Data breach affects 150,000 patients

150,000 patients in England have been involved in a data breach that the NHS is blaming on a coding error.

Having requested that their confidential health information only be used to help provide them with care, a software error within the SystmOne application, whereby objections were not passed on in the system, saw the same data being used for research and auditing purposes.

The software's developer TPP said it ‘apologises unreservedly’ for the fault, with NHS Digital stating that it will write to all the patients involved as well as their GPs. The Information Commissioner's Office has also been notified.

Nic Fox, director of Primary and Social Care Technology at NHS Digital, said: “We apologise unreservedly for this issue, which has been caused by a coding error by a GP system supplier (TPP) and means that some people’s data preferences have not been upheld when we have disseminated data. The TPP coding error meant that we did not receive these preferences and so have not been able to apply them to our data.

“We worked swiftly to put this right and the problem has been resolved for any future data disseminations. This issue would not be able to occur using the new National Data Opt-Out, which has been recently introduced and puts the individual in direct control of their data sharing preferences. Data sharing preferences can now be registered via a simple to use website or by phone or paper form, with the information going directly to NHS Digital rather than being recorded by a GP on a third party system. We take seriously our responsibility to honour citizen’s wishes and we are doing everything we can to put this right. No patient’s personal care and treatment has been affected but we will be contacting affected individuals.”

Event Diary

You are invited to this unique annual exhibition that brings together all the disciplines from the emergency services sector who are involved in prevention, response and recovery.