What would you do if you got a copy of someone else’s confidential GP records

[Twinkletoesandspaghettios]

No poll just wondering exactly what you would do?

The summary care report was in with mine and had name, address, DOB, full medical history including details on social services and CAMHS involvement

Let them know and delete it.

I once received a confidential medical email about a prisoner! And not just any prisoner but one I had heard of, as he had been discussed on MN a couple of times! I was 😱 I emailed them to point out their error, and then deleted it.

You shouldn't let the victim of the breach know as that is misuse of personal data and is unlawful.

Sorry, I said delete thinking it was an email as mine was. Agree with others- shred or return to sender.

I’d still let them know.

Do you know the person?

when you say CAMH's reports and social services involvement in the files, do you mean when they themselves were young, or it's a young person now?

I think I would have read the whole report (being honest) and probably binned it and never told anyone I'd got it.

I don't really understand you ringing the GP and asking for a private phone line etc. Couldn't you ring reception and say "I've received Josie Smith's report with mine, so you might want to send her another".

They should report it as a potential breach for ICO to investigate. Would I personally report it? No.

It's a huge data breach. Why do you think there is legislation about this? Why do you think the Information Commissioner's Office exists?

Give or send it back to the surgery. What else would you do for goodness sake? You don't need it.

Indeed - that really isn't how it works.

I'm not familiar with the terms - I gather it's medical records?

I'd want to send it to the head of the office with a tart suggestion that the staff be more careful.

There was a time when emails existed but before Land Registry went digital, and even then properties were only registered as and when they were sold/mortgaged.

That said, the only way this story even remotely works is if the chap in question effectively blackmailed the bank for the return of the deeds.

A huge data breach would require 000's of records to be compromised, and generally requires that leakage to be digital.

It's a minor cock-up.

When you talk about ICO and need for serious investigation etc, you also need to think of being proportionate.

Have you ever thought that the NHS is struggling and that the nett effect of such an action for a single data record would affect the availability of services to other patients.

Of all the things that didn't happen this didn't happen the most!!

It is neither a huge data breach nor a minor cock up. To accidentally release a patient's entire patient record with full personal and sensitive information is more than a cock up. It's much more serious than accidentally picking up an extra letter from the printer and putting it in the envelope to the wrong patient.

Call the office that sent it they’ll need to complete a Datix if it’s NHS and they’ll either ask you to shred it or return to the office.

You might not want to be told but the person whose informed was leaked might have thought differently. In your place I would have sent the document to them and let them decide what to do.

There are some horrible, self-righteous and vindictive people on here. None of you ever make a mistake, then?

And to the NHS-bashers, do you really think things like this don’t happen in the private sector?

I’m not sure how this could have happened. Someone at the surgery would have had to go through all your records to print them off or photocopy them before sending them to you. So it means that a substantial amount of someone’s records had been filed within your records. If that had happened, surely the surgery would have already been in contact with you to follow up those records when they were received at the surgery?

The only way you could have known about the medical status would be if you opened the envelope which would have had the child’s name on it and read the contents. That’s actually illegal.

House deeds don’t exist in paper format anymore. There’s absolutely no break in confidentiality in sending someone an old paper copy of house deeds, as all such paper copies are available online to anyone who wants to pay £4 to download them.
It definitely didn’t happen!

That’s not quite right. It’s reportable if there’s a likelihood of harm to the individual(s) rights and freedoms as a result of the breach.

In @Twinkletoesandspaghettios case, as the recipient of the breached data has voluntarily returned the information promptly, the GP surgery is likely to make an assessment that the breach is limited and contained and therefore not reportable. They still have to take action internally to prevent it happening again.

Well they were lucky that they sent them in error to someone honest who didn't report them. What if it were your records and they had been sent to someone with no moral compass who then either shared them around or used your private data to try and defraud you? Things like this need reporting to try and prevent it happening again.

It is not a huge data breach and the ICO wouldn't be interested.

If they were, can you begin to imagine how many people would have to work for them if they investigated every single human error?

Several times?! That is utterly appalling.

I would be very uncomfortable with a total stranger contacting me with my confidential personal data. I would want it returned to the data controller for them to manage it, I wouldn’t want Joe Bloggs from three roads over calling me up or turning up at my house with it.