This site is intended for health professionals only


HSCIC review reveals data breaches

20 June 2014

Share this article

The company tasked with handling care.data revealed it has had patient data breaches in at least two instances. 

A report, which was commissioned into the Health and Social Care Information Centre’s (HSCICs) predecessor NHS Information Centre revealed the issues and that there were significant administrative delays in recording the release of data and records of the decisions made by doctors were unclear and incomplete.

Following the review, which was led by Sir Nick Partridge, new recommendations to create greater transparency and more stringent data regulation have been released. 

A series of steps laid out by HSCIC outline how organisations can guarantee greater openness and reassurance to the public. 

Sir Nick said the HSCIC must learn lessons from the “loose processes” of its predecessor organisation. 

He said: “The public simply will not tolerate vagueness about medical records that may be intensely private to them.  We exist to guard their data and we have to earn their trust by demonstrating scrupulous care with which we handle their personal information.

“Although there is a new board and largely new senior executive team, the HSCIC inherited many of the NHS IC procedures and staff.  This included data agreements with organisations, which have been highlighted by my review and which will subsequently be listed in future versions of the register of all data releases, first published by the HSCIC in April.  We can now make sure we conform to recent legislative changes, so that data is released when it will benefit the health and social care system.”

HSCIC chief executive Andy Williams acknowledged the mistakes of the HSCIC and underlined the importance of public trust.

He said: “In the interests of building an organisation which gains public confidence I want to draw a line under the past. It is vital we learn valuable lessons from a previous time but we need to move forward now and focus on ensuring our processes and decisions are robust, clear and transparent.

“The valuable work that the HSCIC does for the health and social care systems needs the endorsement of the public if it is to be effective.  We want people to be certain their choices will be followed, clinicians to feel supported in their roles and data users to know where they are with us.”

Three of the ten recommendations put forward by Andy Williams and agreed upon with the HSCIC board are:

– Patients and public representatives will join HSCIC’s new committee  Data Access Advisory Group (DAAG) which is overseen by the Confidentiality Advisory Group, who will gain powers later this year

– Data agreements will be re-issued to ensure activity is centrally logged, monitored and audited, meaning greater openness and documentation of data

– Greater communication to the public and patients with an explanation to people’s rights to reject their data flowing to or from HSCIC

Chair of HSCIC, Kingsley Manning said: “We welcome the government’s commitment to set up appropriate oversight for the system as a whole in relation to protecting confidentiality.   

“We look forward to our work being subject to the same scrutiny and also want to encourage the public to scrutinise our activities – this is supremely important to me as chair of the HSCIC and to our new chief executive.”

Phil Booth, coordinator of confidentiality campaigners medConfidential, said: “We welcome Sir Nick Partridge’s recommendations, but patients need to see the evidence that they’ve been acted on. Public confidence depends on actions, not just words.

“If patients are to trust that procedures and audit are working they must be provided proof of who has their own data, what they are using it for and when it has been deleted. If the systems being constructed for a 21st century NHS cannot provide these answers, they are not fit for purpose.”