United Kingdom: accidental disclosure by NHS of personal data for 150,000 patients



A coding error has triggered the breach of data held for 150,000 British patients who had opted out of sharing their confidential health information. The error was flagged up when TPP, a leading NHS IT supplier[1], switched to a new coding system to manage electronic patient records.

 

The NHS has just admitted that no opt-out decisions had been taken into account since March 2015. Approximately 150,000 patients are affected. "Hundreds of organisations, including private companies", have therefore had access to these patient records and those affected will be contacted individually.

 

According to Phil Booth, coordinator at privacy group medConfidential, this illustrates "exactly why patients must be able to see what is done with their data. NHS Digital[2] failed to see this in over three years and the IT company that made the error failed to spot it too. But any patient, especially someone concerned enough to opt out, would have spotted this in an instant".

 

 

 

[1] The National Health Service (NHS) is the UK's public health service.

[2] In the United Kingdom, general practitioners use TPP's SystmOne software, on which patients can indicate whether they oppose disclosure of their personal data for purposes other than strictly health care. SystmOne then normally sends this information to NHS Digital.


Sources: 

Daily Mail, Stephen Matthews (02/07/2018)