NHS email blunder reveals names of 780 HIV patients... but Health Secretary Jeremy Hunt still plans to put MORE doctors' data online

  • The 56 Dean Street clinic in London's Soho sent newsletter to 780 patients
  • Recipients usually individual emails, but did not due to 'human error'
  • Clinic has admitted the blunder and launched an internal investigation  
  • Health secretary Jeremy Hunt said the leak was 'completely unacceptable'
  • However, comes same day he announces plans to put more files online

By BEN SPENCER MEDICAL CORRESPONDENT FOR THE DAILY MAIL and ANNA HODGEKISS FOR MAILONLINE

Published: | Updated:

A major leak of HIV patients’ identities yesterday will fuel fears about plans to put NHS records online, the Health Secretary admitted last night.

The names and email addresses of 780 HIV-positive patients were circulated by a sexual health clinic.

But hours after the data breach by 56 Dean Street, a clinic in Central London, Health Secretary Jeremy Hunt announced plans to put NHS patients’ GP records online within 12 months, with hospital notes to follow by 2018.

The 56 Dean Street clinic (pictured behind the green car) in London's Soho sent a newsletter to about 780 patients on a group email, rather than to individuals.  The message contained the names and email addresses of patients who had attended HIV clinics

The 56 Dean Street clinic (pictured behind the green car) in London's Soho sent a newsletter to about 780 patients on a group email, rather than to individuals.  The message contained the names and email addresses of patients who had attended HIV clinics

He said allowing people in England to access – and even annotate – their health records on smart phones would make them ‘the world’s most powerful patients’. Patients who opt in will be able to see test results, prescriptions and doctors’ notes at the click of a button, and even upload data from devices such as fitness wristbands.

However, the Health Secretary added: ‘We will throw this all away if we lose the public’s trust in our ability to look after their personal data securely.

‘For patients, nothing matters more than having confidence the NHS will look after their medical data with the highest standards of security.

The clinic tried to rectify its mistake by using Microsoft Outlook's recall feature - and has urged anyone who still has the message in their inbox to 'delete it immediately'

The clinic tried to rectify its mistake by using Microsoft Outlook's recall feature - and has urged anyone who still has the message in their inbox to 'delete it immediately'

The recall was followed by an email apology from Dr Alan McOwan, Chelsea and Westminster Hospital trust's director for sexual health

The recall was followed by an email apology from Dr Alan McOwan, Chelsea and Westminster Hospital trust's director for sexual health

‘And the truth is we in the NHS have not won the public’s trust to do this – as today’s completely unacceptable data breach at the Dean Street surgery demonstrates.

‘We need to strengthen the independent oversight of data security to a level we don’t have at the moment.’

Mr Hunt said the Care Quality Commission watchdog would investigate NHS data security before the plan was rolled out.

VICTIM OF DATA LEAK SAYS HE FEARS HIS NAME WILL BE EXPOSED 

One of the of the hundreds of HIV sufferers whose details have been mistakenly leaked by an NHS clinic fears his identity is about to become widely known. 

The 34-year-old man from Berkshire, said he fears the list could fall into the wrong hands, and be released online.  

The gay man, who works in London, contracted the virus in 2007, and has been having twice-yearly checks at the clinic for four years.

He said he saw the email - which was sent at around 11am on Tuesday - while he was at work and felt 'instantly sick'.

The man, who is married to another man and who wants to remain anonymous, said: 'I work hard to keep my HIV status quiet for fear of persecution and discrimination and now I have been included on a list with my full name and email address.

'I have no idea where that information will end up.

'I was at work when I saw the email. I saw all the names and thought "that's strange, why can I see all these email addresses in the 'to' bar?"

'I was shocked and then just started really worrying about what will happen if people find out.

'I felt absolutely sick. I just don't know what people will do with that information.

'I really don't want people to find out - especially my work.

'My condition is managed, it is absolutely fine, and that enables me to keep that part of my life private. This could threaten that.' 

The man, who has only told his close family and husband about his status, said the leaked email was quickly followed by an email attempting, and failing, to recall the message. 

