The security of NHS data was thrown into further doubt yesterday after it emerged anonymous patient information has been used by a marketing consultancy to advise clients on targeting their social media campaigns.

It comes amid growing concerns over plans to trawl patient records from every GP surgery in England, which were postponed last month after NHS chiefs admitted they had not done enough to inform and reassure the public about the scheme, known as care.data. MPs sought reassurances last week that the GP data, which could be accessed by researchers and approved private companies, would not be vulnerable to breaches of patient confidentiality.

In another blow to public confidence in the scheme, it was also reported yesterday that the entire hospital episodes statistics (HES) dataset has been uploaded to Google servers. A management consultancy firm called PA Consulting used Google tools to create interactive maps out of HES data, it emerged. The HSCIC said it had received assurances that no Google staff would be able to access the data, and the firm said that the data was “held securely”.

Download the new Independent Premium app Sharing the full story, not just the headlines

Medconfidential, which campaigns for better security around medical records, said that they were also concerned that HES data had been released, in pseudonymised form, to a consultancy firm, Beacon Dodsworth, which uses a coded version of HES data to help its clients “establish trends and understand patterns allowing you to tailor you social marketing or media awareness campaigns.” Its chairman, Geoff Beacon, told The Independent that the firm had “not been allowed near the raw data”, which had been handled by a public sector health observatory.

However, Phil Booth, from Medconfidential, said that their use of the data raised serious concerns that NHS records were being used for commercial purposes.

“47 million people don’t have a clue that their hospital history has been used to target ads on Twitter and Facebook,” he said.