Concern over data protection in NHS

A review into the processes within the NHS has revealed that information about millions of patients has been sold to private organisations over the last ten years.


This revelation has brought public trust in the health service to a new low point. The review, which was arranged by the NHS Information Centre, found that there have been “significant lapses” in patient confidentiality. The review revealed that between 2005 and 2012, around 600 data releases were made to private companies. This does not include charitable organisations. Reasons cited for the releases included research, benchmarking and analytics. Parties that received the information included pharmaceutical companies and insurance firms.


As a result of the report on this review, a number of recommendations have been made for the Health and Social Care Information Centre (HSCIC) to act on. The report has also called for the HSCIC to learn from the mistakes of its predecessor. A spokesperson for a privacy campaign group has called for these findings to be taken seriously, noting that this is one of the biggest breaches of data in the history of the NHS.


One of the issues raised by the report is that on two occasions, data was released to a private organisation but no record of the actual recipient exists. The author of the report has acknowledged that the situation on patient confidentiality is unacceptable and has pointed out that the NHS Information Centre should have put solid data sharing agreements into place and monitored them.