Jump to content


  • Tweets

  • Posts

    • Former billionaire Hui Ka Yan has been fined and banned from the financial market for life.View the full article
    • In terms of "why didn't I make a claim" - well, that has to be understood in the context of the long-standing legal battle and all its permuations with the shark. In essence there was a repo and probable fire sale of the leasehold property - which would have led to me initiating the complaint/ claim v SPF in summer 19. But there was no quick sale. And battle commenced and it ain't done yet 5y later. A potential sale morphed into trying to do a debt deal and then into a full blown battle heading to trial - based on the shark deliberately racking up costs just so the ceo can keep the property for himself.  Along the way they have launched claims in 4 different counties -v- me - trying to get a backdoor B. (Haven't yet succeeded) Simultaneously I got dragged into a contentious forfeiture claim and then into a lease extension debacle - both of which lasted 3y. (I have an association with the freeholders and handled all that legal stuff too) I had some (friend paid for) legal support to begin with.  But mostly I have handled every thing alone.  The sheer weight of all the different cases has been pretty overwhelming. And tedious.  I'm battling an aggressive financial shark that has investors giving them 00s of millions. They've employed teams of expensive lawyers and barristers. And also got juniors doing the boring menial tasks. And, of course, in text book style they've delayed issues on purpose and then sent 000's of docs to read at the 11th hour. Which I not only boringly did read,  but also simultaneously filed for ease of reference later - which has come in very handy in speeding up collating legal bundles and being able to find evidence quickly.  It's also how I found out the damning stuff I could use -v- them.  Bottom line - I haven't really had a moment to breath for 5y. I've had to write a statement recently. And asked a clinic for advice. One of the volunteers asked how I got into this situation.  Which prompted me to say it all started when I got bad advice from a broker. Which kick-started me in to thinking I really should look into making some kind of formal complaint -v- the broker.  Which is where I am now.  Extenuating circumstances as to why I'm complaining so late.  But hopefully still in time ??  
    • At a key lecture in the City of London, the shadow chancellor will also vow to reform the Treasury.View the full article
    • Despite controversy China's Temu is becoming a global online shopping force.View the full article
    • The retailer has come under fire for an advert showing motorcyclists wearing trainers and doing wheelies.View the full article
  • Recommended Topics

  • Our picks

    • If you are buying a used car – you need to read this survival guide.
      • 1 reply
    • Hello,

      On 15/1/24 booked appointment with Big Motoring World (BMW) to view a mini on 17/1/24 at 8pm at their Enfield dealership.  

      Car was dirty and test drive was two circuits of roundabout on entry to the showroom.  Was p/x my car and rushed by sales exec and a manager into buying the mini and a 3yr warranty that night, sale all wrapped up by 10pm.  They strongly advised me taking warranty out on car that age (2017) and confirmed it was honoured at over 500 UK registered garages.

      The next day, 18/1/24 noticed amber engine warning light on dashboard , immediately phoned BMW aftercare team to ask for it to be investigated asap at nearest garage to me. After 15 mins on hold was told only their 5 service centres across the UK can deal with car issues with earliest date for inspection in March ! Said I’m not happy with that given what sales team advised or driving car. Told an amber warning light only advisory so to drive with caution and call back when light goes red.

      I’m not happy to do this, drive the car or with the after care experience (a sign of further stresses to come) so want a refund and to return the car asap.

      Please can you advise what I need to do today to get this done. 
       

      Many thanks 
      • 81 replies
    • Housing Association property flooding. https://www.consumeractiongroup.co.uk/topic/438641-housing-association-property-flooding/&do=findComment&comment=5124299
      • 160 replies
    • We have finally managed to obtain the transcript of this case.

      The judge's reasoning is very useful and will certainly be helpful in any other cases relating to third-party rights where the customer has contracted with the courier company by using a broker.
      This is generally speaking the problem with using PackLink who are domiciled in Spain and very conveniently out of reach of the British justice system.

