This site is intended for health professionals only

At the heart of general practice since 1960

pulse june2020 80x101px
Read the latest issue online

GPs go forth

150,000 GP records wrongly shared as patient data preferences 'not upheld'

Thousands of patients have had their confidential GP records shared, despite opting not to have their data shared for research purposes, the Government has admitted.

In a written statement to parliament, health minister Jackie Doyle-Price said GP system provider TPP failed to send 150,000 patients’ type 2 opt-out preferences to NHS Digital.

The opt-out mean patients do not want NHS Digital to share their GP records for reasons other than their care.

However, in failing to send these objections to NHS Digital, ‘data for these patients has been used in clinical audit and research’.

The error affected patients who opted out of sharing their data between March 2015 and June 2018, with their data used against their will between April 2016 and June 2018.

This comes after the Government decided to axe its flagship GP-record sharing scheme in 2016 - more than two years after it was shelved over concerns about the use of patient data and the 'opt-out' model used for the project.

Ms Doyle-Price said: ‘An error occurred when 150,000 Type 2 objections set between March 2015 and June 2018 in GP practices running TPP’s system were not sent to NHS Digital.

‘As a result, these objections were not upheld by NHS Digital in its data disseminations between April 2016, when the NHS Digital process for enabling them to be upheld was introduced, and 26 June 2018.

‘This means that data for these patients has been used in clinical audit and research that helps drive improvements in outcomes for patients.’

She added that NHS Digital made the Department of Health and Social Care aware of the error on 28 June and it has since been corrected.

Phil Booth, coordinator of privacy advocacy group medConfidential, said: 'This illustrates exactly why patients must be able to see what is done with their data. NHS Digital failed to see this in over three years, and the IT company that made the error failed to spot it too. But any patient, especially someone concerned enough to opt out, would have spotted this in an instant.'

Nic Fox, director of primary and social care technology at NHS Digital, said: ‘We apologise unreservedly for this issue, which has been caused by a coding error by a GP system supplier (TPP) and means that some people’s data preferences have not been upheld when we have disseminated data.

‘The TPP coding error meant that we did not receive these preferences and so have not been able to apply them to our data.

‘We worked swiftly to put this right and the problem has been resolved for any future data disseminations.’

He added: ‘We take seriously our responsibility to honour citizen’s wishes and we are doing everything we can to put this right. No patient’s personal care and treatment has been affected but we will be contacting affected individuals.’ 

Mr Fox also said that this issue would not be able to occur using the new National Data Opt-out, as it ‘puts the individual in direct control of their data sharing preferences’.

NHS England began inviting patients last month to opt-out of GP record sharing for research and planning purposes as part of the National Data Opt-out, which replaces type 2 objections.

Dr John Parry, clinical director at TPP, said: ‘TPP and NHS Digital have worked together to resolve this problem swiftly.

‘The privacy of patient data is a key priority for TPP, and we continually make improvements to our system to ensure that patients have optimum control over information. In light of this, TPP apologises unreservedly for its role in this issue.’

NHS England announced last month that GPs in three areas of England will be expected to share patient data with social care as well as hospitals in the next two years.

The Department of Health and Social Care set out its plans for data-sharing last year, outlining a system for anoymising and extracting data from GP practices.

Readers' comments (8)

  • Who is the data controller in this instance?

    If one of my patients now does a SAR and asks if their data has been used against their will when they had specifically denied consent for it to be used in the sway, is the individual GP practice responsible (as the data controller)..?

    Unsuitable or offensive? Report this comment

  • ...and what happens when the national press get wind of this?

    Are we all going to be inundated with patients asking if their data has been used without their consent?

    And how will we know?

    Unsuitable or offensive? Report this comment

  • Vinci Ho

    Isn’t it an irony that while we are still have serious concerns of which originally carried an arguably ‘noble’ initiatives , people seem to have no worries about how these Smartphone-GP-apps for NHS (not to even mention private , payable consultantions)will jeopardise patient confidentiality. I would argue that a video-GP consultation (clearly can be easily recorded )through a GP smartphone app constitutes an essential medical record , alongside patient’s details, and hence , a ‘Bigger Data’.
    This incident involving TPP and NHS Digital certainly have not set a right track record for the sake of trust and confidence of handling and protecting this Bigger Data.

    Unsuitable or offensive? Report this comment

  • Why would anyone trust this bunch of incompetents with their confidential information. Positive permission from patients for the use of their data should be the default position.

    Unsuitable or offensive? Report this comment

  • Vinci Ho

    While electronic patient record in NHS involves an system provider and NHS Digital , the NHS GP smartphone app is provided by another private company? And what is the protection against the actual smartphone company accessing these Bigger Data??

    Unsuitable or offensive? Report this comment

  • Surley on the basis of the NHS digital must now be the data controller!No the mere GPs.

    Unsuitable or offensive? Report this comment

  • I'm on Emis and my patients have been using an app and website to access their data (which I actively discourage), book appointments and request repeat prescriptions for at least a couple of years. Surely there is something similar on SystmOne and Vision. Do we really not need yet another one??

    Unsuitable or offensive? Report this comment

  • Where is Paul Cundy when you need a decent quote?

    Unsuitable or offensive? Report this comment

Have your say