Your browser is no longer supported

For the best possible experience using our website we recommend you upgrade to a newer version or another browser.

Your browser appears to have cookies disabled. For the best experience of this website, please enable cookies in your browser

We'll assume we have your consent to use cookies, for example so you won't need to log in each time you visit our site.
Learn more

Probe lays bare ‘lapses’ in past patient records safety procedures  

  • Comment

An investigation has uncovered ‘significant administrative lapses’ in processes used by the NHS Information Centre to oversee the release of patient records to organisations including research bodies, government departments and insurers.


The probe – based on the findings of an audit of 3,057 data set releases between 2005 and 2013 – criticised the “loosely recorded processes” of both the centre and a private company to which it outsourced work.

The investigation was launched by the Health and Social Information Centre, the body which replaced the information centre in April last year, following a raft of confidentiality concerns, including claims that records were being erroneously sold to insurers.

The Health and Social Information Centre said that it still had data sharing agreements with three reinsurance companies that allow these firms to continue using the data until the agreements expire in 2015 and 2016.

It said it was confident legal changes under the Care Act 2014, which restricts the flow of potentially identifiable data solely for purposes that benefit health and social care systems, would provide protections to prevent the misuse of data.

The organisation said it had written to the three reinsurance companies to ask them to delete the data ahead of the new legislation coming into force later this year. It has yet to receive a formal response.

An audit by PwC – commissioned as part of the centre’s investigation – concluded the failures were “not systemic”, and the body insisted there was no evidence that the law had been broken.  

But the report laid bare a governance regime prone to “lapses in the strict arrangements” that were supposed to ensure patients’ confidential information was safeguarded.

Health and Social Care Information Centre non-executive director Sir Nick Partridge, who led the review, said: “The Health and Social Care Information Centre must learn lessons from the loosely recorded processes of its predecessor organisation.

“The public simply will not tolerate vagueness about medical records that may be intensely private to them.

“Although there is a new board and largely new senior executive team, the [Health and Social Information Centre] inherited many of the [NHS Information Centre’s] procedures and staff.

“This included data agreements with organisations – which have been highlighted by my review and which will subsequently be listed in future versions of the register of all data releases – first published by the [Health and Social Information Centre] in April.

“We can now make sure we conform to recent legislative changes so that data is released when it will benefit the health and social care system.”


  • Comment

Related files

Have your say

You must sign in to make a comment

Please remember that the submission of any material is governed by our Terms and Conditions and by submitting material you confirm your agreement to these Terms and Conditions.

Links may be included in your comments but HTML is not permitted.