From The British Medical Journal:
Hundreds of organizations including drug companies, NHS commissioners, and universities have breached patient data sharing agreements in the past seven years, reveals an investigation by The BMJ today.
GlaxoSmithKline (GSK) and Imperial College London are among those that have carried out “high risk” breaches according to NHS Digital audits examined by investigative reporter Esther Oxford. This means that they are handling information outside of agreed data contracts and may be failing to protect confidentiality.
In one instance of a high risk breach, clinical care commissioners allowed sensitive, identifiable patient data to be released to Virgin Care without permission from NHS Digital. When NHS Digital’s audit team tried to get access to Virgin Care to check their compliance, it was denied access for several weeks and the company refused to delete the patient data.
Read more from BMJ at Medical Express.
More information: Investigation: Hundreds of patient data breaches are left unpunished, The BMJ (2022). DOI: 10.1136/bmj.o1126