Healthcare providers are failing to protect the privacy of people living with HIV, watchdog warns
Information breaches by the NHS are a ‘huge’ problem, warns the UK’s data watchdog
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Healthcare providers are failing to protect the privacy of people living with HIV, the UK’s data watchdog has warned.
The Information Commissioner’s Office said it has been forced to hand fines worth thousands to organisations which have released the details of those living with HIV.
Speaking with The Independent, Information Commissioner John Edwards, said: “It is a huge problem [within healthcare] and it’s a disproportionate amount of our business.
“That’s partly because of the seriousness and the sensitivity of health information, the huge scale of the health sector and very many moving parts, with many opportunities for information to slip out as it moves from one place to another, and frankly, they’re just not doing well enough.”
In a warning on Tuesday the watchdog highlighted specific concerns over HIV patients’ data being breached through the use of bulk emails in which staff have not used the blind copy function.
Mr Edwards told The Independent that the NHS and voluntary sector healthcare providers, need improvements in technology that require investment in new systems of communication.
“I think there’s a lot of fairly low-tech solutions like storing stuff in spreadsheets,” he said, suggesting a more sophisticated approach is needed.
Healthcare providers accounted for a fifth of all of personal data breaches in 2022-23.
According to the ICO, there have been 19 notifications of organisations providing healthcare services which have breached patients’ data since 2019. Seven of these have been in the last financial year.
In one case highlighted by the commissioner, the Young Men’s Cristian Association (YMCA) of London was fined £7,500 after it sent emails to 264 people intended for people on its HIV support programme but copied all addresses in rather than blind copying the emails. This meant recipients could see who else had received the mail.
The warning comes following news that dating app Grindr faces law suits from hundreds of users alleging they had their private information, including HIV status, shared without consent.
The ICO told The Independent his office is now also looking into how health services engage with Artificial Intelligence technologies which require the use of personal data to train their systems.
He said: “A lot of care has to be taken because we’re seeing a significant number of challenges with people exercising their rights in relation to data held on generative AI systems.”
The Information Commissioner said: “People living with HIV are being failed across the board when it comes to their privacy and urgent improvements are needed across the UK. We have seen repeated basic failures to keep their personal information safe - mistakes that are clear and easy to avoid…
“We know from speaking to those living with HIV and experts in the sector that these data breaches shatter the trust in these services. They also expose people to stigma and prejudice from wider society and deny them the basic dignity and privacy that we all expect when it comes to our health.
The ICO has also had to reprimand the trust NHS Highland last year for over the same issue after it bulk emailed 37 people, with an email for those likely to be accessing HIV services which revealed the personal addresses of others.
In 2021 a charity called HIV Scotland was fined £10,000 for personal data breaches involving 65 people.
In August 2023 the ICO warned failure to use the blind copy feature when sending bulk emails is one of the most commonly recorded data breaches.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments