NHS accidentally shared information on 150,000 patients

NHS Digital blamed a coding bug for the breach

A data breach has exposed the details of 150,000 NHS patients in England, which the health service is blaming on a coding error.

Victims of the breach had requested that their medical information only be shared with NHS Digital, and not used for anything else beyond their own immediate care.

However, a problem with the SystmOne software GPs used to record objections to data being used for other purposes, such as research and auditing, meant that the application did not pass the requests on from GPs to NHS Digital.

TPP, which developed SystmOne, said that it ‘apologises unreservedly' for the bug, which has been active since March 2015. NHS Digital only discovered it when it switched to a new coding system and noticed a ‘sudden surge' in patient opt-outs.

"NHS Digital recently identified a supplier defect in the processing of historical patient objections to the sharing of their confidential health data," said health minister Jackie Doyle-Price.

"As a result, these objections were not upheld by NHS Digital in its data disseminations."

NHS Digital, which is contacting all affected GP practices and organisations to ask them to destroy the data, said that the National Data Guardian, the Information Commissioner's Office and the Royal College of GPs had all been informed of the error.

NIc Fox, director of primary and social care technology at NHS Digital said, "We take seriously our responsibility to honour citizens' wishes and we are doing everything we can to put this right. No patient's personal care and treatment has been affected but we will be contacting affected individuals."