The number of claims from the patients whose identities were mistakenly revealed by a London-based HIV clinic allows to suggest that the clinic could face hundreds of legal claims.

The HIV clinic sent a newsletter to almost 800 patients whose names were listed in the “To” section of the email that everyone could see. In other words, the clinic failed to hide the personal details of those on its recipient list. The representatives of the clinic explained that the mistake was caused by human error. However, the UK’s Information Commissioner’s Office is already making inquiries.

The health secretary also warned that such error threatened to damage the public’s trust in the healthcare system’s ability to keep their personal data private. Now the human rights team says that the insurers covering the clinic could be liable for compensation claims. The disclosure of full names and email addresses was a breach of the Data Protection Act by the clinic, as well as a breach of the patients’ human rights.

The human rights group that has brought claims on behalf of many patients relating to the unauthorized disclosure of confidential medical data explained that now the clinic’s priority must be to limit the wider disclosure of the released data. In the meantime, the administration of the clinic sent out emails with apologies, admitting that the data breach was completely unacceptable. They also explained that the newsletter is normally sent to patients on an individual basis, but unfortunately this time the clinic sent out an email to a group of email addresses. The newsletter was recalled and deleted once the error was uncovered. The clinic promised to investigate how this has happened and take steps to make sure it never happens again.