Calendar An icon of a desk calendar. Cancel An icon of a circle with a diagonal line across. Caret An icon of a block arrow pointing to the right. Email An icon of a paper envelope. Facebook An icon of the Facebook "f" mark. Google An icon of the Google "G" mark. Linked In An icon of the Linked In "in" mark. Logout An icon representing logout. Profile An icon that resembles human head and shoulders. Telephone An icon of a traditional telephone receiver. Tick An icon of a tick mark. Is Public An icon of a human eye and eyelashes. Is Not Public An icon of a human eye and eyelashes with a diagonal line through it. Pause Icon A two-lined pause icon for stopping interactions. Quote Mark A opening quote mark. Quote Mark A closing quote mark. Arrow An icon of an arrow. Folder An icon of a paper folder. Breaking An icon of an exclamation mark on a circular background. Camera An icon of a digital camera. Caret An icon of a caret arrow. Clock An icon of a clock face. Close An icon of the an X shape. Close Icon An icon used to represent where to interact to collapse or dismiss a component Comment An icon of a speech bubble. Comments An icon of a speech bubble, denoting user comments. Comments An icon of a speech bubble, denoting user comments. Ellipsis An icon of 3 horizontal dots. Envelope An icon of a paper envelope. Facebook An icon of a facebook f logo. Camera An icon of a digital camera. Home An icon of a house. Instagram An icon of the Instagram logo. LinkedIn An icon of the LinkedIn logo. Magnifying Glass An icon of a magnifying glass. Search Icon A magnifying glass icon that is used to represent the function of searching. Menu An icon of 3 horizontal lines. Hamburger Menu Icon An icon used to represent a collapsed menu. Next An icon of an arrow pointing to the right. Notice An explanation mark centred inside a circle. Previous An icon of an arrow pointing to the left. Rating An icon of a star. Tag An icon of a tag. Twitter An icon of the Twitter logo. Video Camera An icon of a video camera shape. Speech Bubble Icon A icon displaying a speech bubble WhatsApp An icon of the WhatsApp logo. Information An icon of an information logo. Plus A mathematical 'plus' symbol. Duration An icon indicating Time. Success Tick An icon of a green tick. Success Tick Timeout An icon of a greyed out success tick. Loading Spinner An icon of a loading spinner. Facebook Messenger An icon of the facebook messenger app logo. Facebook An icon of a facebook f logo. Facebook Messenger An icon of the Twitter app logo. LinkedIn An icon of the LinkedIn logo. WhatsApp Messenger An icon of the Whatsapp messenger app logo. Email An icon of an mail envelope. Copy link A decentered black square over a white square.

Anger as Fife GP patients’ private details leaked in ‘deeply concerning’ data breach

Invoices containing names, dates of birth and details of private work carried out at Tayview Medical Practice were released in an email.

The Tayview Medical Practice surgery in Newport On Tay.
The Tayview Medical Practice in Newport-on-Tay. Image: Google Street View

Patients have expressed their anger after private details were leaked in a “deeply concerning” data breach at a Fife medical practice.

Invoices containing the names, addresses and dates of birth of some patients registered at Tayview Medical Practice were emailed to an individual patient by mistake.

The documents also included details of private work that the patients at the surgeries in Tayport and Newport-on-Tay had paid for.

Emails seen by The Courier suggest about two years’ worth of patient invoices were leaked by mistake on September 20.

However, in a letter sent to patients just a few days ago, business manager David Ramsay said he had only been made aware of the breach on November 7.

Information Commissioner’s Office investigates Tayview practice data breach

A probe is under way at the Information Commissioner’s Office, which must be informed of a breach within 72 hours of it taking place.

It has not been confirmed when the ICO was told about the breach or how many patients were affected.

As of October, more than 9,000 people were registered at Tayview.

The man who received the original email containing the leaked documents told The Courier there was a large amount of information attached.

The man, who has now deleted the email, said: “We knew immediately when we were emailed a large amount of files that there had been some sort of mistake.

‘There were hundreds of files, if not thousands’

“It was difficult to know how many patient files were included as neither my wife nor I opened them but there were hundreds, if not thousands.

“The practice was repeatedly informed by us of the breach so I’m surprised that the practice is only informing people now.”

One woman whose details were leaked in the breach described it as “deeply concerning”.

The patient, who asked not to be named, said: “I received the letter without warning on Saturday and at first, I thought it was some sort of scam.

A worker looking at sheets of paper with a spreadsheet on a screen in front of her
Patient invoices were sent in the email. Image: Shutterstock

“Then I saw on social media that scores of other patients had also had their private records and personal information compromised.

“People are rightly very angry at how our personal and medical information could be breached.

“We want to know how and why this could have happened.

“It’s deeply concerning.”

Tayview charges for a range of private work, such as medicals for firearms applications, helping patients to register for power of attorney and supplying reports to insurers and solicitors.

Tayview has ‘discussion’ with staff member involved in data leak

Mr Ramsay’s letter to affected patients said: “An invoice containing your full name and address was mistakenly emailed to another patient in error.

“Information relating to the reason for the invoice was also viewable on the invoice.

“The invoice related to a period where private work was either requested from you or an external agency (e.g. an insurance company on your behalf).”

He said the affected patients should not have to take any steps to protect themselves and that an internal investigation was due to be concluded by November 24.

Tayview boss issues ‘unreserved apology’ for information leak

Mr Ramsay also outlined steps being taken by the practice to avoid a repeat, including “discussion” with the staff member involved.

He added: “We fully apologise unreservedly that this breach of confidentiality has occurred and I can appreciate this breach may cause you some concern.

“I do hope the above addresses some of those concerns in relation to how the practice is proceeding and would like to reassure you that we have taken the breach of your confidential information extremely seriously.”

When The Courier contacted Tayview Medical Practice, we were told Mr Ramsay was unavailable as he was on leave, and that no one else was able to comment.

Tayview Medical Practice.
No one at Tayview Medical Practice was available to comment. Image: Kris Miller/DC Thomson

An ICO spokesperson said: “People have the right to expect that organisations will handle their personal information securely and responsibly.

“If an individual has concerns about how their data has been handled, they should raise it with the organisation first, then report them to us if they are not satisfied with the response.

“Tayview Medical Practice has made us aware of an incident and we are assessing the information provided.”

It comes as the Tayport surgery has been forced to close eight times since October 24 due to “critical staffing levels”.

Earlier this year, NHS Tayside was involved in two separate data breaches.

Staff were said to be “raging” when their details were leaked to another department in August, and then in September, it emerged paperwork for hundreds of patients had gone missing.