Pulse reports today that the Department of Health is investigating how confidential data in the NPfIT Personal Demographics Service came to be printed on the front of envelopes sent to patients. The PDS is run by NHS Connecting for Health which runs the NPfIT.
The PDS contains the names, addresses and basic details on tens of millions of patients. It provides a "front-end" access to NPfIT systems such as the Summary Care Record.
Because the PDS it is widely accessible by clinicians and administrative NHS staff access it is not supposed to contain highly confidential data. The Department of Health and NHS Connecting for Health have been at pains in the past to emphasise the non-confidential aspects of the PDS.
Now Pulse says that PDS data on the front of envelopes sent to patients included codes for door entry and key safe boxes. The data was said to have been ‘inappropriately' entered alongside address information in the PDS.
"Security codes for the homes of an undisclosed number of patients have been printed on the front of envelopes and mailed out, in a data security blunder which managers have warned places the elderly and ‘vulnerable' at risk...
"Patients raised the alarm after reporting that they had been sent letters with the security codes printed in the first line of the address on the envelope."
NHS Connecting for Health has declined to say how many letters were sent out, or the number of patients who have security codes for their home address stored in the PDS.
An alert sent out by NHS South East Coast to GP practices in the area said that access codes for key safe boxes and other such door entry systems were being stored within the address field on the PDS national patient index.
"The storage of these details on the PDS constitutes a security risk to vulnerable/elderly residents and in some cases the door entry codes have been printed as part of the address on correspondence.'
A Department of Health spokesperson told Pulse:
‘We have been made aware that in a number of cases additional information about addresses has been stored inappropriately on the Personal Demographics Service ... We have no evidence this had led to security breaches. We are currently investigating and will take action as necessary.".
Dr Trefor Roscoe, a GP in Sheffield and former medical IT consultant, told Pulse: ‘This is what happens when people who don't know what they are doing are allowed to alter details on the computer."
He suspects that staff in the district nursing service have been keying in the code number in patients' records. They have chosen the field which is the first line of the address, and "because they have no understanding of the computer system, they don't realise that this then changes the [NPfIT] Spine, and also makes it available to anyone who can see the data on the Spine".
He adds: "Obviously it then gets printed on letters .. It''s the sort of thing that we predicted to happen to all these medical GP systems." Without proper training there is probably not a lot you can do about it, said Roscoe.
Tomorrow MPs on the Public Accounts Committee are expected to publish a report that criticises NHS Connecting for Health over its management of NPfIT detailed care record systems. A widespread perception that the NPfIT has been a costly failure will not be assuaged by the latest security blunder.