Gender identity clinic reveals contact details of patients in email blunder

Joe Gamp
Contributor, Yahoo News UK
Close up female nurse writing on medical record in clinic waiting room

A top London gender clinic accidentally sent out a mass email with the addresses of nearly 1000 patients visible.

The Charing Cross Gender Identity Clinic (GIC), one of the largest and oldest gender clinics in the UK, sent patients an email about an art competition, with hundreds of others left on CC.

The NHS Trust was accused of the blunder by twitter users claiming to have received the email.

Writer, artist and LGBTQ activist Shon Faye said she received the email, tweeting: “The Gender Identity Clinic in London just sent out a mass email to me with lots of other (patients’ ?!) email addresses visible in the address bar.

“What. The. F***. This is potentially a massive breach of patient confidentiality.”

Another user also said he had received the same email and was worried it would compromise the safety of patients at the clinic.

Read more on Yahoo News UK
Burglar caught out after leaving traces of DNA while eating fishcake
At least 30 injured after express train derails in Japan
Man and woman found dead in Burton house, child rescued

Leo George tweeted: “I got the same email. 913 email addresses by my count. The recall email also failed to Bcc as well.

“Really concerned that this list could get into the wrong hands and really compromise some peoples safety.”

The Tavistock and Portman NHS Foundation Trust, which is responsible for the clinic, is investigating.

A spokesman for the Trust said: "We are currently investigating a data security incident.

"This incident involved an email from our patient and public involvement team regarding an art project.

"Unfortunately, due to an error, the email addresses of some of those we are inviting to participate were not hidden and therefore visible to all.

An NHS Trust was fined £180,000 after a sexual health centre mistakenly leaked patient details (GETTY)

"We can confirm we are reporting this breach to the Information Commissioner's Office as well as treating it as a serious incident within the Trust."

In 2016, an NHS Trust was fined £180,000 after a sexual health centre leaked the details of nearly 800 patients who had attended HIV clinics.

Chelsea and Westminster hospital NHS foundation trust, which runs the clinic was found in breach of the Data Protection Act by the Information Commissioner’s Office (ICO).

The mistake was deemed likely to have caused substantial distress for patients of the clinic.