      Frankly I don't think that is any accident.

      One of the points that the judge made was that the customers contract with the broker specifically refers to the courier – and it is clear that the courier knows that they are acting for a third party. There is no need to name the third party. They just have to be recognisably part of a class of person – such as a sender or a recipient of the parcel.

      Please note that a recent case against UPS failed on exactly the same issue with the judge held that the Contracts (Rights of Third Parties) Act 1999 did not apply.

      We will be getting that transcript very soon. We will look at it and we will understand how the judge made such catastrophic mistakes. It was a very poor judgement.
      We will be recommending that people do include this adverse judgement in their bundle so that when they go to county court the judge will see both sides and see the arguments against this adverse judgement.
      Also, we will be to demonstrate to the judge that we are fair-minded and that we don't mind bringing everything to the attention of the judge even if it is against our own interests.
      This is good ethical practice.

      It would be very nice if the parcel delivery companies – including EVRi – practised this kind of thing as well.

       

      OT APPROVED, 365MC637, FAROOQ, EVRi, 12.07.23 (BRENT) - J v4.pdf
        • Like
  • Recommended Topics

Kent NHS Trust - serious breach of confidentiality


purplemushroomfairy
style="text-align: center;">  

Thread Locked

because no one has posted on it for the last 2113 days.

If you need to add something to this thread then

 

Please click the "Report " link

 

at the bottom of one of the posts.

 

If you want to post a new story then

Please

Start your own new thread

That way you will attract more attention to your story and get more visitors and more help 

 

Thanks

Recommended Posts

I received a letter from my local NHS informing me that all of my medical records, personal information etc had mistakenly been emailed without anonymity to 6 people within the IT firm who were updating the IT systems.

 

They apologised and said it was serious, they had asked for my details to be deleted and were investigating.

 

I rang my legal insurance who said I must write a letter.

I wondered if there was an example in the files I could use or if one of you could advise.

 

I have a complicated medical history which I would rather wasn't shared but it's the personal details that frightens me as these can be used or sold on.

Thank you

Link to post
Share on other sites

Yes. This is very serious. I wonder if you're the only one or if it happened to others.

 

I would send them an SAR. Do immediately. Include a payment for £10 but tell them that you expected to be returned to you. Ask them for all data that they hold on you, what it was used for, how they acquired it, and who they have shared it with – either deliberately or inadvertently.

 

Tell them that although they have a 40 day time limit to comply, you think that they should escalate this and complete the task within seven days.

 

Secondly, I would send them an FO I request and asking them all information relating to the present data leak including information as to if you were the only person whose data was leaked or if the leak concerned other people. Ask them also whether they have communicated any details of this leak in respect of you or anyone else to the ICO and ask them for a reference number. Ask them for copies of any correspondence that they have sent the ICO relating to this matter.

 

They have 20 days to comply with this request and it is free. Get that request after them immediately – but put it in a separate envelope from the SAR in a separate letter so that there is no confusion and that it doesn't accidentally get "overlooked". They won't be happy about responding to this one.

 

Please will you tell us which local NHS this is.

 

Next, you should begin an immediate complaint to the ICO. Of course the NHS would have had a duty to inform the ICO in any event. But you may as well begin your complaint.

Link to post
Share on other sites

Is the problem that they were sent by a correct method to people who shouldn’t have been sent them?

That they were sent to people who should have had access to the information (& would have been bound by a duty of confidentiality) but they were sent by an insecure method (e.g. outside the N3 network and/or unencrypted) meaning others could have accessed them?

Or a mixture of both??

 

You can also ask “Was it both “necessary” and “proportionate” that they should have been sent at all?” : these points will help establish what went wrong and why (& hint at if others may have suffered the same, too), as well as giving an indication how widely the data may have “leaked”.

 

You should also ask:

a) have they informed the ICO, and

b) have they informed their Caldicott guardian (and ask who that is).

