NHS ‘mislays’ 500,000 confidential patient documents

More than 500,000 pieces of NHS patient data were put into storage rather than delivered to their intended recipients, it has been discovered.

Between 2001 and 2016, the letters, which contained information such as test results and diagnostics, were mistakenly put into a warehouse run by the NHS Shared Business Services (NHS SBS) – a joint venture between the Department of Health and Sopra Steria. 

After the incident was discovered in March last year, NHS England launched a “secret” probe into the mistake, and has been accused of trying to cover it up, according to The Guardian.

However, the Department of Health said that both it and NHS England had been “completely transparent” about the investigation.

The probe discovered that a total of 708,000 documents went undelivered, but 200,000 of them were temporary resident forms and therefore not clinical documents.

The remaining 500,000 documents included information such as “copies of test or screening results, and communications about planned next steps in treatment following appointments with other healthcare providers”, according to NHS England.

Shadow health secretary Jonathan Ashworth called it an “absolute scandal”, and told The Guardian: “Patient safety will have been put seriously at risk as a result of this staggering incompetence.”

An NHS England spokesperson told Computer Weekly that the investigation had identified about 2,500 pieces of correspondence “which had some potential risk of harm to patient care and needed further investigation”, but that so far, “no evidence of patient harm has been confirmed”.

“Some correspondence forwarded to NHS SBS between 2011 and 2016 was not redirected or forwarded by them to GP surgeries or linked to the medical record when the sender sent correspondence to the wrong GP or the patient changed practice,” the spokesperson said.

“A team including clinical experts has reviewed that old correspondence and it has now all been delivered, wherever possible, to the correct practice. NHS SBS has expressed regret for this situation.”

The spokesperson said all the relevant documentation had been redirected by NHS England to the intended recipients and would be added to the patients’ medical records. “GPs are now conducting assessments of the potential impact on patients and if any cases of patient harm are discovered, they will be subject to a further clinical review process.”

According to The Guardian, GPs have so far been paid £2.2m to cross-check the letters with patients’ records.

NHS England said it was also reviewing its contract management arrangements “with a number of external suppliers to strengthen assurance and reporting processes”.

Commenting on the incident, Tony Pepper, co-founder and CEO of data security company Egress, said: “There is going to be a lot of clearing up to do. We are yet to discover the full extent of this data loss, but it’s not an overreaction to suggest the difference between going digital or not is a matter of life or death.”