HIV Clinic Accidentally Releases Identities of Hundreds of its Patients

A top HIV Clinic in London is apologizing big time Wednesday after it accidentally violated the privacy of nearly 800 of its patients by revealing their HIV positive statuses thanks to an embarrassing email error.

The mishap occurred Tuesday, when an undisclosed 56 Dean Street employee sent out an email newsletter intended for people using its HIV and other sexual health services, but forgot to hide the contact list–therefore revealing the identity of almost 800 patients affiliated with the establishment.

Realizing what had happened, the clinic quickly sent out an email apology within hours to its patients courtesy of Dr Alan McOwan, Chelsea and Westminster hospital NHS trust’s director for sexual health.

Identities of nearly 800 HIV-positive patients revealed after email blunder at NHS clinic http://t.co/4QPmfsi7Ne pic.twitter.com/nJjZacCsQX

— Daily Mail U.K. (@DailyMailUK) September 2, 2015

The email read:

I’m writing to apologise to you. This morning at around 11.30am we sent you the latest edition of Option E newsletter. This is normally sent to individuals on an individual basis, but unfortunately we sent out today’s email to a group of email addresses. We apologise for this error. We recalled/deleted the email as soon as we realised what had happened. If it is still in your inbox please delete it immediately. Clearly this is completely unacceptable. We are urgently investigating how this has happened and I promise you that we will take steps to ensure it never happens again. We will send you the outcome of the investigation.”

When later interviewed by a London reporter, Dr. McOwan also had this video message for the public.

VIDEO: Boss here at 56 Dean St sexual health surgery will not quit over huge #HIV info leak. My report on @LBC at 3pm pic.twitter.com/gkg5r9SKIX

— Connor Gillies (@ConnorGillies) September 2, 2015

However, demanding that people immediately delete an email that they may or may not have already seen because it contains things they shouldn’t see has exactly the opposite desired effect–it only calls more attention to the damning material.

Case in point, one anonymous patient of 56 Dean St, whose boyfriend also received the email, told Buzzfeed that when he received the email he was outraged. He then said,

I thought it was disgusting that I was seeing a massive list of their patients. It’s not difficult to deduce the HIV status of every single one of those people. So I have their full names, their email address. I could easily put any of those details into Facebook and bring up pictures and personal details.

He went on to add,

There were people on there I recognised. It made me uncomfortable for them and for myself that I’m finding out information that they may not have wanted me to know.

Despite the nature of the email, the clinic has noted numerous times that not all of the recipients of the email were necessarily HIV-positive, but in effect having their names associated with the breach unavoidably associates them with the disease.

A 56 Dean Street spokesman told the Guardian that the breach boils down to a “human mistake” and that the employee responsible was distraught. Health Secretary Jeremy Hunt has also ordered an inquiry into the incident. While this very well may have been a mistake and the person responsible may feel bad about it, that doesn’t make up for this horrible breach of doctor patient confidentiality. He or she should also be immediately ordered to install Google’s new “undo-send” feature, in the hopes of preventing a breach like this moving forward. Technology certainly makes treating patients easier, but it also can mean a more careful hand is needed when handling sensitive information.

Alexis Evans

Alexis Evans is an Assistant Editor at Law Street and a Buckeye State native. She has a Bachelor’s Degree in Journalism and a minor in Business from Ohio University. Contact Alexis at aevans@LawStreetMedia.com.