Indeed it is. There is a question about why CCGs have to have identifiable patient data, and there is a lot of concern about that, which my hon. Friend is right to raise.
We expressed our concerns, but they have been compounded by reports of use of data unknown to the public. The Minister was unwilling to answer the point I wanted to put to him earlier in the debate about how the HSCIC will treat organisations such as BUPA, which are insurance providers as well as providers of health
and care. I hope that he will answer that question when he winds up the debate. BUPA is one example, but there are other companies that have multiple functions—some of them are straightforwardly commercial and others involve health and social care—and there is scope for confusion if those firms apply for and obtain access to the data.
The revelations we have already had show that HSCIC does not have accountability, transparency or sufficient control over releases of patient data. In our Committee inquiry, it was put to HSCIC and to NHS England that one of the ways being recommended to ensure that escapes of patient data did not happen, and to allay the fears and concerns we have expressed, was for HSCIC to run on the basis that it kept the database intact and did not download datasets outside the information centre. What it did was take in research queries and ran them. That would be much safer and that is what is done on secure systems in other places. A mechanism has been suggested and I hope it is being considered.
I appreciate the comments made by my colleague, the hon. Member for Totnes about not opting out, but a recent survey of 400 GPs found that 40% intend to opt out of the scheme because of a lack of confidence in how the data will be shared.