Medical Records of 26 Million Healthcare Patients at Risk of Compromise

An IT system used by around 2,700 medical practices in the United Kingdom potentially allows the medical records of patients to be accessed by unauthorized individuals. The system –  SystmOne – is one of the most popular in the United Kingdom and contains the medical records of around 26 million UK patients.

While the system is secure, if practices activate ‘enhanced data sharing’ the records contained in the system can be made available to local hospitals. However, that setting would also enable hundreds of thousands of healthcare workers to also access patients’ medical records. Those employees include receptionists and clerical staff, who are unauthorized to view the records. Members of staff in prisons, pharmacies, GP surgeries and care homes could also potentially be given access to the medical records held by a practice if the setting is enabled. The potential for medical records to be accessed and data used for malicious purposes is considerable.

The setting, which many practices would enable to allow legitimate sharing of patient data, takes away the mechanism that protects patient privacy. Patients may have given permission for their medical records to be shared, but it would be unlikely that they would have been informed of the potential extent to which their medical could be accessed.

If practices have unwittingly made patients’ medical records available, they could be flooded with complaints about privacy violations. The sharing of medical data without authorization would be a violation of data protection laws and could result in legal action.

The Information Commissioner has launched an investigation into the potential privacy breach and the IT committee of the British Medical Association has written to all GPS that use the SystmOne system instructing them to take urgent action to ensure patient medical records are secured.

The Information Commissioner is currently in talks with TPP, which owns SystmOne, and NHS Digital and is attempting to get the issue resolved as quickly as possible. TPP is working on an update that amends the function.

A statement has been released by TPP explaining that practices must inform patients if their information is shared and which organizations could potentially view their records. If patients are not informed, practices must ensure enhanced data sharing is turned off. The TPP spokesperson also pointed out that under no circumstances should users of SystmOne turn on the record sharing function “without fully understanding the consequences and without fully informing patients of the impact on their care.”

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of