It has been revealed that more than 500,000 sensitive NHS documents were kept in storage by a private company instead of being delivered to GPs and hospitals between 2011 and 2016. The government is now frantically trying to uncover how many, if any patients, have been affected by the missing information.

The documents include the results of blood and urine tests, biopsies and screening tests for diseases including cancer. Additionally, letters detailing patients’ visits to hospitals, summaries of the care patients’ received and even information relating to cases of child protection were discovered.

The files failed to reach their intended recipients because the company that was meant to deliver them mistakenly stored them in a warehouse. The company, NHS Shared Business Service, is co-owned by the Department of Health and French firm Sopra Steria, and was working as an internal postal service between GPs and hospitals, within the NHS until March last year.

NHS has been investigating the blunder since last year

Following discovery of the mistake last year, the NHS quietly investigated whether any patients actually suffered as a result of it through a team of 50 administrators, led by Jill Matthews, ‎managing director at NHS England’s primary care branch.

It was learned that of 708,000 undelivered items, 200,000 were not medically sensitive. The team is also undertaking a clinical review of patients who have died since the loss of documents was discovered in March 2016 to examine whether delays in material reaching GPs played any part in any patient’s death.

The Commons Public Accounts Committee released a letter that stated: “173 responses have been received so far from GPs indicating cases that require further clinical review and arrangements are now being progressed for relevant clinicians to conduct these reviews between now and March 2017.” The extent of the problem is still being assessed.

An NHS England spokeswoman said, “A team including clinical experts has reviewed that old correspondence and it has now all been delivered wherever possible to the correct practice.” Thus far, doctors have been given £2.2 million to analyse the documents returned to their clinics; however, many have said they are too busy or have passed the work on to administrators.

For his part, health Secretary Jeremy Hunt has said he was advised not to make the issue public initially due to concern that GPs would be unable to investigate the most urgent cases if they were inundated with calls from worried patients.

Both doctors and patients may face consequences

Richard Vautrey, chair of the British Medical Association’s GPs committee said, “Undoubtedly, there will be cases where patients have been seen by their home GP without [the GP having] the information from previous consultations or tests being their file – so they may not know whether antibiotics have been prescribed to a patient or whether tests and investigations have been done.

“That might mean repeat prescriptions, which would be unnecessary, as they have been taken before. And it might mean delay in diagnosis. If that happened it’s at best an inconvenience to the patient, and at worst there’s a risk of patient harm,” he added.

This is not the first time confidential NHS data has been compromised. A cyber attack on five hospitals in east London in January led to thousands of confidential files being accessed. Dr Sarah Wollaston, chairwoman of the Health Select Committee, believes the situation shows the need for patients to be empowered to access their records digitally but data security is still a key concern given past breeches in India and America.

Although Meg Hillier, chair of the public accounts committee has suggested that the Department of Health may be asked to pay compensation to any patient whose health may have been affected, the fact remains that in an already stretched NHS, countless hours of GP’s and administrator’s time will go in following up cases. For affected patients and families though, the revealed information could change their lives. MIMS

Read more:
Woman dies after three hospitals denied admission for surgery
Regulator spent £240,000 to cover up negligence leading to babies’ deaths
Data breaches expose personal and medical information of thousands of patients