London sexual health clinic makes reforms after HIV patient data leak
A London sexual health clinic is overhauling its practices and making privacy reforms – after it accidentally leaked data of hundreds of HIV patients.
56 Dean Street, last week sent an email newsletter to patients at its HIV clinic – but failed to prevent recipients from seeing eachothers’ details, potentially revealing the names, HIV status and email addresses of 780 people.
There have been warnings that the clinic could face a fine or further action over the data breach, which Health Secretary Jeremy Hunt slammed as “completely unacceptable”.
The clinic has since made a number of changes – abolishing group emails entirely to ensure that the same error cannot occur again.
A statement said: “We really want to apologise to anyone who has been affected by our mistake and want to update you about what’s happening.
“We have suspended all group emails to our users. From now on the OptionE newsletter will be hosted on this webpage. A link to it will be included in each OptionE result email. We will not send it by group email again.
It continued: “The group email was sent using a ‘Microsoft Outlook’ contacts list. By changing our processes we can delete this list today. It will then be impossible to send out a group email to OptionE users.
“From now on all emails sent from OptionE will be held for 2 hours before our system sends them. That means there’s time for us to stop emails being delivered if we were ever to discover a problem in the future.”
The clinic says it has “taken legal advice” in the event that the details are spread further than the 780 recipients, continuing: “We can arrange counselling and emotional support for anyone who has been affected within one of our 3 clinics.
“For those not wishing to use our services we are also exploring asking an external organisation to set up a support group. Call us on 020 3315 9509 if you are interested.”
Two formal investigations are also underway into the incident.
It says: “We self-reported the incident to the NHS Information Commission (ICO) on the day of the email. We will be fully cooperating with their formal external investigation.
“In addition, Chelsea and Westminster have launched a formal internal investigation. The first meeting is happening this week.
“The people running the investigation are from a separate part of our organisation and are not linked to the HIV/Sexual Health service.
“We promise we will act on the outcomes of these investigations. The findings and recommendations will be made public.”