The NHS is blaming a coding error for 150,000 patients in England being involved in a data breach.
Those affected had requested that their confidential health information only be used to help provide them with care.
But it appears that there was a problem with the software used by GPs to record objections to the same data being used for research and auditing purposes.
As a result, the SystmOne application involved never passed on the request to NHS England’s IT provider.
The software’s developer TPP has said it “apologises unreservedly” for the fault.
NHS Digital has said it will write to all the patients involved as well as their GPs.
“There is not, and has never been, any risk to patient care as a result of this error,” said junior health minister Jackie Doyle-Price in a statement to Parliament.
She added that the recent introduction of the national data opt-out programme – a new service that allows individuals to restrict use of their health data without having to involve their GP – would prevent such a failure occurring again.
The Information Commissioner’s Office has been notified.
“We are aware of an incident involving NHS Digital and are making inquiries,” an ICO spokeswoman told the BBC.