GP practices across UK face compulsory data protection audits

GP practices face compulsory audits from this month by the information commissioner to check their compliance with data protection laws.

Data: ICO could force audits on practices
Data: ICO could force audits on practices

GP leaders warned that the moves could put patients at risk if they piled more bureaucracy on top of the heavy workloads already faced by practices.

Following an overhaul of regulations, from 1 February the information commissioner's office (ICO), will be able to carry out compulsory audits to assess data protection by organisations including GP practices.

Previously the the ICO was only able to force these checks on government departments.

NHS organisations including GP practices found to be in breach of data protection laws have faced heavy fines. GP reported in 2013 on campaigners warning that practices could face fines of up to £500,000 for breaching data protection rules, and the ICO has issued fines totalling £1.3m to NHS organisations.

Routine inspection

However, a spokesman for the ICO confirmed audits were intended to flag up problems with data protection before a breach occurred, and their findings could not trigger a fine. He added that all practices would not be inspected as a matter of routine, and that audits could be triggered by concerns raised about a practice or other factors.

GPC deputy chairman Dr Richard Vautrey warned that the move must not leave practices facing yet more bureaucracy.

'GPs and practices take confidentiality and the appropriate handling of patient data very seriously,' he said. 'That's why we've been so concerned over the years about various government IT schemes that could undermine the confidence patients have in their GP.'

'We would need to see the details of any proposed audits the ICO planned to use, but they need to be very careful not to add yet more to the already heavy workload burden on practices and therefore make it even more difficult to provide good quality care to patients.

Regulatory burden

'The last thing practices want is CQC calling on Monday, the NHS England area team ringing on Tuesday, the CCG demanding attendance at a meeting on Wednesday and then the ICO requiring an audit to be done on Thursday, as the result of this regulatory burden could be having to handle a GMC complaint on Friday because patient care was compromised.'

Audits by the ICO can look at how organisations handle patients' personal information, security of data, records management, staff training and data sharing.

Information commissioner Christopher Graham said: 'The Health Service holds some of the most sensitive personal information available, but instead of leading the way in how it looks after that information, the NHS is one of the worst performers. This is a major cause for concern.

'Time and time again we see data breaches caused by poor procedures and insufficient training. It simply isn’t good enough. We fine these organisations when they get it wrong, but this new power to force our way into the worst performing parts of the health sector will give us a chance to act before a breach happens. It’s a reassuring step for patients.'

*This story has been amended following a clarification from the ICO that problems with data protection uncovered in compulsory audits cannot lead to a fine.

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins


Already registered?

Sign in

Follow Us:

Just published

Woman holding face in pain

Should GPs treat patients presenting with dental problems?

The MDU's Dr Kathryn Leask considers what GPs should do if a patient presents with...

Conservative Party leadership candidate and foreign secretary Liz Truss

Liz Truss vows to resolve GP pension tax crisis if she becomes prime minister

Liz Truss has affirmed her commitment to resolving the GP pensions crisis but has...

Baby receiving a vaccine in their thigh

JCVI advises changes to routine childhood and HPV immunisation schedules

The Joint Committee on Vaccination and Immunisation (JCVI) has recommended a change...

GP consultation

General practice delivering 'up to double the appointments it is paid for'

General practice in England may be delivering as many as double the number of appointments...

Sign outside BMA House

GP suicide sparks calls for measures to protect doctors from spiralling workloads

The government and policymakers must do more to safeguard doctors and NHS staff from...

Talking General Practice logo

Podcast: Living with long COVID

In August we’re bringing you some of the best interviews from series one of the podcast....