Technology, Top News

NHS blames ‘coding error’ for breach that disclosed data on 150,000 patients

THE NATIONAL HEALTH SERVICE (NHS) has blamed a ‘coding error’ for a breach that disclosed data on 150,000 patients who had opted out of having their personal information shared.

Health minister Jackie Doyle-Price said in a statement on Monday that NHS Digital recently identified a “supplier defect in the processing of historical patient objections to the sharing of their confidential health data.”

This so-called defect meant that the 150,000 patients who opted out of having their data shared had their preferences ignored, as the information had not been passed to NHS Digital.

Doyle-Price said: “NHS Digital recently identified a supplier defect in the processing of historical patient objections to the sharing of their confidential health data.

“As a result, these objections were not upheld by NHS Digital in its data disseminations,” she added, noting that the organisation was “not aware of any other objections that have not been honoured and believe this to be a standalone issue”.

The error occurred over a three-year period between March 2015 and June 2018 in GP practices running TPP’s electronic health record software SystmOne, and was uncovered when TPP switched to a new system on 28 June. 

Dr John Parry, clinical director at TPP, said the company “apologises unreservedly” for the security slip-up, and said it has worked with NHS Digital to “resolve the problem swiftly”.

“The privacy of patient data is a key priority for TPP, and we continually make improvements to our system to ensure that patients have optimum control over information,” Parry added.

TPP added that it would continue to work with NHS Digital to ensure “that testing and assurance of patient data extracts is enhanced to ensure that errors of this nature do not occur again” and to “make sure that patient wishes are always treated with the utmost importance”.

NHS Digital has said it will write to all the patients involved, but added that “there is not, and has never been, any risk to patient care as a result of this error”. 

The Information Commissioner’s Office (ICO) has said it’s aware of the breach and is “making enquiries”. µ

Further reading

Source : Inquirer

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Send this to a friend