A glitch in a software operated by NHS Digital allowed the organisation to use confidential health data of up to 150,000 patients for clinical audit and research even though such patients had objected to the use of their data for such purposes.
SystmOne, an application used by GPs to record objections by patients to the use of their health data for any purpose other than to help provide them with medical care, suffered a "coding error" that prevented the application from passing on the objections of 150,000 patients to NHS Digital.
As a result, confidential health information of such patients was processed by the organisation for clinical audit and research, thereby violating their rights under data protection laws.
Software glitch went undetected for three years
The coding error occurred between March 2015 and June 2018, thereby ensuring that NHS Digital could not take note of the objections of 150,000 patients between April 2016 and 26 June 2018 after it introduced a process for enabling objections to be upheld.
"Since being informed of the error by TPP, NHS Digital acted swiftly and it has now been rectified. NHS Digital made the Department of Health and Social Care aware of the error on 28 June. NHS Digital manages the contract for GP Systems of Choice on behalf of the Department of Health and Social Care.
"TPP has apologised unreservedly for its role in this matter and has committed to work with NHS Digital so that errors of this nature do not occur again. This will ensure that patients’ wishes on how their data is used are always respected and acted upon," the government said.
NHS Digital is now appraising all GPs about the error so that they can reassure affected patients and is also writing to all affected patients to let them know that their objections are now being upheld and that there has never been any risk to patient care as a result of the error.
NHS Digital also announced that the process of upholding Type 2 objections has now been replaced by the new national data opt-out that "simplifies the process of registering an objection to data sharing for uses beyond an individual’s care".
"The new arrangements give patients direct control over setting their own preferences for the secondary use of their data and do not require the use of GP systems, and therefore will prevent a repeat of this kind of GP systems failure in the future," it added.
Need for a unified encryption platform
Commenting on the coding error in SystmOne that led to the use of patient information for purposes they did not give their consent for, Luke Brown, VP EMEA at WinMagic, said that the incident demonstrates that even though this particular event wasn’t malicious, it resulted in sensitive data being shared with recipients that had no business to have it.
"Like many organisations, the NHS’s IT infrastructure is vast and unwieldy, so it needs to deploy a single encryption platform that can deal with an array of individual devices and operating systems. What this means in practice is that as data moves from one platform or infrastructure to another it’s covered by one ‘all-inclusive’ encryption solution – and not less effective disparate native encryption tools," he added.
The need for an unified encryption software to preserve the anonymity of sensitive health data is all the more important as unsupervised data sharing occurs frequently either at clinic-level, department-level or organisation-level at NHS. In January this year, the Commons Health Committee directed NHS Digital to immediately withdraw from a memorandum of understanding that allowed the Home Office to obtain non-medical information of patients from the organisation to trace immigration offenders.
"We understand the government has a job to do, but going into health records to get patient information is not OK. The idea that any patient information is being shared with a government body immediately breaks their trust in a doctor-patient relationship," said Lucy Jones, director of programs at Doctors of the World UK.