The NHS is sending millions of patient records and confidential medical notes to India for processing — despite a pledge by Labour that personal information would not be sent overseas.
It is the first time that databases of names, addresses and NHS numbers of patients have been sent abroad, along with private information about medical appointments.

NHS managers, under pressure to cut costs, are implementing the changes despite warnings about poor security in some offshore centres.

The Sunday Times has identified seven primary care trusts in northeast London, serving more than 1.5m people, that have begun to send patient details overseas. The databases are administered by about 200 workers in Pune, western India.

Although companies handling the records in India said security was “paramount”, there is a risk of patients being identified if the NHS numbers are matched with anonymised clinical notes carrying NHS numbers, already being sent to India by more than 30 trusts.

Typically, a set of clinical notes will be based on a consultant’s findings during a session with a patient, which he will read into a voice recorder during or after the appointment.

The recording is then transferred to a computer and sent to India, where it is transcribed. One source involved in processing the information said patient names can crop up during the appointment and may then inadvertently be included with the clinical data.

Workers in India are also producing letters for patients with appointments for cervical smear tests and breast screenings.

Pilot schemes for NHS offshore transcription services began more than four years ago and have rapidly expanded. The Royal Free hospital in London, the Derby hospitals trust and the Newham University hospital trust are among those sending clinical notes overseas.

Labour ministers have been anxious to allay concerns about the confidentiality of patient information since the launch of a £12 billion scheme to computerise health records.

In January 2007 Caroline Flint, then health minister, told parliament the project would “expressly preclude the transfer of patient information outside the United Kingdom”.

Trusts, however, believe they may send patient information outside the UK if it does not come under the electronic records project.

John Hemming, the Liberal Democrat MP for Birmingham Yardley and an expert on IT projects, said: “Given the government’s track record of losing data in this country, it is worrying that data are being sent overseas. Every transfer of information adds to the risk of it being lost.”

The possible risks of transferring patient data overseas were exposed last year when undercover reporters from ITV1’s Tonight programme were able to buy health records from a private hospital in London, processed in India. The sellers claimed to have access to thousands of UK medical records.

The transfer of primary care trust records is being handled by NHS Shared Business Services, a joint venture between the Department of Health and the IT company Steria.

From: http://www.timesonline.co.uk/tol/life_and_style/health/article7086816.ece

Health Direct urges you to opt out of labour’s snoopers charter- whilst you still can!

The rising rate of blunders in IVF treatment ‘may be systemic’, says leading patient safety expert

The number of reported mistakes a t the 138 fertility clinics in England and Wales nearly doubled in the year to April 2009, rising to 334 from 182 the previous year. One leading patient safety expert has now warned that blunders which have occurred as record numbers of women seek treatment, may be “systemic”.

The increase comes as one clinic, IVF Wales, is at the centre of a fresh scandal after losing the last two remaining embryos it had frozen for one of its patients. It is the second time in less than 12 months that a mix up at the centre, based at University Hospital of Wales in Cardiff, has left patients devastated.

The Cardiff-based couple has had their eight-year quest to have a baby put on hold as a result of the blunder, which followed an initial, unsuccessful course of IVF. The pair, identified only as Clare and Gareth, are suing Cardiff and Vale University Health Board, which last year paid out a five-figure sum in compensation for negligence after another mix up.

Guy Forster, a solicitor at the law firm Irwin Mitchell who is representing the couple, said the incident raised questions about the Government’s IVF watchdog, the Human Fertilisation and Embryology Authority.

“This raises concerns about the HFEA’s ability to regulate the IVF industry properly. I think it should be doing a lot more to follow up when an incident occurs, especially at a clinic with a poor track record,” he said, adding: “These problems appear to be on the rise.”

An official review last year found that the HFEA was failing to punish badly run fertility clinics by not using the “full range of sanctions” at its disposal. Professor Brian Toft, a patient safety expert at Coventry University, said: “If the HFEA fails to clamp down when something has gone wrong then things will continue to go wrong.”

He said the rise in reported incidents, uncovered by BBC Radio 5 Live, implied clinics were not learning from their mistakes, adding: “I have been told there are not enough qualified staff doing the work. HFEA do not make any recommendations for staffing levels per number of patients. If you have a lot of patients and not enough staff, this could account for an increase in errors. This problem may well be systemic.”

Professor Sammy Lee, an IVF expert, said the watchdog must ensure clinics comply with regulations. “They need to obtain staff that have experience of enforcement and are able to make sure that regulations are put into place,” he said.

An HFEA spokesman played down the increase in blunders, which he said was partly due to new rules requiring clinics to include incidents when patients suffered from ovarian hyperstimulation syndrome (OHSS). “The number of reported incidents has increased as the sector has responded positively to the opportunity to share lessons learned from incidents which have been reviewed and investigated,” the HFEA added in a statement.

From: http://www.independent.co.uk/errors-at-ivf-fertility-clinics-double-in-just-one-year

The NHS reported the highest number of serious data breaches of any UK organisation since the end of 2007, the Information Commissioner’s Office says.

David Smith, deputy commissioner at the ICO told the Infosec security conference the NHS had highlighted 287 breaches to it in the period.

That accounts for more than 30% of the total number reported.

The NHS – the UK’s largest employer with 1.7m staff – has only started the process of rolling out digital patient records.

Most of the breaches (113) were the result of stolen data or hardware, followed by 82 cases of lost data or hardware.

Mr Smith said the problems were not confined to the public sector and that results could be skewed because the public sector has a culture of reporting all breaches whereas not all private sector firms did.

Richard Vautrey, the deputy chair of the British Medical Association’s GPs committee thinks the number of breaches reflect the size and complexity of the NHS as well as its culture of openness.

“So many people have access to data and often human error is to blame. There is an increased attempt to be open and honest about what happens to data,” he said.

He added that he was not aware of a specific case where a data breach had affected patient privacy or care.

“We need to keep their breaches in perspective,” he said.

As part of its plans to digitise patient records, the NHS is asking patients if they want their data stored on national databases. It is important that people are given the chance to opt out, said Mr Vautrey.

Currently the reporting procedure for data breaches in the UK is voluntary although the ICO is “moving towards” a compulsory system.

In April the ICO introduced fines of up to £500,000 for serious data breaches.

The European Union’s Telecoms Package requires telecom firms to report data breaches and Mr Smith said he expected this requirement to expand beyond telcos.

Data encryption firm PGP welcomed the tough new approach to data security.

“Finally the ICO, which has long demanded greater powers, will be able to severely punish those in serious breach of the Data Protection Act. For too long, organisations have continued to ignore the warning signs – risking both the privacy of their customers and the reputations of their brands,” said Jamie Cowper, European marketing director at PGP.

He anticipates “severe fines” for the next private sector company to be involved in a serious data breach although he does not imagine the ICO will pursue the NHS.

PGP calculated that data breaches cost companies, on average, £67 per piece of data lost.

From:

http://news.bbc.co.uk/1/hi/technology/10089066.stm

Health Direct asks- given that the NHS has the worst record of data security and that labour politicans have already sent 250,000 political letters to cancer sufferers- are you CERTAIN that your medical records will be safe on the Snoopers Charter database? If not OPT OUT NOW- whilst you still can!

The biggest single supplier to the £12bn NHS NPfIT white elephant programme is on the brink of being fired from a key part of its contract after failing to meet a deadline to install systems at hospitals in the north west.

CSC, which holds the contract for two-thirds of England, missed the deadline to get the Lorenzo electronic medical record product up and running at the Morecambe Bay NHS Trust’s hospitals.

CSC originally said the system would go live almost two years ago, in June 2008.

The failure is the latest crisis for the much-troubled programme which is running at least four or five years late.

CSC and BT, which covers London, had each been given a deadline to get new systems running smoothly in a big, acute, hospital, with the Department of Health warning last year that it would “look at alternative approaches” if that failed to happen.

BT has since installed a system at Kingston Hospital to the health department’s satisfaction. Christine Connelly, the department’s chief information officer, said it now needs to go through a due process under its contract with CSC which could yet see a new deadline set and met.

But if progress is not made, she told the Financial Times, the department has the option of cancelling CSC’s contract to install the systems in acute hospitals and letting hospitals choose from other suppliers.

Morecambe Bay, she said, remained keen to continue and under the contract CSC has to be given time to propose a fresh deadline for deployment, with the programme then assessing the credibility of that and whether to agree it.

“We have to walk through this step by step,” Ms Connelly said. “In a contract as large and complex as this we cannot just set a deadline and say that’s it. We have to act responsibly and not expose the department and the taxpayer to risk.”

But, she warned bluntly, “we cannot wait for ever”.

CSC has contracts worth about £3.3bn to install hospital, community, mental health and GP systems, with the latter elements progressing much better.

But Ms Connelly said if CSC’s plan was not credible the NHS had the option of cancelling the acute hospital part of the deal, thought to be worth around £1bn. CSC did not respond to attempts to contact it last night.

BT, having hit its deadline, has agreed a contract variation, signed yesterday, which the department said would save the NHS £112m, or about 12 per cent of the contract value, as part of the £600m savings the health service is seeking on the programme as a whole.

As part of the deal, BT is now signed up to install much fewer full systems in London, with about half the hospitals likely to add clinical systems to their existing IT arrangements, rather than replacing everything, Ms Connelly said.

Allowing hospitals to choose other suppliers is already starting to happen in the south of England, although the first contracts for that have yet to be signed. That should start to take place from May this year, she said.

From: http://www.ft.com/cms/s/0/6a9f7ee2-3d26-11df-b81b-00144feabdc0.html