1. ITV Report

London clinic admits mistakenly sharing HIV patients' details

A leading sexual health clinic has apologised after mistakenly sharing the HIV positive status of hundreds of patients in an email.

The 56 Dean Street clinic in central London, which is run by Chelsea and Westminster NHS Trust, admitted it had sent out the names and email addresses of 780 HIV patients and promised to investigate.

Health Secretary Jeremy Hunt has asked the Care Quality Commission to review data security in the wake of the scandal.

The error was admitted by Soho's 56 Dean Street clinic. Credit: Google Street View

In a statement via email, the clinic said: "We can confirm that due to an administrative error, a newsletter about services at 56 Dean Street was sent to an email group rather than individual recipients.

"We have immediately contacted all the email recipients to inform them of the error and apologise."

The clinic said concerned patients can call 020 3315 9555 and 020 3315 9594, both of which are open until 6pm.

According to the website beyondpositive, the details were available to all who received the email. Shortly afterward, the clinic used the "recall" feature to retract the message for those who hadn't seen it.

In a subsequent email, a copy of which was posted on the site, the clinic then apologised and urged people to delete the original message.

I'm writing to apologise to you.

This morning at around 11.30am at we sent you the latest edition of OptionE newsletter.

This is normally sent to recipients on an individual basis but unfrotunately we sent out today's to a group of email addresses.

We apologise for this error.

We recalled/deleted the email as soon as we realised what had happened.

If it is still in your inbox please delete it immediately.

Clearly this is completely unacceptable.

We are urgently investigating how this has happened and I promise you that we will take steps to ensure it never happens again.

We will send you the outcome of the investigation.

– Email apology to patients from 56 Dean Street
Credit: ITV News

The Information Commissioner's Office (ICO), which regulates organisations' handling of data, said: "We are aware of an incident regarding the 56 Dean Street clinic and are making enquiries."

Fines of up to £500,000 are among the options enforceable by the ICO for serious breaches of data protection law.

Mr Hunt described the breach as "completely unacceptable" and said patients needed to be given confidence that the NHS is able to look after personal data.

He told a NHS event in Manchester: "Nothing matters more to us than our own health but we must also understand that for NHS patients, nothing matters more to them than confidence that the NHS will look after their own personal medical data with the highest standards of security.

"The truth is the NHS have not won the public's trust in our ability to do this as today's completely unacceptable data breach at the Dean Street surgery demonstrates.

"If we are going to win that trust we need to strengthen the independent oversight of data security within the NHS to a level that we don't have at the moment."

ITV News Consumer Editor Chris Choi reports:

At its core - this incident is a matter of human error. But it also raises important questions over policy, procedure, training and supervision here. And there's a wider problem.

Around a quarter of the 108,000 people living with HIV in the UK are unaware of their status. There's a risk this could put people off being tested.

I have spoken to one patient of Dean Street who has explained how vulnerable he now feels, "this is a mistake that should never have happened and will worry people using services like this".