The NHS Shared Business Services (SBS) in Britain has apologized for its history of sending private patient data to the wrong family doctors.
Various general practice (GP) surgeries have routinely received a bouquet of information for patients they didn’t have on their rosters, according to reports, including temporary resident forms, duplicate documents, lab/test results and communications about treatment steps. Worse, NHS SBS also didn’t redirect the errant documents to the correct recipients once apprised of the mistakes, Express reported.
The issue has been ongoing since 2011, according to officials. Residents of North East London, the South West and the East Midlands were the most affected by the snafu—but the Government hasn’t said how many patients were affected.
NHS England said: “Some correspondence forwarded to SBS was not redirected or forwarded to GP surgeries or linked to the medical record when the sender sent correspondence to the wrong GP or the patient changed practice.”
NHS SBS apologized: “We would like to express our regret for this situation, and we are working with NHS England to return all delayed correspondence to GP practices for filing in medical records as quickly as possible.”
The department said that a team including clinical experts is now ensuring all correspondence is reviewed and delivered, “wherever possible,” to the correct GP so that it can be placed in the patient’s medical records.
Liberal Democrat leader Tim Farron blasted the NHS: “This is the most personal information about a person and it is wholly unacceptable that this has happened and the Department of Health should investigate this urgently.”
It’s unclear yet what the consequences will be for the ongoing, endemic practice, but the Information Commissioner’s Office (ICO) has opened a probe and has not ruled out penalties.
A spokesman said: “The ICO is aware of this issue, and has been in regular contact with the organisations involved. An investigation is already underway to see whether there has been any breach of the Data Protection Act. The Data Protection Act sets out clear rules that organisations need to follow around people’s personal data. Where those rules aren’t followed, we have the power to enforce the law.”
Photo © Monkey Business Images