UK Health Clinic Accidentally Publishes HIV Status of 800 Patients 65
An anonymous reader writes: A sexual health clinic in London accidentally disclosed the HIV positive status of almost 800 patients. The Guardian reports: "The health secretary, Jeremy Hunt, has ordered an inquiry into how the NHS handles confidential medical information after the “completely unacceptable” breach of the privacy of hundreds of HIV patients. The 56 Dean Street clinic in London apologized on Wednesday after sending a newsletter on Tuesday which disclosed the names and email addresses of about 780 recipients. The newsletter is intended for people using its HIV and other sexual health services, and gives details of treatments and support.
Status was NOT divulged, only email identities (Score:2)
Re: (Score:1, Informative)
From the article, the service is "a service set up for patients who are stable and on long-term HIV treatment." So, no, status wasn't formally disclosed but it's not like a general clinic where you'd have positive and negative test results.
BCC is a horrible trap waiting for that fat-fingered moment. There are better ways, but they need training.
Re: (Score:2)
Someone from the clinic was interviewed on the radio yesterday, and stated that no everyone on the list was HIV positive. Some were dealing with other sexual health issues, some were just interested parties or other clinicians.
Re:Status was NOT divulged, only email identities (Score:5, Informative)
CC is a horrible trap, BCC is not
Re:Status was NOT divulged, only email identities (Score:5, Insightful)
Re: (Score:2)
The newsletter is intended for people using its HIV and other sexual health services, and gives details of treatments and support.
This strongly implies there's some medical issue with all the recipients of this e-mail newsletter. After all, why would someone be subscribed to this who is not HIV positive or has some other affliction? And if you read the article, their full names were included in the list, as is common with e-mail. Frequent gaffe or not, this is a huge breach of privacy for those involved.
I'm curious... does anyone know if there a way to create a mailing list in Outlook (or whatever they used) such that it can ONLY b
Re: (Score:2)
It would be fairly trivial to write a script that cycles through a list of email addresses and sends a personalized mail to each address. I wouild also imagine somewhere in MS's office package the mail merge feature could be tweaked to make this happen. Anyone who relies on email as a part of thier business to communicate with clients really ought to have something in place that manages contacts, keeps them up to date and facilitates distribution of information. I think the issue with this particular clinic
Re: (Score:2)
BCC already does this, why would you go to the trouble of setting up an entirely different method?
Re:Status was NOT divulged, only email identities (Score:5, Insightful)
This strongly implies there's some medical issue with all the recipients of this e-mail newsletter. After all, why would someone be subscribed to this who is not HIV positive or has some other affliction?
And in one sentence you've proven how personal information can lead to completely the wrong conclusions. This is why privacy is no joke and needs to be taken seriously...
Re: Status was NOT divulged, only email identities (Score:2)
Re:Status was NOT divulged, only email identities (Score:5, Funny)
Yeah, 'cause anyone without HIV is terribly interested in a newsletter concerning its treatment.
I can't wait to get my next Alzheimer newsletter. Or ... wait, did I get it yesterday?
Re: (Score:2)
Yeah, 'cause anyone without HIV is terribly interested in a newsletter concerning its treatment.
Exactly, people who care for people with HIV, clinical staff, researchers etc. all subscribe to such newsletters.
Re: (Score:1)
From: hospital.info@nhs.london.co.uk
To: hiv.center@london.co.uk
CC: Bob Burger <bob.burger@hotmail.com>, Cecil Cockburn <cecil1990@gmail.com>, David Davidson <dave@tesco.co.uk>, etc..
Subject: New treatment times for your HIV-infection and community meetings
It is not hard to imagine, that other people on the list would be infected with HIV as well.. Now the recipients know 800
Re: (Score:2)
The problem isn't who, exactly, was on the list - and what their HIV status might be.
The problem is the PERCEPTION in the general public about what the HIV status must be of people on that list. My guess is that a vast majority of people would assume that they are all HIV sufferers...that's incorrect, but that's what they'll assume.
At least one person who replied right here on Slashdot is advocating that the names of people with HIV should be public knowledge.
So - what is the intersection of people who (st
That happens when graphists are put in charge ... (Score:1)
No, graphists are not better than other people at their job.
A web developer still makes better web sites than a graphist.
And a doctor still knows better when to shut up about medical details than a graphist.
And no, people in general don't like newsletters (even when they DON'T divulge private details to other recipients).
So, please get back to your pretty pictures, and let us do OUR jobs.
Re: (Score:2, Insightful)
What the fuck is a graphist?
Re: (Score:2)
Someone the OP has a personal issue with, I assume.
Shouldn't have said anything (Score:2)
So what seems to have happened is that someone, some admin guy, was asked to send out the HIV Monthly newsletter by email. Does just that but in such a way all email addresses were visible. Now, probably like a lot of people, I also receive emailed newsletters and similar. Occasionally they also have all other recipients email addresses exposed. So my thoughts are whether this is a general issue that affects all mass email or is it something specific to this clinic? Receipt of a newsletter from an HIV clini
Re: (Score:1)
I think you'd have a pareto-style 80/20 split between "patients with HIV" and "other parties", and that's good enough for strong inference to be drawn. HIV is the poster child for sensitive data, so yeah, it does matter.
It's trivially easy to do, and trivially easy to screw up: a classic infosec trap.
Re: (Score:2)
I think you'd have a pareto-style 80/20 split between "patients with HIV" and "other parties", and that's good enough for strong inference to be drawn. HIV is the poster child for sensitive data, so yeah, it does matter.
It's trivially easy to do, and trivially easy to screw up: a classic infosec trap.
I believe this clinic deals mostly with sexually transmitted diseases, so being revealed having some variety of the clap won't be much of an improvement in many people's eyes.
