I've just been sent the full medical records of another person

[Chantelli]

I asked for a report and medical reports under the FOI. I have been emailed a pdf of another person's full medical history instead of my own. The email was unencrypted and the name completely dissimilar to mine. I have emailed back and no response.

Surely this is illegal?

@ouch321

I think I must be the only person that would not really care if Mrs X from a hundred miles away saw my medical records.

What could she do with them that would benefit her?

Same. To err is human.

Whatever happened to “ in a world where you can be many things, be kind?” 🤔. Someone , maybe overworked and stressed, made a mistake. It will be fed back to their manager and to them and they aren’t going to feel good about it, no need to be vindictive as some seem to be advocating.

@ouch321

I think I must be the only person that would not really care if Mrs X from a hundred miles away saw my medical records.

What could she do with them that would benefit her?

I've been reading this thinking exactly the same! If it was your financial information and someone could take out loans, put you in debt and destroy your credit rating then yes, raise all sorts of hell. Sharon from Dunstable knows about my dodgy knee and recurrent thrush? Couldn't care less to be honest.

Although, I guess it's different with mental health issues as there is still a lot of stigma attached to that.

Eurgh a mistake like that at work makes your stomach churn and feel awful every time you think about it. I don't envy their shoes.

Never mind this hang them flog them severely discipline them, that's a person, that made an error, nobody's perfect jeez!

I’m aware it’s serious and I’m sure it will be rectified - I hope everyone who suggests you ‘raise merry hell’ has never made any sort of error at all in their employment.

No use complaining.. the nhs will always always defend themselves.
V v similar happen ed to me and I was told they were sorry I felt annoyed about to complain

This was clearly a mistake and you're right to raise it. However, all the people telling you to 'raise hell' etc, please remember the person who made this mistake will undoubtedly feel absolutely awful about it. The NHS takes data breaches extremely seriously and the person responsible will likely face disciplinary. I am sure you wouldn't want to ruin this person's career (and potentially much more) over this so I would just bare that in mind. I imagine everyone remembers the nurse who committed suicide after giving out info on Jate Middleton over the phone.

Medical records are not like financial info.
As PP have said Athritis and migraines .who is going to care about {or even read} through someone else's medical notes?

I went to GP once, saw a locum, and he asked several times how my asthma was..I told him I didn't have asthma, and he looked a bit baffled.

Only at the Pharmacy did I realise the name and address on the script were completely different, but he had called me in using my name.

I went back to the Surgery and told them.
It was sorted, and no one died, can't see why heads would roll over being sent someone else's medical notes...It probably was just a mistake and no harm was done.

I'd never read someone else's notes, but would bounce them straight back to sender.

@Ridethewaves

This was clearly a mistake and you're right to raise it. However, all the people telling you to 'raise hell' etc, please remember the person who made this mistake will undoubtedly feel absolutely awful about it. The NHS takes data breaches extremely seriously and the person responsible will likely face disciplinary. I am sure you wouldn't want to ruin this person's career (and potentially much more) over this so I would just bare that in mind. I imagine everyone remembers the nurse who committed suicide after giving out info on Jate Middleton over the phone.

Exactly. Some people just love to raise hell for someone else. The poor nurse who committed suicide over Kate Middleton was really sad. Bloody journalists. Didn't the nurse mention hyperemesis gravidarum or whatever?

@DGRossetti

I Meant that If you were an employer in this scenario, how would you “incredibly severely punish” the employee? Genuine question because surely punishment is limited to a procedure involving written warnings etc
Unless immediate dismissal.

There aren’t many options for “punishment” And certainly not “incredibly severe” ones as far as I know!

Refer to Information Commissiomer

Issue isn’t just sending to wrong person, it’s failure to encrypt

And medical data breach (sensitive data) is worse than banking data (personal data):from a data protection perspective

Happened to someone in my team

They were distraught at an error - attaching the wrong letter

No punishment would have made her suffer more than she was. Poor girl

I don't agree with the raise hell posters but medical information can be extremely sensitive and humiliating to have sent to someone else. Particularly if it was say, a smaller GP surgery or a service like mine which only caters for a certain area. It could be a school run mum/dad sent information about dv, pnd, abortion, anxiety, cancer scares, anything that may be very personal. A neighbour, an acquaintance, someone you used to go to school with. It's not always the case that someone 100 miles away got vague info! Certainly in my service one patient was sent reports on another and they knew each other vaguely and pt1 contacted pt2 and the shit hit the fan. Report it and ask for a response from the senders.

Ask to speak to the trust's Caldicott Guardian

This has happened to few of my friends (not full medical records but appointment letters) being sent to old addresses even though addresses were up to date on records. It beggars belief!

And you should absolutely complain, we aren’t talking about a birthday card here

@Ridethewaves

This was clearly a mistake and you're right to raise it. However, all the people telling you to 'raise hell' etc, please remember the person who made this mistake will undoubtedly feel absolutely awful about it. The NHS takes data breaches extremely seriously and the person responsible will likely face disciplinary. I am sure you wouldn't want to ruin this person's career (and potentially much more) over this so I would just bare that in mind. I imagine everyone remembers the nurse who committed suicide after giving out info on Jate Middleton over the phone.

This. Small NHS organisations like community hospitals and GP practices are having to manage hundreds of complex subject access requests each year, with no legal support. I'm not saying it excuses the breach - it doesn't. But it is an easy mistake to make - and will probably cost the person who made it their job. Do we really have to gloat about that?

I'm guessing all the people gloating about raising hell on this thread have never sent an email or an attachment in error?

As PP have said Athritis and migraines .who is going to care about {or even read} through someone else's medical notes?

I think that is being incredibly short sighted.

Someone's notes could include a termination, intimate operations, mental health issues etc.

If you know the person or can google their name and pin the records to them, that's not great is it?

Some people have very unusual names (there is only one of me in the world) so not hard to make a connection.

But it is an easy mistake to make

Easy or very careless?

It is something that anyone working in a confidential field should check, double check and check again.

@whataboutbob

It was sent in error. People make mistakes. In all likelihood they will know full well the gravity of their mistake and be quite scared now. Contact the sender, explain it’s been sent in error, delete and leave it at that surely? Earlier this year I was sent a letter meant for someone else, not medical but financially sensitive. I deleted and let the sender know.

I agree.

People make mistakes. In all likelihood they will know full well the gravity of their mistake and be quite scared

If they were careless enough to make the mistake, why do you think they will know they have made it?

I don't see the logic in that.

If you work in medical records this is THE one mistake you should never make.

I have read to page 2 and already sick of these messages behind which I sense people are rubbing their hands with glee. There are correct channels to go through. no need to take delight in someone and likely someone who is in a demanding or stressful roles’ error.

It needs to be highlighted to the sending organisation so that they can conform with the legal requirements for in the event of a breach of personal data, and review their processes to establish what went wrong and prevent it happening again. There shouldn’t be any question of punishment for an individual unless they deliberately went against standard procedure.

Please report to the information commissioners office (ICO) they are the governing body who regulates gdpr

I have thought that Doctors and Chemists are in GDPR breach for ages. And wondered why they seem to be excluded from the rules.

Having your full name appear on a screen in a waiting room full of people in the docs surgery.

Then in the pharmacy when collecting a prescription they call out your full name and make you recite to them your full postal address... WTF?!