Curious about overheard complaint. NHS/GDPR

[mistletoadandwine]

In the waiting room of our local health centre today and a man came in screaming and shouting at reception staff. He was so aggressive security came and removed him from the building.

His complaint was that 'his personal and private information had been sent to the wrong GP' the letter was sent to a GP practice he wasn't and has never been a patient at. From what he was shouting at the receptionist it was a letter from the asthma clinic, that listed his past medical history and current height/weight as well as a summary of the consultation.

He was shouting about GDPR and 'the information commissioner' and that he had a solicitor lined up to take on his case.

I've been wondering all day, is this as serious as it sounds? Does it make a difference that it was sent to a GP surgery (who would know how to handle confidentiality) or does that not matter?

Wow that’s super odd.

i don't think it's odd or a major problem as the dr's are equally bound by confidentiality.

The reality is that data slip ups happen all the time.

The ICO will likely note the complaint.
The GDPR issue is a red herring really. The real issue is that the gentleman may have been delayed vital care as a result of the mistake.

@fallfallfall that was my thinking too, surely stuff like this has happened before, when a patient switches GPs for example and the surgery would just pass it on to the right GP or shred? He was just so adamant that his solicitor would take it to the information commissioner it got me thinking.

The real issue is that the gentleman may have been delayed vital care as a result of the mistake.

Yes, I had this where I received a letter with somebody else's details on it & it was to do with medication. Plus their GP may not have a copy.

@declutteringmymind that makes sense, I am not sure if it did delay him any care as he was just so furious about his confidential information being leaked that was all he was shouting about.

The only reason I can think he is upset is because there was other sensitive info passed on, and he has a friend/family who works at the other GP clinic that he didn’t want this info shared with 🤷‍♀️ otherwise why would he care so much?

As previously stated by other posters the main issue is the possibility for missed care. The referral letter would’ve went to the wrong GP who would have had to take time to work out that the patient didn’t belong to that patient and find out where the patient did belong to. It’s surprisingly easily done and happens more than you think but normally easily resolved.

What normally happens is the incident will be investigated to see how it happened and how it can be prevented in future. An apology will also be issued.

Whilst distressing for the patient, everyone who saw the information would be bound by confidentiality so I don’t know what would be achieved by getting a solicitor involved compared to going through the normal complaints process.

Basically some of the public don't have a clue

99% sure GDPR doesn't apply in healthcare and that he doesn't have much of a case there but I admit I'm not an expert

No need for the high drama in any case

So he went shouting at the receptionist in a health centre about a letter that the asthma clinic sent to another GP? So possibly/ probably not even the health centre's error? no wonder it's hard to retain reception staff when they have to deal with shite like this.

It was the receptionist for the health centre where the asthma clinic is held, still it is unlikely to be her fault personally. She absolutely did not deserve the abuse either way, it was really frightening.

That all makes sense, it just threw me how sure he was that he had a case to take this any further than an apology, if you could sue for a small error like this I imagine NHS admin staff would be on pins!

This happened to me recently. I can't say I gave it a second thought even though it did slightly delay some treatment for me. We're all human and mistakes happen.

An apology aas more than enough.

He may have friends and family that are employed at the GP that his private information had been shared to.

For example If your SIL is receiving letters as a GP receptionist that states something prostate related, it's going to be devastating for the patient.

Provided you’re in England all his information is stored with NHS England, no breach of GDPR. The only issue the chap has is he doesn’t understand what GDPR means and he thinks his details should solely and absolutely be within the surgery. It’s a balls up, yes. But it’s not a breach.

And if is the case then this is really where he should be focussing. Gross misconduct.

I had my sons full hospital notes sent out to me through the post mistakenly accompanying the letter I was supposed to receive. It didn’t really matter as I have attended all appointments with him so there was nothing exciting I didn’t know but it occurred to me how easily they could fall into the wrong hands. I got an apology and knuckles were rapped.

My solicitor requested a full set of my GP notes and received a comprehensive set of notes from birth.... for another patient at the practice! Same (very common) name but different DOB and address. No connection to me at all. They were supposed to self report this as a serious GDPR breach but no idea if they informed the patient.

Every time I have a GP appointment I end up discussing the health conditions and medication of this other person until I point out they have the wrong notes (again). I know more about the state of their health than my own!

Don't be ridiculous, of course it applies to sensitive data such as healthcare. It's even more strict than for other data.

I once had a letter with full medical history of another patient attached to my IVF notes! Horrendous mistake but just that, a mistake.

The guy was a prick and I hope they ban him from the practice.

Precisely, and the level of ignorance on this thread regarding Data Protection is shocking.

Any data breach needs to be taken very seriously. It doesnt matter if the breach is due to a mistake. It is still a breach. And medical matters (including mental health) are very protected. Any individual dealing with data should be trained.