A London sexual health centre mistakenly leaked the details of nearly 800 patients who have attended HIV clinics, bosses have admitted.
The 56 Dean Street clinic in Soho sent out the names and email addresses of 780 people when a newsletter was issued to clinic patients.
Patients were supposed to be blind-copied into the email but instead details were sent as a group email.
Health Secretary Jeremy Hunt said the breach was “completely unacceptable”.
Speaking at a conference in Manchester, Mr Hunt said patients needed to feel confident the NHS would look after their personal data.
He said: “The truth is that we will throw this all away if we lose the public’s trust in our ability to look after their personal data securely.
“If we are going to win that trust we need to strengthen the independent oversight of data security within the NHS to a level that we don’t have at the moment.”
A member of staff’s “human error” led to the breach, the clinic said.
The Information Commissioner’s Office said it was aware of the incident and would be making inquiries.
Fines for breaches of data protection can reach £500,000.
‘I couldn’t breathe’
The centre, along with others in the trust’s network, comprises Europe’s biggest sexual health service.
Patients who have attended HIV clinics and opted in for the clinic’s OptionE service were able to see the names and addresses of other patients.
The clinic’s online service lets people book appointments and receive test results by email.
One man, a 40-year-old public sector worker, has been HIV positive for 13 years and has been using the Dean Street clinic for five.
He said: “I felt sick when I realised what had happened. I first saw the email at work but ignored it as I was busy. I then looked at it when I was on the way home from work. I couldn’t breathe.
“I’m concerned who will get this information. If it ends up in the hands of the wrong people, such as hate groups, it could be dynamite.”
He said his close friends and family knew about his status but many others did not – including his colleagues at work.
“This is a monumental mistake,” he added.
Paul, from London, has been a patient at the clinic since he was diagnosed HIV positive 10 years ago.
He said: “I am on the list of email addresses. It is obviously very disappointing that such a simple mistake has been made, given the brilliant care I have received over the years from all at the clinic.
“When I received the email, I just deleted it straight away. I didn’t want to look down through the other names on the list. It’s like finding someone’s medical records – you just shouldn’t look.”
Fellow patient James, also from London, said: “I was travelling back from the pride parade in Manchester on Monday when I received this email.
“I couldn’t believe it when I got it and I’ve been full of worry since.
“I am not ready to disclose my HIV status to my wider friends or family. I fear now that I have no choice.”
‘We screwed up’
Dr Alan McOwan, consultant and lead clinician at the clinic, said the breach was a “devastating error”.
He added: “Clearly the first priority right now is to be there for the people who use our service. But I think it’s really important to say to people not everyone on this list is HIV positive.”
A lot of the calls the clinic was receiving are from people who were “worried” that information implies all people on the list are HIV positive.
“That actually isn’t the case but hands up, we screwed up on this one,” he said.
A spokesperson for Chelsea and Westminster Hospital, which runs the clinic, said it was “too early” to say what, if any action would be taken against the member of staff.
Chief executive of the National Aids Trust Deborah Gold said: “Confidentiality is crucial to people living with HIV.
“Who people disclose their HIV status to is an extremely personal decision – this type of leak will be very distressing and should not have been possible.”
She called for all HIV clinics to “urgently review” their processes so such a leak “cannot happen again”.