London clinic accidentally reveals details of 780 HIV patients
The 56 Dean Street clinic in London – one of the country’s leading sexual health services – has apologised after sending out a newsletter yesterday (September 1) that disclosed the names and email addresses of around 780 HIV patients.
The clinic, which is run by the Chelsea and Westminster NHS trust, apologised shortly after sending the email and has pledged to investigate how the breach occurred, The Guardian reports.
The newsletter was sent to around 780 patients who had signed up to the clinic’s Option E service, which lets patients book appointments and receive test results by email. Instead of hiding the personal details of those on its recipient list in a ‘BCC’ format, the email included their full names and email addresses, so each was visible to all recipients.
The clinic quickly moved to set up a helpline and sent patients an email apology from Dr Alan McOwan, Chelsea and Westminster hospital NHS trust’s director for sexual health.
“I’m writing to apologise to you. This morning at around 11.30am at we sent you the latest edition of OptionE newsletter,” he wrote.
“This is normally sent to individuals on an individual basis but unfortunately we sent out today’s email to a group of email addresses. We apologise for this error.
“We recalled/deleted the email as soon as we realised what had happened. If it is still in your inbox please delete it immediately.
“Clearly this is completely unacceptable. We are urgently investigating how this has happened and I promise you that we will take steps to ensure it never happens again. We will send you the outcome of the investigation.”
A 56 Dean Street spokesman told The Guardian the breach was down to a “human mistake” and that the employee responsible was distraught.
The Information Commissioner’s Office can levy fines of up to £500,000 for significant data breaches.