popyconcept - Fotolia

ICO concerned about TPP’s GP IT system’s data sharing compliance

The information commissioner is worried that TTP's GP IT system’s enhanced data sharing function brings risk to patients’ confidential medical records, but urges GPs not to turn off data sharing

The Information Commissioner’s Office (ICO) has highlighted concerns around TPP SystmOne’s data protection compliance relating to its “enhanced” data sharing function.

SystmOne is one of three major GP IT systems used across the NHS in England, and holds millions of confidential patient records.

The latest upgrade to the system allows clinicians across different healthcare settings, such as in hospitals and in the community, to access the patient record should it be in the best interest of the patient’s care.

However, after concerns that the supplier may be in breach of data compliance, the ICO launched an investigation in March 2017, focusing on the data protection compliance concerns about SystmOne’s enhanced data sharing function and the potential risk to patients’ medical records held by GPs.

In a statement, an ICO spokesperson said it has “data protection compliance concerns about SystmOne’s enhanced data sharing function and the potential risk to patients’ medical records held by GPs,” but that due to the possible impact on patient care, it is “not advocating that users switch off data sharing at this stage”.

The ICO's concerns are “centred on the fair and lawful processing of patient data on the system and ensuring adequate security of the patient data on the system”. 

The NHS is currently working on a new strategic policy for national data sharing. An NHS spokesperson said it was aware of the ICO’s concerns and that NHS organsiations are already supporting TPP to respond to the issues raised, and is working closely with the ICO and GP leaders. The full response plan is expected to be implemented by the summer.

Ultimately, GPs themselves are responsible for the sharing of patient data.

Read more about the NHS

In a statement on the company’s blog over the weekend, TPP said that sharing should only occur “either with a recorded patient consent to share, or the use of an access override”.

“Once the consent is set to share, only health and social care professionals with the appropriate access controls and relevant security clearance (via the use of smartcards and passwords) are able to access that medical record, again with patient consent where possible,” TPP said in its statement. “All access to the record is recorded in the audit trail. Patient dissent to both sharing and the override function can be recorded.”

Patients can also view their records online, as well as see where and when their records have been accessed.

Access to good information essential

Keith McNeil, NHS chief clinical information officer, said access to good information is “essential to good care”.

“Every health and care worker knows that medical information is sensitive, personal and should only be accessed when appropriate,” he said. “Rules about appropriate use are written into individual contracts, and for clinicians it is also part of professional codes of practice.”

“Medical data should always be managed fairly and lawfully, with the highest levels of security and safety. Access to records in commonly used GP IT systems is audited and can always be traced back because users login using unique identifiers and secure access methods. We are currently working with TPP and GP representatives to address concerns raised by ICO.” 

Computer Weekly has asked TPP for further comment. 

Read more on Healthcare and NHS IT