He said he fears the situation could end up mirroring the infidelity dating website Ashley Madison, where clients details were leaked online.

'I don't know who these other 780 people are and whether they have the motive to do that [leak the list],' he said. 'It is a fear.'

Advertisement

But doctors warned it would be almost impossible to guarantee security online.

A British Medical Association spokesman said: ‘There is a big difference between being able to view private records in a secure, controlled environment of a practice and via a password that could be obtained by a third party.

‘There are few safeguards that could be put in place to stop vulnerable patients being coerced by, for example, abusive partners, into giving access to their records.’

56 Dean Street, which is run by the Chelsea and Westminster Hospital NHS Foundation Trust, apologised for the breach of patient confidentiality.

It mistakenly emailed the names of all 780 recipients of a monthly newsletter.

Dr Alan McOwan, its director for sexual health, wrote to those affected: ‘I promise you that we will take steps to ensure it never happens again. Clearly this is completely unacceptable.’

He said a member of staff had emailed the newsletter without noticing that every recipient could see the email address of every other patient. One patient on the list, a public sector worker named Kevin, told the BBC: ‘I felt sick when I realised what had happened. I couldn’t breathe.

‘I’m concerned who will get this information. If it ends up in the hands of the wrong people such as hate groups, it could be dynamite.’

Elliot Herman, 38, from London, a friend of several patients at the clinic, said there were names on the list of people who had never disclosed their HIV status to him before.

Mr Herman told The Guardian: ‘There are several names I recognise and while I am of course being discreet, I am not sure I trust every other person on the list to do the same.’

The Information Commissioner’s Office, which can levy fines of up to £500,000 for significant data breaches, is investigating.

National Aids Trust chief executive Deborah Gold said: ‘Confidentiality is crucial to people living with HIV.

‘This leak will be very distressing and should not have been possible.’

Experts last night said that Mr Hunt’s plans to put health data online had been put in doubt, and warned that patients might become vulnerable to stalkers and ‘predatory companies’ might get hold of data.

One staff member at the Terrence Higgins Trust's London headquarters said questions needed to be answered why the data was at risk of being leaked.

Wishing not to be named he said: 'Thankfully HIV acceptance is always increasing.

'But some people go for years before disclosing their HIV status to anyone.. When the time comes it can be extremely distressing and the fallout can be huge, but it has to be their decision.

The Dean Street clinic is part of the Chelsea and Westminster Hospital NHS Foundation Trust

The Dean Street clinic is part of the Chelsea and Westminster Hospital NHS Foundation Trust

Today, the Information Commissioner's Office (ICO), which can levy fines of up to £500,000 for significant data breaches, said on Twitter that it was investigating the clinic's blunder

Today, the Information Commissioner's Office (ICO), which can levy fines of up to £500,000 for significant data breaches, said on Twitter that it was investigating the clinic's blunder

'Anonymity is incredibly important when you have people coming for treatment. They have to be able to walk in discretely and walk out and continue with their lives.'

Shaun Griffin, Executive Director of External Affairs at Terrence Higgins said: 'When dealing with sensitive information, policy, procedure, training, and supervision must be in place to reduce the probability of human error occurring.

'The data breach incident at Dean Street clinic is hugely regrettable.

'However Dean St provides an excellent service in London, the quality of which is reflected in its quick reaction to dealing with this incident.'

Sky News presenter Kay Burley provoked ignominy on Twitter by referring to the sexual health centre as an 'Aids clinic'.

She wrote: 'Aids clinic which revealed patients names: Clearly this is completely unacceptable. We are urgently investigating how this has happened.'

The outspoken anchor's gaff was viewed as 'stigmatising language' by Twitter users, with one responded: 'I do not have Aids - I have #HIV. Please use factually correct and less stigmatising language about people living with HIV.'

NHSHIV & AIDSLondon

Most watched News videos

Comments 124

Share what you think

  View all

The comments below have been moderated in advance.

  View all

The views expressed in the contents above are those of our users and do not necessarily reflect the views of MailOnline.

We are no longer accepting comments on this article.