I've just been sent the full medical records of another person

[Chantelli]

I asked for a report and medical reports under the FOI. I have been emailed a pdf of another person's full medical history instead of my own. The email was unencrypted and the name completely dissimilar to mine. I have emailed back and no response.

Surely this is illegal?

Human error

You could go ahead and sue the NHS

But that’s shit

Just complain , and delete them

Jesus

You could go ahead and sue the NHS

She couldn't - it is not her data that has been shared.

@ManCubsMama

I have thought that Doctors and Chemists are in GDPR breach for ages. And wondered why they seem to be excluded from the rules.

Having your full name appear on a screen in a waiting room full of people in the docs surgery.

Then in the pharmacy when collecting a prescription they call out your full name and make you recite to them your full postal address... WTF?!

Neither of these are breaches of GDPR.

@ManCubsMama

I have thought that Doctors and Chemists are in GDPR breach for ages. And wondered why they seem to be excluded from the rules.

Having your full name appear on a screen in a waiting room full of people in the docs surgery.

Then in the pharmacy when collecting a prescription they call out your full name and make you recite to them your full postal address... WTF?!

The doctors surgery one would be easily remedied with a number system, I suppose. EG, walk in and be issued a number and when, say 14 comes up, in you go.

I suppose chemists could do the same- call a number and then ask you a little more privately.

It might not be the nhs. Could be an insurance company or other private body

Regardless they need to know of the error asap its seriously not good enough

Having worked in an industry where we dealt with peoples medical information in a private organisation setting not nhs id be shitting myself if i still worked in that industry and read this thread!!!

Definitely report. The person who sent it will be absolutely mortified and know immediately the seriousness of the mistake they made. The organisation needs to ensure this doesn't happen again.

NB I have been the person who sent out something with other peoples information on. completely did in error. simple mistake. My heart did several fast beats and I got that sinking feeling when was told. Also Ive been on the receiving end of an email with confidential information about someone from a social worker - I have the same name as someone else in my organisation. I let the social worker know and she herself reported it to her manager. Anyone that works in public sector will have had numerous training/reminders on this kind of thing. Problem is with email, buy offices, pressures etc its so easy to make a simple mistake.

Yes illegal. I accidentally sent someones name and DOB (no other info) to another professional without the clients consent (i had 2 scans and clicked send then realised was wrong one) it caused a right pavlova manager had to report it as a breach, nothing happened after that guess it's just on record somewhere. I always double check now. Full medical history is awful though. Saying that I've been sent client info by mistake quite a few times just return it and let them know, bet they dont report it as a breach though.

Lol palava even

The level of baying for blood on here is just insane. We are human beings. A human being made a huge error and now for all you know is sitting at home worried sick they are going to lose their job.

You got the wrong medical record. You've told them that. Move on.

I’d be absolutely shitting myself if I was the person who had done this, this could result in them being sacked and taken to court. I have the same name as a doctor who works at the same trust and I frequently receive emails with personal information on about patients that was clearly not intended for me, I see how easy it would be to make that mistake so I just email them back saying I’ve been sent this in error. This is somewhat worse though given you’re not an employee and it’s been sent to an unsecured email, both of which are big no no’s in data protection. Personally, I would email them back saying you’ve been sent that email in error and then I would complain, because this is not a simple human error imo, this shows very poor practice and should be investigated.

Why would you want to start reading someone else's medical records once you've realised they're not your own? Only a nosey git would do that.

Jeez, someone made a mistake. Let them know. They will self refer to ICO and notify the person whose details were shared. They will internally review what went wrong do a Significant Event Analysis and improve processes.

It's only when a mistake occurs that we can learn and grow from it.

Hope I don't come across some of the unforgiving posters above 🙄 I know our team would be devastated if they made this error. Yes, report it but dont be a shit about it.

It's a mistake. Not intentional. As simple as a keyboard sticking or entering the next email on the list. Whilst the implications are serious in terms of GDPR, the actual error is on a par with giving somebody a coffee with two sugars in instead of one, rather than maliciously accessing somebody's records and sharing them for shits and giggles or to help out an abusive ex's wish for revenge.

The silence is probably due to the person receiving the email having to go to their GDPR Data Controller and report their clerical error.

