TPP making changes to SystmOne to address data protection concerns

  • 31 August 2017
TPP making changes to SystmOne to address data protection concerns

TPP has confirmed it is piloting new functionality in its SystmOne electronic patient record, with a view to addressing data protection concerns raised by the Information Commissioner’s Office (ICO).

The ICO first raised concerns about TPP in March, specifically in relation to the enhanced data sharing model (EDSM) in its SystmOne electronic patient record system.

SystmOne is used by nearly 3,000 GP practices in England, and the function makes it possible to share information about patients with other users.

The ICO’s worries centred on principles 1 and 7 of the Data Protection Act. These relate to fair and lawful processing of data, and to data security.

On Wednesday (30 August) it was announced that TPP has developed new functionality within SystmOne which is designed to address these issues. The changes are said to follow detailed discussions between the company, the ICO, NHS Digital and NHS England.

In a statement, TPP reported that the functionality “gives GPs greater flexibility and increased control over which organisations have visibility of the GP record”.

The statement added that the changes also enable “patients to work in partnership with their GP to decide who can view their shared record”.

The firm plans to pilot the new arrangements in the coming weeks. Sites involved in the testing have apparently already been selected, and any existing sharing arrangements in place will not be affected by the work.

In its own statement, the ICO welcomed the developments: “These changes, which will be implemented for GP practices using the system along with updated documentation, are welcome and represent significant progress in addressing the concerns raised by the ICO for GP data controllers using SystmOne”.

Both organisations said they would continue to work together during the pilot and following its completion, so as to ensure any final concerns are addressed.

The worries about the SystmOne model sparked a discussion paper published by the independent CCIO and Health CIO networks. It contended that current data protection guidance and regulations are contradictory and not conducive to effective patient care.

Complexities around data sharing are expected to increase with the introduction of the General Data Protection Regulation (GDPR), which comes into force next May.

Designed to make data protection guidance consistent across the European Union, it will introduce significantly higher penalties for breaches.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

New data laws will allow patient data to be shared across the NHS

New data laws will allow patient data to be shared across the NHS

A new bill which will allow patients’ data to be easily transferable across the NHS has been introduced to Parliament.
Somerset ICB integrates shared care record with Dorset GP data

Somerset ICB integrates shared care record with Dorset GP data

Clinicians at Yeovil Hospital can now access Dorset patients' GP data through Somerset's shared care record.
NHSE says IT should flag patient safety issues in primary care

NHSE says IT should flag patient safety issues in primary care

New patient safety guidance from NHS England says that primary care’s IT systems should automatically flag patient safety issues.