Listen up, England. The Health Secretary is going to be data controller for everyone's Single Patient Record

Health secretary James Murray has said that he will become a data controller of all National Health Service records in England shared through the government's planned single patient record (SPR). Murray, who is formally the secretary of state for health, told the House of Commons on 1 June that GP surgeries, NHS trusts and other care providers will continue to manage and take responsibility for their own records, but added: Where that information is then shared through the single patient record, the Department of Health and the secretary of state will take on a role as data controller as well." Asked by Labour MP Sarah Champion about the security of a system that could be accessible by a couple of million of health and social care workers, the health secretary said that the SPR will be governed by the highest levels of security" including an audit trail of access and the strongest available" cyber-security. The government announced the SPR in the King's Speech on 14 May, giving MPs their first chance to challenge it as part of the second reading of the health bill. It will require all English NHS providers to share data on patients, with patients in England able to access their records through the NHS app (Scotland, Wales and Northern Ireland run their own health and social care services). The government argues that the SPR will mean healthcare professionals will not have to ask patients to recount their medical histories when first meeting them, improving safety. Murray did not rule out Palantir, which manages the NHS's federated data platform (FDP), working on the SPR when speaking to BBC Radio 4's Today programme earlier on 1 June, saying that this would be a commercial decision. However he told the Commons that the government is likely to lessen risks by offering a series of contracts for the SPR, rather than award a single deal such as Palantir's 330 million FDP contract. He added that the government is reviewing the FDP contract in advance of a break clause in February 2027. This morning, the House of Commons Science, Innovation and Technology Committee has recommended that the government end Palantir's FDP contract and develop a replacement in-house or with UK-owned and based suppliers. Doctors' union the British Medical Association (BMA) said that there are existing ways for NHS organisations to access GP records and it was concerned over who will control these in future. GPs have protected patients' confidential records since the inception of the NHS in 1948 - a legal duty that they take incredibly seriously," said Dr David Wrigley, deputy chair of the BMA's GP committee England, in a statement. However, we need clarity that this important GP oversight will not be taken away, otherwise it will raise serious questions about who is safeguarding patients' data." The BMA is involved in a long-running series of strikes over the pay of resident doctors, also known as junior doctors, in hospitals. In comments on Monday's Commons debate, medical record campaign group medConfidential said that the government was promising safeguards but these would only appear in secondary legislation that the House of Commons would not have the power to amend. It added that the Department of Health already makes it difficult for people to opt out of the existing summary care record service. Murray took over as health secretary from Wes Streeting, who stood down to criticise prime minister Keir Starmer on 14 May. He inherited Streeting's health bill, which as well as establishing the SPR will abolish NHS England, the organization that currently runs the health service in England, and establish NHS Online, an optional England-wide service providing remote consultations for some conditions through the NHS app. (R)