Home / News & Resources / Case Study / What Can Happen When Medical Information is Sent to the Wrong Person?

What Can Happen When Medical Information is Sent to the Wrong Person?

We all want to be sure that our medical information is securely stored and is only handed by those who have the authority to do so. But, as Associate Mo Hussain discusses, there may be a situation where this information is mistakenly sent to the wrong person.

But, when it comes to information falling into the wrong hands, in most cases, it is human error rather than cybercrime that is the biggest cause of data breaches. And these errors are just as likely to happen offline.

Medical information sent to the wrong person is a serious issue in today’s society. In a recent case, our solicitors saw the impact of what can happen when sensitive medical information was sent to the wrong address by mistake.

What happened in this case?

In this data breach, a government department sent a copy of a confidential medical report to a person's former partner by mistake. The report from a doctor said that our client was depressed and suicidal.

Once our client's ex read the report - a document that they should never have had access to - they successfully used its contents in an application to reduce our client’s contact with their children.

As a direct response of the admin error, this data breach has had a devastating impact on our client, causing considerable distress and upset as well as aggravating mental health problems. So, in this case, the consequences have been particularly severe.

What can you do to stop this from happening to you?

When handing over your postal address to an organisation, it is vital that you check that these details have been taken down correctly. You are completely within your rights to ask for a copy of the data an organisation holds about you. This is called making a subject access request (SAR). This won't guarantee that an error doesn't result in information going to the wrong address, but it is a good safety precaution to take.

Find out more about making an SAR.

You should also ask any organisation that has access to your medical records about what type of information they share and with who.

You can also choose not to have your medical information shared or used for any purpose beyond providing your own treatment or care. This choice is known as a national data opt-out.

Find out more about the national data opt-out.

Of course, there may be instances (as in this case) where you need or want to share this information. Likewise, your confidential patient information may still be used when there is a legal requirement to provide it.

Lessons learned

The duty of confidentiality goes beyond undertaking not to divulge confidential information; it includes a responsibility to make sure that written patient information is kept securely.

If you are an employee of a medical organisation or a government agency or department and you want to make sure that you don't make a similar mistake, talk to your employer about any processes that can be put in place to make sure that the addresses of your customers are correct.

This is especially important if you deal with sensitive information such as medical reports. Such steps could include things like additional data protection training, and checks and balances on systems generating correspondence.

Get expert help if your medical information has been sent to the wrong person

Medical information sent to the wrong person can undoubtably have a detrimental impact on all those affected, but our team of experts is here to help.

For more advice on how to keep your data safe, follow Hayes Connor on Twitter or give us a like on Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0330 041 5134 to discuss your case in more depth.