The Committee consisted of the following Members:
Chairs: Sir Roger Gale, Dr Rupa Huq, † Emma Lewell, Sir Jeremy Wright
† Argar, Edward (Melton and Syston) (Con)
† Brackenridge, Sureena (Wolverhampton North East) (Lab)
† Chambers, Dr Danny (Winchester) (LD)
Daby, Janet (Lewisham East) (Lab)
† Foody, Emma (Cramlington and Killingworth) (Lab/Co op)
Irons, Natasha (Croydon East) (Lab)
† Johnson, Dr Caroline (Sleaford and North Hykeham) (Con)
† Joseph, Sojan (Ashford) (Lab)
† Kyrke Smith, Laura (Aylesbury) (Lab)
† Morgan, Helen (North Shropshire) (LD)
Prinsley, Dr Peter (Bury St Edmunds and Stowmarket) (Lab)
† Robertson, Dave (Lichfield) (Lab)
† Robertson, Joe (Isle of Wight East) (Con)
† Smyth, Karin (Minister for Secondary Care)
† Stafford, Gregory (Farnham and Bordon) (Con)
† Twist, Liz (Blaydon and Consett) (Lab)
† White, Jo (Bassetlaw) (Lab)
Sanjana Balakrishnan, Rob Cope, Committee Clerks
† attended the Committee
Public Bill Committee
Thursday 2 July 2026
(Afternoon)
[Emma Lewell in the Chair]
Health Bill
Clause 47
Single patient record
I beg to move amendment 71, in clause 47, page 34, line 29, at end insert— “(3A) The regulations must make provision for medical markers for firearms licence holders to be visible to all relevant health workers under the establishment of a single patient record.
(3B) The regulations must include a requirement for the Secretary of State to prepare and publish a report on the potential merits of introducing a statutory requirement for mandatory medical markers for firearms licence holders to be used by those relevant in providing patient care.”
This amendment would require medical markers for firearms licence holders to be visible to all relevant health workers under the establishment of a single patient record.
With this it will be convenient to discuss amendment 72, in clause 47, page 34, line 29, at end insert— “(3A) The regulations must make provision for prior membership in the armed forces to be visible to all relevant healthcare workers under the establishment of a single patient record.
(3B) The regulations must include a requirement for the Secretary of State to prepare and publish a report on the potential merits of making prior membership in the armed forces visible on the single patient record.
(3C) A report under subsection (3B) must consider— (a) the ability of veterans to access the necessary NHS support, and (b) the ability of medical staff to provide former members of the armed forces with appropriate care.”
This amendment would require prior membership in the armed forces to be visible to all relevant healthcare workers under the establishment of a single patient record and require the Secretary of State to publish a report on making prior membership in the armed forces visible on the single patient record.
The amendment was tabled in the name of my hon. Friend the Member for Epsom and Ewell (Helen Maguire), and would require medical markers for firearms licence holders to be visible to all relevant health workers under the establishment of a single patient record.
I will not read through all my speaking notes but, in a nutshell, a person rightly undergoes mental health checks before they acquire a firearms licence, but that will not be reviewed until they are due to renew their firearms licence a few years later. If their mental health status changed during that time, the amendment would enable them to be flagged to healthcare workers and GPs as a person who has a firearms licence, so that any necessary proactive measures could be taken to ensure that they are still safe to have that licence, or should have it removed, rather than waiting for them to apply for a new licence in a few years’ time.
The British Medical Association supports the amendment and the Royal College of General Practitioners thinks it would be valuable. A survey carried out by the Association of Police and Crime Commissioners found that 87% of existing certificate holders believe that GPs should inform the police if they become aware of health issues that could have an impact on the certificate holder’s ability to own a gun safely. Quite often, however, the GP is not aware that the person is in possession of a firearms licence.
In essence, we debated the amendment in a Westminster Hall debate some months ago, when I had the dubious honour of being the shadow spokesman for the Conservative party despite not being a Home Office shadow Minister. It became clear in that debate that mandatory medical markers do not exist. It is still a voluntary system. How does the hon. Gentleman propose to make the system equitable?
The hon. Gentleman and I support mandatory medical markers, and there seemed to be cross party support for them in the Westminster Hall debate. If they are not mandatory, some people will potentially be put under a different system, because their sufficiency or ability to hold a shotgun licence could be taken away from them, while those who are not on the system, because it is not mandatory, would not lose theirs. How does the hon. Gentleman deal with the equity issue and the potential for some people to be missed?
The hon. Gentleman makes an interesting point. I suppose this is another chance to use the developing single patient record to ensure that we close the gap. The record could be formed in such a way, and the process put in place, to ensure equity in the system, with mandatory markers.
Amendment 72, also tabled by my hon. Friend the Member for Epsom and Ewell, would require prior membership of the armed forces to be visible to all relevant healthcare workers under the establishment of a single patient record. It would also require the Secretary of State to publish a report on making prior armed forces membership visible on the single patient record.
There are just over 1.85 million armed forces veterans in the UK, 13.6% of them women and 86.4% men. The transition from serving in the armed forces to civilian life can mean that many of those individuals struggle with mental health issues, such as post traumatic stress disorder. The issues are often specific to the service the individuals have given. Some stats show that more than half of England’s Army veterans have some sort of health problem. I should point out that veterans do not only have mental health problems. Specific back and knee problems are much more common among infantry soldiers because of the type of training they have done over many years.
The amendment seeks to make prior armed forces membership visible to all relevant healthcare workers, and to make the Secretary of State consult on the merits of doing so, so that when a GP is treating a patient, they are aware of that person’s service history without having to ask about it specifically.
I have a couple of questions about amendment 71 for the hon. Member for Winchester. First, can he comment on why the amendment refers to firearms, which have stricter licensing conditions than shotguns? Also, the GP should be aware, because all relevant medical information should filter back to them, that the person has a firearms licence, which, as I say, has stricter criteria. It is essentially harder to get a firearms licence than a shotgun licence. I am interested to hear the hon. Gentleman’s thoughts on that.
On amendment 72, I have a large veteran population in my constituency, and I am very grateful to all those who have put their lives on the line to keep us safe, both today and in the past. I can see that there may be benefits to the amendment in respect of the delivery of the armed forces covenant and aspects of veterans’ care, but I am curious about how it is written. Proposed new subsection (3A) of proposed new section 250E of the National Health Service Act 2006 says that “regulations must make provision for prior membership…to be visible to all relevant healthcare workers under the establishment of a single patient record”, but proposed new subsection (3B) requires a report on the potential merits of doing that. It seems slightly counterintuitive to do it and then decide whether it is a good idea, rather than decide whether it is a good idea, consider the pros and cons, and then do it afterwards. I am interested to understand why the hon. Gentleman thinks the amendment is drafted in that way.
It is a pleasure to serve under your chairmanship again, Ms Lewell. On amendment 71, I ought to declare that I am a supporter of the Countryside Alliance. Although I do not own a shotgun myself, I represent a large shooting community and I have been on a shoot relatively recently, but without a gun, so I did not shoot anything.
As I alluded to in my intervention on the hon. Member for Winchester, I spoke on this issue in Westminster Hall some months ago, when it was clear to me that there was a significant level of cross party support for the idea of mandatory markers for GPs. As mandatory markers for firearms licensing are technically a Home Office issue rather than a Department of Health and Social Care one, the Under Secretary of State for the Home Department, the hon. Member for Dover and Deal (Mike Tapp), responded to that debate, but he was unable to reassure us that provision would be made. I did not understand the arguments he made, because I think mandatory markers are probably the way forward. Given that they are supported by organisations such as the British Association for Shooting and Conservation and the Countryside Alliance—organisations that one might not have expected to be in favour of them—the Government should look into the idea.
There would clearly be a benefit to the proposal in amendment 71. If a patient who holds a firearms licence presents a serious medical risk because of a mental health crisis, suicidal ideation or behaviour that raises concerns about risks to themselves or others, an immediately visible marker would help clinicians to make informed decisions and take the appropriate safeguarding action. But a firearms licence is obviously not a medical condition, nor is it health information in any traditional sense. This goes back to the point I made in the debate on a previous amendment, about how broad the information that we keep on the single patient record will be. The inclusion of such a marker across the single patient record could lead to issues relating, as we talked about in previous debates, to who would want to see that information.
For example, there may be people out there who are not in favour of recreational shooting, and someone may hold a firearms license for recreational shooting. Of course, section 2 firearms licences, especially for shotguns, are often held by farmers and people involved in conservation, and for all sorts of other reasons, including the control of pest populations. But if someone has a licence for recreational use, there may be people who, for whatever reason, find that to be against their own beliefs and opinions. That might lead to a patient being subjected to a level of intrusion or bias, or perhaps not receiving the care they deserve, because someone has made an assumption about what they are like based on that information. We need to be careful about that.
Before my hon. Friend moves on, may I ask him about security? It might also be possible for someone who looked at the records to identify where guns are kept. That information is currently is more protected than that.
I thank my hon. Friend for that helpful intervention; I had not appreciated that. If that is true, the security and safety of the individual who holds the firearms licence, and indeed of anybody else in the vicinity, is paramount, and we generally would not want people to know precisely where guns are held, because that could be a security risk. I think the hon. Member for Winchester has the best of intentions, but the consequences have not been fully thought through.
Will the hon. Gentleman give way?
I will, but first I want to be kind to the hon. Gentleman and say that, as with his previous amendment, he has opened up a conversation about the single patient record that we really need to have, to ensure that what is on it needs to be there for the treatment of patients. As legislators, we need to have a wide conversation to decide what it includes and how it is going to be used.
The hon. Gentleman makes some good points, especially given his experience as the Conservative spokesperson in the Westminster Hall debate on this subject, for which he did a lot of research. I do not think we need to worry about medical professionals seeing that someone has a firearms licence and potentially treating them differently because of assumptions they make about them. Medical professionals are trained to be dispassionate, and they try to show little bias. I would be very surprised if a doctor, seeing it flagged on a single patient record that someone was in possession of a firearms licence, changed their attitude towards or approach to the treatment of that individual. I think that particular point is probably not relevant.
I admire the hon. Gentleman’s optimism. I am not belittling his point—I, too, hope that no one would be treated, both in the traditional sense and in the medical sense, based on their background or anything else, including their recreational hobbies. Unfortunately, we have seen cases in the NHS in which someone’s religious background has led to antisemitism and other unfortunate issues. Unfortunately, sometimes the system itself has a problem. The Health and Social Care Committee published a report relatively recently on black maternal health. We could see the difference and the fact that, unfortunately, black women experience a worse level of care, often because of assumptions made about their backgrounds. I agree with the hon. Gentleman that I hope everyone is treated dispassionately, but I am afraid it does not always happen. We need to make sure that we root out that kind of behaviour, but we also need to protect people from it.
Amendment 72 is another that was tabled with the best of intentions. The improved identification of veterans is an interesting idea, because I do not think many veterans actively identify themselves when they access healthcare. A visible marker could help to ensure that healthcare professionals are aware of a patient’s service history without relying on self disclosure. There may be direct benefits to a veteran, because they may be eligible for dedicated NHS services—including mental health, rehabilitation and other veterans’ healthcare pathways—through the armed forces covenant. A marker could, then, assist clinicians in directing patients to appropriate support more quickly.
As the hon. Member for Winchester mentioned, military service can be associated with particular physical injuries, occupational exposures and mental health experiences. The awareness of a patient’s service background may provide useful clinical context where relevant, and the amendment could help to ensure that veterans receive appropriate recognition and consideration from healthcare services.
However, there are some risks, including the potential overreach into personal information that I have already touched on. Prior military service is, of course, not medical information in and of itself, so making it visible to all relevant healthcare workers risks extending access to personal background information way beyond what is potentially necessary for the delivery of care. Not every healthcare interaction requires knowledge of a patient’s military history. A patient attending a routine appointment may have no clinical reason for their service record to be visible and—I said something similar when we were talking about carers—some veterans may not wish their service history to be routinely disclosed across healthcare systems, and may prefer to share that information only when it is relevant.
The Committee should also consider the genuine need to access such information. While I can see the benefits, which I have outlined, there is the potential for every possible determinant of health to end up in the single patient record. I am trying not to be flippant, but whether someone drives a car, where they went to school and their parents’ medical histories could all be relevant to their medical history. Although I completely understand the intention and the way in which the hon. Member for Winchester wishes to expand the single patient record, we are in danger of making it such an enormous beast that it becomes unwieldy and unusable. We need to be really cautious before going down a route where it essentially becomes a repository for the story of people’s lives.
Wherever possible, the single patient record will build on source records such as GP records. As such, it will include relevant patient information and, where appropriate, digital markers such as those suggested in the amendments. We have had some useful discussion as a result of the amendments, but such considerations are generally operational, and legislation is neither necessary nor practical.
On amendment 71, Members will know that the Government have been doing significant work in support of a digital medical marker for firearms. Medical information for firearms licensing provided by the applicant has been a mandatory requirement for every firearm and shotgun licence application since November 2021, as we have heard, when the new statutory guidance for chief officers of police on firearms licensing was introduced. When any individual applies for a firearms licence, the applicant’s doctor must provide details of any relevant medical conditions, such as depression, dementia, mental health conditions or drug or alcohol abuse.
A digital maker is placed on the GP patient record when a certificate is granted, and a GP can alert the police if a licence holder has a relevant medical condition. The digital marker automatically flags to the GP if a patient is suffering from a relevant medical condition and is a firearms certificate holder. It is true that the marker is not legally mandated, but it is supported by the British Medical Association and the Royal College of General Practitioners, and the former issues guidance to GPs about the firearms marker.
GPs already have professional duties to consider patient and public safety, and existing firearms licensing arrangements support GPs to share relevant concerns with the police where appropriate, while the responsibility for licensing decisions rests with the police. Data shows that, since its introduction in 2023, the marker is being used and that GPs are notifying police of medical issues that have arisen. There is nothing to suggest that the system is not effective.
Is it not also the case that anyone who is aware that an employee or relative has a licence and is concerned about their mental health can make such a report?
I am afraid I do not know the answer to the hon. Lady’s question, but if it is relevant, I will try to get back to her on it.
People applying for a licence must now indicate whether they have seen a medical practitioner other than their GP. The Government also intend to make a statutory instrument to require licence holders to inform the police if they consult a third party medical practitioner who is not their GP.
The single patient record will build on and connect with information from GP source records where appropriate; no new provision is needed for that to happen. That process should be agreed as part of operational arrangements with the profession, in line with the current approach to markers in the GP record. If it is agreed that it would be beneficial for health and care professionals to have wider access to the firearms marker, the single patient record could facilitate that, but we do not intend to fill the Bill with detailed operational requirements such as that.
