GPC tackles ministers on safeguards for patient data processed abroad
Exclusive GP leaders are to seek reassurances over the safeguards in place for patient data being processed abroad by NHS Shared Business Services, a joint venture between the Department of Health and private firm Steria.
GPC negotiators told Pulse that processing of patient data in NHS SBS offices in India formed part of a package of concerns about the outsourcing of services that would be discussed with the DH. Other concerns, first revealed by Pulse in September, include delays in patient record transfers and payment problems.
Dr Beth McCarron Nash, GPC negotiator, said: ‘We must ensure safeguards are in place to protect practices as data controllers and to protect our patients' best interests. We will be taking this to the Department of Health.'
NHS SBS said that patient registration data is based on UK servers and accessed remotely from India. It refused to reveal how many staff had access to the data, which it said was ‘commercially sensitive'.
Monica Owen, marketing director at NHS SBS, said it complied with all relevant data protection legislation: ‘The data processed in NHS SBS India offices includes GP registrations and ophthalmic forms (GOS 3 & 4 only); these do not contain any clinical data. Data does not leave the UK. It resides on servers hosted in the UK and is accessed from India.'
Last week Pulse revealed 10 PCTs in the south west of England had postponed deals to outsource back-office functions by a month after former health minister Ben Bradshaw and unions raised question marks over the ‘quality and legality' of the deals.