Link to post
Share on other sites

........

 

Secondly, I would send them an FOI request

 

........

They have 20 days to comply with this request and it is free.

..........

 

Please will you tell us which local NHS this is.

 

20 working days for a FOIA request.

 

BF isn’t wrong with his plan, but although they may answer sooner, if they dig their heels in, they can take 40 days and 20 working days (30 days with bank holidays) to respond without breaching their responsibilities.

 

I’d ask for the information, reminding them of their “duty of candour”.

http://www.cqc.org.uk/guidance-providers/regulations-enforcement/regulation-20-duty-candour

 

You are clearly anxious about the extent and effect of this breach, since you have posted here. You might want to highlight that more information may well be able to reassure you, or at least (if it confirms the situation is serious) allow them to provide a summary of how they plan to reduce your anxiety, reducing the risk of further harm....

Link to post
Share on other sites

Thank you for you advice.

The breach has been made by Kent NHS Trust.

I am already finding that my anxiety levels, which I had managed to control, are rising rapidly to the point where I am needing medication to bring them down. As this has coincided I can only conclude that this most recent event has tipped my levels.

Link to post
Share on other sites

I would suggest that you start documenting all the effects this has had on you – including physical/emotional/mental – and also any losses or expenses which you incur as a result. Keep a careful note.

 

If you are suffering then I suggest that you go and see a doctor – and make sure you tell the doctor the whole story so that later on if you need some medical evidence or a report or an opinion then it will be straightforward to get hold of.

 

Apart from any other compensation to which you might be entitled, breaches of the Data Protection Act which cause distress, confer a right to compensation.

Link to post
Share on other sites

“Kent NHS Trust”- do you mean

Kent Community NHS Trust?

Kent and Medway NHS and Social Care Partnership Trust?

Or, some other NHS Trust in Kent ....

 

Edited: you provided a clickable link.

It is the first.

 

In

https://www.kentcht.nhs.uk/wp-content/uploads/2017/03/6797-information-governance-service-provision.pdf

They don’t identify which Consultant Doctor is their Caldicott Guardian, as they claim it is “personal information”

 

They provide a location and phone number in appendix A of

https://www.kentcht.nhs.uk/wp-content/uploads/2017/04/6967-Data-Protection-and-Confidentiality-policy.pdf

But, still no name ....

 

P.35 of their annual report shows that previous their Medical Director (until he left in Feb 2017) was their Caldicott Guarduan.

https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/634215/KENTCOMM_Annual_Report_and_Accounts_2016-17.pdf

It is silent as to if the acting medical director after he left took on this role.

Link to post
Share on other sites

It goes without saying that this should never have happened, but unfortunately it has.

 

One thing that you should take some comfort from is that they have noticed that there’s a breach and that they’ve informed you of it, equally it seems that they know who has received the records and I imagine as part of their investigation will be performing a full audit trail to see where your (and potentially lots of other) records went and if they were accessed. Another thing to remember is that usually anyone that works anywhere near patient records is vetted through DBS and has signed a confidentiality agreement that they will not disclose anything that they learn in the course of their time there. Lastly is the sheer volume of information that generally comprises a full medical record, they aren’t easily read and understood by non clinicians and seldom contain information that could make you vulnerable to financial theft.

 

Nevertheless I can totally understand how unsettling it could be but I’d appeal to you to not catastrophise - although they’ve been sent it’s very unlikely they’ve been opened and less likely still that the reader has stuck with it for long enough to learn anything about you.

 

Good luck getting it sorted out.

My views are my own and are not representative of any organisation. if you've found my post helpful please click on the star below.

Link to post
Share on other sites

It goes without saying that this should never have happened, but unfortunately it has.

