An NHS health board accidentally revealed the identities of HIV patients due to an email blunder. NHS Highland emailed invites to HIV-positive people for a support group run by Raigmore Hospital’s sexual health clinic in Scotland, UK. While emailing, instead of blind carbon copying (BCC-ing) recipient email ids, they were included in the carbon copy (CC) field.
Ironically, the email promised the recipients that it would “respect anonymity’’ and would “never identify members present,” at the meeting. It did anyway.
One of the patients whose name was exposed in the email blunder spoke to Scottish TV about his feelings when he realized his identity and medical condition was exposed.
“I know it stems from a genuine mistake but anonymity and confidentiality are so important. I scrolled the list and saw names clearly in some of those addresses, mine included. You feel physically sick, people you know, people you might have been with over the years and it sets off all those dark thoughts you had just after diagnosis.”
The health board’s spokesperson apologized to the email recipients and said that “NHS Highland deeply regrets that this breach of confidentiality has happened and we have contacted patients individually to apologize. As per normal procedure, a formal internal review is being conducted to understand how this has happened and to consider any steps to avoid this happening in future.”
The chief executive of the charity organization HIV Scotland, Nathan Sparling said that the breach was “unacceptable.” He stated that confidentiality is of “paramount importance” and that the decision of disclosing their HIV status solely lies in the hands of the patients and no one else.
HIV patients have been victims of such careless privacy breaches in the past as well. For instance, a few years ago, a sexual health clinic in Soho, London disclosed the names and emails of nearly 780 people, out of which most were HIV positive.
Around 2015, the 56 Dean Street clinic in London sent out an email newsletter through which it revealed the identities of HIV-positive patients to the other recipients as it sent a group email, instead of sending them as blind carbon copies (BCC-ing).
