In a statement to members of Parliament (MPs), parliamentary undersecretary for health, Jackie Doyle-Price, said the error was “swiftly rectified” once it was discovered on 28 June.
“NHS Digital will write to all TPP GP practices to make sure they are aware of the issue and can provide reassurance to any affected patients. NHS Digital will also write to every affected patient. Patients need to take no action and their objections are now being upheld,” she said. “There is not, and has never been, any risk to patient care as a result of this error.”
Following the discovery of the breach, NHS Digital has made the Information Commissioner’s Office (ICO) and the national data guardian for health and care, Fiona Caldicott, aware of the incident. The ICO is currently making inquiries into the breach.
NHS Digital’s director of primary and social care technology, Nic Fox, said the problem was quickly rectified and has been “resolved for any future data disseminations”.
“We apologise unreservedly for this issue, which has been caused by a coding error by a GP system supplier [TPP] and means that some people’s data preferences have not been upheld when we have disseminated data. The TPP coding error meant that we did not receive these preferences and so have not been able to apply them to our data,” Fox said.
“We take seriously our responsibility to honour citizen’s wishes and we are doing everything we can to put this right.”
TPP and NHS Digital will now work to ensure testing and assurance of patient data extracts are “enhanced to ensure that errors of this nature do not occur again”. TPP clinical director John Parry said the privacy of patient data “is a key priority for TPP, and we continually make improvements to our system to ensure that patients have optimum control over information”.
The NHS has struggled with gaining the public’s trust when it comes to data, following the Care.data scandal, where the programme was being pushed through without explaining the implications for highly sensitive patient records, eventually leading to it being scrapped.
The latest data breach is unlikely to increase trust, but NHS Digital’s Nic Fox said the issue would “not be able to occur” using the new tool.
Once a patient decides to opt out, all health and care organisations have to comply with the choices made by the patient until 2020.