Received someone else’s doctors letter in the post

[TheShyDeer]

I’ve recently been undergoing some tests at the hospital and have been waiting for a letter from a consultant who has recommended a referral to a different specialist. The letter arrived today with another women’s letter in the envelope. The letter was addressed to her doctors. Im going to call the women’s doctors tomorrow morning and tell them I have received this letter which they should have.

I’ve searched the women on Facebook and want to send her a message to tell her, I actually recognised her from the waiting room. is this strange? I’d like to know if all my details had been sent to a random person (name adress DOB doctors NHS number etc). Obviously once I’ve spoke with her doctors I will send it onto them or however they advise.

YBU- don’t message her
YNBU - message her

This is exactly what I am thinking. The GP will have a procedure and will deal with it appropriately. It's really creepy to contact her on Facebook - socially as you say you recognise her anyway - and she doesn't need to be worrying about bumping into a stranger who knows her medical details when she's out and about in town.

You realise that the letter won’t have come from the GP right? You need to contact the consultants secretary at the hospital. It’s their breach, not the GPs.

You could inform the GP surgery but also post the letter to the lady’s address with a note explaining what has happened? I’m not convinced they would notify her of the mistake. Similar happened to me, my breast screening appointment letter was sent to a male patients address. His mum actually brought the letter to my house (not nearby) as the appointment was for the next day.

I rang up to explain what had happened and to rearrange the appointment (it was too short notice due to the mix up). I got no apology and they would not rearrange, they classed it as me choosing not to attend and said I’d have to be re referred! With hindsight I should have made a complaint.

Just tell the surgery.

Thought I was going mad that nobody else had said that. Why on earth is everyone on about contacting the intended recipient rather than the sender? As if the practice hasn't got enough to do without people expecting it to sort out the hospital's data breach! The GP practice is in no way to blame for (not) receiving a letter, just as any member of the public can't stop letters coming through their door. Yes obviously it's less than ideal for the personal data to have been shared but it's human error, nobody is perfect and no harm done. It'll just have been some overworked admin person accidentally picking up 2 letters when stuffing envelopes.

@Arlanymor contact the hospital trust on the letter. Let them sort it out by informing the patient and sending another copy to the place it should've gone. They are not going to trust you to nicely hand over your copy, they'll reissue it, so just destroy your copy and forget about it.

Pardon? It's not my letter. I know what to do when I get mail that isn't for me.

Phone the hospital that posted out the letter.
say you’d like to complain about their confidentiality breach. And that this woman needs to be contacted by the hospital to be informed.

You are not the intended recipient of the data. If you use the data (name etc) to track the woman down, you are yourself mishandling confidential data you have no right to see or handle and you will aggravate the situation for all concerned - the other patient, who will have further intrusion, the GP/hospital, because the data breach will have spread, and yourself - because you’ve meddled and it will be clear you haven’t reported the breach in the proper manner. In turn it means the poor woman has to report the breach herself, which will add to her distress.

Just follow proper procedure and send it back where it came from, explaining the circumstances, and leave it up to them to deal with the breach with the ICO and patient. It’s not about you, it’s about the person whose data it is.

Sorry, mistagged OP. That was, presumably, obvious, though for some reason you chose to be spiky instead of calmly saying 'I think you meant OP, not me'.

@Movingstressangst the Drs don’t send the smear test results so, if U.K., I can see why they wouldn’t be interested. You would have needed to inform the National Cervical Screening Administration (CSAS).

OP, I would phone the consultants secretary, and say you want it on record. I wouldn’t phone the surgery, they didn’t send the letter.

I'd contact the other woman as I'd have no confidence at all that the hospital nor GP surgery would treat the data breach seriously and take steps to stop it happening again. I'd imagine it would just get swept under the carpet or ignored by the GP/receptionist rather than being escalated properly. If the woman knows that her confidential medical information has been leaked then it's up to her whether to kick up a fuss and make formal complaints.

You also have to remember it's not the GP surgery who have made this cock up - it's the hospital, so nothing to do with the GP really. It's the hospital who need to escalate it as a serious data breach through to their data controller. Just dropping it off at the GP will almost certainly mean all that happens is that they allocate it to their patient file and the hospital will be none the wiser.

Sorry if it’s a silly question but what could someone do with the information contained in a medical letter? I wouldn’t really like information about my health being shared with a stranger, but what harm could the recipient cause?

Right no sorry an organisation only HAS to tell the person about a data breach where it has exposed them to serious risk. They may choose to do so but they don’t have to, unless it’s likely to have a very serious impact.

And not all breaches need to be reported to the ICO, only the serious ones. Which this is not.

So if the pseudo DP specialists could stand down now, that would be great.

OP just tell the GP/hospital that you have received it then rip it up and put it in the bin. No drama

Unless the OP is minded to share it on Facebook or something, very little.

I deal with data breaches every day. This one is low level and minor. It sounds bad because medical info but it’s not really, in the scheme of things

lol do you think the ICO is notified every single time someone sends an email to the wrong address?

Honestly nothing brings out the drama llamas on here like a minor data breach.

Thanks for the telling off - maybe take your own advice about 'being calm'? Calling me spiky and then being pass agg yourself - the irony.

I didn't intend for my post to appear as a reply to yours - sorry about that. For what it's worth I agree that contacting the woman on Facebook would be intrusive.

Actually, the GP did acknowledge the error came from them when I went into the surgery in person, because they had this woman's address associated with my name (presumably they'd then shared this onwards). They just weren't apologetic about it!

Don’t contact her or the gp. Contact the consultant’s secrets as it’s their error.