Re: (Score:3)
She/He is an idiot because she/he used CC instead of BCC. Something that riles me in general.
Re: (Score:2)
She/He is an idiot because she/he used CC instead of BCC. Something that riles me in general.
This is also a fault of the particular implementation of the CC function. When selected it should put up a warning that all the addressees details will be included in every email sent and ask "Are you sure?" before it goes ahead and sends.
Re:Why shouldn't this be public anyway? (Score:5, Insightful)
Because people are stupid.
HIV is pretty much non-contagious as long as you don't exchange some sort of body fluid. Now, I don't know how you go about in your everyday life, but I don't routinely have people spill blood, semen or other stuff coming out of their body into mine.
But people are stupid.
Remember the H1N1 craze? Swine flu? Or any other of the sky-is-falling pandemics? SARS anyone? Yes, they are contagious. How many cases did we have around the US and Europe? Was it more than a dozen combined? People went apeshit over that crap. Mostly because they didn't have the first clue about it other than "oh it's killing people, watch out!"
And now imagine these people should interact with people who actually carry a deadly disease. No matter that there is no sensible way they could get infected, they WILL go bananas over it.
HIV is already a disease that puts a terrible weight on your psyche. Making these people outcasts for no reason whatsoever doesn't really help it.
Re: (Score:2)
And I have a rock that protects me from tiger attacks...
Re: (Score:2)
Re: (Score:2, Insightful)
Stigma and discrimination. HIV +ve individuals are routinely denied housing, employment and ostracised from society due to their HIV status. By making a public register this would further discourage people from seeking appropriate testing and treatment.
The most common mode of transmission is through sexual intercourse and effective treatment of HIV (through the use of HAARTs) significantly reduces the chance of passing the infection on. By discouraging people from seeking out proper health
Re: (Score:2)
HIV is highly communicable under certain circumstances.
If you are referring to the circumstance where someone puts their penis in someone else's body cavity, then yes you're right. But rather than publishing the name of everyone who has been tested positive (which wouldn't reveal the names of any one who HASN'T been tested), why don't you and your latest partner get tested before having sex? If that's too much hassle, then you (or anyone else) are part of the problem - you could be spreading HIV now.
Having a registry of people infected with HIV would allow people to avoid the type of contact that can spread HIV with infected persons.
Once people know that HIV test results are public record, they
Re: (Score:2)
So your position is that the entire country (world maybe) should have access to identity information for everyone who currently has a potentially fatal, communicable disease? Knowing their email addresses would hardly be adequate to help people avoid the problems you describe, so you must (logically) be advocating for revealing actual names and work/home addresses.
Hmmm - so what other diseases should be accorded such special status?
Unless you have some kind of unseemly bias, you must be concerned about all
Finger trouble... (Score:1)
Standard issue baby boomer reluctance to use computers properly.
"Why would we buy a tool to send bulk email when the intern can do it for peanuts?"
This is why, executives. This is why you need to use the correct tools. Just do a mail merge. It is unbelievably simple. So simple that the intern could do it.
It's OK right? (Score:2, Insightful)
Easy problem to solve: Ban CC: (Score:3, Interesting)
Take out CC: in mails and only allow BCC:
I seriously hate it when my friends send a mail to me with some other people and my email address is not hand-delivered to the virus and spam-harvester infested horrors of my other friends. If ALL emails only went out by BCC this would not happen.
Mail server maintainers such as Postfix/Exim and such should band together and simply phase out CC and start treating the CC header as a BCC header. And then should begin rejecting mails with a CC with multiple email addresses in it outright. This would solve half of the world's spam problems in a few years too.
Re:Easy problem to solve: Ban CC: (Score:5, Insightful)
CC has legitimate uses though. For instance in business you might email someone but copy in several other people in the team. You don't want to use BCC as you want replies to go to your teammates too, and you don't want to use To so it's clear who the email was intended for.
Re: (Score:3)
Agree : I use "To: " for people I expect to take an action, and "CC" for people I just think need to be informed.
Of course, this is way too subtle for the majority of people...
Re: (Score:2)
Certainly both BCC and CC have their valid uses - but you'd be amazed the number of people who don't understand the difference. Even after I pointed it out, the HR team at a company I worked for a few years ago would still send out emails about upcoming events and benefits stuff to the entire company using CC. Then a huge number of "Thanks for telling me!" types of replies would wind up being spread around the entire company.
Perhaps mail clients should retire the acronyms and spell out more explicitly wha
Re: (Score:1)
Check out the last revision of outlook: BCC is hidden by default!
Re: (Score:2)
In the full compose window the Bcc field is right below the To and Cc fields just where it has been for the past several versions.
Re: (Score:2)
And then should begin rejecting mails with a CC with multiple email addresses in it outright.
There is nothing preventing you from doing that right now with your own email client.
This would solve half of the world's spam problems in a few years too.
That's assuming the world still even has a spamming problem.
Personally, I don't have a problem with email spam (except for spam faxes). Unfortunately, I still have stupid co-workers that will order things from unsolicited faxes, thus rewarding the spamming behavior, and unfortunately, the phone/fax system is still largely ill-equipped to deal with such problems.
Re: (Score:1)
In this case it's likely that they used TO to send the newsletter to all interested persons, so banning CC won't solve anything.
Re: (Score:3)
It probably wouldn't hurt to have a big massive warning pop up if you try to CC, reply all, or forward to more than a dozen people.
Re: (Score:2)
Rest assured, if you should ever contract it, I'll be personally doing my best to take out double page ads in the Sun to announce it to the world.
Health clinic? (Score:1)
Is that a word? I thought a clinic is always a health care institution.
Nothing has been disclosed, after all. (Score:1)
One click away from failure (Score:3)
oh no, now everyone is safe (Score:2)
Crosscheck! (Score:1)