Serious concern as NHS Highland email blunder exposes confidential details of 37 HIV sufferers

nhs highland logo

NHS Highland was forced to apologise after a data breach exposed the confidential names and email addresses of nearly 40 people with HIV.

The health board exposed the personal details of 37 recipients to each other in an email that was distributed to invite patients to a support group run by Raigmore Hospital’s sexual health service.

One man in his 40s who received the email said he was “stunned” by the error, and the whole ordeal made him feel “physically sick”.

He told STV news: “It took me some time to process what I had seen.

“I know it stems from a genuine mistake but anonymity and confidentiality are so important.

“I scrolled the list and saw names clearly in some of those addresses, mine included.

“You feel physically sick, people you know, people you might have been with over the years and it sets off all those dark thoughts you had just after diagnosis.”

The health board yesterday apologised for the data breach, with the email understood to have been distributed last week, and has said measures are being put in place to avoid a reoccurrence in the future.

A spokeswoman for the health board said: “NHS Highland deeply regrets that this breach of confidentiality has happened and we have contacted patients individually to apologise.

“As per normal procedure, a formal internal review is being conducted to understand how this has happened and to consider any steps to avoid this happening in future.”

Under guidelines set out by the Information Commissioner’s Office (ICO), organisations have 72 hours to report a breach should it pose a risk to people’s rights and freedom, with a spokeswoman yesterday confirming that no report had been lodged.

She added: “All organisations processing personal data should do so safely and securely particularly when special category data such as medical information is involved. If anyone has concerns about how their data has been handled, they can report these concerns to us and we can look into the details.”

Nathan Sparling, chief executive of the HIV Scotland charity, said they were willing to work with those affected should they wish to peruse further action regarding the breach of data.

He said: “When you are dealing with a group of people who are living with the most stigmatised health condition there is, confidentiality is of the uttermost importance.

“The decision of anyone to disclose their situation is theirs and theirs alone, but this breach has exposed the situation of these 37 people to each other.

“It is obviously really concerning and unacceptable.”

Mr Sparling added: “An investigation is needed. It is clear what has happened but there need to be strict safeguards to ensure this never happens again.”

Local politicians yesterday reacted with much concern.

Edward Mountain said: “utmost care must always be taken when handling personal and sensitive information about patients.”

Shadow Health Minister David Stewart MSP praised the health board for ordering an internal review but did express his worries.

He said: “Keeping patients’ information a secret is very important for the confidence of all patients throughout the Highlands and Islands.”

John Finnie MSP added that he was “extremely” disappointed and that the incident “will have undoubtedly caused upset to the patients concerned.”