Amidst all the corporate data breach incidents, the cyber attacks on healthcare sector continue at the same pace. A couple of days ago, we reported about the HealthEngine data breach. Now, we can report that the NHS (National Health Service) in the UK has suffered a data breach exposing medical information. However, this time, the breach isn’t due to a cyber attack, instead the NHS blames a coding error for it. Regardless of the reason, the data breach resulted in sharing details of 150,000 patients – that too – without their consent.
NHS Data Breach Exposed Patient Details Without Consent
Recently the NHS disclosed data of 150,000 patients for research and clinical audit purposes. However, the shared data belonged to patients who had previously opted out of data-sharing. However, it was not a deliberate move, but occured because of a software error used by doctors.
The SystmOne software used by the NHS had an option to store patient objections to data sharing. However, since it had a ‘supplier defect’, these objections didn’t reach NHS Digital. Patients GPs (general practitioners) recorded the objections in a TPP software used between March 2015 and June 2018.
As explained by Jackie Doyle-Price, Health Minister, in her statement to Parliament,
“NHS Digital recently identified a supplier defect in the processing of historical patient objections to the sharing of their confidential health data. As a result, these objections were not upheld by NHS Digital in its data disseminations.”
NHS Digital’s Director of Primary & Social Care Technology, Nic Fox, also confirms rectification of the error. He also re-emphasizes on the importance of customer privacy.
“We worked swiftly to put this right and the problem has been resolved for any future data disseminations. We take seriously our responsibility to honour citizens’ wishes and we are doing everything we can to put this right.”
The Error Has Been Rectified
The error appears to have arisen in the TPP software after it switched to a new system for coding. As a result, though the physicians correctly recorded the patients’ objections to the software, NHS Digital didn’t receive the details. Thus, NHS accidentally shared the data without patients’ consent.
According to Ms. Doyle-Price, the software error has now been rectified. NHS will also inform the affected patients about the matter, as stated by Nic Fox. He also confirmed that the incident has not affected patient’s personal care and treatment.
In addition to this, an Information Commissioner’s Office spokeswoman also confirms that they are investigating this matter further.
Let us know your thoughts in the comments section.