We do not believe that the SPR is the appropriate vehicle for having a debate about regulations requiring a report on the merits of a mandatory marker. As the hon. Member for Farnham and Bordon said, we should not expand the clearly defined scope of the single patient record—the scope is limited to direct care—to include a debate about what is stored more generally in NHS records. For those reasons, I ask the hon. Member for Winchester to withdraw amendment 71.
On amendment 72, as I have already outlined, the single patient record will build on and connect with existing source records, such as GP or hospital records, wherever possible. Where a person’s status as a military veteran is recorded, it will be possible to make that information available in the single patient record. Therefore, the provisions already ensure that the information is made available, where veterans opt to have that status recorded—that addresses some of the other issues raised by the hon. Member for Farnham and Bordon. There is no need to make any statutory requirement to ensure that staff have that information and consider any necessary adjustments or potential treatment options that may be relevant to ensure safe and effective care.
In addition, the clause contains powers to make regulations to allow people involved in the provision of an individual’s direct care, including that of any veteran after they have left the military, to access their single patient record. We want the single patient record to improve the accessibility and effectiveness of care for everyone. That includes making sure that military veterans can access necessary support and that staff can provide them with appropriate care. Furthermore, duties in the Armed Forces Act 2006 require the NHS and local authorities to have due regard to the armed forces covenant, which, of course, I fully support. For those reasons, I ask the hon. Member for Winchester not to press amendment 72.
I thank all hon. Members for their input, and the Minister for her insights. I beg to ask leave to withdraw the amendment.
Amendment, by leave, withdrawn.
I beg to move amendment 70, in clause 47, page 34, line 38, at end insert— “(6A) Before making regulations under this section, the Secretary of State must prepare and publish a risk assessment on the potential for digital exclusion under the establishment of a single patient record.
(6B) In preparing a risk assessment under subsection (6A) the Secretary of State must consult all stakeholders the Secretary of State considers relevant, including patient representation groups.
(6C) In preparing a risk assessment under subsection (6A) the Secretary of State must have particular regard for— (a) those without access to a suitable electronic device, (b) those without access to suitable broadband connectivity, (c) those with physical and/or mental disabilities, (d) those belonging to groups considered socially excluded, and (e) those considered lacking digital skills.
(6D) The Secretary of State must lay a copy of the risk assessment under subsection (6A) before both Houses of Parliament.”
This amendment would require the Secretary of State to prepare and publish a risk assessment on the potential for digital exclusion under the establishment of a single patient record.
With this it will be convenient to discuss amendment 49, in clause 47, page 36, line 1, at end insert— “(4A) Regulations may not be laid under this section unless the Secretary of State has published a plan for a public awareness campaign to be conducted before the system established under section 250E(1) is made available to patients (a ‘public awareness plan’).
(4B) The public awareness plan must include— (a) a description of the information to be communicated to members of the public through the campaign, which must include information about— (i) what the single patient record is and what patient information it will contain; (ii) who will be able to access patient information through the system and for what purposes; (iii) the rights of patients in relation to their patient information, including any right to object to or restrict access; (iv) how patients will be able to view a record of access to their patient information; and (v) how patients can raise concerns or make complaints; (b) the steps to be taken to ensure that the campaign reaches groups who may face barriers to accessing information, including people with disabilities, and people with limited digital access or literacy; (c) the proposed timetable for the campaign, including the date on which the campaign is to commence and the minimum period during which it will run before the system is made available to patients; and (d) a description of how the effectiveness of the campaign will be evaluated.
(4C) The minimum period referred to in subsection (4B)(c) must be not less than three months before the date on which the system is first made available to patients under subsection (1)(a).
(4D) The Secretary of State must lay the public awareness plan before both Houses of Parliament.”
This amendment prevents the Secretary of State from making regulations to establish the single patient record unless a public awareness plan has first been published, laid before Parliament, and a minimum three month public information campaign has been conducted before the system goes live.
Amendment 70, tabled by my hon. Friend the Member for Epsom and Ewell, would require the Secretary of State to prepare and publish a risk assessment on the potential for digital exclusion under the establishment of a single patient record. I declare an interest as the current chair of the all party parliamentary group on digital communities.
I hope that we Liberal Democrats have been clear that overall, we are supportive of the single patient record; it is important that every patient can access their own health records. Under the SPR, however there is a risk that people belonging to already vulnerable groups will be digitally excluded from accessing their health information. Research commissioned by Ofcom suggests that 2.8 million people—5% of the UK population—do not have access to the internet at all. Although age is a predictor for a person not having access to the internet at home, especially if they are over 85, more than half of such people are younger than 75.
Amendment 70 would ensure that the Secretary of State assesses the potential for digital exclusion with relevant stakeholders, including patient groups, and that the assessment is laid before Parliament. It would also ensure that the Secretary of State takes into consideration the risk of exclusion for those lacking access to a suitable electronic device or suitable broadband connectivity, including people who have disabilities, who belong to socially excluded groups or who lack digital skills.
Amendment 70, as the hon. Member for North Shropshire said, would require the Secretary of State to publish a risk assessment on the potential for digital exclusion in the single patient record. That is important because, as our lives become more electronic and online, there are people who are getting left behind. That could be because they have a disability that prevents or makes it more difficult for them to access online facilities, because they do not have the resources, because they live an area of the country that is less well served by digital or broadband provision, or because they are elderly and have decided that they will not get involved in the digital world.
In fact, according to the Good Things Foundation, 7.9 million people in the UK lack basic digital skills and 1.6 million adults do not have a smartphone, tablet or laptop. Of those with no basic digital skills, 77% are over 65. People need more healthcare as they get older, yet those individuals have fewer digital skills, so this issue needs to be addressed. The NHS Alliance published a report on digital inclusion in March 2026, which found that rural and coastal areas typically have higher levels of digital exclusion than urban areas.
Lincolnshire ICB, which covers the area that I represent, estimates that 21.3% of Lincolnshire’s population live in the most digitally deprived areas. The ICB has a digital inclusion strategy for 2025 to 2028, which includes efforts to try to reduce digital exclusion; I am interested in the Minister’s thoughts on how she might expand that sort of initiative across the country.
The Government’s equality impact assessment for the single patient record recognises that digital exclusion is a significant challenge in several groups with particular protected characteristics and other characteristics. I am interested in learning more from the Minister about how she intends to mitigate that challenge. In many ways, digital availability is a good thing, and it makes things much easier for many people—I am not knocking it in any way—but we need to ensure that people do not get left behind.
I understand that NHS England is supporting public libraries to signpost users to the NHS website and help them navigate it. What will happen to that support as NHS England gets abolished? Does the Minister intend the Department of Health and Social Care to provide something similar?
Amendment 49, tabled in my name, is basically about public awareness. Although we get immersed in what we are doing here, the public are not necessarily following every word that is said in Committee or in this House—or even necessarily every word that appears in the press—so when the single patient record is launched, it is important that they are aware of it, and in particular, aware of their rights.
We have talked about whether a person might want to let a carer see the single patient record or whether they might want to let someone see part but not all of the record. If the record goes live before people are aware of their rights and abilities in relation to it, they might find that things are available to people, or can be viewed by people, who they would not have wished to see them, which could lead to a number of problems. The amendment would allow people to be more aware of the single patient record for a period of time before it is brought in to try to make sure that that sort of problem is mitigated, and I am interested to understand the Minister’s view on it.
It is a pleasure to serve with you in the Chair, Ms Lewell. I wish to speak on this aspect of the single patient record. Although I support the general intention and aim of the single patient record, I have some wider concerns about how it will be implemented. I will restrict my remarks to the issues related to this group of amendments, and particularly amendment 49 in the name of the shadow Minister, my hon. Friend the Member for Sleaford and North Hykeham.
Plainly, most people—I would probably include myself in this—are not immediately familiar with all the ins and outs of how their medical records are kept and used, and why should they be? However, they have some pretty clear views on what they expect, whether that is confidentiality or their records being used and stored in such a way that does not inadvertently act as a barrier to accessing healthcare in an efficient and timely way. That is why the Government have introduced these proposals, which I mainly support.
Of course, amendment 49 tries to alleviate some of the issues that might arise from the roll out by ensuring public awareness, which is really important for lots of reasons. Not only do people not necessarily have an intimate knowledge of how their records are currently stored, used and shared, but when change comes, it is clearly a good opportunity to improve public awareness.
There will be some differences in attitude across generations. Importantly, there will be differences in how people access and use their medical records across ages—it is not just about age difference, but I will refer to that because I am conscious that I am the Member of Parliament for Isle of Wight East, which has an older age profile. There will also be differences in how people access any public awareness campaign. I am highlighting obvious things, such as technological opportunities that older populations tend to be less familiar with than younger populations—although not exclusively, by any means—not least because younger populations will have grown up with them since school.
Any public awareness campaign should, as the amendment specifies, seek to reach audiences that might not otherwise be reached. I am referring not only to age, but I raise age as an example. The shadow Minister has already highlighted digital exclusion for coastal and rural areas, which is another reason why I support amendment 49.
As we move towards a single patient record, we have to ensure that technological progress does not come at the expense of those who are least digitally connected. As others have said, I am particularly concerned about older patients and many disabled people, who often rely most on NHS services but can face the greatest barriers when healthcare systems—and all systems—become increasingly digital. For some elderly patients in my Farnham and Bordon constituency, navigating online platforms is challenging, and others may not have regular access to the internet at all. Unfortunately, my constituency has one of the worst full fibre broadband roll outs in the country, and it has extraordinarily poor mobile phone reception in the central rural parts of the constituency, despite my best efforts with BT Openreach and others.
Disabled people may also face accessibility barriers that these systems do not always anticipate in their design. Modernisation should never mean creating a two tier NHS—one for those who are digitally confident and another for those who are not. The people at risk of being left behind are often those with the most complex healthcare needs and the greatest reliance on the continuity of care. A proper assessment of digital exclusion is therefore not just a bureaucratic exercise, as some may describe it; it is an essential safeguard. We need to understand how the single patient record will affect elderly patients, disabled people, carers, those with learning disabilities and those who may struggle to engage with digital services.
My understanding is that the single patient record is just a single place where all of a patient’s medical records will be kept. It will not necessarily change the ways in which they access healthcare services, such as A&E, the GP or a dentist. Those ways of accessing healthcare will stay the same, whether we have a single patient record or not.
For me, the key thing is that we must have equity of access to the single patient record. If somebody wishes to see their own medical record, they should be able to do so, whether they are digitally savvy or not. As far as I can tell, that is the intention behind the Liberal Democrat amendment.
However, the hon. Gentleman raises an interesting point. We are seeing this already, but the more we go down the digital route—because it is more efficient and straightforward, and takes out the unnecessary bureaucracy of having a human interaction to book an appointment or whatever—the more likely it is that this will become the portal for all interactions. I am not saying that that is the Government’s intention, but he raises a point, perhaps inadvertently, that we need to think about.
To conclude on amendment 70, before we proceed any further, the Government should be able to demonstrate that no patient will receive a worse service, face greater barriers to care or lose access to information simply because they are older, disabled or less digitally connected than others—that goes to the heart of fairness and equity of access in our NHS. I am absolutely certain that the Minister does not wish that to happen, but it would be interesting to hear how she will ensure that it does not happen.
Amendment 49, in the name of my hon. Friend the Member for Sleaford and North Hykeham, would prevent the Secretary of State from making regulations to establish the single patient record unless a public awareness plan had first been published and laid before Parliament, and a minimum three month public information campaign had been conducted before the system went live. That seems eminently sensible, and I hope it is something that would be not just welcomed by Ministers, but on their agenda already.
Patients clearly have a right to know what information is being held, who will have access to it, how it will be used, what safeguards are in place and what rights they have in relation to their own data before the system goes live. A three month campaign to give them that opportunity would be appropriate, because the things that I have outlined are not technical details that need to be buried in some Government website or hidden in the small print of a privacy notice; they are fundamental questions that deserve proper public engagement.
I am especially supportive of amendment 49 because of the impact on older people, disabled people and those who are less digitally engaged. I do not think that most of my constituents spend their time reading NHS policy documents online—my notes say “most”, but I think none of them do, unless they are involved in the health world themselves—and they should not wake up one morning to discover that a major change to the management of their health information has already been implemented without their knowledge.
A public information campaign is not a bureaucratic hurdle; it is a democratic necessity. If Ministers are confident that the single patient record will improve care, strengthen efficiency and protect privacy, they should be eager to make that case to the public and should therefore welcome the scrutiny, transparency and informed debate that a three month public information would bring.
I want to speak primarily to amendment 49, in the name of my hon. Friend the Member for Sleaford and North Hykeham, the shadow Minister, and to agree with what my hon. Friend the Member for Farnham and Bordon has just said. Sadly, there will be a large number of people who do not follow the debates in this House or this Committee in great detail, however fascinating they may be. That is perfectly understandable.
The single patient record has genuine potential. It has the potential to put all the different bits of data in one place, so that when, for example, someone is blue lighted to hospital, their consultant or the doctors treating them in A&E can access the information they need about their medical history and any medications they are on, which could improve clinical outcomes for patients.
I can entirely see the potential of the single patient record, but I am also conscious of the genuine concern among those of our constituents who are aware of this about what it might mean in practical terms for them and their data—it is important to remember that it is their data. They will have concerns, as my hon. Friend the Member for Farnham and Bordon set out, about who can access it, what safeguards are in place, whether they can opt out, and a range of other legitimate questions about how it will work.
I have to say that amendment 49, tabled by my hon. Friend the Member for Sleaford and North Hykeham, is not unreasonable. It would give the Government an opportunity to reassure our constituents and bring them along on this journey, rather than leaving questions unanswered or just addressing them in a Q&A on a Government webpage. People have genuine questions, and in many cases I am confident that the Minister will be able to allay those concerns or put them to rest, but some campaign of that sort is needed.
Such campaigns happen regularly on a range of subjects. The Department of Health and Social Care spends a significant amount of money on public health and awareness campaigns, and His Majesty’s Revenue and Customs spends a large amount of money on reminding everyone to get their tax returns in on time, in the lead up to that, or to remind them of the penalties if they do not. Government do that day in, day out across a range of services and where major changes are being made.
The Government have a genuine opportunity to accept amendment 49, which will help them to bring the people we serve on this journey, and potentially help to realise the benefits and allay people’s concerns. I genuinely hope that the Minister will be able to accept the amendment or will commit to take it away, look at it, engage with my hon. Friend the shadow Minister and possibly bring back a Government amendment that does exactly this on Report.
I am advised to declare that, although I am not a licence holder of a shotgun or a rifle, my husband has both a shotgun and a firearms licence.
I am grateful to hon. Members for this debate. Meaningful public engagement will be key to the success of the single patient record—we absolutely understand that—in building awareness and in designing the system. It has to have digital inclusion at its heart, but adding statutory requirements for public awareness campaigns and risk assessments is not the way forward. Amendment 49 seeks to put such a requirement on a statutory footing. I want to reassure the Committee and all Members: as the right hon. Member for Melton and Syston said, public awareness is absolutely key and will be integral to success. Work is already under way to ensure that we do that; we do not need to wait, nor should we be constrained by the proposed amendment.
In 2024, we began extensive public engagement on the use of data across health and social care, which showed strong support for the single patient record. We have heard that most people felt it was “long overdue and a necessary step towards better care”.
The public engagement findings indicated support to progress at pace on the concept of a single patient record, to resolve the frustrations that patients and the public have when they have to repeat their story at multiple health and care settings.
As we move towards our ambition to give all patients in England access to a core set of their data through the single patient record from 2028, we will maintain a sustained drumbeat—as they say in the jargon—of public communications to raise awareness of the single patient record. We have heard some examples of where the Government do that well. Of course we want to learn from such examples across the country and from previous Government campaigns that have worked well, to explain the benefits and safeguards in plain English, and to signpost accessible information and feedback routes for patients and the public. I heard the comments made about people who may be excluded or have particular disabilities, including some older people—from conversations with my own constituents, it is often older people or those with multiple disabilities who can have their experience enhanced. We should make no assumptions about who does or does not feel excluded in this space; we need to learn from them all.
Furthermore, we have already published public facing single patient record information and a dedicated feedback route. We will continue to co create plain English, easy read and translated materials, frequently asked questions and “voices heard/action taken” updates with public panels and patient groups ahead of roll out. We will build on what we learn from that ongoing work as we develop the regulations. For those reasons, I respectfully ask the hon. Member for Sleaford and North Hykeham not to move amendment 49.
On the lead amendment, moved by the hon. Member for North Shropshire, we recognise, as I hope I have assured the Committee, that digital inclusion is an important issue. To quote another Member, we are eager to get it right, and we are taking it very seriously. Digital inclusion is a key driver in addressing health inequalities, supporting individuals and empowering people to better manage their health, which is at the heart of our 10-year plan. It is a system wide issue, and one that the health and care system is taking action to address. We have considered this as part of the equality impact assessment of the single patient record provisions in the Bill, and will continue to keep those issues and potential mitigations under consideration throughout the development and implementation of the SPR. Therefore, although we agree with the aim of the amendment, we do not consider it necessary. Indeed, it would duplicate work that has already been done.
We have not seen a full design of the single patient record yet, but it is difficult to envisage what it would looks like for somebody who does not have access to the internet. It is not just older people; it is obviously a significant problem in deprived areas as well. Can the Minister elaborate on what that might look like for somebody who does not have a device or does not have broadband or mobile access? How will they be able to access their medical record? We might need to understand that before we move forward.
The hon. Lady makes an excellent point. Part the difficulty is that the powers in the Bill that enable the Government to bring forward a single patient record are separate from the secondary routes whereby we describe and work through the detail of regulation. All those considerations have to be very clear. The hon. Lady and I have spoken regularly about the lack of broadband access in her community, which remains a huge problem. All those considerations need to be worked through with the team. They are varied and multiple, and we need to bring parliamentarians and the public with us in doing that, as we bring forward secondary regulations.
NHS England’s digital inclusion framework, as currently, supports the delivery of the 10-year plan by addressing those particular connectivity and skills issues, as well as confidence and accessibility. That work is already partly in train through NHS England. We need to build on that and bring it forward as we come forward with the regulations. I visited the team up in Leeds around some of the digital inclusion they have already been doing from the app. It is very impressive how much they are doing with people to develop the app. I think people would agree that we can take some of that learning forward, because it is about making sure that digital transformation is inclusive and aligned with the ambition in the 10-year plan to personalise care, reduce inequalities and create a health system that works for everyone.
In addition, as set out in the “Managing health services for others” guidance, since February 2026 the NHS has had a process to allow proxy access to the app, which should also support people who, for example, do not have the skills to do it for themselves. Alongside those improvements, it is policy to undertake an inequality and health inequalities assessment prior to hosting anything new on the app. Again, that helps to identify, mitigate and monitor unintended negative impacts on vulnerable and marginalised populations before implementing new policy, services and procedures, as raised by the hon. Member for North Shropshire. That process should identify and consider the mitigations for the groups identified in the amendment.
I hope that Members can see how seriously the Government have taken the development of digital access so far. We absolutely recognise that we have to get it right to enable this record, which the public and population so desperately want to see. That work has already been undertaken and it will continue. For those reasons, I ask that the amendment be withdrawn.
The importance of the amendment is that it requires this problem to be monitored in an ongoing way. Monitoring something usually makes the situation improve, so I will not withdraw the amendment.
Question put, That the amendment be made.
14|0|6|7|The Committee divided:|Question accordingly negatived.||0|0
On a point of order, Ms Lewell. Are we not voting on amendment 49?
We will vote on amendment 49 later if the hon. Member for Sleaford and North Hykeham wishes to.
I beg to move amendment 48, in clause 47, page 36, line 1, at end insert— “(4A) Regulations may not be laid under this section unless the Secretary of State has published a plan setting out the measures to be taken to prevent clinicians and other persons involved in the provision of health care or social care from accessing patient information made available through the system otherwise than for the purposes of the care of the patient concerned (an ‘inappropriate access prevention plan’).
(4B) The inappropriate access prevention plan must include— (a) a description of the technical controls to be applied to restrict access to patient information to those with a legitimate care relationship with the patient; (b) the system of audit logging to be applied to record each instance of access to patient information, including the identity of the person accessing the information and the time and circumstances of access; (c) the sanctions applicable to persons who access patient information without lawful authority or without a legitimate care relationship with the patient; (d) the arrangements for detecting and investigating suspected cases of inappropriate access; and (e) the role of the Care Quality Commission, the Information Commissioner and any other regulatory body in enforcing compliance with access controls.
(4C) The Secretary of State must lay the inappropriate access prevention plan before both Houses of Parliament.”
This amendment prevents the Secretary of State from making regulations to establish the single patient record unless a plan to prevent inappropriate access by clinicians and other care workers has first been published and laid before Parliament. Amendment 48 would prevent the Secretary of State from “making regulations to establish the single patient record unless a plan to prevent inappropriate access by clinicians and other care workers has first been published and laid before Parliament.”
This is about trust. It is about people being able to trust that the records that will now be more widely available will remain confidential and be looked at only by those who need to look at them.
We have seen that people can be uniquely nosey when it comes to accessing medical records. For example, 48 staff members at the University Hospitals of Liverpool Group were found to have looked at the records of those involved in the Southport attack without any medical basis to do so. Almost a dozen staff members were sacked from the Nottingham University Hospitals trust because they had looked at the records of the victims in Nottingham. It is important that we address this, because it is happening already and needs to be tackled.
Paul Arnold, the chief executive of the Information Commissioner’s Office, said that trust is being “jeopardised”. The amendment seeks to ensure that proper thought goes into making sure that people cannot access records they should not be able to look at—for example, those of the Prime Minister or members of the Royal family—before the single patient record is live and can be used. We have Public Department 1 for HMRC; is there an intention to have something similar to close off records to reduce their accessibility where the public may be particularly nosey, either because of the person’s job or because of an event such as a terrorist attack, where we have seen people look at records when they should not have? There were reports that staff at The London Clinic, a private clinic, had been trying to sell records of the Princess of Wales online, so there are examples where this has happened before.
In addition, it is important that people know what the penalties are for deliberately misusing these records. My final question for the Minister is this. If a record has been viewed and there is a data log of it having been viewed, how long will that data log last for? Will it last for six months or a year, or will I be able to look back in 10 years’ time and see who accessed my records today? It is a case of understanding the Minister’s intentions and pushing the Government to ensure that these records are truly private to those who need to see them, not accessible to anyone who just happens to be curious.
I declare that I am a registered nurse. I have worked in the NHS for many years, and I have used patient records throughout my career. The Nursing and Midwifery Council code requires nurses, midwives and nursing associates to respect patient confidentiality, share information appropriately and ensure that patients are informed about how their information is used. That is the existing system, and every nurse, midwife and nursing associate has to follow the code of practice. A similar code is there for the General Medical Council for doctors, and all other registered professionals follow those codes.
On top of that, information governance in the NHS ensures that patient data is handled legally, securely and ethically, providing a framework for data protection and confidentiality. We have numerous different digital systems in the health system currently. Before anyone gets access to those digital systems and patient records, they all have to go through information governance and data protection training. They are then given access to patient records. That is the existing system.
The shadow Minister, the hon. Member for Sleaford and North Hykeham, has just mentioned the Nottingham incident, which is a good example. It is a clear example of where those who accessed the records were able to be identified. There is a clear audit trail, and I have my own experience of taking people through disciplinary proceedings for accessing patients’ notes when it was not relevant to those staff. The existing patient data systems do have provisions to safeguard and monitor who is accessing patient records.
I understand what the hon. Gentleman is saying, which is that there are processes in place already and that the fact that someone got sacked for looking at the records is a sign that the systems work to an extent. However, does the fact that they could look at them at all suggest that the systems are not working well enough? Because it is a computerised system, there are methods for identifying whether someone is likely to need to look at that record. By knowing the profession of the person looking at it, and the department they are in, the computer can help to limit the number of people who look at those records when they should not.
I agree that we are never going to have 100% proof. There will always be people accessing records. What I am talking about is the existing system, which does have provisions. What we need to strengthen is the training and the audit trail. All staff who do the training are aware that they are not supposed to check patients’ records unless it is relevant to them. Those who access records inappropriately should be identified and action should be taken.
Just because we are moving to a single patient record system, it does not mean that everybody is going to access everything they want. People working in the healthcare system are given access based on their role. Not everybody is able to access everything. Systems are in place, and we need to strengthen those systems and the training. We should not be scaremongering by saying that, because we are moving to a single patient record, everybody will be able to see their records.
The hon. Member for Ashford made his point very clearly about what happens when something goes wrong and someone behaves inappropriately—the shadow Minister, my hon. Friend the Member for Sleaford and North Hykeham, has highlighted some very concerning recent incidents—and was right to highlight the ability to follow an audit trail and take action. He is also right to highlight the importance of training.
However, taking action once inappropriate access is known, and then following the audit trail, deals essentially with the consequences rather than preventing it from happening in the first place. That is why amendment 48, and particularly proposed new section 250E(4B)(a) of the National Health Service Act 2006, is important. It describes the technical controls. That goes beyond the audit process and what happens after something has gone wrong. It is about what can be done to build safeguards into the system to make it much harder for anyone to circumvent their obligations, and to build those technical safeguards into the overall design of the single patient record. That is a reasonable ask, because such incidents, while hopefully rare, as the hon. Member for Ashford alluded to, do happen and understandably cause concern.
The challenge is that there is potentially a lot more information in one place, rather than being held in different pots, trusts or GP surgeries. For those inclined to break their legal obligations and behave outside the rules, the potential opportunity to access a wider range of information is more significant. The design of the record needs to have those technical safeguards strengthened and built in.
If we use the example of Southport, the people who could access those records worked in the Liverpool trust, because that is where the records were stored. With the single patient record, as planned, people would be able to access those records from across the country, if they had a clinical reason to do so. However, someone behaving badly could also potentially do so, even if they did not have a reason.
That is the challenge. The Minister knows her brief very well—if I may say, I hope that whatever happens in a few weeks’ time, she retains it. She is that rare thing among Ministers in Government: someone who comes to their position with a hinterland of knowledge, experience and interest, which she has demonstrated through her period in office thus far. I hope that she retains her role, because continuity of Ministers in Government is a good thing.
Can the Minister reassure us on the shadow Minister’s point, which is one that I have been seeking to make? Can she reassure us that the system will include barriers to prevent whoever builds and operates it—whether a third party or someone internal—from having inappropriate access to the records? The data must be ringfenced and protected, so that it does not go out of the country and cannot be accessed by those who are technically running or providing the platform. Even within the social care system, there must be very clear and technical restrictions on who can access the records for legitimate purposes, as the hon. Member for Ashford has highlighted. I think that would just reassure people.
As I said in response to previous amendments, I think the potential of the single patient record to improve clinical outcomes in care is very significant, but we need to bring people with us. I suspect that if anyone can reassure us on those points, it is the Minister.
As my right hon. Friend has just said, this is a unique system that will have unique benefits, but it will also have unique risks. Almost in answer to the point made by the hon. Member for Ashford, I do not think there is anything—[Interruption.]
Order. As Members can hear, there is a fire alarm. Can everyone return to this room as soon as possible, when it is safe to do so?
Sitting suspended.
On resuming—
Before I was rudely interrupted by the fire alarm—I am not taking it as a hint, much to the Minister’s disappointment—I was saying that this is a unique system and that with the unique benefits come unique risks. I was trying to answer the points made by the hon. Member for Ashford.
As my hon. Friend the Member for Sleaford and North Hykeham and my right hon. Friend the Member for Melton and Syston have mentioned, we already know that despite the regulations, whether they are from professional regulators or the ICO, people will get round the system. One of the biggest concerns that patients will raise is not simply whether patient records will be accessed by nefarious people from outside, such as cyber hackers, hostile states and so on, but whether they are secure from inappropriate access by people who have access to the system. As my hon. Friend the Member for Sleaford and North Hykeham pointed out, those people could be situated anywhere across the country. Patient records should be accessed only where there is a clear clinical, professional need. The public rightly expect robust safeguards, strong audit trails and meaningful consequences where the rules are breached. Amendment 48 raises that important issue. The Minister should explain how inappropriate access will be prevented, how misuse will be detected and what sanctions will apply when the standards are not met.
My hon. Friends have already mentioned a number of cases and I pick another one: the unfortunate case of the three year old boy who was hospitalised after being attacked by a crocodile at a zoo. Cambridge University Hospitals trust is currently investigating 40 members of staff who appear to have accessed that boy’s medical records inappropriately.
While we would always hope that that would not happen, unfortunately it clearly does. This single patient record means that someone will potentially be able to look at patients’ records regarding anything and from anywhere in the country. My hon. Friend the Member for Sleaford and North Hykeham slightly generously described some people as “nosey”. Along with those who have an actual ulterior motive, that presents a real challenge. I say to the hon. Member for Ashford that just because the current system is in place to protect patient records as they currently exist, that should not be a bar to making sure that we make the system even more robust given its potential risks.
It goes directly to proposed new section 250F(4B)(b) of the National Health Service Act 2006, which is the system of audit logging to be applied to each record, so that every time someone accesses a patient record or part of that patient record, the identity of the person obtaining that information should be recorded. I believe that the patient should be able to easily see, hopefully in real time, who has been accessing their record and at what time.
We on this side have mentioned a number of big events: that poor boy with the crocodile, terrorist attacks in Southport and so on. I suspect that those data breaches have been identified because they were big events. People have gone out to check that nobody has been inappropriately accessing those records. I worry that every patient record will potentially be available to every single person, and I doubt that there will be an ability to check every single person proactively rather than reactively. That means patients need access themselves to look at their record and see who has been accessing it. If the name of the person who has accessed the record, or the organisation they belong to is available, patients can say, “Well, there is Mr Smith, my child’s paediatrician, and that is fine. However, who is this guy from elsewhere in the country who has looked at the record?” They can then raise that. That is absolutely vital.
My hon. Friend is making a very important point. Does he also think that it is possible for the system to have some designs built into it that identify that someone from another area of the country, or from another department or different profession is unexpectedly looking at results? Perhaps AI could help with this.
My hon. Friend is right. I will not sit here and propose a solution to this problem, but what her amendment does is ensure that the Government look at this and present a plan before both Houses of Parliament, before we get to a single patient record.
I have now touched on the nefarious and the nosey. I think there is also a case of inadvertent access. With this new system, despite what the professional regulators might think, and despite the best training from the Information Commissioner’s Office, there will be occasions in a new system where people do not understand the limits of what they are allowed to look at or the appropriateness of access. There could well be inadvertent access to these systems. Again, the Government need to have a plan and system in place to ensure that there is not inadvertent, non nefarious access to patient records as well. That is why I am very supportive of amendment 48.
To make sure that this system is trusted by patients, we need to have the highest level of safeguarding possible, both from external attacks and from internal misuse. My hon. Friend’s amendment goes a long way to putting some of that trust in place.
Plainly, there is already scope for this to happen and sadly patient records are wrongly accessed, either inadvertently through mistake or deliberately in bad faith. However, from a technological and design point of view, the single patient record inevitably makes that easier and more likely, whether through mistakes or deliberate acts. That is just one of the many considerations and downsides of a single patient record that is otherwise beneficial.
It is incumbent on the Government to do what they can to mitigate against those inevitable structural problems that the record will produce, and amendment 48 is an entirely sensible way of achieving that. I am always slightly reluctant to use analogies from other sectors, because plainly there are differences, but in my former life as a family law solicitor, even within a small private law firm, there were structures in place to ensure that only people who needed to access data could do so, and much of it was arguably less sensitive than patient records.
That was the case in a small firm, and because we have a national system of healthcare in this country, which is a good one, the scale of fallout and harm that could arise from such mistakes or deliberate acts is so much greater. I urge the Government not to see the amendment as seeking to undermine their overall plans, but as a means of strengthening them.
This is another important discussion to have on the record to give patients and the public confidence as we introduce the vital single patient record. I start by stating that the security and privacy of people’s health data is paramount, and we will build the strongest safeguards possible into the record. Members from across the House have asked how those safeguards will be built into how the system is designed and operated, which is what we are doing.
It will operate on a roles based access control model, similar to other NHS patient record systems where access to patient information is restricted to the authorised user only. The single patient record will go a step further by applying advanced cloud based audit and oversight capabilities, enabling near real time monitoring of system access and detection of unusual or inappropriate patterns. That will allow NHS security teams to track and detect access patterns, and to quickly intervene if specific records are accessed by staff who have no clinical relationship with the patient in question.
The single patient record will ensure that just because a clinician has permission to view a specific patient record, that does not mean they are authorised to do so without a clinical need. The security and access arrangements will be set out in the regulations themselves, which will be debated, rightly, in Parliament. Therefore, it is not necessary to set them out in a plan beforehand.
Furthermore, there are already existing enforcement arrangements that provide sanctions for inappropriate access to patient data, which will also include accessing the single patient record. I commend my hon. Friend the Member for Ashford for his extremely helpful intervention, in which he highlighted his own experience in this field. Some of the examples that we heard again today, including Southport, Nottingham, the recent case in Cambridge and others, are truly shocking to people. Clearly, that should never happen, but sadly it has. As my hon. Friend rightly outlined, there are provisions in place for training people on information governance and tracking when that happens.
Additionally, I want to be clear that the Computer Misuse Act 1990 makes it an offence to use a computer to access information in an unauthorised manner, such as a person accessing information without a legitimate reason. Inappropriate or unauthorised access to health records—often referred to as snooping—is a serious offence that can lead to severe penalties, including dismissal, criminal prosecution and financial penalties. Regulated healthcare professionals, such as doctors, nurses and pharmacies, can be reported to their respective professional bodies, which can result in them being struck off in serious cases.
The information commissioner also has powers to investigate and take action against infringements of data protection legislation, which can include monetary penalties, enforcement notices, undertakings, prosecutions and reprimands. Furthermore, patients have a right to access data that is held about them under the data protection legislation, and those rights will continue to apply to the single patient record. For those reasons, I ask the hon. Member for Sleaford and North Hykeham to withdraw her amendment.
We think this is an important issue, so we would like to divide the Committee.
Question put, That the amendment be made.
15|0|6|7|The Committee divided:|Question accordingly negatived.||0|0
Amendment proposed: 49, in clause 47, page 36, line 1, at end insert—
“(4A) Regulations may not be laid under this section unless the Secretary of State has published a plan for a public awareness campaign to be conducted before the system established under section 250E(1) is made available to patients (a ‘public awareness plan’).
(4B) The public awareness plan must include—
(a) a description of the information to be communicated to members of the public through the campaign, which must include information about—
(i) what the single patient record is and what patient information it will contain;
(ii) who will be able to access patient information through the system and for what purposes;
(iii) the rights of patients in relation to their patient information, including any right to object to or restrict access;
(iv) how patients will be able to view a record of access to their patient information; and
(v) how patients can raise concerns or make complaints;
(b) the steps to be taken to ensure that the campaign reaches groups who may face barriers to accessing information, including people with disabilities, and people with limited digital access or literacy;
(c) the proposed timetable for the campaign, including the date on which the campaign is to commence and the minimum period during which it will run before the system is made available to patients; and
(d) a description of how the effectiveness of the campaign will be evaluated.
(4C) The minimum period referred to in subsection (4B)(c) must be not less than three months before the date on which the system is first made available to patients under subsection (1)(a).
(4D) The Secretary of State must lay the public awareness plan before both Houses of Parliament.”— (Dr Caroline Johnson.)
This amendment prevents the Secretary of State from making regulations to establish the single patient record unless a public awareness plan has first been published, laid before Parliament, and a minimum three month public information campaign has been conducted before the system goes live.
Question put, That the amendment be made.
16|0|6|7|The Committee divided:|Question accordingly negatived.||0|0
Question proposed, That the clause stand part of the Bill.
With this it will be convenient to discuss the following: New clause 7—Privacy by design in NHS Single Patient Record and Federated Data Platform architecture— “(1) The Secretary of State must ensure that there is privacy by design as part of the delivery of the NHS Federated Data Platform architecture.
(2) For the purposes of subsection (1), privacy by design includes— (a) patient data anonymisation outside its usage by clinicians and within the National Data Integration Tenant; and (b) patient consent for the processing of personal information by NHS.”
New clause 8—NHS ownership of connection software— “(1) The Secretary of State must ensure that there is NHS ownership of any data connector software architecture used as part of the delivery of the NHS Single Patient Record or Federated Data Platform.
(2) In this section, a data connector means an interface or connection between the NHS Federated Data Platform and any other health system.”
The single patient record is fundamental to the Government’s mission to create a modern, joined up NHS that puts patients at the centre of their care. The way we currently manage health records is letting patients down. That must change. Patient information is fragmented, so care is fragmented.
Local shared care records have demonstrated what can be achieved. The OneLondon shared care record is used by more than 100,000 frontline staff, with estimated monthly savings of £4.6 million, and around 45,000 patients are reported to have benefited from the Greater Manchester care record in March 2026, with 15 minutes of treatment time saved per patient.
Successful as some local shared care records are, however, they do not provide a uniform, comprehensive single record across England. The single patient record will allow people to have access to a summary of their full health record and provide relevant health and care providers with access to the health and care information they need to provide effective joined up care.
This is not a new problem and patients have not been silent about it. For more than a decade, patient groups and organisations across the country have been calling for exactly the kind of change that the single patient record will deliver. As far back as 2013, National Voices captured it simply and powerfully: “I would like to tell my story once.”
The call has only got stronger. Our independently delivered public deliberations found strong support for the single patient record. It was described as a long overdue fix to fragmented care, while the survey of 2,000 people found more than three quarters in favour of a single patient record. The Committee has heard directly from a range of stakeholders about the benefits a single patient record could have for patients and their care.
Clause 47 enables the Secretary of State to make regulations for the purpose of creating and operating the single patient record. The purpose of regulations made under this clause is to bring together patient information and make it available to patients and their relevant health and care providers such as GPs, hospital doctors, social care providers or others involved in their direct care. Only information concerned with direct care will form part of the system.
We have also included strong safeguards. The security and privacy of people’s health and social care data are paramount, and we will build the strongest of safeguards into the single patient record. It will be designed to protect personal data by default, with the highest standards of cyber security and information governance ensuring that only the right people can access the right information, at the right time—and only for the right reasons. Permissions to access patient information will be restricted to authorised users only, with an audit trail of who has accessed a patient’s data. The Secretary of State must also consult appropriate persons before making regulations and must have regard to ensuring that adequate safeguards are in place to prevent misuses of data.
Regulations will be subject to the affirmative process in Parliament and to the rigorous scrutiny of both Houses. That is all in addition to the provisions of UK GDPR and the Data Protection Act 2018, which will of course apply to the single patient record. Data sharing must always be necessary, proportionate and lawful. Secondary uses, such as planning or research, are vital to getting the right services in the right places and the right treatments for people’s needs. The single patient record will bring together linked and harmonised data across health and social care services and could be transformative for planning, commissioning and research. Therefore, it is right that the single patient record should be a source of data for those essential services.
Accordingly, clause 47 contains a savings provision to ensure that the single patient record can be used as a source of data for secondary uses only where there is a separate legal basis to do so. The clause does not provide any new legal gateways for secondary use. That means that the single patient record can only be a source of data for secondary uses in the same way as any other health and care data and subject to the same legal, ethical and confidentiality standards. We hope and expect that organisations will want to co operate with the single patient record, but we know that currently, data is not always shared when it needs to be. Therefore, the Secretary of State will be able to set out in regulations the circumstances in which a financial penalty may be imposed for a failure to meet an obligation imposed by regulations and the amount of any such penalty, although imposing a fine will be a last resort. I commend the clause to the Committee.
Clause 47 amends the existing legislation to facilitate the single patient record. We have heard about the many benefits that it may bring, for example for patients who find themselves telling the same story again and again and having to repeat themselves because caregivers cannot see the records that they need to see. That can be frustrating and sometimes very distressing for patients.
I caution the Minister against saying that the single patient record will completely fix that issue, because from a clinical perspective, particularly in certain presentations, hearing the story again from the individual can be helpful for a diagnosis, but the principle is a good one, and it will make things easier for clinicians, particularly if the patient is in an area away from home. Records may be kept in a particular geographical location or hospital, and if someone is away on holiday and they come in, we may not have access to their records. In paediatrics, we often give the parents of children with complex problems letters to carry that have the necessary information in them. That would not be necessary if the record were more accessible, so there are benefits to the single patient record.
There are, however, a lot of questions about it. One problem is that the single patient record has not really been designed yet, so we are being asked to approve something that is a hazy vision in the distance. On 1 June, the Minister said that “although the Bill establishes the legal framework for the SPR, much of the detail will be in secondary legislation.”—[Official Report, 1 June 2026; Vol. 786, c. 957.] I appreciate that it will be subject to the affirmative procedure, but we are being asked to make a decision now on something that is unfortunately very woolly.
Will the Minister reassure us that she will address the following questions in the secondary legislation? Who will have permission to edit the information in the single patient record? When will they have access to it? Will it tell us who has edited it—will there be a record of who, when and where? If the record is not accurate when it is edited, how will that be addressed? How will people know that it is inaccurate, and how will it be improved? In 2025, Healthwatch reported that 23% of adults who had seen their medical records reported inaccuracies or missing details, 12% said they had been refused treatment because of inaccurate information, and 10% said they had received inappropriate medication as a result. This is important. In recent years, there have been several incidents of patients dying after doctors used incorrect medical histories and prescribed medication that they should not have. This information needs to be available, but also accurate. I am interested in what the Minister has to say about that.
The other question is: what is going to happen to the records people have now? I am 48. I am sure the Minister is much younger than that, but we have records: our vaccination records, our childhood records, and records of any admissions or treatment we have had. Will those be added to the single patient record, or will the SPR start from day zero and go forwards? If it does, how will people access their historical records? If it goes backwards, what provision has been made to ensure that the data that is input is accurate, and for the cost and personnel required to do it?
Is the intention that the SPR will be one size fits all? The Secretary of State talked about people not being asked to have a one size fits all but being able to access the various systems around the country, but there are so many different systems. In my own practice, if I want to look at the notes of somebody I am caring for, I go to Evolve, where the notes are scanned in and I can look at the pages one at a time. If I want to look at blood results, I go to ICE, which is a different system where I can see the test results. If I want to look at the films of an X ray, they are on a different computer system again. If I want to follow the patient’s pathway through the hospital, see when their next appointment is with me or see who is next in my clinic, I go on to e Track. There is a different system for maternity, and there is Symphony in A&E.
Each hospital trust has a lot of different computer systems and information, and they do not all use the same systems, as I know having rotated through a number of hospitals during my training. How will the single patient record work with that? Will people be able to access all those different systems, and will they need to be trained to use them, or will there be a homogeneous system—and if so, what does the Minister envisage that looking like?
The Government say the single patient record will be more efficient, reduce the number of A&E attendances and hospital admissions, and make £20 million in annual savings to the NHS. Those are quite small margins compared with the scale of the project. Is the Minister satisfied that the savings will not be obliterated by the cost of the project running away?
The other thing is the public view of this. Polling published in January 2025 by the Tony Blair Institute found that 69% of people are willing for their anonymised data to be used to help plan NHS delivery, 71% are willing for it to be used for research into drugs and new treatments, and 75% are willing for it to be used for speeding up and making better diagnoses. There is an amendment—amendment 11—that make data available only for patient care, but patient audit and research can be quite important. Does the Minister have any comments on how audits and patient research might be used in a clinical context to improve care using anonymised or non anonymised data?
Proposed new section 250E(3) of the National Health Service Act 2006 says: “The regulations may provide that the processing of information in accordance with the regulations does not breach any obligation of confidence owed by the person processing the information.”
As one of my hon. Friends said earlier this afternoon, if the Government put a clause into a Bill, they normally have a reason for wanting to use it. Can the Minister expand on the circumstances in which they might want, in essence, to bypass patient confidentiality in pursuit of that provision?
