Last Updated on 18.7.16 by Shelley Bower
It was reported this week that a London sexual health clinic mistakenly revealed the HIV status of 780 patients in one of the largest data breaches of its kind.
The clinic, situated in Soho, Central London, sent a newsletter on Tuesday revealing the names and email addresses of its patients when it didn’t blind copy the recipients in. The clinic, which is run by the Chelsea and Westminster NHS Trust, sends a monthly newsletter to the patients who have opted in to the OptionE service, which allows people can book appointments and receive test results electronically. The newsletter is intended for people using its HIV and other sexual health services, giving details of treatments and support.
Speaking on the radio, the director of the clinic, Dr Alan McOwan, called the mistake a “human error” which was “completely unacceptable”. The clinic sent an apology email to its patients within an hour after realising their huge error.
The British data protection watchdog, the Information Commissioner’s Office (ICO), is set to launch an investigation, as is the NHS trust itself. The maximum fine the ICO can hand out for serious breaches of the Data Protection Act is £500,000. The health secretary, Jeremy Hunt, has also weighed in stating that the Care Quality Commission will be conducting a “thorough and independent review” of existing data security measures in the NHS and recommending changes.
The record fine to date was given to Brighton and Sussex University Hospitals NHS Trust in 2012 when confidential information on thousands of patients were obtained from computer hard drives that should have been destroyed. The ICO imposed a £325,000 fine after personal data, such as medical conditions including some relating to HIV, was discovered by a data recovery company who bought four hard drives on eBay.
When dealing with such sensitive information, any breach in confidentiality is treated seriously. Several patients have revealed their extreme disappointment in the publication of data which even their families and friends don’t know about. When it comes to medical information, everyone has the right for their data to be kept private and confidential.
A breach of such information is a breach of privacy under the Data Protection Act. If you have been affected by this or any other severe breach of privacy, give our dedicated team a call who can provide expert legal advice and support concerning data protection issues. You can call us today on 0161 930 5151 or fill in our online contact form.