New patient data blunder as woman is emailed private details of eight other people
A woman has described her shock after she was mistakenly e-mailed confidential details of patients’ medical conditions and treatment.
The shocking blunder was made by a member of staff at the Northern Health Trust, who mistakenly included letters intended for eight other people in the message.
Other letters, intended for the patients’ doctors, were also included in the e-mail.
The Trust admitted it was unaware of the error until informed by the Belfast Telegraph.
It is contacting the patients affected to inform them that their personal details have been compromised.
Details of the blunder emerged as this newspaper revealed how dozens of patients’ files and records have been lost, misplaced or sent to the wrong person.
Health Minister Edwin Poots said he “deeply regrets” any distress caused by the errors.
But one woman who received patients’ letters by mistake said she was appalled by the lapses.
The woman contacted this newspaper to describe how she had been sent highly sensitive details relating to other patients. The letters contain names, addresses and medical conditions. All live within the Northern Trust area, which includes Mid-Ulster, Coleraine and Antrim.
The documents include:
- Letters to a man who had undergone an MRI scan of his brain. A second letter sent to his doctor is also attached.
- A woman who was informed that she required an angiogram — a scan of blood vessels in her brain — after she reported sudden headaches. A letter sent to her doctor reports that she has suffered a bleed in her brain.
- Results of an MRI scan sent to a woman who had suffered a suspected stroke.
The letters were attached to a reply sent to a woman who had e-mailed about her mother’s medical care.
The woman said she was shocked by the security lapse. “I was very, very surprised when I read the e-mail,” she said. “I only read the bit about my mother initially, but then I noticed it was quite a long document.
“Some of the details are just absolutely outrageous. They identify people using their names, addresses and their Causeway Hospital reference number. In some cases, there are details about the patient’s health sent to their doctor when the full information isn’t shared with the patient themselves — yet I could read all of it.”
The woman, who did not lodge a complaint at the time, said she felt compelled to speak out after reading yesterday’s Belfast Telegraph story.
No-one from the Northern Trust was available for interview. But in a statement it said “robust measures” are in place to deal with data breaches and for learning from these incidents.
”In this instance we were not aware of this clerical error and are grateful that it has now been reported to us. We will contact the people affected and advise them of this incident,” it added.
“The Trust regularly reviews its processes for managing patient information.
“The Trust has in place training for staff which includes their responsibility in relation to patient confidentiality.”
Have you been mistakenly sent confidential information by the health service or your details lost? If so contact firstname.lastname@example.org or ring 9026 4428
Story so far
The Belfast Telegraph reported yesterday how 97 cases of patient data being lost or sent to the wrong person occurred across Northern Ireland in recent years. In one case, a patient’s private medical details were published on Facebook. In another, contact details for a woman who suffered “severe domestic violence” were handed to her violent ex-partner.
Don’t worry, your medical records are safe with us
By Edwin Poots
Health service organisations have an obligation to ensure the confidentiality of patient data. The discovery that some patients’ records have turned up in a public place is therefore very disturbing and I deeply regret any distress which has been caused to these patients.
I have introduced new measures to improve protection of patient data which includes the appointment of senior information risk owners and information asset owners across the health and social care (HSC) sector.
In May of this year I announced the signing of a £9m contract for a new Electronic Care Record (ECR) system that will transform how patient records are managed throughout the HSC.
Currently, whenever a patient is treated in the HSC, a record is kept, often in many different electronic systems. The ECR will enable the treating health care professional to access and cross-reference the information they need far more efficiently, saving time for patient and clinician. I recognise that data sharing systems can cause some people concerns. But I urge all patients to have full confidence in our ability to keep the information we hold about them safely.
Confidentiality and security of patient information remain a key priority and the ECR will have stringent safeguards in place to ensure the continued protection of patient information.
Edwin Poots is the Minister for Health