NHS admits it accidentally disclosed data on 150,000 patients who had opted against sharing their personal information
- Hundreds of organisations will have had access to records from the patients
- Health minister Jackie Doyle-Price made the revelation in a statement today
- The data breach by major IT firm TPP stretches back three years to March 2015
The NHS has accidentally disclosed data on 150,000 patients who had opted out of having their personal information shared.
Hundreds of organisations, including some private companies, will have had access to records from all the patients affected by the error.
Health minister Jackie Doyle-Price made the stark revelation – uncovered by NHS Digital last week – in a statement to Parliament today.
The data breach, which stretches back three years to March 2015, was caused by a coding error by a major IT supplier to the NHS.
Ms Doyle-Price said: ‘NHS Digital recently identified a supplier defect in the processing of historical patient objections to the sharing of their confidential health data.
‘As a result, these objections were not upheld by NHS Digital in its data disseminations.’
Hundreds of organisations, including some private companies, will have had access to records from all the patients affected by the error
The error was spotted when TPP, which hosts electronic records for nearly half of patients in England, switched to a new coding system last week.
GPs were able to register a patient’s ‘type-two opt outs’ on TPP’s SystmOne software, but it wasn’t passed onto NHS Digital.
Type 2 opt outs are when patients do not want NHS Digital to share their confidential information for purposes other than their care.
Officials at NHS Digital – considered to be the national ‘safe-haven’ for patient data – flagged the error when they noticed an influx of patient opt-outs, HSJ reports.
-
More than 300 transgender children a year are starting…
Less than 8% of women who freeze their eggs go back to use…
Thousands of holidaymakers are spending their summer…
Semi-naked women are being used to promote dangerous shisha…
Share this article
It said it was working through years’ worth of data to ensure everything is ‘put right’. Affected patients are set to be contacted directly.
Nic Fox, director of primary and social care technology at NHS Digital, said the organisation apologised unreservedly for the error.
He said: ‘We worked swiftly to put this right and the problem has been resolved for any future data disseminations.
HOW DID THIS ERROR HAPPEN?
The error was spotted when TPP, which hosts electronic records for nearly half of patients in England, switched to a new coding system last week.
GPs were able to register a patient’s ‘type-two opt outs’ on TPP’s SystmOne software, but it wasn’t passed onto NHS Digital.
Type 2 opt outs are when patients do not want NHS Digital to share their confidential information for purposes other than their care.
Officials at NHS Digital – considered to be the national ‘safe-haven’ for patient data – flagged the error when they noticed an influx of patient opt-outs, HSJ reports.
It said it was working through years’ worth of data to ensure everything is ‘put right’. Affected patients are set to be contacted directly.
‘We take seriously our responsibility to honour citizens’ wishes and we are doing everything we can to put this right.
‘No patient’s personal care and treatment has been affected but we will be contacting affected individuals.’
Dr John Parry, clinical director at TPP, said: ‘TPP and NHS Digital have worked together to resolve this problem swiftly.
‘The privacy of patient data is a key priority for TPP, and we continually make improvements to our system to ensure that patients have optimum control over information.
‘In light of this, TPP apologises unreservedly for its role in this issue.’
Phil Booth, coordinator at privacy group medConfidential, told HSJ: ‘This illustrates exactly why patients must be able to see what is done with their data.
‘NHS Digital failed to see this in over three years, and the IT company that made the error failed to spot it too.
‘But any patient, especially someone concerned enough to opt out, would have spotted this in an instant.’
A spokeswoman for the Information Commissioner’s Office told the Daily Mirror: ‘We are aware of an incident involving NHS Digital and are making enquiries.’
It comes after the Government introduced the new national data opt-out in May, which replaced the type 2 objections.
Ministers said it has simplified the process of registering an objection to data sharing for uses beyond an individual’s care.
Source: Read Full Article