GP practices across UK face compulsory data protection audits

GP practices face compulsory audits from this month by the information commissioner to check their compliance with data protection laws.

Data: ICO could force audits on practices
Data: ICO could force audits on practices

GP leaders warned that the moves could put patients at risk if they piled more bureaucracy on top of the heavy workloads already faced by practices.

Following an overhaul of regulations, from 1 February the information commissioner's office (ICO), will be able to carry out compulsory audits to assess data protection by organisations including GP practices.

Previously the the ICO was only able to force these checks on government departments.

NHS organisations including GP practices found to be in breach of data protection laws have faced heavy fines. GP reported in 2013 on campaigners warning that practices could face fines of up to £500,000 for breaching data protection rules, and the ICO has issued fines totalling £1.3m to NHS organisations.

Routine inspection

However, a spokesman for the ICO confirmed audits were intended to flag up problems with data protection before a breach occurred, and their findings could not trigger a fine. He added that all practices would not be inspected as a matter of routine, and that audits could be triggered by concerns raised about a practice or other factors.

GPC deputy chairman Dr Richard Vautrey warned that the move must not leave practices facing yet more bureaucracy.

'GPs and practices take confidentiality and the appropriate handling of patient data very seriously,' he said. 'That's why we've been so concerned over the years about various government IT schemes that could undermine the confidence patients have in their GP.'

'We would need to see the details of any proposed audits the ICO planned to use, but they need to be very careful not to add yet more to the already heavy workload burden on practices and therefore make it even more difficult to provide good quality care to patients.

Regulatory burden

'The last thing practices want is CQC calling on Monday, the NHS England area team ringing on Tuesday, the CCG demanding attendance at a meeting on Wednesday and then the ICO requiring an audit to be done on Thursday, as the result of this regulatory burden could be having to handle a GMC complaint on Friday because patient care was compromised.'

Audits by the ICO can look at how organisations handle patients' personal information, security of data, records management, staff training and data sharing.

Information commissioner Christopher Graham said: 'The Health Service holds some of the most sensitive personal information available, but instead of leading the way in how it looks after that information, the NHS is one of the worst performers. This is a major cause for concern.

'Time and time again we see data breaches caused by poor procedures and insufficient training. It simply isn’t good enough. We fine these organisations when they get it wrong, but this new power to force our way into the worst performing parts of the health sector will give us a chance to act before a breach happens. It’s a reassuring step for patients.'

*This story has been amended following a clarification from the ICO that problems with data protection uncovered in compulsory audits cannot lead to a fine.

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins

Register

Already registered?

Sign in

Follow Us:

Just published

Doctors are being 'taxed out of the NHS', warns BMA chair

Doctors are being 'taxed out of the NHS', warns BMA chair

The NHS risks being brought to a standstill because 'perverse and punitive pension...

Welsh GP contract deal delivers £25m funding boost and partner incentives

Welsh GP contract deal delivers £25m funding boost and partner incentives

GPs in Wales will receive a £25m increase in funding in 2019/20 as part of a new...

Elected BMA members to receive equality training after sexism investigation

Elected BMA members to receive equality training after sexism investigation

BMA chair Dr Chaand Nagpaul has promised that the association will 'learn, act and...

NHS Resolution moves to allay fears over state indemnity 'small print'

NHS Resolution moves to allay fears over state indemnity 'small print'

Information about GPs will only be passed to the GMC under 'very rare circumstances'...

BMA U-turn over sexism and harassment debate at annual conference

BMA U-turn over sexism and harassment debate at annual conference

Doctors' leaders will debate claims that the BMA fails to address sexism and harassment...

Doctors begin giving evidence in BMA sexism investigation

Doctors begin giving evidence in BMA sexism investigation

Doctors have started giving evidence as part of the investigation into sexism and...