The 56 Dean Street Clinic Breach - A Look Back On What Happened

Last year in September, a sexual health clinic based in Soho, London, revealed almost 800 of their patients’ private information to each other by mistake – i.e. the other patients – when an email was sent to the list of people where the names and addresses for the other recipients were not hidden.

This has resulted in one of the biggest data breaches in the history of the NHS, and has led to us fighting for the rights of numerous people who have been affected by the breach.

The clinic works with intimate and sensitive private information as many of their patients have conditions like HIV. The clinic, managed by the Chelsea and Westminster Hospital NHS Foundation Trust, offered a convenient and quick online service for booking appointments and receiving test results, known as Option-E. Those who had signed up for this service also received a generic newsletter every once in a while, and this eventually led to the breach.

On the 1^st of September 2015, patients opened one of these electronic newsletters from the NHS managed clinic, and were horrified to find that their private email addresses were visible; and so were every other recipients’ as well.

The clinic had mistakenly sent the newsletter with all the recipients’ addresses exposed in the ‘to’ section, rather than using the ‘blind cc’ method, or a proper systemised method that would hide the names and addresses.

Naturally, many patients were distraught to see other patients’ full email addresses, with many of them including names as well. Since the clinic was based in a small Soho area, some clients were speechless when they recognised names of people they knew whom they had not been aware were also HIV sufferers, or were undergoing testing. Of course, as they could see other people’s information, the people they knew could also see theirs.

Technology for communication is so popular nowadays that mistakes could prove to be severe, as we have seen in the 56 Dean Street Clinic case here. Many of the patients were devastated and hugely distressed to have their private information leaked out by the NHS. Some patients had spoken of the ‘second to none’ quality care provided at the clinic, which has been sadly clouded as a result of the breach.

The clinic has apologised, but the damage is already done. The information is now out there, and all people can do is seek justice by way of a Data Protection Act claim, which is what we are helping people with.

As we have said in the past, we absolutely do not share the media opinion that this was just some “human error” and we really feel sorry for the staff involved. The issue here is systemic – there is technology that is easily and readily available that could have prevented this from happening, and with the nature of the information we’re talking about here, we are very surprised that it wasn’t used in the first place.

Big and sensitive data must be handled very intelligently.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.

Create A Call Back

Information on how we handle your data is available in our Privacy Policy.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.