SHARE

In an email blunder 56 Dean Street have revealed the HIV status of nearly 800 of its patients – one of whom has contacted beyondpositive.

Yesterday afternoon (12:46 September 1 2015) 56 Dean Street a GUM and HIV clinic, part of Chelsea and Westminster NHS Foundation Trust, sent out a newsletter to its HIV positive patients. The problem? They left every one of the 780 patients’ contact details in the ‘To’ field. This means everyone who received this email now has contact details (name and email address) for the clinic’s 779 other HIV positive patients.

The clinic then, at 13:05, attempted to use Microsoft Outlook’s ‘recall’ feature – which only compounded the situation by sending out the full list of email addresses and names a second time. At 14:27 the patients received a third email, this time sent correctly (albeit with typos), with an apology from Dr Alan McOwan, stating that they were “urgently investigating” how the blunder happened and promised to send the patients the outcome of said investigation.

One patient who contacted beyondpositive, on an anonymous basis, let us know of the data leak and his disappointment in the way the trust has handled his sensitive personal data.

“56 Dean Street have a service called Option E – that’s for patients who prefer to book appointments and get results via email. They send a regular email newsletter to their patients, keeping them updated. 

However, yesterday (Tuesday 1 Sept), instead of putting a batch of several hundred or so email addresses in the BCC box, they put them in the to box, thereby revealing the people’s full names and email addresses to every other recipient; and, of course, because they’re all Option E customers, we also now know their HIV status.”

“This is serious breach of data protection. There are several names I recognise from the list, and while I am of course being discreet, I am not sure I trust every other person on the list to do the same.”

As our reader mentioned, whilst most people on the list will hopefully delete the email and be discreet about the matter our of respect for their fellow HIV positive patients this is far from guaranteed. The repercussions of this breach could be highly damaging for many people.

Many people have issues around disclosure and trusting clinicians, and this is sure to do nothing to allay those fears.

We have reached out to Chelsea and Westminster NHS Foundation Trust for comment, but had not heard back at time of publication. We will update this article should we hear from them.

UPDATE: Statement from Chelsea and Westminster NHS Foundation Trust, in its entirety, below:

“We can confirm that due to  an administrative error, a newsletter about services at 56 Dean Street was sent to an email group rather than individual recipients. We have immediately contacted all the email recipients to inform them of the error and apologise. Any concerned patients can call  020 3315 9555  and 020 3315 9594  (open until 6pm tonight).

Alternatively patients can ring the Telephone Clinic on 020 3315 9500

Tuesday 5-7pm
Wednesday 2-4pm
Thursday 9-11am
Friday 9-11am”

Unfortunately the Trust declined to reply to our comments on whether they will be providing counselling for patients affected in the breach, what the Trust will be doing to rebuild the trust between patients and the clinic, or whether they will be self-referring to the Information Commissioner’s Officer.

Were you caught up in this data breach? Have your details been leaked? If so how do you feel about the situation? Leave a comment below, or email us on talk@beyondpositive.org 

10 COMMENTS

  1. If someone is HIV positive so we should not discriminate to him/her just because of his disease. we should come up and support them. This website is really doing a great work in this regard. Keep doing good work.

LEAVE A REPLY

Please enter your comment!
Please enter your name here