Although we value and treasure our National Health Service – who for the most part do a wonderful job of looking after us – they are responsible for significant amounts of data breaches. In fact, they’re way ahead when compared to everyone else, and it’s a real issue because the information they secure for us is often very sensitive and personal.
Unfortunately, we have to report yet another serious data breach story involving the NHS.
It has been revealed that the NHS has lost more than 500,000 pieces of patient information between 2011 and 2016. This may have led to hundreds of NHS patients suffering serious harm as a result.
Over 500,000 letters between General Practitioners and hospitals never made it to their intended recipients. The information the letters contained included:
- Test results and diagnoses
- Treatment plans
The sensitive medical information lost could be problematic for patients. Confidential medical correspondence is fundamental in the health industry, and it must be handled with extreme care.
Misplaced or inaccurate information being passed along can hinder medical professionals from doing their jobs in an efficient manner, and in more serious cases, problems can cause harm to a patient. For example, a letter from the hospital containing information about a patient’s diagnosis and treatment plan is undelivered. When the patient comes to visit their GP, without that information, the GP may provide incorrect information, advice, or medication.
Thousands of further investigations to be undertaken
Around 2,500 cases have been identified as requiring investigation due to the nature of the letter content. Diagnoses and treatment plans for patients with cancer or other critical conditions are understandably deemed to be higher risk. Some 537 cases are now under further review to establish whether patients have suffered serious harm as a result of the communication failure.
Shadow Health Secretary Jonathan Ashworth raised concerns that:
“…patient safety will have been put seriously at risk as a result of this staggering incompetence.”
Private company to blame?
The private company NHS Shared Business Services (SBS) was responsible for the delivery of NHS internal mail. A team of 50 administrators has been brought together to sort out the mess SBS has created, and they’ll conduct an investigation into the data breach to assess exactly how much harm has been caused.
As well as patient harm, the breach may also cause otherwise preventable delays for medical staff. We all know that medical professionals have huge workloads anyway, so chasing missing files will have undoubtedly led to delays. In a system where patients seem to have to wait days before seeing a GP or a doctor for less than urgent ailments, this incident could further extend that waiting time.
BMA slams funding cuts
The British Medical Association has slammed government cost cuts to our health service as the reason for this colossal error. NHS plans to use private companies to save money may have backfired with the additional costs required to clean up their mistake. £2.2 million has already been paid to GPs to re-examine resurfaced medical documents. While GPs are being paid for this inconvenience, patients are expected to accept the undue delay and effect of the breach.