In addition, the regulations may make information “available to people involved in the provision to patients of health care or social care anywhere in the British Islands,”
which means it will not all be provided in England, and it will not necessarily all be provided within the United Kingdom. Will there be reciprocal arrangements with the self governing territories? If not, how will the Government ensure that the data is properly protected once it has been shared?
I also want to mention cyber security. On 30 June—just earlier this week—it was reported that the UK healthcare sector experienced a tenfold increase in attacks during January to May 2026 compared with the whole of 2025, recording 264,000 individual events compared with just 27,000 in 2025. In June 2026, Bedfordshire hospitals NHS foundation trust revealed that data relating to 33,000 hospital patients was stolen and shared online two years ago. Mid and South Essex NHS foundation trust reported the theft of 2,380 records in the same attack. The Secretary of State said earlier in June that “the situation with the single patient record is…different from that of the federated data platform, because it is likely that we will let a series of contracts to de risk the delivery of the single patient record.”—[Official Report, 1 June 2026; Vol. 786, c. 891.] That suggests that the Government are aware of the problem but have not yet nailed down the detail of how to contract the delivery of the single patient record or worked out how they are going to keep data safe once they have. How can patients have confidence when their health data—their most personal data—is on the line and the Government have not yet made the key decisions for protecting it? Does the Minister have any comments on that?
What will happen to private providers? The Government are increasingly using private healthcare providers to try to improve the waiting lists, but will they have access to the single patient record? If they will, will they have to contribute to it financially or get it for free? How will the data be protected if it is not in NHS hands and not necessarily under the same regulation? What plans do the Government have to monetise the data? In December 2025, the then Under Secretary of State for Health, Innovation and Safety, the hon. Member for Glasgow South West (Dr Ahmed), was reported in the Financial Times as having said that the UK should make money from patient data for the “benefit of the Treasury coffers”.
Can the Minister expand on her Department’s plans to monetise patient data? Can she guarantee that personal data will not be exposed or leaked?
Can the Minister give assurances that the tendering process for contracts to set up and run the single patient record will be fair and transparent? It has been said that companies that donated to Labour before the general election were awarded contracts worth almost £138 million during this Government’s first year. It has also been reported that Peter Mandelson had links to Palantir, which secured a £240 million deal with the Ministry of Defence. It is important that people have confidence in the contracts. Does the first person to get a contract get locked in? Once the system is set up with one provider, will it be prohibitively difficult to change provider? Will the contracts become more and more expensive as time goes on because of the difficulties in redesigning a system? Who will own the intellectual property of the system that is designed? Will it be the Government or the private company? If it is the private company, how will that work going forwards?
The other question is: can we trust this Labour Government to deliver this? In 2005, the previous Labour Government launched a digitisation project called the NHS national programme for IT. In 2007, the Public Accounts Committee found that the Government had not sought to keep a detailed record of expenditure and there was no evidence that officials had carried out an examination to see whether the benefits exceeded the cost. The Father of the House, my right hon. Friend the Member for Gainsborough (Sir Edward Leigh), described the project as “one of the biggest IT disasters of all time”.
Costs ballooned to more than £9 billion, leading a member of the PAC to say in 2013 that it was one of the “worst and most expensive contracting fiascos”
in the history of the public sector. How will the Minister convince the House and the public that the contract is being provided fairly, that it will be useful, that it will deliver what it said it would at the prices it said it would, that the data will be held securely once it is delivered, and that provisions will be in place to record access, decide who gets access and limit access?
Who gets access to sexual health records is particularly important. At the moment, sexual health records are kept separate. If someone attends a sexual health clinic specifically for sexual health screening, those records do not appear in their general medical record, in order not to disincentivise people from attending those sorts of appointments. If everything will be in one single patient care record, will sexual health records appear within that record? That is an important issue; indeed, it was raised during the Committee’s evidence sessions, when it seemed that the Government had not yet made a decision.
I will speak to clause 47 and to new clauses 7 and 8, which were tabled by my hon. Friend the Member for Newton Abbot (Martin Wrigley). The sector has been calling for a single patient record for decades, and it is the single most impactful part of the Bill. It could be transformational for patient experience, care, outcomes, consistency of treatment and reducing errors.
Members have talked about the hassle of people having to tell their story repeatedly or recollect the history, which many people cannot do accurately, so the clause could be hugely impactful. Polling shows that nine out of 10 Britons want better access to medical records. Many assume that a single patient record already exists and are often quite surprised when they go to another hospital and find that it has no record of what has been done in the county next door.
Although the public are rightly concerned about the use of their data, especially outside of direct care and for planning and research purposes, we wholly support the idea of a single patient record. The plan is for people to be able to see their primary, secondary and social care records all in one place, all in the NHS app. It will be transformational, but patients should be in control of their data. They should be able to see who is accessing their records and should be able to opt out of sharing data. It is essential that there is sufficient control and guarantees around the sharing of data, whether for research or other reasons. The Bill does not go far enough to provide reassurances that patients will ultimately be in charge of their own data and how it is used.
Trust among medical staff, patients and the public is essential for this much needed system to succeed, and we have only to look at the pushback on the federated data platform to see that. Sufficient guardrails are necessary to make sure that secondary uses of health data are allowed only when they deliver a clear public benefit. Rules need to be future proofed so that they are not vulnerable to change depending on the political or economic situation. There should be meaningful checks, balances and transparency.
We want to make sure this technology is focused on enabling and delivering healthcare. We know that, in the US, Palantir is providing health data to US Immigration and Customs Enforcement, which is then used to support deportations. We would be really concerned if people were too worried to come forward for medical treatment because they thought that their immigration status might be passed on to another Department.
There was a Westminster Hall debate recently on the concerns about Palantir and about the single patient record being abused. From an economic point of view, it seems a lost opportunity to have such a huge infrastructure project farmed out to foreign companies based abroad. First, this is a huge opportunity for companies in the UK to boost our economy, provide employment and drive innovation. Secondly, if we are reliant on foreign companies to deliver this service, we could lose our health sovereignty and their motivations might change depending on the political and economic situation of the country in which they are based.
There have been recent examples of NHS staff inappropriately accessing the private health records of the victims of the Southport and Nottingham terror attacks. The decision by the University Hospitals of Liverpool Group not to inform patients of the breaches understandably raised privacy concerns. The Government must therefore ensure that there are sufficient safeguards and guardrails, and that they are communicated clearly to the public to build trust.
The single patient record needs to happen, but in the right way. The issues with the FDP’s uptake have shown that patient and staff mistrust can significantly undermine a system’s effectiveness. The most important safeguards should not be left entirely to later implementation. They should be laid out in primary legislation at the beginning of the process. The Bill should be more explicit on who is responsible for decisions about access, sharing, liability and redress. That is why we have tabled various amendments, which we will get to later, most notably on our health data charter, setting out the key principles of how health data should be handled and a duty to prioritise domestic suppliers in technology procurement.
We welcome Opposition amendment 49, which we debated earlier—I believe it was echoed by the NHS Alliance—suggesting that a plan should be laid before Parliament for a minimum three month public information campaign before the system goes live. The discussion on this needs to be constructive, not alarmist, to make sure that the SPR is rolled out in a safe fashion and so that we all get to feel the benefits.
Public involvement should be ongoing, visible and tied to real implementation decisions. Past NHS data reforms show that support depends on people feeling informed, heard and able to challenge decisions. Any red lines should also be clear. For example, there should be consented use for marketing or insurance purposes.
We also need to discuss the role of GP practices in this debate, given that they work within the NHS but are also private businesses. GP records are among the NHS’s richest data assets, and GP practices are to remain independent data controllers. I have spoken to three different practices in Winchester, and the practice managers are quite concerned that GPs will be required to share data much more routinely than they do now, but they will still carry the legal and professional risk and will likely act as the channel to explain to patients how their data will be used. GPs will need to be brought on side for the SPR to work, and that will depend on who decides, what safeguards apply and how burdens on practices are managed. Recent experiences show the sensitivity of the issue. The British Medical Association has stated that it may consider collective action on GP data sharing. The 2022 roll out of automated prospective GP record access through the NHS app was paused after concerns about safeguarding and the burden on practices.
Will the Minister expand a little on the detail and on how all this will be implemented? What precautions will be taken to ensure that patient data is protected? Will she consider the Lib Dem proposal for a health data charter that sets out principles and responsibilities for handling NHS data?
As ever, it is a pleasure to see you in the Chair, Ms Lewell. I have listened very carefully to people’s speeches, and it is important to say that we are debating that clause 47 stand part of the Bill. The clause creates the single patient record and, while many Opposition Members have justifiably and understandably asked how we will do this right and what safeguards we will have, it is important that what we are debating is that the clause stand part of the Bill.
The clause creates the single patient record, and it creates the overarching ability for the NHS to use data better than it currently does. I am not a data scientist. I am a physicist by training, and I taught physics and worked in trade unions for a long time. Because of my training and my use of data, every group of people I have ever worked with invariably came up with nicknames for me, which usually boil down to “Data Dave”. There is something so valuable about being able to use aggregated values to tell us something that we do not already know.
One of the most valuable things we may get from this is that, when a clinician talks to a patient and they say or present something that does not match what is on the single patient record, it will raise a red flag that leads the clinician to realise something they would not have realised if they did not have access to notes previously taken elsewhere. I genuinely think that is one of the most valuable things that will come from this.
On a wider stage, the ability to aggregate data and properly track what is going on within the health service, and for people to be able to track what is going on with their care, with a wider view of what is going on, will be so valuable to clinicians and wider afield.
I am interested in what the hon. Gentleman is saying. Does he agree that, in many ways, the NHS dataset will be one of the most valuable datasets in the world, not only to patients themselves—in terms of the value to them and their privacy—but in the ability to analyse it and perhaps understand parts of medicine that we do not understand at the moment and so improve patient care?
I am not entirely certain that I want to agree with “one of” the most valuable datasets in the world; I think it could potentially be the most valuable dataset in the world.
We know that the NHS is the largest healthcare provider in the world. We know that the data is potentially very valuable. Creating this will allow our NHS to be at the forefront of managing how it works, in a way that no other health system will be able to, and certainly to a scale that no other health system anywhere in the world will be able to. That obviously comes with risks.
I have been listening carefully, and it is important that we tease out those risks and make sure that we stay as red hot as we can on all the issues that hon. Members have raised. I go back to the salient point of whether this clause should stand part. I fully support that this measure should be part of the Bill and that we should be moving in this direction.
I have spoken about the more global ideas and the reasons why, intellectually, I think this is a good idea, but let me take an example from my home county of Staffordshire up in the west midlands. There are reports that one hospital in Staffordshire uses 450 different electronic systems, which is absolutely bananas.
For so long, we have not had a single patient record. We have not had one unifying system. Over a cup of tea with the Minister a couple of days ago, I got very excited and started talking about primary keys because, although I am not a data scientist, I like the use of data. I do not think we need to get into a situation where there is a single primary key that is instantly recognisable to everybody and where we are necessarily using some machine learning to assess that. That could potentially come later down the line. That is not what the clause is doing, and it would need a much wider discussion than we are currently having.
If we take the example of Staffordshire and its 450 different data systems in one hospital—I do not know that number for certain, although it has been reported to me by two or three colleagues—I cannot imagine the difficulties that the IT team has in trying to get that number of systems to talk to each other. It will be nigh on impossible. All it leads to is delays. All it leads to is people having to reproduce data from one system to another manually. By creating an overarching single patient record, we will force it to happen.
The hon. Member has hit the nail on the head. A single patient record is not the same thing as mandating that 450 record keeping systems become one. In fact, the single patient record will work as a theory on paper only if there is interoperability between different databases. That is a massive challenge that is not dealt with here. It cannot be dealt with here, in the real world, and the single patient record will not be realised until it is dealt with, which could take years. Does the hon. Member have a reflection on that point?
I appreciate the intervention, and it is nice for the hon. Member to get me back after I got him the other week. He is absolutely right. I do not think anybody in this room expects that after we have this discussion and the clause forms part of the Bill, and after the Bill goes through the parliamentary process and hopefully becomes an Act very soon, the next day there will instantly be this magical, ethereal thing called a single patient record and everything will drop into place immediately. I have a bridge to sell to anybody who thinks that.
What the clause does is put the NHS on a path to being able to deal with data appropriately, in a 21st century way, by adding the ability and requirement for the NHS to use data appropriately. In terms of how that is done technically, I am very far from a computer programmer—I have done a tiny bit in parts of my life, and it always drives me absolutely wild—but there would be a number of architectures that could be used to make this work. I am not an expert and would not profess to be or to give anybody advice on that.
An advantage of the way the Bill is written is that things can be picked up by secondary legislation, which can go into a lot more technical detail. That is a real strength of how this is drafted. If we tried to mandate in primary legislation, in an Act of Parliament, far too granular a level of data science and information technology architecture, we would run a real risk of falling behind. Everybody is very aware of AI, and it is rare that I go a day without hearing people talk about it. Quantum is just behind it, and it is potentially much more disruptive and much more beneficial to huge parts of the economy, especially healthcare.
Trying to do everything through primary legislation is absolute folly. However, making sure we have primary legislation that allows us to drive the NHS into this space and to require and enable the NHS to stay on top of the proper use of data and to modernise its structures and practices can only be a good thing.
I close by saying that I absolutely support clause 47 standing part of the Bill. It has the potential to drive huge improvements in the NHS, both on a local scale and on a more global scale.
I will pick up where the hon. Member for Lichfield left off.
I make it clear that a single patient record is not a single electronic record keeping system. Also, the single patient record is a theory, and it will remain a theory long after this legislation has been passed, as I am sure it will be, unless and until the electronic record keeping databases and software in this country are able to speak to each other.
I have experience of working for a national nursing charity, and my role specifically dealt with the legal and governance issues of trying to embed community nurses in different settings. However, that work was beset by the problem of different databases—different electronic record keeping systems—that did not speak to each other. Even those systems that were supposed to speak to each other did not do so. As the hon. Member for Lichfield said, sometimes there can be dozens, even hundreds, within even one NHS trust.
That should not be a problem today, but it is, and the Bill will get us no further on the technicalities and the technology problems we have. These systems are already meant to speak to each other, and we do not need legislation to realise that should be happening. Indeed, there are still paper record keeping systems in many places up and down the country. The theory of a single patient record is a good one, but it will mean nothing in practice until those paper record keeping systems have become electronic and then all the electronic systems speak to each other.
That makes me wonder whether a single patient record will ever be realised, regardless of legislation on the model that is supposed to exist. Indeed, the Bill does not mandate a single preferred electronic record keeping system, and nor should it; there is a competitive market out there in which NHS trusts are free to engage and contract with different providers of electronic record keeping.
