SystmOne creator hits back in row over patient records 'enhanced data sharing' claims
'TPP unaware of any prosecution of a SystmOne user for sharing records in this way,' claims company behind SystmOne
TPP-UK, the company behind the SystmOne patient records system, has hit back at claims made over the weekend that surgeries enabling 'enhanced data sharing' are putting patients' medical records at risk.
In a statement to Computing, a spokesperson said: "To date, TPP is unaware of any prosecution of a SystmOne user for sharing records in this way. No patient records held on our system have been compromised, and there has not been a security breach in the system.
"The only story that exists here is that, as stated by the spokesperson from the Information Commissioner's Office, the ICO, NHS Digital, NHS England and TPP are in ongoing discussions over TPP's sharing model and how best to support data controllers whilst balancing the interests of the patient."
The company also rejected as "wholly untrue" claims that surgeries were unknowingly enabling NHS staff to access patient record and that there were minimal safeguards against misuse. It also stressed that the permissioning was granular and that GP surgeries are advised to seek consent before enabling the data sharing feature.
"TPP provides clear information on how TPP's sharing model works so that health and social care professionals are fully informed of how the system works. This is to ensure that such professionals understand how data will be shared within SystmOne and can provide comprehensive information to patients to enable them to make an informed decision on whether they wish their data to be shared.
"Before any information about a patient is shared with another NHS organisation using SystmOne, the patient's consent preference must be set. Once the information is set to share, only NHS professionals with the right access controls and relevant security clearance… would be able to access that medical record. If no consent to share patient data has been provided then the user must physically override the consent providing a valid reason to do so."
The spokesperson added that the system was designed so that "the patient has control in who can see their medical records but also, in an emergency and for situations of direct patient care, to ensure access to vital medical information is extremely quick, wherever the patient is in the country. Full electronic audit trails within the system ensure that any malicious or criminal activity is traceable," they added.
"Only staff whose role necessitates retrieving patient records are given access rights to the records. Access to information on patient records is also restricted to the appropriate levels for different staff members. Furthermore, SystmOne contains a comprehensive audit trail showing exactly who has accessed patient records."