Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
United Kingdom Medicine Privacy

UK Health Clinic Accidentally Publishes HIV Status of 800 Patients 65

An anonymous reader writes: A sexual health clinic in London accidentally disclosed the HIV positive status of almost 800 patients. The Guardian reports: "The health secretary, Jeremy Hunt, has ordered an inquiry into how the NHS handles confidential medical information after the “completely unacceptable” breach of the privacy of hundreds of HIV patients. The 56 Dean Street clinic in London apologized on Wednesday after sending a newsletter on Tuesday which disclosed the names and email addresses of about 780 recipients. The newsletter is intended for people using its HIV and other sexual health services, and gives details of treatments and support.
This discussion has been archived. No new comments can be posted.

UK Health Clinic Accidentally Publishes HIV Status of 800 Patients

Comments Filter:
  • As I understand it, this was your usual failure to use blind copy (BCC) when sending a bulk email. The HIV status of people was not divulged, only the email addresses of other recipients (not sure if this included the recipient account names as well as the address). The recipients were people who had used the clinic for some services.
    • Re: (Score:1, Informative)

      by Anonymous Coward

      From the article, the service is "a service set up for patients who are stable and on long-term HIV treatment." So, no, status wasn't formally disclosed but it's not like a general clinic where you'd have positive and negative test results.

      BCC is a horrible trap waiting for that fat-fingered moment. There are better ways, but they need training.

    • The newsletter is intended for people using its HIV and other sexual health services, and gives details of treatments and support.

      This strongly implies there's some medical issue with all the recipients of this e-mail newsletter. After all, why would someone be subscribed to this who is not HIV positive or has some other affliction? And if you read the article, their full names were included in the list, as is common with e-mail. Frequent gaffe or not, this is a huge breach of privacy for those involved.

      I'm curious... does anyone know if there a way to create a mailing list in Outlook (or whatever they used) such that it can ONLY b

      • by symes ( 835608 )

        It would be fairly trivial to write a script that cycles through a list of email addresses and sends a personalized mail to each address. I wouild also imagine somewhere in MS's office package the mail merge feature could be tweaked to make this happen. Anyone who relies on email as a part of thier business to communicate with clients really ought to have something in place that manages contacts, keeps them up to date and facilitates distribution of information. I think the issue with this particular clinic

        • by Imrik ( 148191 )

          BCC already does this, why would you go to the trouble of setting up an entirely different method?

      • by DaveAtWorkAnnoyingly ( 655625 ) on Thursday September 03, 2015 @04:37AM (#50449745)

        This strongly implies there's some medical issue with all the recipients of this e-mail newsletter. After all, why would someone be subscribed to this who is not HIV positive or has some other affliction?

        And in one sentence you've proven how personal information can lead to completely the wrong conclusions. This is why privacy is no joke and needs to be taken seriously...

    • by Opportunist ( 166417 ) on Thursday September 03, 2015 @03:38AM (#50449597)

      Yeah, 'cause anyone without HIV is terribly interested in a newsletter concerning its treatment.

      I can't wait to get my next Alzheimer newsletter. Or ... wait, did I get it yesterday?

      • by AmiMoJo ( 196126 )

        Yeah, 'cause anyone without HIV is terribly interested in a newsletter concerning its treatment.

        Exactly, people who care for people with HIV, clinical staff, researchers etc. all subscribe to such newsletters.

    • by hsa ( 598343 )
      I disagree. This was probably a mailing list, so if you receive a mail without hidden receiver addresses, like:

      From: hospital.info@nhs.london.co.uk
      To: hiv.center@london.co.uk
      CC: Bob Burger <bob.burger@hotmail.com>, Cecil Cockburn <cecil1990@gmail.com>, David Davidson <dave@tesco.co.uk>, etc..
      Subject: New treatment times for your HIV-infection and community meetings

      It is not hard to imagine, that other people on the list would be infected with HIV as well.. Now the recipients know 800
    • by sbaker ( 47485 )

      The problem isn't who, exactly, was on the list - and what their HIV status might be.

      The problem is the PERCEPTION in the general public about what the HIV status must be of people on that list. My guess is that a vast majority of people would assume that they are all HIV sufferers...that's incorrect, but that's what they'll assume.

      At least one person who replied right here on Slashdot is advocating that the names of people with HIV should be public knowledge.

      So - what is the intersection of people who (st

  • ... of medical duties.

    No, graphists are not better than other people at their job.

    A web developer still makes better web sites than a graphist.

    And a doctor still knows better when to shut up about medical details than a graphist.

    And no, people in general don't like newsletters (even when they DON'T divulge private details to other recipients).

    So, please get back to your pretty pictures, and let us do OUR jobs.