Is it really worth potentially costing somebody their job for a second's distraction when nobody has been injured as a result? They'll be subject to their employer's disciplinary as it is. It seems unnecessarily vitriolic to want to go for the jugular when it hasn't actually hurt you at all.

I got in touch with the practice manager and it was an admin error - I didn't read the document any further when I realised it was not my info!

They are reporting it as a breach and were unable to send my records pass word protected or encrypted so i am picking up paper copies.

Human error but not great.

[quote unimaginativeusernamehere]@SunshineCake if you live in a village with one GP surgery for instance there's a good chance it might not be a stranger who got your records. [/quote]
Good point. I didn't think of that.

I was once given folders of two women who had cervical cancer accidentally put into my pregnancy folder. Their names and addresses, scan results etc were there. People make mistakes. The dr did not mean to do it. I phoned the hospital & sent them back.

@Nomorepies

Omg this is unbelievable. Of course it's done in error but that doesn't mean it's ok! It's not an oh well naughty naughty type thing! Would the PP saying this feel the same if the police did this with a sensitive case file or a bank disclosed your account history to someone else?!

I don't think that anyone thinks it is OK.

It's human error. It shouldn't happen, but well, humans mess up at times.

It just needs to be reported. No need to contact the other person involved. I can't believe that has been advised, seriously bad advice.

I too feel sorry for the person who sent it.

I got sent someone’s pre therapy questionnaire by mistake
That was an eye opener
I Deleted
After reading them

Well it’s nice to know I’m not the only Messed up person

Glad it got sorted out. I agree that they should be sending medical records encrypted or telling patients they will not be and giving then the chance to collect/view.

It is important that these things are reported whichever way you look at it. That may be to highlight the stress a system is under, it might that the individual is under stress due to lack of staff or bad management.

In rarer cases it could be someone who is just incompetent, may not be following procedures and does need a warning or worse.

Glad the GP practice are self reporting their GDPR breach

I always think situations like this should be reported so the circumstances (rather than the sender themselves IYSWIM) can be investigated - eg lack of staff, time pressures, creaking IT. Show me someone who has never made a mistake in their professional life, and I'll show you a liar. (Angela Hernandez thread anyone?) It's just that for some, the stakes are higher.

I was once the patient in a mix up between two different patients in a medical procedure (one of those you read about and you think how on earth could that happen) I don't remember the terminology/scale they used but it involved ?"harm to a patient". It was properly investigated and I was invited to attend meetings etc. I remember the doctor coming to the ward to tell me what had happened and I could see he had been crying. The ward (and hospital in general) was absolutely the worse I had ever been in, it was like the seventh circle of hell for the staff. The error arose from a perfect storm of mistakes (no wristband on admittance, bed swaps etc) and I still feel strongly it was the system at fault, not the doctor and staff involved (and the investigations showed that, to be fair).

@viques

In my voluntary role I open post (with a member of permanent staff) , because of the nature of the organisation we are often sent medical details, drug regimes, minutes of group consultations etc. If the envelope is marked confidential we obviously don't open it and pass it to the clinical manager. But I am horrified at how many times we open unmarked envelopes only to find confidential documentation inside. I now recognise a number of the originators purely by their postage imprints, even if the originating organisation isn't noted on the outside, I obviously pass them on unopened, they soon come back if they aren't confidential.

Iwish more places would invest in a rubber stamp to mark confidential material appropriately.

I wish you opened (or not) the post in my old firm. They opened everything - including a Valentine card I received one year marked "personal"

If it’s mine, it’ll make hilarious reading. Being a raging hypochondriac, I’ve had tests for EVERYTHING. Ignore that bit about “clinical depression” in the 90s. That wasn’t clinical, I was simply going out with a twat.

Very worrying, because you won’t be the only one.

There is so much carelessness going on in places. At my gp surgery, where I've been for 20 years, there is another woman with the same name and birthday as me. The GP staff are always very careful not to disclose anything (other than that she exists) but when I collect prescriptions from the pharmacy over the road, the lady bellows out "Oh ShinyMe? 36 Whatsit Road? 3 months supply of Thingamyston?" and I have to say "No, I'm the other ShinyMe from..." I assume she bellows out my name and address and medical needs to the other one. I've become tempted to knock on other ShinyMe's door and see if she wants to complain with me.