 

One thing that you should take some comfort from is that they have noticed that there’s a breach and that they’ve informed you of it, equally it seems that they know who has received the records and I imagine as part of their investigation will be performing a full audit trail to see where your (and potentially lots of other) records went and if they were accessed. Another thing to remember is that usually anyone that works anywhere near patient records is vetted through DBS and has signed a confidentiality agreement that they will not disclose anything that they learn in the course of their time there. Lastly is the sheer volume of information that generally comprises a full medical record, they aren’t easily read and understood by non clinicians and seldom contain information that could make you vulnerable to financial theft.

 

Nevertheless I can totally understand how unsettling it could be but I’d appeal to you to not catastrophise - although they’ve been sent it’s very unlikely they’ve been opened and less likely still that the reader has stuck with it for long enough to learn anything about you.

 

Good luck getting it sorted out.

 

Thank you, I am working on catastrophising the events and will attempt to see the gp if the panic continues.

My files were emailed to people working in an IT firm they were sent apparently mistakenly. So while they probably have done nothing it is highly unlikely they would have undergone the stringent checks those actually working for the trust would have.

Writing my letter now.

Link to post
Share on other sites

If the IT firm was working for the trust then they would be bound by a duty of confidence and would likely be DBS checked.

The IT firm should also have an audit trail for any accesss to the information. This is why I suggested you identify:

 

Is the problem that they were sent by a correct method to people who shouldn’t have been sent them?

That they were sent to people who should have had access to the information (& would have been bound by a duty of confidentiality) but they were sent by an insecure method (e.g. outside the N3 network and/or unencrypted) meaning others could have accessed them?

Or a mixture of both??

 

So you have an idea of what risk has been created.

 

What resolution / outcome are you looking for?

Link to post
Share on other sites

  • 3 weeks later...
If the IT firm was working for the trust then they would be bound by a duty of confidence and would likely be DBS checked.

The IT firm should also have an audit trail for any accesss to the information. This is why I suggested you identify:

 

 

 

So you have an idea of what risk has been created.

 

What resolution / outcome are you looking for?

I really want an apology and some form of compensation, though I haven't directly requested that.

Now my letter etc has been passed to a complaints depot.

I received a letter answering my questions refusing FOI because that would have effected their data protection.

Basically told that despite the original letter stating it was my entire record now it is apparently not.

I had an exercise referral and I self referred for counselling - the reasons are private and even my doctor who referred didn't know. It is that information that was shared and was told 'it isn't much'

I informed them that that was confidential and should only have been shared if necessary to another medical professional and I wasn't happy with the response.

Still waiting....

Link to post
Share on other sites

I think you should begin a formal complaint with the ICO.

 

I suggest the way to do this is to use their complaints telephone number – see their website – make the complaint and if possible get a reference number. Follow-up with a letter of complaint.

 

Make it very clear to everyone that you are making two complaints. You're complaining about the leaking of information – your personal data and you are also leaking about their refusal to respond to an FOIA request. Have you sent off an SAR?

 

I should make these complaints straightaway

Link to post
Share on other sites

I asked;

 

What was the detail of the FOIA request?

It may be that some or all of what was requested wasn’t suitable for FOIA but more suited to a DSAR.....

 

Yet, your reply doesn’t actually give the details.

 

I followed the advice from previous posts, so no information was actually given as it would breach their data! Oh the irony.

I will get on to the ICO.

Had no response at all re the SAR has either.

 

Since you haven’t answered about what the precise details of your FOIA request were, it is hard to comment further.

Good luck, but I’m out.

Link to post
Share on other sites

Your previous posts detailed exactly what I should put in. I did that.

I requested full details of the event and manes, Caldicot etc the advice is in a previous reply. I virtually copied your post into my letter so you know what was in the letter because you told me what to put on. There is no need to be so offhand.

I have followed the advice that you so kindly gave and while those questions were answered they have refused the FOI and I still waiting for the SAR.

I have been offered a face to face meeting.

Link to post
Share on other sites

  • Recently Browsing   0 Caggers

    • No registered users viewing this page.

  • Have we helped you ...?


×
×
  • Create New...