To ask the Secretary of State for Health and Social Care, with reference to pages 44 and 45 of the report by The King's Fund entitled The Covid 19 vaccination programme: Trials, tribulations and successes, which states that Foundry pulled together some 350 different sources of data, how consent for that data was obtained; and how that data is being stored.
Answered on
27 April 2022
Consent for the processing of confidential patient information (CPI) in relation to the COVID-19 Data Store is not required. NHS England and NHS Improvement are operating under Regulation 3 of the Health Service (Control of Patient Information) Regulations 2002 and supporting Control of Patient Information notices issued, under Regulation 3(4) of those Regulations, by the Secretary of State for Health and Social Care, which require CPI to be processed for COVID-19 purposes.
Data relating to patients in Foundry is anonymised in line with the Information Commissioner’s Office’s Code of Practice under secure conditions by NHS England data teams, prior to flowing to the Foundry platform. The Foundry Data Store is held on a secure platform under contract to NHS England and NHS Improvement. NHS England and NHS Improvement remain responsible under the law for its use of that data and the security measures applied to its storage, including compliance with National Health Service information security requirements.