  • So what seems to have happened is that someone, some admin guy, was asked to send out the HIV Monthly newsletter by email. Does just that but in such a way all email addresses were visible. Now, probably like a lot of people, I also receive emailed newsletters and similar. Occasionally they also have all other recipients email addresses exposed. So my thoughts are whether this is a general issue that affects all mass email or is it something specific to this clinic? Receipt of a newsletter from an HIV clini

    • by Anonymous Coward

      I think you'd have a pareto-style 80/20 split between "patients with HIV" and "other parties", and that's good enough for strong inference to be drawn. HIV is the poster child for sensitive data, so yeah, it does matter.

      It's trivially easy to do, and trivially easy to screw up: a classic infosec trap.

      • I think you'd have a pareto-style 80/20 split between "patients with HIV" and "other parties", and that's good enough for strong inference to be drawn. HIV is the poster child for sensitive data, so yeah, it does matter.

        It's trivially easy to do, and trivially easy to screw up: a classic infosec trap.

        I believe this clinic deals mostly with sexually transmitted diseases, so being revealed having some variety of the clap won't be much of an improvement in many people's eyes.

    • She/He is an idiot because she/he used CC instead of BCC. Something that riles me in general.

      • She/He is an idiot because she/he used CC instead of BCC. Something that riles me in general.

        This is also a fault of the particular implementation of the CC function. When selected it should put up a warning that all the addressees details will be included in every email sent and ask "Are you sure?" before it goes ahead and sends.

  • by Anonymous Coward

    Standard issue baby boomer reluctance to use computers properly.

    "Why would we buy a tool to send bulk email when the intern can do it for peanuts?"

    This is why, executives. This is why you need to use the correct tools. Just do a mail merge. It is unbelievably simple. So simple that the intern could do it.

  • It's OK right? (Score:2, Insightful)

    by wickedsteve ( 729684 )
    We don't need any privacy right? Unless they are terrorists they have nothing to hide.
  • by tigersha ( 151319 ) on Thursday September 03, 2015 @03:08AM (#50449517) Homepage

    Take out CC: in mails and only allow BCC:

    I seriously hate it when my friends send a mail to me with some other people and my email address is not hand-delivered to the virus and spam-harvester infested horrors of my other friends. If ALL emails only went out by BCC this would not happen.

    Mail server maintainers such as Postfix/Exim and such should band together and simply phase out CC and start treating the CC header as a BCC header. And then should begin rejecting mails with a CC with multiple email addresses in it outright. This would solve half of the world's spam problems in a few years too.

    • by Anonymous Coward on Thursday September 03, 2015 @03:31AM (#50449573)

      CC has legitimate uses though. For instance in business you might email someone but copy in several other people in the team. You don't want to use BCC as you want replies to go to your teammates too, and you don't want to use To so it's clear who the email was intended for.

      • Agree : I use "To: " for people I expect to take an action, and "CC" for people I just think need to be informed.

        Of course, this is way too subtle for the majority of people...

      • by sbaker ( 47485 )

        Certainly both BCC and CC have their valid uses - but you'd be amazed the number of people who don't understand the difference. Even after I pointed it out, the HR team at a company I worked for a few years ago would still send out emails about upcoming events and benefits stuff to the entire company using CC. Then a huge number of "Thanks for telling me!" types of replies would wind up being spread around the entire company.

        Perhaps mail clients should retire the acronyms and spell out more explicitly wha

    • by Anonymous Coward

      Check out the last revision of outlook: BCC is hidden by default!

      • by wbo ( 1172247 )
        No, it isn't hidden. It doesn't appear in the "Quick Compose" window but then again I wouldn't expect to see it there since that is designed just for short messages or quick replies.

        In the full compose window the Bcc field is right below the To and Cc fields just where it has been for the past several versions.
    • And then should begin rejecting mails with a CC with multiple email addresses in it outright.

      There is nothing preventing you from doing that right now with your own email client.

      This would solve half of the world's spam problems in a few years too.

      That's assuming the world still even has a spamming problem.

      Personally, I don't have a problem with email spam (except for spam faxes). Unfortunately, I still have stupid co-workers that will order things from unsolicited faxes, thus rewarding the spamming behavior, and unfortunately, the phone/fax system is still largely ill-equipped to deal with such problems.

    • by Anonymous Coward

      In this case it's likely that they used TO to send the newsletter to all interested persons, so banning CC won't solve anything.

    • It probably wouldn't hurt to have a big massive warning pop up if you try to CC, reply all, or forward to more than a dozen people.

  • by Anonymous Coward

    Is that a word? I thought a clinic is always a health care institution.

  • They were also listed in the Ashley Madison database.
  • by dhaen ( 892570 ) on Thursday September 03, 2015 @09:11AM (#50450801)
    That all the patients' details were in an address book mystifies me. I wonder if their addresses were in the same file, and what else? These things are bound to happen given the pressures and distractions of modern life. More precautions are needed where harm may result.
  • Now everyone knows whose fluids to avoid. How terrible! They should have to tattoo is on their heads if they're found positive. That would stop AIDS in one generation.
  • How long until these get cross-checked with the Ashley Madison hacked records? Data is fun!

The fancy is indeed no other than a mode of memory emancipated from the order of space and time. -- Samuel Taylor Coleridge

Working...