Major NHS breach means 150,000 patients had confidential data used without consent

Just one month after the roll-out of GDPR, it has been revealed that a staggering 150,000 patients have been affected by an NHS data breach where confidential information only requested to be used to provide them with care was also exploited for clinical audit and research purposes without their consent or knowledge.

The mistake is said to have been linked to a coding error in the software used by GPs to record objections to patient data being used for research purposes, which meant the application never passed on the request to NHS England’s IT provider.

Recently the NHS disclosed data of 150,000 patients for research and clinical audit purposes. However, the shared data belonged to patients who had previously opted out of data-sharing. However, it was not a deliberate move, but occured because of a software error used by doctors.

The SystmOne software used by the NHS had an option to store patient objections to data sharing. However, since it had a ‘supplier defect’, these objections didn’t reach NHS Digital. Patients GPs (general practitioners) recorded the objections in a TPP software used between March 2015 and June 2018.

As explained by Jackie Doyle-Price, Health Minister, in her statement to Parliament,

“NHS Digital recently identified a supplier defect in the processing of historical patient objections to the sharing of their confidential health data. As a result, these objections were not upheld by NHS Digital in its data disseminations.”

NHS Digital’s Director of Primary & Social Care Technology, Nic Fox, also confirms rectification of the error. He also re-emphasizes on the importance of customer privacy.

“We worked swiftly to put this right and the problem has been resolved for any future data disseminations. We take seriously our responsibility to honour citizens’ wishes and we are doing everything we can to put this right.”

The Error Has Been Rectified

The error appears to have arisen in the TPP software after it switched to a new system for coding. As a result, though the physicians correctly recorded the patients’ objections to the software, NHS Digital didn’t receive the details. Thus, NHS accidentally shared the data without patients’ consent.

According to Ms. Doyle-Price, the software error has now been rectified. NHS will also inform the affected patients about the matter, as stated by Nic Fox. He also confirmed that the incident has not affected patient’s personal care and treatment.

So what do you think?

Tell us in the comments.

Source :
Source :

Who will hold the powerful to account?
Real, independent, investigative journalism is in alarming decline. It costs a lot to produce.
Many publications facing an uncertain future can no longer afford to fund it, meaning journalists are losing the ability to hold the rich and powerful to account.
Pledge as little as £1.00 to help us support independent investigative journalism

You May Also Like