In attendance

• Head of Information Governance (IG), Federated Data Platform (FDP) Programme, NHS England (Chair)
• Associate Delivery Manager, NHS England (Secretariat)
• Independent Specialist Ethics Advisor
• Head of Data Security and Protection, (Group) University Hospitals of Northamptonshire
• Privacy Lead, IQVIA
• Clinical Lead, FDP Programme, NHS England
• Senior IG Consultant, Midlands and Lancashire Commissioning Support Unit (CSU)
• Head of Data Protection and IG, MIAA
• Assistant Director of IG, NHS England
• Clinical Safety Office, Palantir
• Privacy, Healthcare and Life Sciences, Palantir
• EMEA Associate Director, IQVIA
• Caldicott Guardian, NHS England
• Associate Director of IG, London-wide LMCs
• Data Protection Officer (DPO) Representative, NHS England
• Head of IG, Moorfields Hospital

Apologies

• Head of IG, Kingston Hospital

1. Welcome and apologies

The Chair welcomed members to the meeting.

Apologies were noted.

No conflicts/declarations of interests raised.

2. Minutes from the previous meeting

The group approved and confirmed the minutes from the previous meeting following updates.

3. Document review: PET 4.0 Technical DPIA

Product description and context

The draft data protection impact assessment (DPIA) for privacy enhancing Technology (PET) is no longer part of the FDP information governance framework.

Instead, it now stands alone because PET is used in systems beyond the FDP, therefore falls under NHS England’s broader governance.

Since PET will be widely implemented within the FDP by both NHS England and local organisations, the DPIA is being brought to this group of experts for review.

General opinion of the group

The group had several queries which were clarified and resolved during the meeting.

There were other questions raised which needed further clarification and further amendments to the DPIA. 

Further actions

• Review the wording of “rigorous testing” – this might be better described as “data quality assurance”.
• Check how “Legally Restricted Codes” are being managed and how it is documented within the DPIA. Ensure the descriptions within the DPIA align with the new ICO anonymisation guidance.
• A product DPIA where there is use of PET would identify the lawful basis for using PET and the purpose of processing and refer to this overarching DPIA for the technical details of PET – it was suggested that this should be outlined in more detail.

Approved or not approved?

This DPIA has not been presented to the group for approval, comments will be reviewed and the DPIA amended at the next version.

4. Document review – Quality AI and Learning DPIA, privacy notice and annex

Description and context

Following the review by the group last month, the FDP IG team have worked with the Quality AI and Learning (QUAIL) team to re-draft the DPIA considering the group’s comments. In particular, the product overview section has been re-drafted.

Amendments have been made to enhance the AI section, the consultation with stakeholders’ section, the data source description and the description of processing.

General opinion of the group 

The group had several queries which were clarified and resolved during the meeting.

There were other questions raised which needed further clarification and further amendments to the DPIA. 

Further actions 

• To explain the nature of the ‘notional data’ and its role in training the system.
• In the DPIA Annex, a relevant processor is not listed. This should be corrected, or alternatively a separate DPA should be created and included within the DPIA.
• For the ‘training’ of the large language models – explain what this entails.
• Section 18 still refers to direct care. Re-consider if this is appropriate. If it is judged appropriate, provide greater justification.

Approved or not approved?

Revisions to be made and returned to the group for consideration out of the meeting.

5. Document review: National digital channels for patient experience – DPIA, privacy notice and annex

Product description and context

The national digital channels (NDCs) comprise the NHS App and NHS Website (also known as NHS.uk), as well as enabling and underpinning capabilities such as NHS login.

This product has been developed and delivered by the NDC Data and Insights Programme, to deliver the reporting and insights to understand performance and usage of the NDCs.

General opinion of the group 

The group had several queries which were clarified and resolved during the meeting.

There were other questions raised which needed further clarification and further amendments to the DPIA. 

Further actions

• Where the public interest test was applied, the DPIA should explain how the test was carried out.
• In the legal basis section, where “statutory and government purpose” is selected, the DPIA should clarify why this basis was chosen or expand the purpose and benefits section to justify it.
• In the data table, the term “online identifier” typically refers to cookie or IP address information, but it currently includes customer account IDs and logging IDs. These may be better placed in a different category.
• The privacy notice template uses the term “de‑identified,” which recent ICO anonymisation guidance advises against. A more appropriate term should be selected going forward.
• IMEI numbers should be explicitly outlined in the Privacy Notice.
• The DPIA justifies the inclusion of sex and gender data on the basis of medical use, but no medical‑use purpose is currently described. This should be checked and clarified.

Approved or not approved?

The group were content to approve on the basis that the documents will be updated with the comments received.

6. Document review: Quality audit tool – local product DPIA, privacy notice and annex

Product description and context

This is an incubator product being deployed within a single local organisation. Its purpose is to support the trust in managing its audits.

The process is not automated; the product consolidates audit reports and identifies potential trends, after which a team member manually reviews and interprets the data.

Overall, it forms part of the effort to streamline the quality audit process.

General opinion of the group 

The group had several queries which were clarified and resolved during the meeting.

There were other questions raised which needed further clarification and further amendments to the DPIA. 

Further actions 

• Add a statement confirming that no AI tools will be used.
• Consider whether consultation with staff or unions is required, in addition to any existing staff engagement processes.
• In Annex 4a, the reference to the provider should be expanded or explained to provide clarity. 

Approved or not approved?

Group content to approve on the basis that the documents will be updated in line with the comments received.

7. Any other business

Service Management Hub

There is currently a screening questionnaire in place called the Service Management Hub, which supports service management within the FDP.

An urgent request has been made for this questionnaire to collect users’ names and email addresses to ensure appropriate use of the FDP.

A full DPIA has now been completed, and the FDP IG team will circulate it to the group tomorrow to request urgent approval. The group agreed to this approach.

Indexing Service

For the Indexing Service – a national product the FDP IG team has been developing – there is also an urgent need for approval.

The product uses information from The Spine to confirm a patient’s identity where there may be two similar individuals or uncertainty.

The FDP IG team requested permission to submit this DPIA for remote approval if it is ready before the next meeting, due to the urgency.

The Group agreed to this approach.

8. Close

The Chair thanked members for their attendance. Meeting concluded.

Date of next meeting: May 2025