Just over a third of the organisations which received approved patient data releases from the NHS between April and December last year were private firms, an audit published today said.

Over that eight month period the Health and Social Care Information Centre released 459 patient data sets that required approval because they contained pseudonymised or identifiable data, the audit said.

In total, 347 of the releases were of pseudonymised data. The remaining 75 releases were of identifiable data, of which four went to private firms.

Kingsley Manning, the organisation’s chair, told HSJ releasing identifiable data to a private firm was “very, very rare”.

He said: “We don’t send identifiable data out unless we have an extraordinary [case]. We do provide pseudonymised data, but we have no evidence and experience of anyone identifying a patient on pseudonymised data.

“There is a theoretical possibility but we have no knowledge of people having done it. If they did it would be a criminal act.”

One example of a private firm obtaining identifiable data was health analytics firm CHKS. It received linked data for hospital episodes statistics and ONS data linked to mortality rates.

The data was released for the purpose for of carrying out a report commissioned by health secretary Jeremy Hunt.

The register will be updated quarterly from now onwards. A larger audit is underway of data releases by the predecessor organisation, the NHS Information Centre.

Sir Nick Partridge, a non-executive director on the information board and former chief executive of the Terence Higgins Trust, is conducting a review of the data releases made by the body’s predecessor organisation, the NHS Information Centre which is due at the end of May.

Information centre officials face the health select committee on Tuesday to discuss the release of data.