The issue arose when selected patients, who had requested that their confidential health information could only be used to help provide them with their own care was passed on to other parties (what are termed type 2 opt outs). This happened due to a coding problem affecting software used by family doctors. The software, The Daily Mirror reports, had a place to record objections to the patient’s data being used for research and auditing purposes; however, the objection was not registered.
The software used was the SystmOne application and the issue was confined to some family doctor (General Practitioner) surgeries. SystmOne is designed to pass on data privacy requests to the National Health Service (NHS) IT provider. However, in 150,000 cases this information transfer did not occur. The breach was uncovered by administrators at the end of June 2018, but not made public until July 2, 2018. Officials at NHS Digital – considered to be the national ‘safe-haven’ for patient data – flagged the error when they noticed an influx of patient opt-outs, according to The Daily Mail.
According to the BBC, the developer of SystmOne, TPP, has stated it “apologises unreservedly” for the fault. NHS Digital has said it intends to contact all affected patients in writing and to copy in the relevant family doctor.
The case required that health minister Jackie Doyle-Price make a statement to the U.K. Parliament. Here the Conservative Party politician said: “There is not, and has never been, any risk to patient care as a result of this error. NHS Digital has made the Information Commissioner’s Office and the National Data Guardian for Health and Care aware.”