I wrote to the local health bosses in my area after being made aware that the provider of one of their main electronic record keeping systems had offered to extend the system further throughout the trust in order to save money. However, the trust has not yet responded. I am not in a position to say whether that offer is a better one, but on the face of it, it certainly looked like it would save money because it was a record keeping system that the trust was already using; it just was not being used across all parts of the trust. That letter has gone unanswered for a year. It is not just a technological issue; there is also a cultural issue of the lack of nimble, joined up decision making.
Some health bosses, not necessarily those in my area, are unable to take advantage of the financial benefits of changing or adapting to using new systems. Until that is resolved, a single patient record will remain ever wanted but never actually delivered.
To use an analogy, different companies provide the services on people’s mobile phones—the internet access, social media; software and even hardware. Most of us end up with a smartphone that does pretty similar things to every other smartphone and, broadly speaking, all the different apps co operate with each other. Of course, the major global technology companies have faced legal action in the US, Europe, this country and elsewhere to ensure that their systems talk to each other, and primary legislation has been required to make them do that.
The phone analogy is really valuable. I am not an expert on the various architectures that make up phone operating systems, but I know a little about drivers and a little about computer programming languages. The hon. Gentleman is right that all the different bits of hardware in every single phone speak to themselves in a different language. Lots of them use different computer programming languages, and they all require drivers to translate that into whatever the operating system uses.
There are two or three major providers when it comes to mobile phones in the UK: Google and Android, and iOS. There is effectively a requirement on the phone companies that says, “If you want your app to be on our phones, it’s going to have to be able to use this language.” Depending on the operating system, the language will be slightly different, but the commercial requirement that apps must be able to use a certain language obliges the individual app producers and the individual pieces of hardware to have the driver to translate whatever language they use to talk to themselves into the one that works with the operating system.
Does the hon. Gentleman think there is a parallel in the Bill? Having a piece of legislation that requires a single patient record, whatever that looks like and whatever language it uses, potentially shortcuts some of the problems he is talking about with using a plethora of systems. Rather than having 450 systems, which could potentially use 450 languages, and trying to teach all of them all 450 languages, we create the requirement to use a specific language. We then teach all 450 one additional language and they will all be able to feed in—
Order. This is a very long intervention. Will the hon. Gentleman please wrap it up?
Apologies.
That was a long intervention, but it was helpful. I disagree with the hon. Gentleman, because the legislation is not seeking to require technology companies or the providers of electronic record keeping systems to be able to talk to each other. It is trying to create the concept of a single patient record, which is good, but it does not mandate a way to achieve that. I do not particularly want to name companies, but a big provider that is already in the health space and that provides electronic record keeping systems might say, “We can already provide a single patient record. It is for other providers to adapt and feed into our record keeping system,” and there is nothing in the Bill that says one technology company must adapt to another.
The technological issue is completely unaddressed. I am not even saying that it should be addressed in the Bill, because there are all sorts of issues around competition law and state support for particular companies. It is not a criticism per se of the way in which the Bill drafted, but this is an opportune moment to make the point that absolutely none of the clause will be delivered until a major issue that the Government have not yet addressed is dealt with. That issue is the interoperability of different electronic record keeping systems provided by the private sector. They are all in competition with each other to get a bigger share of the market; unless and until that is addressed, the Government are not going to realise any of this. I do not want that to be the case. I want the single patient record to be realised, broadly speaking.
I wish to speak in support of clause 47. I spoke on Second Reading about my strong support for the introduction of a single patient record. I am not a tech expert like my hon. Friend the Member for Lichfield—
I don’t know about that!
It really surprised me to hear my hon. Friend talk about his experience of 450 systems in the computer system in his local hospital. I was shocked, because as a clinician who previously worked in the NHS, I wanted a system that made patient records readily available so that we could care for patients.
My understanding is that the clause amends the National Health Service Act 2006 to enable the Secretary of State to make regulations to establish a system to make patient information readily available to patients and to those involved in providing health or social care in England. Under the current system, care and treatment across different parts of the NHS are not as co ordinated as they could and should be. All too often, that means that patients have to repeat their medical history every time they see a different medical professional. The shadow Minister, the hon. Member for Sleaford and North Hykeham, talked about how that can sometimes be useful for getting the diagnosis right, but it can be very traumatising for someone to have to explain the same story again in such a short period of time.
Speaking in the Chamber, I previously gave the example of a mental health patient going to A&E on a Friday. They tell their story to the professionals there and they tell the same story later when a mental health professional comes to see them. When they are admitted into a mental health hospital, they have to explain the same story when going into the ward, and then again to the nurses. Having to repeat their story again and again is traumatising for most patients.
My point was that this can sometimes be beneficial. If a clinician sees a young lady who has collapsed at school, she might have fainted or had a fit. There are a lot of different potential causes, such as cardiac syncope, and lots of different potential diagnoses. A lot of the detail in making the diagnosis is in the history. The patient will probably already have been asked their story when they arrived at A&E, but it is still important for a senior clinician to ask for it again.
My caution was against presuming that we can, in all cases, prevent repeated asking of questions. There would clearly be a benefit when there are particularly sensitive pieces of information, about which we need not ask two, three or four times, but we cannot stop all cases in which a patient is asked for the same story.
Absolutely; a single patient record will not stop professionals from asking the necessary questions of patients at any time. Each ward round, the doctors ask the patients how they are feeling. They will have that conversation; that will not stop. We are talking about repeatedly having to tell the story.
The point was highlighted when the Committee heard from Jacob Lant, the chief executive officer of National Voices, a coalition of health and social care charities. In his 15 years of patient and public engagement, the most consistent theme is patients’ frustration at constantly having to retell their story, and the fact that medical notes are not available across different healthcare settings. Not only is that frustrating for patients, but it can also be deeply distressing. Kath Abrahams, the chief executive of Tommy’s, told the Committee that “Women report constantly having to retell their story—highly sensitive or traumatic experiences of loss—and that repetition can happen across the early pregnancy unit and maternity services.”––[Official Report, Health Public Bill Committee, 16 June 2026; c. 66, Q108.] As medical professionals, we are taught the importance of empathy and understanding, but if the absence of a unified patient record system is aggravating traumatic experiences for patients, we need to address that. The absence of a national unified report can also compromise patient safety and lead to clinicians making decisions based on partial or incomplete information, significantly increasing the risk of error.
We heard evidence of that from the chair of Healthwatch England, who highlighted the risk posed to patients with multiple comorbidities. He said: “Without a single patient record, we can find that a consultant or a GP has access to only one part of that multiple comorbidity…That can lead to all sorts of unforeseen errors.”
That can result in poor health outcomes, increased hospital admissions and reduced patient trust, which is why he went on to speak about “the great advantage that we can get from a single patient record.”––[Official Report, Health Public Bill Committee, 16 June 2026; c. 49, Q79.] Experienced mental health patients often move between A&E, GPs and mental health services and have to repeatedly go through that traumatic experience.
I have spoken in the House previously about my deep frustration that the digital records available to me in mental health services in Kent and Medway were incompatible with those used in other parts of the NHS, both locally and across the rest of England. I know that that frustration is shared, so in advance of the Committee’s consideration of clause 47 I spoke to some of my former colleagues, as well as other healthcare professionals in my constituency, to find out what systems are used to record patient information.
For example, in my constituency of Ashford, GPs use EMIS. Some can access parts of patient records through Graphnet, but not everybody can. The East Kent hospital trust—my local hospital—uses Sunrise. Some staff in that trust can access Kent and Medway clinical records. The Kent community health trust uses Rio, but Kent and Medway mental health trust uses a different version of Rio. The versions do not speak to each other. All the investigations are recorded on something called Dart OCM.
Those are just some examples. In my constituency, a patient’s records are kept in five, six or seven different locations.
The hon. Gentleman is making the point that I have been trying to. He referred to a number of companies that each provide an electronic record keeping system. The Bill does not mandate those companies to speak to each other and create a single patient record; there is no requirement on those private companies to do anything. As they are in competition with each other, their answer could be, “We can provide the single patient record—we are already doing it—if you just use more of our system and pay us more money.”
I am not suggesting that this is the hon. Gentleman’s responsibility, but does he have anything to say about the practicalities of a single patient record as a theory and the interoperability of electronic record keeping—a practical thing not dealt with in the Bill?
My patient record is currently kept by different organisations or providers, which cannot see each other. If I speak to the GP about my blood sugar and then end up in A&E, they cannot see that record. If I go to the mental health service, they cannot see what medication I was taking. When I get discharged back to the GP, he will not get the information on my medication. That is the clinical aspect I am talking about, although I fully understand the hon. Gentleman’s concern. I hope the Minister will address some of those issues.
The responses I collected demonstrate how disparate and fragmented digital record systems are within just one local area. I do not think any of our constituents are aware that their data is kept in different places and that the services do not talk to each other. That is what the Bill is trying to address. All that information will be available for doctors, nurses and any other healthcare providers so that they can see patients’ history and medication and those patients will be more safe. Things will be more transparent. It will be easier for admission to discharge processes.
There is no detail in the Bill. As my hon. Friend the Member for Isle of Wight East said, there is nothing in the legislation requiring the computers in his local area to talk to the computers in my local area.
I hope that would be the outcome of this legislation. I will give an example. My constituency is very close to Dover. Lots of travellers go through Ashford, my constituency. We often get patients from Scotland, Manchester or Liverpool, for whom doctors cannot start a treatment because they have to wait 24 hours to 48 hours to get the information from the hospital where the person comes from. I am not saying that the story is the same across the country, but that is what we are experiencing.
In the event that someone from Scotland comes into the hon. Gentleman’s hospital near Dover and a doctor wants to look at their healthcare record, does the hon. Gentleman envisage that the doctor will log on to their local system and see the records from Scotland, or that they will have access to the Scottish system to look at the records directly there?
I do not know whether there will be the same system in Scotland, but my understanding is that in the north of England doctors will be able to see the same system. Again, we can hear more detail from the Minister.
A single patient report has the potential to transform patient experience and safety by ensuring continuity of care, by reducing unnecessary repetition, by enabling better informed clinical decisions and the smoother discharge of patients, and by creating a more efficient and joined up healthcare system.
I thank all those who have spoken so far in this debate. I have never seen the hon. Member for Lichfield so animated—Data Dave is clearly alive and well.
As we have discussed, the clause creates the legal power for a single patient record in the UK. It is important to say, as others have, that the Bill does not create the system but gives the Secretary of State the power to create it later through regulation. That does not mean, however, that we should not have a debate about some of the issues that we have raised.
I should state at the start that I support better information sharing when that helps patients receive safer and better care, and I think that the single patient record could well do that. Anyone who has worked in healthcare, as I have, knows the frustration that results from the records not following patients between services. Clinicians can lose valuable time in searching for information, if they can get it at all. As others have said, patients are often asked to repeat the same details over and again—not, as my hon. Friend the Member for Isle of Wight East rightly said, because it gives a richer experience but simply because people do not have the information. Better joined up records have the potential to improve care.
We have, however, been here before. I was a lot younger—we all were—but back in 2002, the national programme for IT, under the last Labour Government, was a £10 billion unmitigated disaster, which the Public Accounts Committee described as “one of the worst and most expensive contracting fiascos in the history of the public sector.”
I want to make sure that there are safeguards, from both a contracting and a data safety point of view, so that we do not go down that route again. As my hon. Friend the Member for Isle of Wight East clearly outlined, creating such a record is fiendishly complicated from both a technology and patient information point of view and from a data sharing and data protection point of view.
The record could contain some of the most sensitive information about people, so Parliament has the responsibility to make sure that the legal framework is right. We also know that the record will work only if the data in the single patient record is worth the electronic paper that it is electronically printed on. As I am sure the Minister knows from her time in the NHS, the information is getting better but continues to be patchy across the country. Different trusts and organisations record things in different ways. I take my hat off to those who work in clinical coding, as they do one of the most difficult jobs in a trust. Again, we need to make sure that the data is accurate. Someone mentioned AI earlier; I think AI could help with that, but we are still some way off.
I want to canter through my concerns about the breadth of the powers being given under the clause. The Bill allows the Secretary of State to make regulations establishing the system and to decide how it operates. Those regulations may require or authorise the sharing and processing of patient information, decide who can access the information and create enforcement powers and financial penalties. Some of those important questions are not answered in the Bill. Parliament is being asked to approve a broad framework before seeing some of the detail.
My second concern is that the Bill says little about patient choice. There is no clear statement about whether patients will have the right to opt in or out and no explanation of whether patients can restrict access to all or part of their records. There is no mention of whether someone could choose to limit access to particularly sensitive information, such as mental health records, sexual health information or information about substance dependence. There are major questions for public trust but those are left, I would say, entirely to future regulations. We need clarity about them now.
My third concern is the scope of the information that may be included. The definition of “patient information” is extraordinarily broad. It covers information about physical health, mental health, diagnosis, treatment and care, including social care. The definition of “patient” includes people receiving social care or having their care needs assessed. What we do not know from the Bill is exactly how that data will be presented. Will it use language that a patient can understand? Will it talk about having a heart attack, or will it use medical information that a medical professional will need to assess? Or will it include both, so that the patient knows that they have had a heart attack, for example, but the medic can see the precise detail on what sort of transient ischaemic attack it was. We need to understand what the data is recording and at what level of detail.
If it is to include both, who will translate it into the simplest form and how much will that cost?
Precisely. These questions need to be thought about when the Government are creating this system.
As hon. Members have described in their speeches and in their amendments, the system could contain much wider information, including highly sensitive information about disability, safeguarding, care assessments, addiction, pregnancy, military service, caring responsibilities and many other personal matters. This is not simply about a hospital record; it is about bringing together health and social care information. That makes it even more important—indeed, essential—that safeguards be clear and robust.
That leads me on to my fourth issue, which is confidentiality. The Bill says that where information is processed under the regulations, doing so will not breach any duty of confidence. I think that that is a significant legal challenge and change. Confidentiality has been one of the foundations of healthcare. Of course there are already situations in which information can and should be shared, but where Parliament is creating a new legal basis for disclosure, it is reasonable to expect strong safeguards alongside it.
That brings me to my next concern. The Bill says that the Secretary of State must have regard to the need for “adequate safeguards”. That is welcome, of course, but the Bill does not say what those safeguards are. There is nothing in it about role based access controls, audit logs or whether patients would be able to see who had looked at their records. There is nothing about minimum cyber security standards, about how inappropriate access will be detected or about independent oversight. Those matters may appear later in regulations or in guidance, but they are not guaranteed in the Bill.
I thank the hon. Member for his clear summary, at the start of his speech, about what we are discussing, which is the regulations. He and other Members have rightly pointed out many issues that need to be resolved, but does he agree that the proper way to work through this very detailed and very real concern is through the regulations, which will come with expert advice and ensure that we cover all these points properly?
On the hon. Lady’s specific question, I agree: the regulations will answer these questions. But I think it is entirely appropriate to have them asked here and to have a statement of the principles, at least, on a number of these things from Ministers, so that within a broad scope we can ensure that the Bill is appropriate. The amendments tabled by my hon. Friend the Member for Sleaford and North Hykeham, for example, seek to do so. They were clearly within the scope of the Bill; otherwise, they would not have been accepted.
The next issue is geographical scope, which I do not think anyone has touched on yet. The Bill allows information to be made available to people involved in “health care or social care anywhere in the British Islands”.
That naturally raises questions about governance across different health systems. How will information be shared between England and the devolved nations? I think my hon. Friend mentioned some of the self governing territories. I assume that she meant the Isle of Man, the Channel Islands and places like that—Crown dependencies. What rules will apply? How will accountability work where different organisations operate under different arrangements? Again, the Bill does not answer those questions.
The cross border point is really important. A number of people will come into England from Wales to have their secondary care delivered, because that care is not available in Wales. The single patient record will presumably not be available to the clinicians in the hospitals in England who are dealing with the patients. I wonder whether we should consider how that will work when we get to the regulation stage, because other systems will clearly be needed to deal with the people who are coming from outside England to be treated in English hospitals and other settings.
I read the clause differently. I am sure that the Minister can provide an answer, but my reading is that the single patient record could be—but not necessarily that it must be—used in Wales and Scotland as well. I do not know whether it has to be used, but the clause, as I read it, suggests that it would be. If a patient is travelling from Oswestry to somewhere in Shropshire or vice versa—
Oswestry is in Shropshire.
My geography A level has clearly departed me. If a patient is travelling from somewhere in Wales to Shropshire, the single patient record would be used. That also presents challenges the other way, if Wales and Scotland are using different technological solutions and systems and operating under different legal frameworks. That is especially the case for Scotland: it has quite a different legal system from England and Wales, so there could be issues.
The clause says that information could be made available “to people involved in the provision to patients of health care or social care anywhere in the British Islands”.
That implies that the English system will be used to share information with people outside England—in the Isle of Man, the Channel Islands, Scotland, Wales or Northern Ireland—but it does not imply that those areas will necessarily have the same systems to share information with us.
That is an interesting question. I do not know the answer, but perhaps the Minister can pick that up.
The Bill also creates powers for financial penalties. It sets out a process for notices and opportunities to make representations and a right of appeal. Those procedural protections are sensible, but the Bill does not tell us who might be fined or what conduct would trigger a penalty, and it does not set out a maximum penalty level. Those decisions, again, are left to regulations.
It is also important to remember that the Bill does not replace existing data protection law, as I think the Minister outlined in her opening remarks. Organisations will still have to comply with the Data Protection Act and other UK data protection rules. However, the Bill would provide a new statutory basis for processing information through the single patient record. That makes the wording of the Bill especially important. Ultimately, public confidence will determine whether the system succeeds. People are generally willing for information to be shared when it improves their care, but they also expect transparency, security and accountability and expect to know who can see their information and why. Those expectations are entirely reasonable.
There are several questions that I believe the Committee should ask before these powers are granted. Will patients have a genuine choice about participation? Will they be able to restrict access to particularly sensitive parts of their records? Who exactly will be able to access the system? Will patients be able to see a record of who has viewed their information? What minimum standards will apply? How will misuse be identified and punished? What independent oversight will exist? Those are not technical details; they are central to public confidence.
In conclusion, the clause will create a legal framework rather than a system itself. It will give broad powers to establish the single patient record while leaving many of the most important questions to future regulations. Clearly most people support the goal of improving patient care, but because the system will involve some of the most personal information that people have, Parliament should ensure that patient rights, safeguards, transparency and accountability are clearly built into the framework from the beginning. It should ensure that questions are asked now rather than decided on later.
I turn first to new clause 7. Patient data is at the heart of the NHS, and it is important to help plan and run health and social care services; we have discussed that before, and a lot of these points have already been recorded in our earlier conversations. The security and privacy of people’s health and care data are paramount. To be clear, the Bill does not rewrite our data protection laws; it works alongside them, allowing the NHS to use existing, lawful frameworks to share information safely and legally for the direct care of patients. Article 25 of the UK general data protection regulation already applies to the federated data platform, and will apply to the single patient record. The new clause is therefore not necessary.
In the NHS, there are different ways in which patient information is used, and not all of them involve asking for explicit consent each time. For example, if a GP refers someone to a hospital, that person would not expect the clinician reviewing the case to ask their permission before looking at their medical record; their agreement is understood as part of seeking care. That is called implied consent. Although a national data opt out exists, it applies only to data used for secondary purposes such as research and planning.
The single patient record is expected to operate roles based access control, whereby permission to access patient information is restricted to authorised users only, with an audit trail of who has accessed the patient’s data. Inappropriate or unauthorised access to health records, often referred to as snooping, is a serious offence. There are mechanisms to manage that, including prosecution and fines.
In 2025-26, we invested £75 million across health and social care, building on the £375 million invested since 2017. Through our ambitious cyber improvement programme, we are tackling the changing cyber risk head on, expanding protection and services to better protect the health and care system. The single patient record system is expected to be assessed as critical national infrastructure, with the highest standards of cyber security and information governance to meet our existing duties to keep personal data safe under the data protection legislative framework.
I turn to new clause 8. No decision has been made about who will be the IT suppliers of the single patient record. It is expected and intended that it will be delivered through contracts with multiple suppliers, which will reduce dependency on a single supplier. Furthermore, no decision has been made as to how, if at all, the single patient record will link to existing infrastructure such as the federated data platform. As hon. Members will expect, I would not support using the Bill to try to rewrite the contract for the federated data platform.
Hon. Members have discussed a wide range of issues relating to this area. They probably know that negotiating the intellectual property in relation to software in digital services is complex and often contentious. The new clause would make it a condition of any single patient record IT supplier contract that the NHS owns the intellectual property in data connector software, regardless of the circumstances. In practical terms, that would be likely to disincentivise suppliers from offering their services if they were required to sacrifice the IP of a product. It is unnecessary to impose such a condition, as there are other ways in which the NHS can ensure that software is reusable, such as broad general licences to use the data connector software in whatever manner, requirements to use industry standard code and interfaces, and information standards.
The recent changes to the NHS information standards in the Data (Use and Access) Act 2025 make relevant IT suppliers accountable for meeting information standards and enable the Government to monitor and enforce compliance with information standards by IT suppliers. We wish to see a vibrant UK market in digital and technology, while ensuring that patients get the best technology to improve care outcomes and to keep the NHS financially sustainable. That will give the NHS more choice and help to improve standards while supporting economic growth.
We have had what they call a wide ranging discussion on some things that are not actually in the clause. I agree with the hon. Member for Farnham and Bordon that it is absolutely right, and we have heard some excellent examples from Members with clinical experience. My hon. Friend the Member for Lichfield will now be forever known as Data Dave—sorry about that. The hon. Member for Sleaford and North Hykeham has clinical experience and my hon. Friend the Member for Ashford has NHS experience, as do I. That experience is really valuable. The Liberal Democrats tabled amendments and had a long list of questions, most of which are addressed in various pieces of information that we have put forward. However, I take the point about the intellectual difficulties of what the clause does. We all agree with it, as does the country, and patients think it already happens.
We are an outlier in this sphere. The Government are going to change that situation. However, these questions and concerns are the reason why we take through secondary legislation, which is something that we all understand but the outside world does not. We need to bring people with us. Our officials have come to talk to Members of Parliament about the Bill. I am open to suggestions from Members about the best way to address the issues, and particularly about the best way to inform Members on behalf of constituents. These discussions are important to building public trust and security.
I will finish on a broader point. I commend clause 47, which gives an enabling power, but let us be very clear that patient information will still be held in the system in which it was originally created. These bodies, whether GPs or hospitals, will continue to be responsible for ensuring that the data is handled securely and lawfully and is accessed for valid reasons only. As I mentioned earlier, we have shared systems operating already. Some parts of the country and some of our constituents are already experiencing some of the benefits of a shared system. We will use that experience and learn the lessons of the past, under whichever Government, to build for the rest of the country the shared systems that some people have already. We will come on later to provisions on devolution arrangements, on working for the future and on operating more efficiently across devolved areas.
I thank the Minister for clarifying that the data will continue to be stored and held in the databases in the electronic record keeping system where it is currently kept. I am not looking for her to give me a detailed solution on the spot, but does she accept that unless there is seamless interoperability across all those systems the single patient record will not be realised, and that we are still an awfully long way from seamless interoperability across England, let alone the UK?
The hon. Gentleman tempts me to spend the next hour talking about the shocking state of the capital and infrastructure systems that we inherited from the previous Government, but I will not. Of course they do not work: that is one of the biggest issues around staff morale. We saw through the 10-year health plan, particularly with clinicians having to log on to nearly 10 different systems, how that impedes progress and efficiency at a local level. Where it is rolled out, the federated data platform helps to make systems more efficient, particularly in local hospitals. We heard in our evidence sessions about maternity and frailty, which are the areas in which we will be testing and rolling out this approach to make the best use of it on the ground. Alongside that, the work to make systems more interoperable and efficient at a local level continues. I commend clause 47 to the Committee.
Question put and agreed to. Clause 47 accordingly ordered to stand part of the Bill. Clause 48 Information about health service products Question proposed, That the clause stand part of the Bill.
Clause 48 will make amendments to the health service products legislative information gateway to allow the Government to continue to disclose certain information concerning the pricing and supply of health service products, which are items that include medicines that are used in the NHS. We recognise the importance of the effective flow of information between central Government about the pricing and supply of health service products to the NHS. Data sharing is governed by a clear legal framework defining who can access it and under what conditions. That supports the controls that the Government are able to exercise in relation to the pricing and supply of health service products.
Clause 48 will maintain the current safeguards for confidential and commercially sensitive data, ensuring continuity as NHS England’s functions are redistributed to the Secretary of State and integrated care boards. It will achieve that by enabling the Secretary of State to share pricing and supply information with people who provide services to them, such as primary care providers. That is essential to preserve the sharing of information and operation of the service that they provide for patients where that process is currently managed by NHS England.
As a consequence of the changes being made, the Secretary of State will be able to share relevant information with third party service providers, such as providers of the software that primary care service providers use. They will be able to receive relevant data to make lawful disclosures of that information for specific purposes, those being the provision of certain services to the primary care service provider. This will ensure that there is no disruption to how data flows across the system.
This change will simply enable those who receive essential data to continue to do so following the abolition of NHS England. I commend the clause to the Committee.
Question put and agreed to. Clause 48 accordingly ordered to stand part of the Bill. Clause 49 Health and social care information: delegation of functions
Question proposed, That the clause stand part of the Bill.
With this it will be convenient to discuss the following: Clause 50 stand part.
Amendment 6, in schedule 7, page 96, leave out lines 38 and 39 and insert— “For section 255 (power to request NHS England to establish information systems), substitute— ‘255 Powers to request the Secretary of State to establish information systems (1) Any person (including a devolved authority) may request the Secretary of State to establish and operate a system for the collection or analysis of information of a description specified in the request.
(2) A request may be made under subsection (1) by a person only if the person considers that the information which could be obtained by complying with the request is information which it is necessary or expedient for the person to have in relation to the person's exercise of functions, or carrying out of activities, in connection with the provision of health care or adult social care.
(3) The Secretary of State must comply with a mandatory request unless the Secretary of State considers that the request relates to information of a description prescribed in regulations.
(4) For the purposes of this Chapter a request under subsection (1) is a mandatory request if— (a) it is made by a principal body, and (b) the body considers that the information which could be obtained by complying with the request is information which it is necessary or expedient for the body to have in relation to its discharge of a duty in connection with the provision of health services or of adult social care in England.
(5) Subsection (6) applies where the Secretary of State has discretion under this section as to whether to comply with— (a) a mandatory request, or (b) any other request under subsection (1).
(6) In deciding whether to comply with the request, the Secretary of State — (a) must, in particular, consider whether doing so would interfere to an unreasonable extent with the exercise by the Secretary of State of any of its functions, and (b) may take into account the extent to which the principal body or other person making the request has had regard to— (i) the code of practice prepared and published by the Secretary of State under section 263, and (ii) advice or guidance given by the Secretary of State under section 265.
(7) In this section “principal body” means— (a) the Care Quality Commission, (b) the National Institute for Health and Care Excellence, and (c) such other persons as may be prescribed in regulations.
(8) In this Chapter “health care” includes all forms of health care whether relating to physical or mental health and also includes procedures that are similar to forms of medical or surgical care but are not provided in connection with a medical condition.’”
This amendment would enable the Care Quality Commission and NICE to continue to make mandatory requests to the Secretary of State to establish an information system, following the transfer of NHS England’s functions. Amendment 7, in schedule 7, page 100, leave out paragraph 14.
This amendment is consequential on Amendment 6. Schedule 7.
Clauses 49 and 50 explain our approach to the transfer of NHS England’s existing data and information functions to the Secretary of State. Slightly counterintuitively, I will start with clause 50 before turning to clause 49.
Clause 50 inserts schedule 7, which takes existing NHS England information functions and transfers them to the Secretary of State for Health and Social Care, as part of a single centre for data and digital policy in the NHS. The schedule also includes changes to existing information functions. This will support the shift from analogue to digital and allow us to make the most of opportunities from data and AI, as set out in the 10-year health plan. The changes will not weaken the fundamental safeguards in place to protect health and care data, nor fundamentally change rules relating to how confidential patient information can be used.
I will now outline some key changes made by the clause. It will ensure that information systems for the NHS are set up, where appropriate, not just for the collection and analysis of data but for processing more generally. This will make it easier to support machine learning and artificial intelligence activities, among other uses of data.
The clause extends the extent of chapter 2 of part 9 of the Health and Social Care Act 2012 to the whole of the UK, and provides for the Secretary of State to establish information systems in the interests of the health service or adult social care in England, or in connection with the provision of care across the British Isles, as NHS England currently can.
The clause enables the Secretary of State to issue guidance to health and social care bodies on the processing of information. It transfers to the Secretary of State NHS England’s powers to require and request information, and such requests will be able specify the form, manner and time within which the information requested is to be provided.
The clause also allows the Secretary of State to publish information obtained in the operation of an information system, including information about service providers. Where NHS England had a duty to publish such information, it is right that the Secretary of State should retain discretion in that regard. Obviously, there may be circumstances in which the publication of data would not be appropriate, and the clause does not give the Secretary of State complete freedom to publish personal information. The Secretary of State may publish personal information without patient consent only where it is for the protection of life or health, or for the protection of public safety or security. It is possible that there could be circumstances—for example, in relation to infectious disease—in which information is published that could lead to an individual being identified. None the less, the change simplifies the process of publication while maintaining a high bar for the publication of personal information.
