back to article NHS Direct wrongly emailed patients' data

An email sent by the NHS advice service mistakenly disclosed personal information about patients, although it did not leave the health service. The organisation's annual report for 2008-09 reveals that the information, including the names, addresses, NHS numbers, dates of birth and clinical data of about 100 patients, was …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    A spreadsheet?

    Oh, FFS.

  2. Frank Bitterlich

    The usual bollocks...

    Quote: "NHS Direct takes data protection very seriously and we regularly review our processes and train our staff in order to ensure that we fulfil our responsibilities in this area." That's a lie. Proof:

    "... this happened when a spreadsheet was emailed to three people in error."

    a) "spreadsheet" + "emailed": FAIL.

    b) "spreadsheet" + "emailed" + "to three people": Catastrophic FAIL.

    c) "emailed" + "in error": Final, irrevocable proof that they...

    - do NOT train their staff in any meaningful way

    - do NOT take data protection seriously

    - do NOT fulfill their responsibilities in this area.

    End result: Complete, utter, FAIL.

  3. Martin 6 Silver badge

    @The usual bollocks.

    You missed the bit where the spreadsheet was a photo of a screendump printed out and placed on a wooden table before being pasted into a spreadsheet.

  4. Jon 48


    Hardly a major failure. The information didn't leave the NHS so everyone who saw it would already be bound by patient confidentiality rules. Every company I've ever worked for has used spreadsheets for emailing information, at least the NHS is acting responsibly by holding its hands up and admitting it.

  5. Anonymous Coward
    Anonymous Coward

    Why not

    Just give the whole lot to Google to look after --- and make it publicly available.

    We might just as well google for each other's personal details as find them on park benches and the back seats of cars.

  6. Anonymous Coward

    Patient confidentiality

    isn't between the patient and ALL of the NHS. So data ending up with the wrong employees is a breach of that confidentiality. At least they're owning up to it but still they're not exactly showing trust-inspiring levels of competence.

  7. Dale Richards
    Thumb Down

    @Jon 48

    -- "The information didn't leave the NHS"

    This isn't guaranteed. The spreadsheet was emailed to "another part of the health service" - depending on their definitions, it's entirely possible that the email in question travelled over the Internet, and could therefore have been intercepted at any one of a number of points along the way...

  8. Dr Patrick J R Harkin

    @Dale Richards

    If it was emailed, it *should* have gone over NHSNet (which has been renamed, but I can't remember what to, N3 I think) which has a separate encrypted backbone and shouldn't end up going through any unapproved ISP's.

  9. Jon 66
    Thumb Up

    @Dr Patrick J R Harkin

    I should imagine you are correct that any NHS email address would have been routed over N3.

    Glad to know that our data is completely safe as surely no employee in their right mind would have the gall to put an internet email address into the CC field....

  10. William saywell


    In this case you are probably correct, as the sender and recipient would almost certainly have been using NHS mail which is secure end-to-end between nhs mail addresses [].

    However, the principle doesn't hold generally, as [unlike social services and MoD] there are many parts of the nhs that use addresses, which are not secure outwith their own organisation, and so are inappropriate for sending patient data to other domains [including other and adressees], as this traffic would be routed over the internet.


This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2022