NHS slaps private firm Health IQ for moving Brits' data offshore
Spot check spots naughtiness
Health insurance and financial data management biz Health IQ is the latest outfit to have its wrists slapped by NHS Digital in the UK for failing to comply with data processing rules.
A technical audit of Health IQ concluded the company had breached its Data Sharing Agreement with the NHS "by holding and processing data outside of the UK," according to a report by the recently-rebranded NHS Digital, formerly known as the Health and Social Care Information Centre.
The audit (PDF) said: "As a result of this breach Health IQ had been required to delete NHS Digital data from the non-UK systems and to cease processing data in its London office. As a result of the incident, Health IQ has moved some of its infrastructure to a UK data centre."
It is not the first company to be take to task by NHS Digital in its regular audits and follow-up visit to companies to ensure they meet the obligations in their Data Sharing Contracts and Data Sharing Agreements.
"This helps to ensure that organisations abide by the terms and conditions we set and data is kept safe and secure," said NHS Digital.
The audits were put in place followinga review by Sir Nick Partridge , which disclosed that 588 data sharing packages were sold to "a range of private sector organisations, typically for the purpose of analytics, benchmarking and research" between April 2005 and March last year.
The spot checks apply to companies, charities, universities and government bodies that have received medical records after an investigation uncovered "significant lapses" in protecting patient confidentiality.
Phil Booth, coordinator of pressure group medConfidential, questioned why private companies are continue to break the rules around data sharing.
"We get told that there are rules in place to protect the privacy of patients. But yet again they've been ignored without penalty." He added that the errors are often basic and avoidable.
The sharing of patient records remains a highly contentious issue, with the government having officially canned its Care.data scheme.
The Register has contacted Health IQ for a comment. ®
Sponsored: Becoming a Pragmatic Security Leader