NHS glitch led to 150,000 patients' data accidentally shared against their will

Clinician's computer meltdown

A software glitch has resulted in up to 150,000 NHS patients' data being unwittingly shared against their will, a government minister has disclosed.

Due to a coding error in the SystmOne application, made by developer TPP, 150,000 data sharing preferences set between March 2015 and June 2018 in GP practices running the software were not sent to NHS Digital, according to Jackie Doyle-Price, parliamentary under-secretary of state for health.

Delivering a statement in parliament on Monday, the minister added the data was used in clinical audit and research settings against the 'Type 2 objections' patients had set - and was shared by NHS Digital between April 2016, when this data-sharing process was enabled, and 26 June 2018.

"TPP has apologised unreservedly for its role in this matter and has committed to work with NHS Digital so that errors of this nature do not occur again. This will ensure that patients' wishes on how their data is used are always respected and acted upon," said Doyle-Price.

"There is not, and has never been, any risk to patient care as a result of this error. NHS Digital has made the Information Commissioner's Office and the National Data Guardian for Health and Care aware."

NHS Digital manages the contract for GP Systems of Choice, and oversees TPP's involvement, on behalf of the Department for Health and Social Care (DHSC).

The health service's digital arm said it will be writing to all affected patients to make them aware of the issue, and that all objections are now being honoured.

"We apologise unreservedly for this issue, which has been caused by a coding error by a GP system supplier (TPP) and means that some people's data preferences have not been upheld when we have disseminated data," said NHS Digital's director of primary and social care technology Nic Fox.

"The TPP coding error meant that we did not receive these preferences and so have not been able to apply them to our data. We worked swiftly to put this right and the problem has been resolved for any future data disseminations."

'Type 2 objections', which is in the process of being phased out, has been replaced by a national data opt-out for patients across England to mark their preferences on their sensitive data being used in research and planning.

Released on 25 May to coincide with the enforcement of GDPR, the preferences collected by the new tool will apply to health and social care organisations' data-sharing decisions from 2020.

On the new system, Doyle-Price continued: "This has simplified the process of registering an objection to data sharing for uses beyond an individual's care.

"The new arrangements give patients direct control over setting their own preferences for the secondary use of their data and do not require the use of GP systems, and therefore will prevent a repeat of this kind of GP systems failure in the future."

The incident follows two deals NHS Digital recently struck to enhance cyber security and patient privacy across the health service in England, with IBM and Privitar respectively.

NHS Digital's deal with Privatar, in particular, is geared towards boosting the level of patient privacy with the rollout of De-ID, a software that enables the de-identification of sensitive patient records.

The system will work by separating a patient's identity from their personal information, so it can be shared with other healthcare organisations, in a consistent way across the health service, as opposed to the several models working in isolation at the moment.

A three-year contract with IBM, reportedly worth 30 million, meanwhile, will give the NHS access to an array of advanced security tools to in a bid to enhance the health service's cyber security credentials after last year's WannaCry attack.

The latest incident will represent another reputational blow for the health service, already struggling to overcome its record for mishandling patient data and failing to adequately respect patient privacy; one example manifesting as the DeepMind controversy, in which patient data was shared with Google's AI project without their consent.

"TPP and NHS Digital have worked together to resolve this problem swiftly," said Dr John Parry, clinical director TPP.

"The privacy of patient data is a key priority for TPP, and we continually make improvements to our system to ensure that patients have optimum control over information. In light of this, TPP apologises unreservedly for its role in this issue."

IT Pro has approached the Information Commissioner's Office (ICO) to ask whether it would be investigating the matter.

Keumars Afifi-Sabet
Features Editor

Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.