Legal help for data breach compensation claims

26 million GP records may have been breached

Start Your Claim Today!

Your privacy is extremely important to us. Read how we handle your data in our Privacy Policy

Medical records contain a wealth of information on patients, and any leak or breach of medical information is a serious one.

Scarily, an investigation has been launched into the security of a computer system that holds 26 million patients’ records. The investigation, launched by the Information Commissioner’s Office (ICO), is looking at whether the computer system complies with the data protection act.

If it wasn’t, who knows how bad this breach could be?

Concerns raised by ICO

The issue at hand is the “enhanced data sharing” function used in NHS systems. When a GP switches this function on, it can allow the medical records to be shared and/or viewed by thousands of NHS employees even if there isn’t a reason to do so. A spokesperson for the ICO said:

“…we do have data protection compliance concerns about SystmOne’s enhance data sharing function.”

The investigation centres around a system called SystmOne (owned by TPP), which is predominantly used by UK healthcare professionals. The system has been praised for ‘modernising IT in the NHS’ by simultaneously allowing GP and clinicians access to patients’ records and the patients’ contact with the healthcare service.

The investigation is looking into 2,700 GP surgeries that have been using SystmOne.

Data Protection provisions

Under the Data Protection Act (DPA), this may be seen as prohibited under Principle 2, where:

personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

Organisations must be transparent when handling an individual’s data, and they must be clear at the outset as to why they are obtaining the information, and what they intend to do with it. It’s clear that not all NHS employees have specified or medical reasons to access the said GP records, which is where the major concerns have arisen.

Huge implications

Due to the nature and sheer size of the potential breach, BMA’s IT committee has written to GPs who use the system to take “urgent action”. BMA’s committees are officially recognised by health departments in national negotiations for NHS doctors. Chairman Paul Cundy noted his concerns, saying:

“This is a serious issue with potentially huge implications for patients, GPs and TPP. At the moment GPs are at risk of complaints being made against them.”

If the GPs and TPP don’t make immediate remedial action, they’ll face the backlash and will no doubt be in serious breach of the DPA.

According to The Times, TPP noted that they’re “making amendments” to the function, but doesn’t give further indication on what that might be.

The duty of keeping our records secure

Some have noted their disappointment in the system. One commentator on the Times notes that NHS databases never work because of their sheer size. Brian Vallance says that there’s a much easier way of keeping medical records which is “far more efficient, virtually cost-free and vastly safer”, and he notes that many public health services in Europe use this method.

Some may argue that privacy and confidentiality is dwarfing ‘clinical outcomes’. Some would rather A&E departments have easy access to records in case of emergency.

Source Info:

https://www.thetimes.co.uk/article/data-breach-fear-for-26m-gp-records-9zsjzpkwv

http://www.telegraph.co.uk/news/2017/03/17/security-breach-fears-26-million-nhs-patients/

IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.

Request a call back from our team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy.
You have the right to object to the processing of your personal data.

First published by Editor on April 12, 2017
Posted in the following categories: Latest and tagged with


Customers of “pay day loan firm” Wonga victims of serious data breach
Concerns over NHS plans to move all sensitive patient data up into the Cloud!
%d bloggers like this: