cover what it aims to do and what outcomes it wants to achieve. We talk about poor health and good health, but what are the equivalent terms in social care? The phrase "social well-being" is meant to be the equivalent term to health in that way.

The Chairperson (Ms Maeve McLaughlin): One of the conversations we had initially was on what the Bill was trying to do. The words "or any other similar circumstances" are incredibly broad.

Mr McKinney: Do you mind if I just pop in for a second?

The Chairperson (Ms Maeve McLaughlin): Yes, fire away.

Mr McKinney: Further on, clause 1(13) states:

I am not disrespecting your analysis of the conversation that you had between the Department and the board but I just want to be clear on that. Legally, I suppose, we could call it hearsay, but I am not sure that there was confusion in the mind of the Department.

Even hearing what we are hearing today and revisiting these clauses, I wonder whether it is time to bring the Department back to have a look at this and encourage them to come back with something more defined at this point, rather than having us going through evidence sessions with a lot of other people who are, potentially, going to give us concerns from their own perspectives, because the cancer registry is clearly helpful. I can see that also in diabetes and in various conditions. However, this is a catch-all Bill. We could spend a lot of time picking through a lot of this when it is clear, given the concerns of the Committee, that we need to see something that is far more defined and refined from the start. This Bill is not in that place. We could spend a lot of time trying to hone it when it is the Department's job to come to us with what could work most effectively.

Dr Harper: I am not so concerned that the definition on social well-being is open. If you have a completely closed list, there might be things that are normal social care practice or, in a matter of years, become social care practice. Take pre-emptive genetic counselling, for example, where a person does not have a health condition or need treatment of any kind.

There are lots of ways in which you might think of new social care services. We want innovation; our whole policy agenda is for innovation. I do not see great risks there. Part of the constraints in this, of course, will be that there is a body of social care practice and there is social care regulation and so on, which is the context within which this would be interpreted.

In terms of broadness, one thing that we drew attention to in our written submission were paragraphs 1(13)(b) and 1(14)(b) about "informing individuals". My understanding of the legislation in England and Wales — I have not checked that that clause is there — is that the English legislation seems to have clauses that have never been used. That is part of the risk around this.

This legislation, as I understand it, is about those secondary uses. It is not about protecting the health of individuals directly, so I do not know why you would want to inform individuals. If it is the individuals' information, they would already know it; it is their information. You cannot breach confidentiality by telling someone about their own information. That, again, seems to be a slippage possibly beyond the core legitimate purposes of the legislation. What is envisaged for that clause? What purposes does it serve? Again, it contradicts an earlier subsection, as we pointed out in our written submission, that says it is not to allow data processing to inform decisions relating to individuals. We need to reflect on that.

The Chairperson (Ms Maeve McLaughlin): Just going back to Fearghal's point, to be clear and for your own information as well, there has been the analysis of the submissions and the queries that the Committee has submitted to the Department. I was just checking with the Committee Clerk, and we hoped to have those back by Friday, but we have not had them to date. However, you are right: we need to reflect on that and go back to the Department.

This session has been extremely useful for us. Thank you both for taking the time. We will certainly reflect on what we have heard today. You have been extremely informative.

Professor McClelland: Thank you.