GP privacy breach ???

[Boo0105]

Hi everyone , first post so I'm hoping I'm doing it right !
Yesterday whilst accessing my online medical records (via patient access) I discovered someone else's private info in my documents , basically it was a letter from a specialist at the hospital telling the gp all the results .
I emailed the practise manager expressing my concerns and was told , thank you for bringing it my attention the member of staff will be spoken to .
I feel like it's being brushed under the carpet , this is an appalling breach of privacy but I'm bouncing between taking this further and then thinking I'm making a fuss . If it was me I would like to know my surgery has done this , do I tell this person (seeming I have all her info!) or just forget it and assume it won't happen again
Thanks for any advice

Leave it. You have brought it to their attention and they will have a process for dealing with it.

The response of thanking you for bringing it to your attention is all you should expect. Nothing about that suggests it is being swept under the carpet to me. It's exactly what I would say if I were the practice manager and then start our internal breach process.

They will need to start their own internal review. At the moment, the other patient knows nothing of this and realistically will probably come to no harm as a result of the breach (I mean, honestly I wouldn't care if someone random saw my CT scan results, for example, as it will mean nothing to them anyway). But you may cause her distress by contacting her. As long as you have reported it to the practice, you've done the right thing.

You cant really take it any further. Even if you report it to the ICO (is that the right regulatory body?) they wont do anything, not for one breach caused by human error. The breaches have to be pretty big before they actually take any steps.

You've told the surgery. They will have a review and a disciplinary for the staff member because they will worry about being sued or about having more errors. It will be taken seriously but there isnt much more you can do.

Perhaps you can email the surgery to ask them which steps they are going to take to make sure this won't happen again. You'll have evidence that it has happened before if they make the same mistake with your notes. I once was given a few prints by my midwife's receptionist/assistant that contained highly sensitive data of others. I had not noticed it until I came home, put the prints on the kitchen table to check them at a later moment and they rang me, very stressed and apologizing for their mistake, asking me to tear the sensitive prints in small pieces and throw them away immediately.

I did and didn't take it further. But I had the feeling before that privacy wasn't on top of their priority list as they had invited said receptionist/assistant in during one of my first appointments because they were going to make an internal (vaginal) echo and she needed to learn the proces . She was there without my permission and I did not get any explanation about her presence until I asked about it and had to request her myself to leave as I was not comfortable.
I never really trusted them with my personal data afterwards, despite how lovely and caring they were.

Thank you everyone , it's sounds like I'm worrying over something small .
Things are chaotic at the moment and I know Drs surgeries are under huge pressure and people make mistakes .
I would want to know if my notes had gone somewhere else but that is a personal choice .
Thanks again

Don’t be that person that’s going to make the situation worse, particularly for the individual involved. She doesn’t need to know that you know. The results mean nothing to you.

It’s obviously human error and you have brought it up to their attention. You didn’t turn a blind eye. I’m sure the staff member will be in for a rollicking already.

Just leave it and trust that they’ll deal with it. We all make mistakes and it’s not the end of the world for you.

Please don’t contact the person yourself.

But you can ask what steps they have taken.
They should be reporting themselves for an information governance breach, and they should be informing the person that their data was breached.

This is not a small thing and they will go through their data breach policies. Someone will be in trouble. You can't contact the person yourself, you shouldn't have read the thing that doesn't apply to you. You should delete the records and access again once it is removed.

Unfortunately I couldn't delete it , it has been done now though . I didn't even notice it wasn't for me until I noticed it was a department I don't attend , I just presumed as it was in my private documents it was for me

I would take it further, actually. I don't have confidence they'll deal with it.

The data is not your own, so to use it for any purpose - including to contact the individual the data is about - would be against the law. You’ve brought it to the attention of the surgery and they’ve now removed it. Whether they consider the breach significant enough to 1. Tell the individual and/or 2. Report it to the regulator, is for them to decide. If you really feel the need to then you can report it yourself, but as a PP mentioned they’re unlikely to do anything for such a small breach which has already been mitigated. Plus if it’s the ICO they have approximately 8 months of backlog to clear before they’ll even get round to looking at it 🤷🏼‍♀️

It does happen occasionally. Usually it's brought to light when the GPs are reading the mail. Our staff scan about 200 bits of mail a day. About half of that comes to the GPs to read and if I need to look in the patient record that is the point the mistake is picked up. We always file by DOB to reduce errors.
Believe me they don't take it lightly we always look into why it happened sometimes the scanner groups things together incorrectly so you get half of a letter from one person with another.
We have to contact the other patient to let them know their record has been breached but unless one member of staff was being careless it is just human error sadly.

We are all human and make mistakes x

@Musicaltheatremum

It does happen occasionally. Usually it's brought to light when the GPs are reading the mail. Our staff scan about 200 bits of mail a day. About half of that comes to the GPs to read and if I need to look in the patient record that is the point the mistake is picked up. We always file by DOB to reduce errors. Believe me they don't take it lightly we always look into why it happened sometimes the scanner groups things together incorrectly so you get half of a letter from one person with another. We have to contact the other patient to let them know their record has been breached but unless one member of staff was being careless it is just human error sadly.

This. It will not be taken lightly, you have made them aware of it, and they now have to contact the other person, and let them know about the breach. They will have to investigate, and report it, there’s no brushing it under the carpet, IME. It’s good that you brought it to their attention, though.

Just leave it. It's been brought to their attention, they are dealing with it. When the Sam thing happened to me, my details sent to someone else, the hospital called me to advise of the breach, apologised and that was that. That was satisfactory for me and I was the one whose data was breached.

What would be a satisfactory resolution for you, for the individual responsible to get fired? I'm not sure what resolution that you're looking for.

Again thank you everyone , it seems I obviously am making a fuss over nothing .
I decided to ask for advice on something I found quite upsetting due to having multiple medical problems and finding out these mistakes happen has been worrying , yes i know I'm not the wronged party here and it seems I am wrong to be making a fuss .
I have to trust the surgery will deal with this in the correct way and lessons will be learnt .
We are all human and we all make mistakes .
Stay safe everyone