Hebden Bridge and other Calderdale GP practices’ patient data systems are unlawful

Hebden Bridge Group Practice and other GP practices in Calderdale use an electronic patient data system called TPP SystmOne that has an “enhanced data sharing” system that shares confidential patient data outside the GP practice eg with hospitals, care homes and community services.

Flaws in the system mean data protection is being breached as the sharing system gives access to our shared data to thousands of “authorised users” within the NHS, which is not what is supposed to happen. It should just go to whatever other NHS departments are treating you, in addition to your GP.

Update 13.10.208 TPP SystmOne made changes to its data sharing functionality in early 2018 and NHS England and NHS Digital sent these recommendations to GPs and asked them all to carry them out asap. In March 2019 the Information Commissioner’s Office stated the issue had been resolved to its satisfaction.

Before this was all resolved, The British Medical Association had advised:

“It has become clear that if patient records are being shared through TPP’s clinical system SystmOne, GPs are unable to specify which other organisations can have access to their patients’ records.
This has serious implications for GPs as data controllers – patients could complain that their records are accessible by people and organisations who should not be able to do so and it is likely that a court action in support of a complaint would succeed.”

The Information Commissioner’s Office view is clear – in its current configuration TPP SystmOne breaches the 1st and 7th principles of the Data Protection Act (DPA) and is therefore unlawful.

The James Lind Alliance, which brings patients, carers and clinicians together to identify and prioritise the unanswered questions they want health research to address, has  patient medical data sharing in its Top 10 Primary Care Patient Safety priorities.

Screen shot 2017-03-24 at 09.59.28

MedConfidential info about what patients can do about this is here

Advice to GPs from the British Medical Association here

Update 24.3.2017

Plain Speaker is asking Hebden Bridge group practice what it is doing to deal with the problem. And also if patients who opted out of data sharing for the care.data programme have also opted out of TPP SystmOne’s “enhanced data sharing”.

James Lind Alliance information also added 24.3.2107

4 thoughts on “Hebden Bridge and other Calderdale GP practices’ patient data systems are unlawful

  1. Given that the surgery was asked about this back in April, can anyone tell me what, if anything has happened thus far?

  2. How long is Plain Speaker giving HB group practice to reply ? What, if anything, will Plain Speaker do if a satisfactory response is not forthcoming ?

    • Hi Richard, I will probably print the letter and add the signatures and drop it off at the Valley Road surgery tomorrow. They will reply in due course, judging from past experience. I will publish the reply and also notify the people who signed the open letter and see what they want to do next.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.