Can I tell the press?

[emmalinewre]

A hospital has recently emailed me as I signed up to be part of their study.
In the email, they had accidentally attached a large document which has full names and test details for seemingly all other participants in the study.
They have since sent an email stating they are 'recalling' their previous email and to please delete it. It states that ii) do not disclose, copy or distribute information in this e-mail or take any action in relation to its content (to do so is strictly prohibited and may be unlawful).

I feel like I should pass this onto the press, as its a huge breach of data.

Should I? Can I?
Could they sue me or something if I did?

I think it's a waste of time and energy and won't achieve anything.

People will be in hospital actually getting sicker in some cases because of incompetence, low resources, hardly any staff, and all the rest going on right now. There will be cases where people have died because of this. I've spent a significant amount of time witnessing all sorts in various hospitals. That's occurring and nothing is stopping that right now.

So going to the press about the data breach seems pointless, certainly not something to really focus on in the grand scheme of what's going on ATM. Also, I don't see how going to the press will do anything to change what happened or ensure it never happens again 🤷‍♀️

If you think NHS funds should go to pay a huge fine instead of treating patients, go right ahead and sell your story.

Report to the ICO. Why would YOU further the mistake by passing people’s information onto a newspaper.

mistakes happen and they need to be addressed and procedures put in place to stop it happening again. Many different ways to achieve that without going to the press. Honestly wonder about people’s lack of intelligence these days.

How strange your first thought was to go to the press.

That would be vindictive, IMO.

I feel that you can’t have much going on if this is your focus right now.

Late for your Klarna payments are you?

😳 Shock, faux horror. Some admin is going to get it in the neck and you want to look shocked like it was deliberate. In the media no less.

Just inform the organisation and ask what they're going to do so that it doesn't happen again.

My advice would be

1. Get a life.
2. Delete the email.
3. Don't give it a second thought.

I think the thing is "it happens' people make mistakes. The important thing is we learn from them.

I once sent an email with some really useful clinical information and updates to one of our regular locums who had been seeing the patient referred to below. At that time they didn't get an NHS email address so used their home email.

What I didn't realise was at the bottom of the email trail was the patient's CHI number (dob plus 4 unique digits in Scotland)
Our IT system flagged this up as a breach (their screening pick up 10 digit numbers)and I received a really awful email from them basically telling me off severely and telling me to contact the person with the personal email address and getting them to delete the email.

I did this. Locum saved the attachments I'd forwarded and confirmed she'd deleted the email with the patient details. I fed this back to IT who said good but if you do it again you're in serious trouble, report to GMC etc.

I made sure in the future I double checked what I sent out. The locum was perfectly entitled to what I'd sent her but out of the .NHS.uk email addresses it wasn't secure.

You don't need to go to the press. They have actioned this appropriately if you are being asked to delete the email.

These things will continue to happen as human error will happen

Our health board's IT Is really tight and when there was a major breach of NHS systems a few years ago putting out a lot of IT systems our area wasn't affected.

You are confusing the Daily Mail with the ICO.

Report to ICO there is no compensation if that’s what u r looking for.

What an odd person you are. And not a nice one either.

You are actively choosing to ruin a real persona career and or mental health. Because he or she made a human mistake. The world really doesn’t need more people like you.

As a person who works in a hospital and occasionally deals with these sorts of incidents, why on earth would you want to do that? They've realised their error and for duty of candour reasons will have had to email/write/speak to every single person on that list with an apology and explanation of exactly what was disclosed so people can make up their own minds as to how they wish to proceed.

I can only imagine the sinking horrified feeling in the pit of the poor person's stomach who made that error. If it were me that would be enough punishment without weirdos like you running to the press.

We had our personal details including our ADDRESS data breached by the military recently, running to the local rag was not the first thought on my mind...

You wouldn't be considering reporting to the press unless you wanted money.

You also must never have made a mistake in your life. Things happen. They've noticed their effort. Most likely have reported it amd will put steps in place to prevent it happening.

Doing the right thing is reporting it to the ICO and deleting the data from your inbox and trash folder

Just ask them for evidence they have reported to ICO. Fairly certain they will have.