Pharmaceutical companies, NHS commissioners, and universities have repeatedly breached agreements around sharing patient data, audits show. Should NHS Digital curtail their access? Esther Oxford reports
Hundreds of organisations including pharmaceutical companies, clinical commissioning groups (CCGs), and universities have breached patient data sharing agreements in the past seven years and yet their access to the information is not curtailed, The BMJ can reveal.
Companies, commissioners, and leading universities, including GlaxoSmithKline (GSK) and Imperial College London, have carried out “high risk” breaches according to NHS Digital audits examined by The BMJ. This means that they are handling information outside of agreed data contracts and may be failing to protect confidentiality.
In one instance of a high risk breach, clinical care commissioners allowed sensitive, identifiable patient data to be released to Virgin Care without permission from NHS Digital. When NHS Digital’s audit team tried to get access to Virgin Care to check their compliance, it was denied access for several weeks and the company refused to delete the patient data.