Breach, Compliance Management, Data Security, Network Security, Privacy

NHS patients’ data shared despite their objections, due to data processing error

Data that National Health Service patients in the UK specifically requested be kept private was inadvertently used in a clinical audit and research project due to a nearly three-year-long data processing and management error, a UK government official reported yesterday.

In an official statement, Parliamentary Under-Secretary of State for Health Jackie Doyle-Price disclosed the an NHS system provided by clinical software developer TPP contained a defect in the processing of “Type 2 objections,” which was developed as a way for NHS patients to establish restrictions on how their personal data is used.

Doyle-Price's statement notes that roughly 150,000 “Type 2 objections” set between March 2015 and June 2018 were never sent to NHS Digital. As a result, the patients' information was sent in unauthorized fashion in data disseminations between April 2016 and June 26, 2018. The glitch has reportedly since been remedied.

As of May 25, 2018, the UK government replaced the Type 2 objections process with a national data opt-out process that's designed to simplify the processing of registering data sharing objections.

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.