The government has been urged to focus on speeding up move to digital healthcare records amid accusations that the NHS covered up the loss of more than half a million pieces of confidential patient data over five years.
Health secretary Jeremy Hunt was today forced to admit to MPs that errors by the company NHS Shared Business Service led to more than 700,000 items of correspondence between hospitals and GPs going undelivered between 2011 and 2016.
The information, which included more than 500,000 pieces of confidential medical correspondence, such as blood, urine and biopsy test results, and around 200,000 temporary residence forms, was mistakenly stored in a warehouse by NHS SBS.
According to a report in The Guardian, which revealed the extent of the error, NHS England first became aware of the issue in March 2016 and launched an inquiry to assess whether there had been any harm to patients as a result.
This includes creating a taskforce to investigate the error, while GPs have been given £2.2m so they can examine the correspondence – which has been recovered from the warehouse and delivered – and cross-check it with other information to check patient care was not affected.
The Guardian report prompted an urgent question from shadow health secretary Jonathan Ashworth, who called on the health secretary to explain the “catastrophic breach”, saying Hunt “stands accused of a cover up”.
However Hunt said that when he was told about the error he was advised against informing the public until after the investigation, arguing that it could have inundated GPs’ surgeries with requests at a time when they needed extra resources to review the now-delivered records.
When Hunt did make a statement to the House of Commons, on the final day before recess in July 2016, he referred to a statement from the NHS SBS, which he said was related to “an issue with a mail redirection service”.
This statement said that “some correspondence in the mail redirection service has not reached the intended recipients”.
Hunt told MPs that no patient harm had been identified to date: during the first triage 2,500 were identified as being potentially harmful, but a follow-up had then ruled out nearly 2,000.
He added that the internal postal service has been taken off NHS SBS, which is co-owned by the Department of Health and Sopra Steria, and taken back in-house.
NHS needs to go digital
During the discussion in the Commons, a number of MPs questioned why the government had not made quicker progress to digitising health records, noting that this incident could not have happened if records were all online.
“Isn’t it time patients are given direct control of their data?” asked Sarah Wollaston, Conservative MP for Totnes, who worked as a GP for eleven years.
Meanwhile, Philippa Whitford, SNP MP for Central Ayrshire, said that Scotland had had not sent data by post for several years, and that a delay to follow suit in England was “holding back” care.
In response, Hunt – who admitted to MPs in December 2016 that his original target of 2018 for a paperless NHS was not likely to be achievable – agreed there were “potentially huge advantages” to people having access to e-health records, but stressed the importance of ensuring sufficient security for electronically-stored data.
He said that the government was looking at systems “even more robust” than those used by banks to allow it to be accessed by only the right people.
Hunt added that the government needed to “carry the public with us” in moving to digital, saying that they needed to have confidence that the data would be stored securely, which he said was the reason for appointing Fiona Caldicott as the National Data Guardian for patients.
The comments from MPs were echoed by industry experts, who urged the government to speed up progress to online record-keeping.
Tony Pepper, the chief executive of Egress, said that – although digital records have their own challenges, physical data is “inherently less secure” because it is “difficult to trace, goes missing easily and is often open to interference”.
Meanwhile, Zak Suleman, a healthcare specialist at Smoothwall, said that a digitalised service “would almost have guaranteed that this [the postal error] would never have happened”.
However, Suleman added that the process would be complex and that the NHS needed to ensure the data was secured against hackers and ransomware attacks with heavy encryption, filtering and firewalls.