This site is intended for health professionals only

Thousands of Summary Care Records created without consent in NHS IT blunder

Exclusive: ‘Human error’ was to blame for an NHS IT blunder which saw Summary Care Records created for thousands of patients without them being given an opportunity to opt out, a Department of Health investigation has concluded.

Some 4,201 patients had records created without their knowledge after a GP practice was incorrectly identified for a Summary Care Record upload – and they will not be allowed to have them deleted.

The Department of Health has so far declined to identify the practice or patients involved, or say whether the patients have been informed of the mistake.

Pulse first revealed in November that the DH was investigating a mistake in the Summary Care Record rollout. Although Summary Care Records are created under implied rather than explicit consent, patients are supposed to be sent a Patient Information Programme (PIP) mailing which contains an opt-out form at least 12 weeks before care records are created.

The DH said that human error by a unidentified supplier had led to an incorrect practice being identified for a Summary Care Record upload. It said the records which had been created were not viewed by anyone outside the practice, and that staff at the practice would already have had access to the patients’ full medical records.

But although the records have now been ‘withdrawn’, meaning they cannot be accessed, the DH said they will not be deleted, in order to ensure that an audit trail remains in place to provide details on who has or has not previously accessed the records.

The software supplier has now postponed the creation of further Summary Care Records until extra safeguards have been put in place, and the PCT involved has informed the Information Commissioner’s Office of the incident.

Dr Paul Cundy, chair of the GPC’s IT subcommittee and a GP in Wimbledon, south London, said:  ‘Obviously this is worrying - if it can happen in one place, it can happen in another. If this was down to human error at the software supplier it raises questions of how practices and patients will know if Summary Care Records have been created without their consent.’

Dr Paul Thornton, a GP in Nuneaton, Warwickshire, said control over the creation of care records should lie with GPs only: ‘The practice’s role as data controller has been circumvented and this is not acceptable. The control should lie with the practice and not with an outside organisation.’

He added: ‘It’s completely wrong that the DH won’t delete the records. If the patient hasn’t had the opportunity to say “no thanks” to having one created they should be checked to see if anyone’s accessed it and then deleted immediately.’

A DH spokesperson said: ‘We are absolutely clear that no data was accessed inappropriately and none of the records in question have been accessed by anybody outside of the practice concerned.’

‘There are a range of measures in place that continue to ensure the information in Summary Care Records stays private and can only be looked at by those authorised to do so. An investigation into this case has been undertaken and the supplier in question is introducing extra safeguards.’


Further reading

- Editor’s blog: Longstanding fears over consent and confidentiality are realised