Reading:
26 million GP records may have been breached
Share:

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

26 million GP records may have been breached

Medical records contain a wealth of information on patients, and any leak or breach of medical information is a serious one.

Scarily, an investigation has been launched into the security of a computer system that holds 26 million patients’ records. The investigation, launched by the Information Commissioner’s Office (ICO), is looking at whether the computer system complies with the data protection act.

If it wasn’t, who knows how bad this breach could be?

Concerns raised by ICO

The issue at hand is the “enhanced data sharing” function used in NHS systems. When a GP switches this function on, it can allow the medical records to be shared and/or viewed by thousands of NHS employees even if there isn’t a reason to do so. A spokesperson for the ICO said:

“…we do have data protection compliance concerns about SystmOne’s enhance data sharing function.”

The investigation centres around a system called SystmOne (owned by TPP), which is predominantly used by UK healthcare professionals. The system has been praised for ‘modernising IT in the NHS’ by simultaneously allowing GP and clinicians access to patients’ records and the patients’ contact with the healthcare service.

The investigation is looking into 2,700 GP surgeries that have been using SystmOne.

Data Protection provisions

Under the Data Protection Act (DPA), this may be seen as prohibited under Principle 2, where:

personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

Organisations must be transparent when handling an individual’s data, and they must be clear at the outset as to why they are obtaining the information, and what they intend to do with it. It’s clear that not all NHS employees have specified or medical reasons to access the said GP records, which is where the major concerns have arisen.

Huge implications

Due to the nature and sheer size of the potential breach, BMA’s IT committee has written to GPs who use the system to take “urgent action”. BMA’s committees are officially recognised by health departments in national negotiations for NHS doctors. Chairman Paul Cundy noted his concerns, saying:

“This is a serious issue with potentially huge implications for patients, GPs and TPP. At the moment GPs are at risk of complaints being made against them.”

If the GPs and TPP don’t make immediate remedial action, they’ll face the backlash and will no doubt be in serious breach of the DPA.

According to The Times, TPP noted that they’re “making amendments” to the function, but doesn’t give further indication on what that might be.

The duty of keeping our records secure

Some have noted their disappointment in the system. One commentator on the Times notes that NHS databases never work because of their sheer size. Brian Vallance says that there’s a much easier way of keeping medical records which is “far more efficient, virtually cost-free and vastly safer”, and he notes that many public health services in Europe use this method.

Some may argue that privacy and confidentiality is dwarfing ‘clinical outcomes’. Some would rather A&E departments have easy access to records in case of emergency.

Source Info:

https://www.thetimes.co.uk/article/data-breach-fear-for-26m-gp-records-9zsjzpkwv

http://www.telegraph.co.uk/news/2017/03/17/security-breach-fears-26-million-nhs-patients/

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
SRA
Contact
www.dataleaklawyers.co.uk is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon