The UK’s health secretary has ordered a probe into breach of the privacy of hundreds of HIV patients whose confidential details were leaked by a clinic in London.
Jeremy Hunt called for the inquiry after the 56 Dean Street clinic in London accidentally posted names and email addresses of some 780 HIV patients on its online newsletter on Tuesday.
Hunt said the Care Quality Commission would conduct “a thorough and independent review” of data security measures in the NHS. “The inquiry was vital to ensure patients could be confident that the health service will properly safeguard details of their health and treatment records”.
The clinic, which is run by the Chelsea and Westminster NHS trust, apologized for disclosing names of the patients and admitted on Wednesday that the breach was a "devastating". Alan McOwan, the clinic's consultant and lead clinician called the incident as human error stressing that not everybody on the list had HIV.
“We deleted the email as soon as we realized what had happened. If it is still in your inbox please delete it immediately. Clearly this is completely unacceptable. We are urgently investigating how this has happened and I promise you that we will take steps to ensure it never happens again. We will send you the outcome of the investigation,” McOwan said in a message.
The incident has already stoked tensions at political as well as public levels with many calling it a breach of privacy and that the National Health Service is losing the trust. “The truth is that we will throw this all away if we lose the public’s trust in our ability to look after their personal data securely,” Hunt said during NHS England’s annual conference in Manchester.
Many HIV positive patients who have so far kept their disease secret from their relatives and friends have expressed concerns over revelations of their identities. “I find it impossible to believe that in this day and age this can happen. I was able to scroll down the list and identify the names of a number of people who I knew, some of whom I was unaware of their status,” Rob Sherrard, an HIV patient who has attended the clinic for two and a half years, said.
Another patient told the Guardian that he was worried that the list of all those affected might end up on the internet.
Although clinic has apologized for what it called “a human error” but the privacy watchdog can impose about half a million pound fine on the clinic for data breaches.