A data-mapping firm has withdrawn a service which may have allowed access to information on millions of patient records, following the launch of an investigation from health authorities.
The service provided by Earthware, which supplies its clients with data visualisations through the use of its mapping technology, was shut down on Monday following a request from the Health and Social Care Information Centre (HSCIC).
The website offered to provide data visualisations that allow users to locate areas in England where a single individual had gone for specialised treatment, the Guardian writes. The information would not have allowed individuals to be identified, but its use may have contravened data protection rules.
The data is believed to be from the Hospital Episode Statistics (HES), a data warehouse run by the HSCIC which contains millions of records with details of all admissions, outpatient appointments and A&E attendances at NHS hospitals in England. The anonymised data includes patient age, gender, diagnoses and other personal information.
However Earthware said in a statement on Monday that the information made available online was a demo which displayed "mock data" that was supplied by a third party.
"We do not hold nor have we ever held HES data on our servers," the company said.
The HSCIS announced yesterday that it had demanded the tool be taken offline, pending a further investigation into the source of the data.
"We are investigating urgently the source of the data used by Earthware UK and whether controls demanded of any organisation using data have been maintained," the centre said. "After this investigation we will take any necessary action."
The move by the HSCIC follows on from concerns over the use of patient data as part of the government's care.data scheme.
Under the controversial plans, patient's which do not opt out of the scheme will have certain data made commercially available to organisations such as universities, insurers and drug companies.
The proposals were put on hold last month in order to spend more time reassuring the public over the scheme.
NHS England has previously admitted that there is a risk of patient data being identified, despite promises that the records will be pseudonymised when extracted from GPs' systems.
The security of NHS data came into question again yesterday, after it emerged that patient information had been used by a marketing consultancy to advise clients on social media campaigns.
Entire HES data sets were uploaded to Google servers, with PA Consulting using Google BigQuery to create interactive maps of data.
The HSCIS said it signed an agreement to share pseudonymised data with PA Consulting in 2011, and was aware of the use of Google tools.
Sign up for Computerworld eNewsletters.