The Secretary of State’s power to disclose information—for example, to health bodies—other than by publication will be slightly different from NHS England’s current power. The grounds for disclosing personal information will largely mirror the current grounds, with a few additions, including in respect of facilitating clinical trials or other research. This will help to address barriers to data access for research while preserving existing rules on confidentiality. As with his powers of publication, the Secretary of State will also be able to disclose information for the protection of life or health, or for the protection of public safety or security.
The Secretary of State will be bound by certain existing duties on NHS England, including a duty to have regard to any relevant advice from the Confidentiality Advisory Group when publishing or disclosing information in accordance with his data functions. The Secretary of State will retain the regulation making power to establish an accreditation scheme for information service providers, which will now include a broader range of providers, including public bodies.
Clause 49 permits the Secretary of State to delegate certain functions relating to health and care information. Currently, some of those functions can be delegated by NHSE via arrangements with third parties or under regulations. The clause will insert new section 251ZF, which allows the Secretary of State, by arrangement, to delegate to persons specified in regulations functions relating to information standards.
Information standards help to reduce fragmentation in digital and data services. They include mandatory requirements for how information is recorded, shared, governed and supported by IT. Increasing interoperability and consistency in digital and data is essential to increasing value for money, reducing the burden on staff and, ultimately, improving the quality of care. The continued use of information standards is key to the 10-year health plan’s aim of improving the interoperability of digital and data services across the health and care system. This will provide the Secretary of State with the flexibility to delegate such functions to persons who have the required technical expertise, where necessary.
Clause 49 will also insert new section 277G, which enables the Secretary of State to direct public bodies to exercise a wider range of his information functions, defined as “relevant information functions”. This includes not only information standards but other information functions, such as the Secretary of State’s duty to establish and operate information systems. The measures will provide the Secretary of State with important flexibility to delegate such functions to persons who have the required technical expertise, where necessary.
In all, the changes are necessary not just to effect the transfer of data functions to the Secretary of State but to enable better data use for the benefit of the NHS now and into the future.
I have a couple of questions. In lots of ways the provisions derive from clause 1 and the abolition of NHS England. Schedule 7 refers to operating a system in the interests of the health service, which is not the same as operating it in the interests of the patients. Does the Minister have any comments on that? The Nuffield Trust has pointed out that schedule 7 would not pass over to the Secretary of State NHSE’s duty to report to Parliament. Is that because the Minister thinks that duty is duplicated elsewhere and is therefore not necessary?
Under the previous legislation, the Care Quality Commission was slightly stronger and could make a mandatory request that NHS England establish a system, and NHS England had to comply with that unless it related to an existing exception. Now if the CQC makes a request, it goes to the Secretary of State, and whether it is agreed to is then somewhat more optional. Will the Minister say why she needs to change that power?
I want to speak to amendment 6, which is tabled in my name, and amendment 7, which is consequential upon it. Amendment 6 would ensure that the CQC and NICE can “continue to make mandatory requests to the Secretary of State to establish an information system”, as they currently can with NHS England. At the moment, NHS England has a duty to co operate with the CQC and NICE, and that is often enough for a collaborative approach that allows the CQC to access the data it needs.
But the duty that applies to NHS England is not being passed on to the Department of Health and Social Care. The CQC raised the issue in written evidence to the Committee, saying that the duty “has been an important mechanism”
that has “supported receipt of patient safety incident reports…information sharing between regional teams, and the development of central data sharing solutions.”
The CQC went on: “Without an equivalent duty, we would be reliant on there being sufficient capacity and willingness within DHSC to share information, with no statutory backstop. This could inhibit our ability to receive the information”
needed “to keep people who use services safe. Challenges in this area are often cultural and rely on the subjective judgment of individual data controllers as to whether particular data sets can be shared, how these should be used and what the timeliness of sharing should be, leading to protracted piecemeal conversations and delays.”
As we have harrowingly heard over the past week, there is often reluctance to share data, particularly when there is a defensive culture in certain NHS institutions. Our amendment seeks to address the gap. I hope that what I have outlined is an oversight from the Government, not a deliberate attempt to reduce transparency or reduce regulator access to key data. The wider changes in schedule 11 will omit section 288 of the Health and Social Care Act 2012. The Government are dropping this key wider duty in a schedule entitled “Minor and consequential amendments”. We do not think it is minor. It holds major implications for patient safety and transparency.
On a wider note, it seems counterintuitive that the CQC, as regulator, does not have easy access to the data collected nationally in the health service.
Let me respond to the hon. Member for North Shropshire on amendments 6 and 7. As she said, amendment 7 is consequential on amendment 6, so I will take them together.
I think we can all agree that the CQC and NICE should have access to the information they need to undertake their important work. Amendment 6 is not required to ensure that. Clause 50, and the associated changes in schedule 7, maintain the current ability for any person, including NICE and the CQC, to request the establishment and operation of an information system. However, NICE and the CQC will not be able to make the equivalent mandatory request they used to be able to make to NHS England because NHS England is to be abolished.
Amendment 6 seeks to maintain the current position when, in reality, mandatory requests were practically never made under the current arrangements. They were thought necessary when a separate arm’s length body had responsibility for collecting data about healthcare. There is no need for the Secretary of State to be subject to the same mandatory requirement as they are responsible for oversight of the entirety of the NHS and the adult social care system, and for its effective regulation.
Furthermore, the CQC has a statutory power, under section 64 of the Health and Social Care Act 2008, to require the provision of “documents, records (including personal and medical records) or other items”
the CQC considers “necessary or expedient” for the purposes of its regulatory functions, from a range of health and social care commissioners and providers.
On amendment 7, the Government agree that a code of practice setting out strict standards for how health and care organisations must handle confidential patient information is an important component of a healthcare system that uses data safely and effectively. That is why clause 50 allows for the insertion of new section 252ZA into the National Health Service Act 2006, to transfer to the Secretary of State the duty to publish a code of practice on confidential patient information. For those reasons, I ask the hon. Member for North Shropshire not to press amendments 6 and 7 to a vote.
The hon. Member for Sleaford and North Hykeham asked about duplication. I think the answer to her question is yes, but if that is not correct, I will make sure that I respond to her accordingly.
Question put and agreed to. Clause 49 accordingly ordered to stand part of the Bill. Clause 50 ordered to stand part of the Bill. Schedule 7 Health and social care information systems etc Amendment proposed: 6, in schedule 7, page 96, leave out lines 38 and 39 and insert— “For section 255 (power to request NHS England to establish information systems), substitute— ‘255 Powers to request the Secretary of State to establish information systems (1) Any person (including a devolved authority) may request the Secretary of State to establish and operate a system for the collection or analysis of information of a description specified in the request.
(2) A request may be made under subsection (1) by a person only if the person considers that the information which could be obtained by complying with the request is information which it is necessary or expedient for the person to have in relation to the person's exercise of functions, or carrying out of activities, in connection with the provision of health care or adult social care.
(3) The Secretary of State must comply with a mandatory request unless the Secretary of State considers that the request relates to information of a description prescribed in regulations.
(4) For the purposes of this Chapter a request under subsection (1) is a mandatory request if— (a) it is made by a principal body, and (b) the body considers that the information which could be obtained by complying with the request is information which it is necessary or expedient for the body to have in relation to its discharge of a duty in connection with the provision of health services or of adult social care in England.
(5) Subsection (6) applies where the Secretary of State has discretion under this section as to whether to comply with— (a) a mandatory request, or (b) any other request under subsection (1).
(6) In deciding whether to comply with the request, the Secretary of State — (a) must, in particular, consider whether doing so would interfere to an unreasonable extent with the exercise by the Secretary of State of any of its functions, and (b) may take into account the extent to which the principal body or other person making the request has had regard to— (i) the code of practice prepared and published by the Secretary of State under section 263, and (ii) advice or guidance given by the Secretary of State under section 265.
(7) In this section “principal body” means— (a) the Care Quality Commission, (b) the National Institute for Health and Care Excellence, and (c) such other persons as may be prescribed in regulations.
(8) In this Chapter “health care” includes all forms of health care whether relating to physical or mental health and also includes procedures that are similar to forms of medical or surgical care but are not provided in connection with a medical condition.’”—(Helen Morgan.) This amendment would enable the Care Quality Commission and NICE to continue to make mandatory requests to the Secretary of State to establish an information system, following the transfer of NHS England’s functions. Question put, That the amendment be made.
17|0|2|8|The Committee divided:|Question accordingly negatived.||0|0
Schedule 7 agreed to.
Clause 51
Sharing information about births and deaths
Question proposed, That the clause stand part of the Bill.
Clause 51 makes changes to section 42 of the Statistics and Registration Service Act 2007, which governs how information collected at the registration of births, deaths and other life events may be shared for specific purposes. That information plays a vital role in supporting public services, including health service planning, population analysis and the delivery of care. The UK Statistics Authority may already share this registration data directly with a range of public bodies, including the Secretary of State and integrated care boards.
Clause 51 adds NHS trusts and NHS foundation trusts in England to that list, providing a clear statutory route for sharing statistically codified registration data with trusts and foundation trusts responsible for delivering services on the ground. The clause is not about expanding the type of information that can be shared or widening the purposes for which it may be used, and does not create new datasets or weaken existing safeguards. All information sharing remains subject to the same statutory controls and protections that already apply. I commend the clause to the Committee.
Question put and agreed to. Clause 51 accordingly ordered to stand part of the Bill. Clause 52 Arrangements with devolved authorities etc about information services Question proposed, That the clause stand part of the Bill.
With this it will be convenient to discuss clauses 53 to 57 stand part.
Clauses 52 to 57 are vital. The Committee has discussed our relationship with colleagues in the devolved authorities; these clauses ensure that arrangements with devolved authorities and the Crown dependencies can continue following the abolition of NHS England.
Turning first to clauses 52 to 54, although healthcare is devolved in England, Scotland and Northern Ireland, the devolved Governments currently make arrangements with NHS England to deliver a number of functions on their behalf. Clauses 52 to 54 enable those existing arrangements to continue following the abolition by giving the powers to the Secretary of State. The policy intent is not to impact or reach into devolved competencies, but to secure continuity and legal clarity through existing cross border and UK wide arrangements involving Scotland, Wales and Northern Ireland. This is about making sure that the current expertise and resources of NHS England remain available to devolved authorities once these functions merge with the Department of Health and Social Care.
The clauses will not give the Secretary of State any ability or power to do anything in relation to devolved authorities other than as mutually agreed. Arrangements will be fully voluntary and do not create a power for unilateral action; rather, they ensure that, where co operation is wanted, there is a proper legal basis for it.
Under clause 52, the Secretary of State takes on the data functions of NHS England and, on request from the devolved authorities, to make arrangements for the provision of information services. Clause 52 additionally applies to Crown dependencies. There are a number of such arrangements already in place between NHS England, the devolved authorities and the Crown dependencies.
For example, NHS England provides the NHS login service for the NHS Wales app, as well as the electronic prescription service for Wales, and NHS England collects and analyses data for audits that span multiple devolved authorities, such as the national audit of pulmonary hypertension. These provisions will support continuity of those arrangements. We are making sure that, if it is appropriate, data functions that are transferring to the Secretary of State can be delegated. Proposed new section 294B of the Health and Social Care Act 2012 will allow that power to likewise be delegated to an appropriate public body.
Clause 53 provides a clear statutory basis for the Secretary of State, by agreement with the devolved administrations’ health bodies, to make commissioning arrangements for the Scottish, Welsh or Northern Ireland health services. This clause will help to ensure continuity for patients across the United Kingdom, reducing the risk of disruption, and support the effective commissioning of services where cross border work remains the right approach.
Clause 54 enables the Secretary of State, by agreement with a devolved authority, to exercise certain education and training functions on that authority’s behalf and to provide services or facilities in connection with those functions. Education and training arrangements often work best when they are co ordinated efficiently and supported by shared systems. At a time when every part of the health service needs a strong pipeline of skilled staff, it is vital that useful joint arrangements can continue with clarity and confidence as responsibility is transferred from NHS England to the Secretary of State. The clause updates the statutory framework and helps to ensure that shared arrangements supporting recruitment, training cycles and workforce planning can continue following the abolition of NHS England.
Clause 55 relates to clauses 53 and 54. The agreed arrangements are effective only if they can deliver in a practical and efficient way, which is why this clause enables the Secretary of State to direct a public body to exercise some or all of the Secretary of State’s functions under arrangements made with the devolved authorities in relation to commissioning or education and training under section 295 or section 296A of the 2012 Act. In short, it provides a mechanism to ensure that functions under agreed commissioning and education and training arrangements with devolved authorities can be exercised by the most appropriate public body in England. The clause also allows the Secretary of State to direct the public body in how those functions are to be exercised, including in relation to information obtained in the course of exercising them. It also requires directions to be published. Those features support both operational clarity and accountability.
On clause 56, public authorities in the Crown dependencies may seek expert advice or practical assistance from the health system in England. Following the abolition of NHS England, this clause transfers the existing power from NHS England to the Secretary of State, and provides a clear legal basis for the Secretary of State or ICBs to provide that advice and assistance for purposes connected with the provision of healthcare. The clause also makes clear that advice or assistance may be provided on such terms as a provider considers appropriate, allowing support to be given in a practical and transparent way that is tailored to the circumstances of the case, whether that involves technical advice, specialist expertise or other practical assistance in connection with the provision of healthcare.
Finally, on clause 57, clarity and consistency in legislation depends on clear definitions, particularly where a group of provisions are intended to operate together as a coherent scheme. This clause does not create any new powers or duties; rather, it provides the necessary interpretive framework to support the operation of the preceding clauses and ensure legal certainty and clarity. As a group, these clauses play a vital role in ensuring that existing arrangements with our devolved authorities and the Crown dependencies can continue following the abolition of NHS England. I commend them to the Committee.
Question put and agreed to. Clause 52 accordingly ordered to stand part of the Bill. Clauses 53 to 57 ordered to stand part of the Bill. Ordered, That further consideration be now adjourned.—(Emma Foody.)
Adjourned till Tuesday 7 July at twenty five minutes past Nine o’clock.
Written evidence reported to the House
HB101 National Voices (supplementary)
HB102 Catharina Savelkoul, Nuffield Department of Primary Care Health Sciences, University of Oxford
HB103 Allergy UK
HB104 Office of the Lincolnshire Police and Crime Commissioner
HB105 Stephen Hall, Founder, Digital Narrative Care (further submission)
HB106 Healthwatch Dorset
HB107 The Neurological Alliance
HB108 Compassion in Dying
HB109 Dr Penny Dash, Chair, NHS England (supplementary)