How your health records could be filled with mistakes

A few days before Christmas, I received an email from the NHS stating: ‘We are writing to let you know about government advice for people considered to be at highest risk of becoming very unwell if they catch Covid-19. This is because your medical records tell us you are someone with Down’s syndrome.’

My first reaction was to laugh. This was ridiculous. I don’t have Down’s syndrome.

Perhaps it was some sort of scam? But the email address looked legitimate, it used NHS-headed ‘paper’, contained my correct date of birth and my NHS number, and —tellingly — the spelling error in my middle name that I’ve been complaining to my doctor’s surgery about for years.

I realised this was no hoax. Somehow, the NHS had concluded I had Down’s syndrome and now needed to shield. How on earth had this happened? 

And if the NHS could mistakenly believe I have Down’s syndrome, could it not just as easily have written to me saying, ‘You have terminal cancer’ or something else equally terrifying?

The NHS shielding department that had sent my email said it was based on my GP medical record, which was extracted by NHS Digital, the information and technology partner of the NHS.

Being contacted in error like this is more common than you may think. Last week, the National Audit Office revealed 126,000 people were wrongly advised to shield owing to incorrect records.

When I spoke to my GP, she was horrified. But when she looked at my notes, she instantly understood what had happened and admitted she had made a mistake.

Eight years ago, I became pregnant with a baby who was discovered to have a rare chromosome disorder called trisomy 2 mosaicism. 

My GP had added this information to my computerised notes, using a code for Down’s syndrome, because there was no code for my baby’s condition.

Unborn babies don’t have their own medical records, but there are separate antenatal codes, which shouldn’t stay on the mother’s record. In my case, the GP mistakenly used a code for me rather than the antenatal code for my daughter.

But when my baby, whom I named Elodie, died at 24 weeks, my GP hadn’t removed the code from my record. There it had remained, unnoticed, until Covid came along and triggered the call to shield.

My GP promised me she would immediately remove the erroneous code. Yet that wasn’t the end of it. 

The emails — and then the letters — kept coming: warnings; information on how to shield; even a leaflet designed for people with Down’s syndrome, with information spelled out in simple language and matching illustrations.

But my GP surgery continued to insist the problem had been sorted. Getting myself off the shielding list seemed impossible. Now I worried where else the Down’s syndrome information had ended up.

When you apply for a loan, mortgage or insurance, you may be asked to give the organisation permission to access your medical records. This request may be in a tiny tick-box at the end of a lengthy application.

From memory, I have never given this permission. But had I done so, I may have been treated differently at the application stage.

If there’s a discrepancy between your medical records and the health information you provided when you took out an insurance policy, you might also encounter problems if you make a claim.

In my quest for answers, I’ve discovered that it’s not just me who should be worried, as medical records do contain many errors.

NHS patients don’t have one definitive record — we have several, stored in various parts of the NHS. 

One is created each time we go to a new hospital or private clinic for treatment. The most comprehensive information — your primary care record — is held at your GP surgery and is mostly electronic; computerisation began in 2002.

Transferring paper hospital records to electronic data banks is taking much longer, however, and in 2019 only 10 per cent of NHS trusts were fully digitised.

The second part of your primary care record is your DCR, or detailed coded record. This is your medical record in coded form.

NHS departments such as NHS Digital regularly search the DCRs for specific codes. This anonymised information is used for research into medical conditions. It can also be shared with other government departments, local authorities and pharmaceutical companies.

While access is controlled, Phil Booth, a coordinator at medConfidential, which campaigns on medical privacy, warns: ‘We believe in the importance of ethical research and that data-sharing can save lives. But at the same time, companies are relentlessly pushing to get hold of more and more of our medical data. That’s potentially dangerous, particularly when things go wrong.’

Incorrect data is never entirely deleted from your medical records. When my GP removed the Down’s syndrome code from my DCR, she will have made a note of the error.

‘If an error was simply erased, it could then make it impossible to establish what caused a later problem,’ says a spokesperson from the Royal College of General Practitioners.

‘The error does ‘vanish’ in practical terms; it’s only visible if someone goes into the audit trail to investigate a problem later on.’

Part of the problem is that errors might only come to light if you check your record. Or if, like me, you become suspicious about a letter you get or treatment you receive, and investigations ensue.

You have a legal right to ask to see your records — known as the ‘right of access’. You can request them from your GP, or a hospital or clinic you’ve been treated at.

It’s worth doing. In 2008, clinicians who now advise medConfidential examined the files of 100 patients, and found at least one error in every set of records.

The Information Commissioner’s Office, the UK’s information rights watchdog, also reported that the health sector alone generated 8 per cent of the 38,514 data protection complaints it received in the 12 months to March 2020.

Sometimes, these mistakes can be extremely serious. In 2006, a former health service manager named Helen Wilkinson was appalled to learn that she had been labelled an alcoholic after a computer error.

An unknown official at a hospital was updating her medical records and mistakenly recorded her as having received treatment for alcoholism instead of the surgery she’d actually had. Imagine what would have happened in this case if access had been given to an insurance company or a bank.

More subtle errors could also potentially lead to mistakes in treatment.

If you find an error, you can ask for it to be corrected — the ‘right to rectification’. This was made explicit in the Data Protection Act in 2018. A request can be made verbally or in writing, and your GP practice has a month to respond.

However, if you disagree with a doctor’s point of view, and it’s clear that the information is just an opinion, you can’t claim inaccuracy. You can only request that your disagreement is registered.

Yet the Covid pandemic has created another layer of complexity, as during a public health emergency, the rules do change.

Patients’ identifiable data has been used to track Covid-19, alert those most at risk, and organise the delivery of food parcels to those shielding. This is why I was contacted: the Down’s syndrome code has been sitting on my DCR for eight years.

NHS Digital told Good Health that, to date, 30 people had contacted it saying they’d received an email advising them to shield when they should not have.

It’s reasonable to assume many more people have contacted their GP practice about the problem.

On social media I learned of another woman upset at having mistakenly been told to shield as the result of a Down’s syndrome pregnancy which she miscarried.

Last week, I received yet another shielding letter. When my GP deleted the Down’s syndrome code from my record, she should also have updated my Covid code to ‘low’ or ‘moderate’ risk. It’s the only way to be taken off the shielding list. At the time of writing, I’m still waiting.

Additional reporting: Karen Glaser