Hebden Bridge Group Practice and other GP practices in Calderdale use an electronic patient data system called TPP SystmOne that has an “enhanced data sharing” system that shares confidential patient data outside the GP practice eg with hospitals, care homes and community services.
Flaws in the system mean data protection is being breached as the sharing system gives access to our shared data to thousands of “authorised users” within the NHS, which is not what is supposed to happen. It should just go to whatever other NHS departments are treating you, in addition to your GP.
Update 13.10.208 TPP SystmOne made changes to its data sharing functionality in early 2018 and NHS England and NHS Digital sent these recommendations to GPs and asked them all to carry them out asap. In March 2019 the Information Commissioner’s Office stated the issue had been resolved to its satisfaction.
“It has become clear that if patient records are being shared through TPP’s clinical system SystmOne, GPs are unable to specify which other organisations can have access to their patients’ records.
This has serious implications for GPs as data controllers – patients could complain that their records are accessible by people and organisations who should not be able to do so and it is likely that a court action in support of a complaint would succeed.”
The Information Commissioner’s Office view is clear – in its current configuration TPP SystmOne breaches the 1st and 7th principles of the Data Protection Act (DPA) and is therefore unlawful.
The James Lind Alliance, which brings patients, carers and clinicians together to identify and prioritise the unanswered questions they want health research to address, has patient medical data sharing in its Top 10 Primary Care Patient Safety priorities.
MedConfidential info about what patients can do about this is here
Advice to GPs from the British Medical Association here
Plain Speaker is asking Hebden Bridge group practice what it is doing to deal with the problem. And also if patients who opted out of data sharing for the care.data programme have also opted out of TPP SystmOne’s “enhanced data sharing”.
James Lind Alliance information also added 24.3.2107