This site is intended for health professionals only


Sharp rise in GP practices investigated by data protection watchdog



Exclusive The number of instances in which GP practices saw their data handling scrutinised by the Information Commissioner has risen dramatically, amid a rise in sharing of patient records with other healthcare providers.

Between 2014/15 and 2015/16, the number of GP practice incidents assessed by the regulator increased by almost a quarter (23%), from 330 to 405, the ICO’s own records show.

Health data experts link the rise to the growing numbers of practices signed up to local patient record-sharing arrangements, which means that local health organisations can access information from the GP record, coupled with patients hearing of the Government’s botched care.data record-sharing plans.

Although only a minority of ICO investigations into practices’ handling of data required any further action, independent data protection monitoring group MedConfidential warned that GP practices could see legal action from patients relating to the agenda of increased sharing of records.

In setting out the Department of Health’s ‘paperless NHS’ plan back in 2013, health secretary Jeremy Hunt said his aim was for healthcare providers to have access to a patient’s full record.

And NHS England recently set out plans for A&Es, urgent treatment centres and pharmacists to be covered by local sharing arrangements for GP records by December this year.

But MedConfidential coordinator Phil Booth said there are steps GP practices have to take or they leave themselves liable to legal action.

He said practices must ensure patients can find out who has access to their records, and explain that patients can object to their data being shared.

He told Pulse: ‘If they don’t do those two things, GPs are open to being sued.’

Hampshire GP Dr Neil Bhatia, who runs a website that helps patients to understand data sharing, said: ‘Patients have become more aware, particularly with the push to online access to their GP record and the plethora of local data-sharing schemes now springing up.’

The news comes as Pulse revealed last month that healthcare professionals in police stations and immigration removal centres are already able to access the full patient records from 2,700 practices which are using the SystmOne IT system.

Pulse also revealed that thousands of practices could be unaware that they were breaching data protection legislation by switching on sharing functions.

data sharing graph may2017 580x716px

data sharing graph may2017 580x716px