NHS Data Blunder "Put Over 1700 Patients at Risk"

The health of over 1700 patients may have been put at risk after an NHS contractor failed to deliver hundreds of thousands of medical documents, according to an independent parliamentary audit.

The National Audit Office (NAO) report was finally released on Tuesday, detailing a catalog of errors at NHS Shared Business Services (SBS) which led to the stockpiling of “just under 709,000 items of unprocessed correspondence.”

These apparently included cancer test results and child protection notes.

NHS SBS, which had contracts with Primary Care Trusts in the East Midlands, north-east London and south-west England, was meant to forward any correspondence which may have originally been sent to the wrong GP practice.

However, it failed to do this on a massive scale between 2011 and 2016 and even kept the blunder quiet for two years, auditors claimed.

The firm, which generated revenues of around £87m in 2015 and is part owned by the Department of Health (DoH), finally informed NHS England and the DoH of the error in March 2016, but the former claimed SBS was "obstructive and unhelpful" when it then tried to investigate further.

The report paints a picture of an organization which paid scant regard to the importance of the data it was handling.

Most damning is the following exerpt:

“The files were stored in a room labelled ‘clinical notes’. A subsequent review found that the label had been removed by an SBS general manager because ‘you don’t want to advertise what’s in that room’. NHS SBS told us that it was important that documents were held securely and therefore not having a label on the door was appropriate as part of this.”

The number of cases of potential harm to patients could increase beyond the 1788 reported so far as doctors are still reviewing 200,000 records.

However, the cost of the incident will be at least £6.6m “for administration alone” according to the NAO, with the cash-strapped NHS likely to have to pay some of that.

Commentators have suggested the incident is proof of the need to urgently accelerate efforts to digitize the NHS.

What’s Hot on Infosecurity Magazine?