On Friday 8th December an email was sent to 998 email address without following the protocol of “blind copying” recipients and protecting their details from others in the email chain. This was brought to the attention of the Practice Manager (PM) at 6pm on Monday 11th December when a patient contacted the practice to make a complaint about sharing their personal data. The PM immediately alerted the Executive Partner GP who was working in the building, and also spoke with the Administrator who had earlier made the mistake. This uncovered that the email had immediately been recalled when she realised the mistake but unfortunately this had not worked for the majority of recipients who started to email the practice 48 hours after the email had been sent to them.
The PM spoke to the EMIS clinical system supplier to get reassurance that the access to clinical information was not compromised. They confirmed it was not an issue because this did not rely on an email address but a unique code. The PM also completed a significant event/clinical concern online report to inform the local Clinical Commissioning Group (CCG) and started the Information Governance online reporting form to report the data breach/ incident to NHS Digital.
The following email was drafted and carefully sent to the same 998 recipients of the initial message at 1950 that night:
We would like to apologise for the mistake made when sending you an email on the afternoon of Friday 8th December. When creating the distribution list, the administrator did not use the “blind copy functionality” as required by our protocol. She immediately realised her mistake and attempted to recall the message, but by doing so emailed you all again. It was only the next time she sent a message it went in such a way you could not see other people’s email addresses.
We would like to reassure you that this mistake will not happen again and have reported this incident to the relevant NHS authorities, as we are required to do so.
We have been further reassured this evening by our clinical system supplier, EMIS, that for those of you with access to our online services, your account will not be compromised in any way. This is because it is accessed using a unique identifier code and not your email address. If you have any further questions or require further reassurance, do not hesitate to get in touch.
Sincere apologies again.
On behalf of the Partners at Ringmead Medical Practice.
The next morning, 12th December 9am, the PM spoke with the local Information Governance lead to check if there was anything else that should have been completed, and she confirmed that all reasonable steps had been taken. She suggested that the information is updated on the website/IG toolkit once the significant event has been discussed by the Practice Partners. At this point the PM submitted the IG incident form to NHS Digital.
There has since been some contact from patients either accepting the apology, and acknowledging the human error, or requiring more information. The Practice Manager will be in touch with people if they have requested a direct response for more information.
A subsequent email was sent at 5pm to the 998 patients asking them to delete the original email and ensure it has been removed from their deleted items folder. This is in line with the automated footer that is sent to all non NHS.net email addresses from our account.
Update 15/12/2017: It has been brought to our attention that some desktop applications may not delete emails from the web based mail. Please remember to log into your account online to double check.