• 150,000 patients’ confidential data shared against their explicit wishes
  • Linked to error in GP IT system stretching back three years
  • Comes as NHS seeks to regain public trust on sharing data

Tens of thousands of NHS patients have had their confidential health records shared for years against their wishes, after a major IT supplier failed to register their preferences.  

In a statement to Parliament today, health minister Jackie Doyle-Price revealed that NHS Digital, the national “safe haven” for patient data, has not been honouring roughly 150,000 patients’ wishes that their confidential health information not be shared beyond staff working on their direct care.

”NHS Digital recently identified a supplier defect in the processing of historical patient objections to the sharing of their confidential health data,” she said.

“As a result, these objections were not upheld by NHS Digital in its data disseminations.”

The failure stretches back to 31 March 2015 and was caused by a coding error at one of the two major GP IT system suppliers, TPP.

This meant patients’ preferences, known as “type-two” opt-outs, were registered by a GP on TPP’s SystmOne software but not subsequently passed on to NHS Digital.

The error was uncovered last week when TPP switched to a new coding system, and NHS Digital officials noticed a sudden surge in patient opt-outs.

NHS Digital told HSJ all new preferences are now being honoured and it was still working through historical opt-outs.

The discovery of the error comes after the Government last month launched a new national opt-out system.

It is a key part of a wider push to regain the public’s trust in the NHS to share their data, after the closure of the controversial Care.data scheme.

The error means NHS Digital will have shared these patients’ identifiable data with hundreds of organisations, including some private companies, in contravention of their explicit wishes.

In the three months to the end of February this year alone, NHS Digital records show 160 organisations were sent patient identifiable data that should have been covered by the type-two opt-out. 

These were mostly CCGs but also included universities, royal colleges, a private software company and a data analytics company. 

Nic Fox, director of primary and social care technology at NHS Digital, said the organisation apologised unreservedly for the error.

He said: “We worked swiftly to put this right and the problem has been resolved for any future data disseminations.

”This issue would not be able to occur using the new national data opt-out, which has been recently introduced and puts the individual in direct control of their data-sharing preferences.”

He added: “We take seriously our responsibility to honour citizens’ wishes and we are doing everything we can to put this right. No patient’s personal care and treatment has been affected but we will be contacting affected individuals.”

Dr John Parry, clinical director at TPP, said: “TPP and NHS Digital have worked together to resolve this problem swiftly. The privacy of patient data is a key priority for TPP, and we continually make improvements to our system to ensure that patients have optimum control over information. In light of this, TPP apologises unreservedly for its role in this issue.”

The error affects about 10 per cent of the 1.6m patients that have registered a “type-two” opt-out, which were introduced partly to address concerns about Care.data scheme.

Type-two opt-outs are in the process of being converted to opt-outs under the new national system, with 732,000 letters sent to these patients to date informing them of the change.

So far under the new scheme, 901 patients who have previously had type-two opt-outs have opted-in to sharing confidential patient information to be used for research and planning, while 1,414 new patients have opted-out.

NHS Digital said it was in the process of contacting all GP practices affected and all organisations that had wrongly received patient identifiable data and asking them to destroy the information.

NHS Digital said the National Data Guardian, the Information Commissioner’s Office and the Royal College of GPs had all been informed of the error.

Phil Booth, coordinator at privacy group medConfidential, said: “This illustrates exactly why patients must be able to see what is done with their data. NHS Digital failed to see this in over three years, and the IT company that made the error failed to spot it too. But any patient, especially someone concerned enough to opt out, would have spotted this in an instant.”

Professor Helen Stokes-Lampard, chair of the Royal College of GPs, said: “Thousands of GP surgeries and their patients have been affected by this error, so we welcome the quick response from NHS Digital and other relevant organisations in rectifying this as quickly as possible.

“Patient data held by the National Health Service should only ever be used morally, safely and responsibly, and we must all work together to ensure mistakes of this nature are never repeated. We need to be able to reassure patients that their wishes concerning their data are being respected.”