Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Thursday September 03 2015, @12:22PM   Printer-friendly
from the must-not-have-used-gmail dept.

The BBC News reports that:

The 56 Dean Street clinic in London's Soho sent out the names and email addresses of 780 patients when a newsletter was issued to people who attend the clinic. Patients were supposed to be blind-copied into the email but instead details were sent as a group email.

From an interview with one patient:

One man, a 40-year-old public sector worker, has been HIV positive for 13 years and has been using the Dean Street clinic for five. He said: "I felt sick when I realised what had happened. I first saw the email at work but ignored it as I was busy. I then looked at it when I was on the way home from work. I couldn't breathe. I'm concerned who will get this information. If it ends up in the hands of the wrong people, such as hate groups, it could be dynamite."

Further:

Fellow patient James ... said: "I was travelling back from the pride parade in Manchester on Monday when I received this email. I couldn't believe it when I got it and I've been full of worry since. I am not ready to disclose my HIV status to my wider friends or family. I fear now that I have no choice."

Finally, a friend informs me that a breach of privacy at another clinic may be widely reported within the next few days.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Insightful) by DeathMonkey on Thursday September 03 2015, @05:27PM

    by DeathMonkey (1380) on Thursday September 03 2015, @05:27PM (#231863) Journal

    each time I visit the doctor (once a year) I am asked if I want to sign up for online doctor access where they could correspond with me over email or send lab reports back to me that way.
     
    I think they are just describing it to you in layman's terms. No Dr in their right mind is going to violate HIPPA* by sending sensitive info via email. What the portals do is store the info within the portal then email you that the info is there. You have to log in to see it.
     
    * similar laws exist pretty much everywhere if you aren't in the US.

    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 2) by TheGratefulNet on Thursday September 03 2015, @05:59PM

    by TheGratefulNet (659) on Thursday September 03 2015, @05:59PM (#231876)

    nope, I've been told that if I pay a bit more for my HC, I will get email access to my doctor and I can converse with him/her in any way I want.

    THAT is scary shit that never should have been 'a thing' to begin with.

    and hippa regulations? I've had pharmacists call and leave messages on my voicemail about medications I was taking or waiting for and those idiots had no idea that it was WRONG to say anything informational in a voicemail. simply say that I'm the pharmacist and please call us back. that's all it would take. but no, I've gotton some pretty bad messages left and if there were other people having access to my VM or if I was dumb enough to listen to my VM on a spkrphone, I'd have been quite angry to have personal info like that left on a recording!

    we just are not ready to have this kind of communications electronically (including voicemail) since too much is at stake and its too easy for sloppy asshole clinicians to ruin your life or let some personal details out that you did NOT want others to know.

    --
    "It is now safe to switch off your computer."
    • (Score: 0) by Anonymous Coward on Thursday September 03 2015, @10:12PM

      by Anonymous Coward on Thursday September 03 2015, @10:12PM (#231996)

      Which is why a shitload of companies now sell secure solutions to stupid doctors.

    • (Score: 0) by Anonymous Coward on Thursday September 03 2015, @10:27PM

      by Anonymous Coward on Thursday September 03 2015, @10:27PM (#232002)

      It's because of people like you that HIPPA exists. Now my wife can't easily take care of that stuff for me. What a pain, and all so you can pretend you have privacy. (you don't actually get it due to contractors and affiliates)

      You don't even need that privacy. Nobody does. Why are you so concerned? It's just medical info. We all get sick. If it's actually something that others will care about, then they probably ought to know! If anything, the doctor should be sure to phone them so that they know to be careful around you.

      • (Score: 0) by Anonymous Coward on Thursday September 03 2015, @10:55PM

        by Anonymous Coward on Thursday September 03 2015, @10:55PM (#232019)

        > If anything, the doctor should be sure to phone them so that they know to be careful around you.

        You sound a lot like a sociopath. I wish your doctor would let me know your real name and diagnosis so I can avoid all contact with you.

      • (Score: 2) by kurenai.tsubasa on Thursday September 03 2015, @11:20PM

        by kurenai.tsubasa (5227) on Thursday September 03 2015, @11:20PM (#232028) Journal

        Ok, this time a serious comment.

        First of all it's HIPAA [wikipedia.org]: Health Insurance Portability and Accountability Act. HIPPA is somebody shouting the name of a small island in British Columbia.

        I have it on a very good source that medical offices frequently send PHI over unencrypted RFC 2822 email. They frequently send it over SMS (even when an encrypted service is available, just because it's a separate app than the SMS app). I could name a company who produces a product used by an entire service industry that is heavily utilized by doctors and hospitals that the company knows is going to store and transmit ePHI, yet has absolutely no support for encryption whatsoever (well, ok, not whatsoever, but she did say that it was a symmetric cypher and probably just some amateur-invented obfuscated ROT13), no strongly encrypted data at rest, no strongly encrypted data in motion. (I doubt they would be any more liable for when their product is used to store and process ePHI than Microsoft is when a hospital sends ePHI in plaint text.)

        HIPAA, even after the HITECH act was passed, is a complete joke when it comes to what happens to your data behind the scenes, probably because of people like you or else just general apathy about other people's data.

        That being said, what TheGratefulNet may have been offered is something that's been gaining popularity, precisely because support for standards like S/MIME usually tends to be utter shit (Outlook, Mozilla, etc), not to mention the inability of a home user to generate a valid cert for that standard in particular. There's GnuPG, but support there is crap (Mozilla) or might as well be non-existent (Outlook). Who knows what support, if any, iGadget or Android mail apps have. Nothing I have ever seen has come close to the ease of KMail 3.5 when it comes to encryption. (I haven't checked out KDE lately, so no idea about Kontact.)

        Hospitals have been buying these web apps that are kind-of webmail. That is, I'm sure security's very tight and well done (*rolls eyes*), but if you send to an address outside the system, it simply sends a notification over RFC 2822 email that asks the recipient to log on or create an account on this kind-of webmail platform to read the mail. It receives non-encrypted RFC 2822 mail transparently. So, technically electronic mail, just not RFC 2822 mail when sending.

        So who knows!