The Department of Health and Social Care released a statement yesterday that an error by TPP, a company supplying GP software, meant that 150,000 historical “Type 2” objections to data processing had not been upheld.

The opt-outs were correctly recorded in patients' records, but because of a coding error in TPP’s system, it did not pass on the registered objections set between March 2015 and June 2018 to NHS Digital. This meant that NHS Digital was unaware of them when processing data for use beyond individual care, including for clinical audits and research. NHS Digital's Data Release Register contains details of when and how patient data has been shared for use beyond individual care.

The error was noticed when TPP switched to a new coding system for patient data last week. This new system did not contain the same error and so NHS Digital was suddenly notified of a large number of opt-outs coming from GP practices using the TPP system. TPP then investigated its systems and discovered the source of the error.

TPP has apologised for this and has committed to working with NHS Digital to avoid future errors. NHS Digital will be writing to all patients whose objections were not upheld, indicating what has happened and that their objections are now being honoured. NHS Digital has provided an explainer and what they are doing to address the situation.

A “Type 2” opt-out was introduced in 2014 to allow patients who did not want their confidential patient data to be used beyond NHS Digital to register this objection with their GP. The new national data opt-out, introduced at the end of May 2018, enables patients to directly register their objection with NHS Digital rather than via their GP. This means that in future, if the system is implemented correctly, errors such as this should not occur.

This incident highlights the critical need for transparency – to ensure that it is clear where data is going and how choices are honoured. It also demonstrates that a trustworthy system must not just say the right things but also do the right things in practice as well: if opt-outs are claimed to be honoured, they absolutely must be. If these standards are not upheld, there has be clear accountability in the system, with sanctions if necessary to demonstrate that these issues are taken seriously, or public confidence will again suffer.

Once made aware of the incident, TPP and NHS Digital have responded rapidly, which is reassuring. Both the Information Commissioner's Office (the data protection regulator) and the National Data Guardian have been informed and we await their views. 

However, it is concerning that this error had not been picked up in the three years since the coding system for Type 2 opt-outs was implemented. We strongly encourage both NHS Digital and the suppliers it works with to develop robust checks on honouring patient opt-outs and for there to be meaningful consequences for those who fail to meet these standards.