Medical record GDPR Breach

[GDPRBreach]

We have a family member in a care home and today received their care plan through the post along with the care plan of another resident. The plan contains medical history as well as DNR instructions and a photo of them .
Is this a reportable incident?

Our family member's care plan also contains incorrect medical diagnosis and in some places a different name , this is the second time they put the wrong information on the plan and it's clear they seem to be copying and pasting info as some of the history is exactly the same on both plans.

You should definitely inform the care home’s manager, and they should have procedures for a breach of GDPR.

Also inform them of the errors on the plan. As it to be recorded as a ‘significant event’, and they should put in plans to stop this happening again.

Report it to CQC as well, as the home will likely cover up what has happened.

These places are often run by muppets.

And also report to the CQC!

Thanks @Riverlee We've emailed the care home and informed them, I just wondered if they have to report it.

The nurse in charge is fab as are the caters but the admin woman is woefully lacking.

*carers

They should report it, but they will probably avoid doing so. You need to contact CQC and speak to the Manager about this as it is a very serious breach.

Yes, they should self report but might choose not to.

Are they legally bound to report? We don't want to make things difficult but the admin woman has been a bit short with us in the past and is obviously not being diligent.

I've googled the guidelines and it's not clear (to me anyway)

Pretty sure you only need to report if there is an actual risk to the individual as a result of the breach.

accidents happen and errors occur. Tell them so they can put measures in place to reduce the risk of it happening again, but it’s really not that big a deal in isolation

I would urge you to report this to CQC. Would you want your personal medical details and DNAR sent to some random?

Absolutely. Please report this.

I wouldn’t really care tbh 🤷🏻‍♀️What use or interest is the info to them?

Thank you, we're just a bit fed up with the errors, the last plan we received said our relative had months to live and that wasn't the case.

That's not the point 🤦 these things are highly confidential for good reason.

Yes. But human errors happen. Even the ICO is aware of that.

These mistakes are serious and could be indicative of care being compromised if they can't get the basics right.

Im a nurse.

Report to the CQC.

I agree that the information can't be used for eg financial gain but what if the patient's family don't want others knowing about their relative?

If she’s having fun copy and pasting, let’s hope she doesn’t accidentally add DNR to someone’s details.

@HalfMast exactly

Of course it’s a breach to post someone’s personal data to a third party. At least so long as it’s personal data and identifies them.

If you report at least it gives the ICO the heads up on the care home whether or not they report.

Yes. But accidents happen. So you point it out and they take steps to minimise the risk of it happening again 🤷🏻‍♀️ The ICO isn’t going to fine them for a one off error.

If there are other things you’re worried about in terms of the care then by all means include it in a referral to the CQC. But in isolation the data breach is not a big deal. That’s all I’m saying.

I do understand that no actual physical or financial harm has occurred but this is the second time they've got serious medical details wrong added to the fact that they have now sent us someone else's record.