Local Health authority breaks GDPR
Wibbles
Community member Posts: 2,220 Championing
My local health authority has broken GDPR by sending a personal email to my father rather than myself. The person concerned apologised telling me "sorry - I got your email from online notes" but as far as I am aware, they do have my actual email address...
Luckily - it was only information concerning a wheelchair assessment - but the sender had no idea whether the recipient was my father or someone unrelated to me !!
0
Comments
-
That's a pretty serious concern, everyone sending emails with potentially personal/private information should have GDPR training.
While in this instance it didn't have a negative outcome, that is never something you can assume. I personally would raise a complaint about it, but of course it's up to you what course or action you take. Even though, I imagine, they were just trying to be helpful it can be quite detrimental/harmful just sending out personal info without knowing who is actually receiving it.0 -
My GP surgery uses read codes to stop patients from knowing what is really wrong with themThe latest on my record is Letter received (XaKqd)I have googled XaKqd and can't find itDoes anyone know ?
1 -
qd usually means "everyday/daily" Abbreviations you may find in your health records - NHS App help and support - NHS (www.nhs.uk)
They don't have one for Xa but you should be able to ask your surgery what it means. Could it be a new medication you're supposed to now take everyday perhaps?0 -
Jimm_Scope said:qd usually means "everyday/daily" Abbreviations you may find in your health records - NHS App help and support - NHS (www.nhs.uk)
They don't have one for Xa but you should be able to ask your surgery what it means. Could it be a new medication you're supposed to now take everyday perhaps?
As far as I am aware - surgeries were supposed to stop using these codes - years ago - but mine still does !
0 -
Yes, I do remember while searching for the code information that they were supposed to stop using them in the late 2010s, because they were confusing to patients. I assume your GP has just "stuck to their ways", I know some of the older GPs at my surgery struggle to change to new and more transparent processes.0
-
Jimm_Scope said:That's a pretty serious concern, everyone sending emails with potentially personal/private information should have GDPR training.
While in this instance it didn't have a negative outcome, that is never something you can assume. I personally would raise a complaint about it, but of course it's up to you what course or action you take. Even though, I imagine, they were just trying to be helpful it can be quite detrimental/harmful just sending out personal info without knowing who is actually receiving it.
I asked the person concerned why/how it happened and I received an apology but no explanation - since my father has never had any dealings with the department concerned (OT)
0 -
Jimm_Scope said:Yes, I do remember while searching for the code information that they were supposed to stop using them in the late 2010s, because they were confusing to patients. I assume your GP has just "stuck to their ways", I know some of the older GPs at my surgery struggle to change to new and more transparent processes.
I have asked the surgery for a copy of the "received email" - I bet that my medical records are updated to "lose" the message now !
0 -
Hi @Wibbles
So if the the GP has breached data protection firstly, you should find out if they have a DATA Protection Officer. In NHS this person is usually called a Caldicott Guardian.
They are senior NHS staff who are responsible for Data protection.
Make a formal complaint ensuring they are the person who is notified/investigate your concerns.
If you are unhappy with there response complain to the
ICO (Information Commissioners Office) who are the body who have responsibility and ability to take actions including sanctions against organisations who are found to have breached data protection legislation.
They will not usually get involved if you have not allowed the NHS trust responsible for the GP to do an investigation and respond to a complaint first.
The NHS does use codes for many reasons this is not an abbreviation. Example
SOB = shortness of Breath. However when this was read
A patient thought it meant Son of a B****
MS = Multiple Sclerosis
The (XaKqd) code could be a demographic, funding codes and I am glad that these are not widely known, as there are certain situations which need to be coded to protect individuals rights. It's not always a suspicious reason. There are genuine needs for information to be coded.
Ask them what this refers to as it's in your records they should disclose.
Accessible records is really important, so they should be willing to discuss this with you.
However I also understand that some discretion is required. Especially with the amount of cyber attacks/hackers who are out there.
I would definitely complain as your right this is an unacceptable breach of your rights.0 -
So does anyone know what the code is?
0
Categories
- All Categories
- 14.1K Start here and say hello!
- 6.7K Coffee lounge
- 59 Games den
- 1.6K People power
- 86 Community noticeboard
- 21.7K Talk about life
- 4.9K Everyday life
- 45 Current affairs
- 2.2K Families and carers
- 818 Education and skills
- 1.7K Work
- 419 Money and bills
- 3.3K Housing and independent living
- 871 Transport and travel
- 650 Relationships
- 60 Sex and intimacy
- 1.3K Mental health and wellbeing
- 2.3K Talk about your impairment
- 843 Rare, invisible, and undiagnosed conditions
- 888 Neurological impairments and pain
- 1.9K Cerebral Palsy Network
- 1.1K Autism and neurodiversity
- 35.1K Talk about your benefits
- 5.6K Employment and Support Allowance (ESA)
- 18.3K PIP, DLA, and AA
- 6.3K Universal Credit (UC)
- 5K Benefits and income