The data regulator has intervened in the row over a system which is designed to make the NHS paperless by 2020, dismissing concerns that the security of up to 26 million patients’ medical records could be at risk.
The Information Commissioner’s Office says thousands of GPs already using the TPP SystmOne electronic patient record systems should not switch off “enhanced” information sharing.
In a statement, the regulator said: “The ICO has data protection compliance concerns about SystmOne’s enhanced data sharing function and the potential risk to patients’ medical records held by GPs. However, given the possible impact to patient care, the ICO is not advocating that users switch off data sharing at this stage.”
Controversy over security of the TPP system reignited over the weekend, after it was picked up by the Telegraph, which reported that that the because of a sharing function in SystmOne, patient records could potentially be viewed by “thousands of strangers”.
TPP has said users should only use the function to view records having first obtained patient’s consent for direct care. Ongoing concerns about SystmOne related specifically to “fair and lawful” processing of patient data and having adequate security around that information.
The ICO said NHS Digital, TPP and NHS England were already putting place an “initial plan” to fix these shortcomings, with “further work planned”.
In statement supplied by NHS Digital, covering “the NHS”, a spokesperson said: “We are aware that the Information Commissioner’s Office have raised data protection compliance concerns. NHS organisations are already supporting TPP to respond to the issues raised working closely with the ICO and GP leaders – and the full response plan will be implemented by summer.
NHS chief clinical information officer Keith McNeil said access to good information was essential for effective care but it should be managed “fairly and lawfully, with the highest levels of security and safety”.
The NHS is now stranger to data security concerns; two years ago, the launch of a patient information sharing scheme, dubbed care.data, was scuppered following one of the most spectacular marketing cock-ups in recent years when the NHS launched a nationwide door-drop campaign promoting the service only for it to be buried under piles of other leaflets.
Row looms as Google nets NHS patient data contract
Care.data fears given short shrift
NHS care.data trials shun marketing
NHS refused to pull care.data leaflet
Bill for care.data fiasco tops £1.3m
NHS plots ‘sizeable’ care.data push
‘Crap creative’ blamed for NHS fiasco
Botched ads halt NHS big data plan