The health data of 150,000 patients has been wrongly shared for up to three years, after opt-out requests were not sent to NHS Digital following a GP system supplier “coding error”.
In a written statement to MPs today (2 July), Jackie Doyle-Price, parliamentary under secretary of State for Health, said that NHS Digital had “recently identified a supplier defect”.
This meant that the preferences of 150,000 patients who wanted the Type 2 opt-out (where individuals do not want NHS Digital to share confidential patient information it had collected from across the health and care service for purposes other than the individuals care) were not sent to NHS Digital.
The error occurred over a three-year period between March 2015 and June 2018, in GP practices running TPP’s SystmOne.
As a result, Doyle-Price said their health data was “used in clinical audit and research”, adding that the error had “now been rectified”.
She also told MPs that “there is not, and has never been, any risk to patient care as a result of this error”.
The error is particularly embarrassing as it comes in the midst of a new national NHS campaign, informing patients of their right to set preferences over who can access their personal NHS data.
NHS Digital, the responsible NHS agency, said it would be writing to all TPP GP practices to ensure they were aware of the issue.
In a written statement, Nic Fox, director of primary and social care technology at NHS Digital, apologised “unreservedly” for what happened, confirming it had been “caused by a coding error by a GP system supplier (TPP)”.
He added: “We worked swiftly to put this right and the problem has been resolved for any future data disseminations.
“We take seriously our responsibility to honour citizen’s wishes and we are doing everything we can to put this right. No patient’s personal care and treatment has been affected but we will be contacting affected individuals.”
Fox also claimed the issue would not have been able to occur using the National Data Opt-Out, which was launched on 25 May.
NHS Digital has also contacted the Information Commissioner’s Office (ICO) and the National Data Guardian for Health and Care about the issue.
The organisation also said it was “not aware of any other objections that have not been honoured and believe this to be a standalone issue”.
John Parry, clinical director at TPP, said: “TPP and NHS Digital have worked together to resolve this problem swiftly. The privacy of patient data is a key priority for TPP, and we continually make improvements to our system to ensure that patients have optimum control over information.
“In light of this, TPP apologises unreservedly for its role in this issue.”
TPP added that it would continue to work with NHS Digital to ensure “that testing and assurance of patient data extracts is enhanced to ensure that errors of this nature do not occur again” and to “make sure that patient wishes are always treated with the utmost importance”.