A leading sexual health clinic has apologised after mistakenly sharing the HIV positive status of hundreds of patients in an email.
The 56 Dean Street clinic in central London, which is run by Chelsea and Westminster NHS Trust, admitted it had sent out the names and email addresses of 780 HIV patients and promised to investigate.
Health Secretary Jeremy Hunt has asked the Care Quality Commission to review data security in the wake of the scandal.
In a statement via email, the clinic said: "We can confirm that due to an administrative error, a newsletter about services at 56 Dean Street was sent to an email group rather than individual recipients.
"We have immediately contacted all the email recipients to inform them of the error and apologise."
The clinic said concerned patients can call 020 3315 9555 and 020 3315 9594, both of which are open until 6pm.
According to the website beyondpositive, the details were available to all who received the email. Shortly afterward, the clinic used the "recall" feature to retract the message for those who hadn't seen it.
In a subsequent email, a copy of which was posted on the site, the clinic then apologised and urged people to delete the original message.
The Information Commissioner's Office (ICO), which regulates organisations' handling of data, said: "We are aware of an incident regarding the 56 Dean Street clinic and are making enquiries."
Fines of up to £500,000 are among the options enforceable by the ICO for serious breaches of data protection law.
Mr Hunt described the breach as "completely unacceptable" and said patients needed to be given confidence that the NHS is able to look after personal data.
He told a NHS event in Manchester: "Nothing matters more to us than our own health but we must also understand that for NHS patients, nothing matters more to them than confidence that the NHS will look after their own personal medical data with the highest standards of security.
"The truth is the NHS have not won the public's trust in our ability to do this as today's completely unacceptable data breach at the Dean Street surgery demonstrates.
"If we are going to win that trust we need to strengthen the independent oversight of data security within the NHS to a level that we don't have at the moment."
ITV News Consumer Editor Chris Choi reports:
At its core - this incident is a matter of human error. But it also raises important questions over policy, procedure, training and supervision here. And there's a wider problem.
Around a quarter of the 108,000 people living with HIV in the UK are unaware of their status. There's a risk this could put people off being tested.
I have spoken to one patient of Dean Street who has explained how vulnerable he now feels, "this is a mistake that should never have happened and will worry people using services like this".