Medical records of patients treated at a private British hospital, The London Clinic, have been illegally sold to undercover investigators.
The revelations were made in ITV’s Tonight Programme report, Health Records For Sale, broadcast last night.
The programme reported that hundreds of files containing details of patients’ conditions, home addresses and dates of birth were offered to undercover reporters for just £4 each by sales executives from India, contacted online.
The records offered for sale appear to have been medical records that consultants working at the London Clinic, the hospital processes its own records internally, who contracted with a firm called DGL (DGL) Information Technologies UK to digitise their records.
DGL is then claimed to have sub-contracted to another firm, Scanning and Data Solutions (SDS), which scanned them into computers in the UK. SDS in turn is said to have sub-contracted further work on the files to a company in Pune, India, which had signed tight confidentiality agreements.
Only the records of private patients were covered, with no NHS patient records involved. The ITV show said the majority of patients had been treated by consultants using facilities at the London Clinic.
The files were sold by two men who claimed to have gained access to the information from IT companies in India. The security breach was claimed to occur at a transcription centre in India responsible for digitising medical notes and records.
The reporters bought more than 100 records belonging to UK patients but were told they could obtain up to 30,000 more on demand. Confidential records were offered by condition such as particular cancers.
Of 116 files bought by ITV, 100 of which were confirmed as genuine, were for patients who had been treated in private hospitals. Although not NHS records they did contain some NHS data, including referral letters from GPs.
Sally Anne Poole, head of investigations at the Information Commissioner’s Office, told the Daily Mail: “We are very concerned that private patients’ medical records are on sale in India. The ICO will establish the full facts and will then decide what action, if any, needs to be taken.”
Chris Rogers, the programme’s presenter, made contact with the two salesmen in an internet chat room by posing as a marketing executive keen to buy medical records, which he said he would use to sell health products.
One patient whose record was affected by the security breach said in the documentary that the data breach was ‘one step up from grave-robbing’.