Advertisement

HIV Clinic 'Screwed Up' By Releasing Names

HIV Clinic 'Screwed Up' By Releasing Names

The names of hundreds of people who use HIV services were released by accident after a message with their email addresses on was sent to the others.

Alan McOwan, Chelsea and Westminster Hospital NHS Trust's director for sexual health, has told Sky News that processes have been put in place that mean it should not happen again.

He said: "Hands up. We really screwed up here and we need to get it right."

He said it was important to remember that not everyone on the list was HIV positive.

An investigation is under way into why the 56 Dean Street clinic, which is part of the Chelsea and Westminster NHS trust, sent out a newsletter to patients on a group email, rather than to individuals.

A spokesman for the clinic, which is in London's Soho, said the mistake was caused by "human error".

He said: "We can confirm that due to an administrative error, a newsletter about services at 56 Dean Street was sent to an email group rather than individual recipients.

"We have immediately contacted all the email recipients to inform them of the error and apologise."

Online magazine beyondpositive, which provides a forum for people who have the virus, said it had been contacted by patients about the data breach.

It was told that the clinic tried to rectify its mistake by using Microsoft Outlook's recall feature, but the full list of email addresses and names was sent out a second time.

One reader told the magazine: "This is serious breach of data protection. There are several names I recognise from the list and while I am of course being discreet, I am not sure I trust every other person on the list to do the same."

The Information Commissioner's Officer said in a tweet that it was aware of the breach and was "making enquiries".

The newsletter was sent to about 780 patients who were part of the clinic's OptionE service. It is designed to make it easy for people to book appointments and receive test results by email.

Mr McOwan said the error occurred when someone wrote the email addresses in the email's CC bar when sending the newsletter, rather than the BCC bar, which would have shielded the addresses from other recipients.

When asked by Sky News what had happened to the person who pressed "send", he said they had been sent home.

"Clearly they are absolutely distraught. We didn't feel that this is the right place for them to be right now so they are being supported away from the work environment while we sort this out," he said.

He said a blanket ban on similar types of communication had been put in place and he wanted to reassure everyone that they would learn lessons for the future.

"We've got to get it right here because clearly, confidentiality is key in people trusting us to provide the care they need," he added.

"Our challenge is to build trust back with our community. Twelve and a half thousand people use our service every month and we take great steps to protect those people, which is why this is such a huge thing for us and why we want to be so open about what we are doing to put it right."

Anyone worried about the breach is urged to phone 020 3315 9555.