Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

GDPR

Options
  • 03-02-2020 8:32pm
    #1
    Poppysunflower
    Registered Users Posts: 4


    Hi my doctor emailed me confidential files i requested under GDPR, but he emailed them to the wrong email address with a follow up email with the password. I am very concerned someone has access to highly confidential medical information about me, is there anything I can do?
    Somewhere to report it?

    Also in one of the letters he disclosed a diagnosis to my employer in a letter deeming me fit for work.
    Is this allowed?

    Thanks


Comments

  • Options
    #2
    80j2lc5y7u6qs9
    Closed Accounts Posts: 957 ✭✭✭80j2lc5y7u6qs9


    Poppysunflower wrote: »
    Hi my doctor emailed me confidential files i requested under GDPR, but he emailed them to the wrong email address with a follow up email with the password. I am very concerned someone has access to highly confidential medical information about me, is there anything I can do?
    Somewhere to report it?

    Also in one of the letters he disclosed a diagnosis to my employer in a letter deeming me fit for work.
    Is this allowed?

    Thanks
    First you should make the doctor aware he emailed the wrong person if he does not know. You should do so in writing and ask for a reply in writing. If you are not happy with the reply you can complain to the data protection commissioner

    Thete is a form on the DPC website to complain. You will need to show you raised it with the doctor and his reply. There is a place to upload the files of your letter to the doctor and reply

    Dataprotection.ie

    I don't know about his revealing your diagnosis to your employer. You could ask in your letter on what authority he revealed it.

    Get everything in writing


  • Options
    #3
    wonski
    Registered Users Posts: 13,687 ✭✭✭✭wonski


    Poppysunflower wrote: »
    Hi my doctor emailed me confidential files i requested under GDPR, but he emailed them to the wrong email address with a follow up email with the password. I am very concerned someone has access to highly confidential medical information about me, is there anything I can do?
    Somewhere to report it?

    Also in one of the letters he disclosed a diagnosis to my employer in a letter deeming me fit for work.
    Is this allowed?

    Thanks

    How do you know he emailed all this to the email you didn't request it to be sent to?

    Followed by password?


  • Options
    #4
    un5byh7sqpd2x0
    Closed Accounts Posts: 1,862 ✭✭✭un5byh7sqpd2x0


    The second one is normal, it’s written on a sick cert.


  • Options
    #5
    Poppysunflower
    Registered Users Posts: 4 Poppysunflower


    wonski wrote: »
    How do you know he emailed all this to the email you didn't request it to be sent to?

    Followed by password?

    I requested it to be sent in November, I followed up on it as I hadn’t recieved it and he sent it yesterday apologizing that he had sent it to the wrong email address and forwarded me the emails he sent to the wrong address


  • Options
    #6
    Vetch
    Closed Accounts Posts: 422 ✭✭Vetch


    Do you know if he only realised when you followed up that he had sent the info to the wrong person?

    You don't say how he came to write directly to your employer but it's unusual to name an illness without your consent in these circumstances in a letter if that's what happened. A statement that you are fit to work should be sufficient.

    As he sent health data to an unauthorised person he should report the breach to the DPC himself but you can do so also.


  • Advertisement
  • Options
    #7
    Poppysunflower
    Registered Users Posts: 4 Poppysunflower


    No he forwarded on the email he sent to the wrong address apologizing that he had sent it to the wrong email and that’s why I didn’t receive it. So it’s been with some random person since before Christmas and he only realized a few days ago when I requested the data again,

    It was the company doctor I had been seeing when I was signed off from work, he had to declare me fit for work, he wrote a letter saying I was fit for work and was not currently suffering from X
    Vetch wrote: »
    Do you know if he only realised when you followed up that he had sent the info to the wrong person?

    You don't say how he came to write directly to your employer but it's unusual to name an illness on a cert if that's what happened. A statement that you are fit to work should be sufficient.


  • Options
    #8
    Vetch
    Closed Accounts Posts: 422 ✭✭Vetch


    I'd ask him to follow up with the person he sent the info to. Clarify with him that he has reported the breach to the DPC and contact them myself as well. Inform HR/your manager etc.

    He should have your consent to name an illness, company doctor or not. This may be less of an issue if your employer knew the name of the illness.


  • Options
    #9
    80j2lc5y7u6qs9
    Closed Accounts Posts: 957 ✭✭✭80j2lc5y7u6qs9


    How did you get on OP?


  • Options
    #10
    Poppysunflower
    Registered Users Posts: 4 Poppysunflower


    Saul Deafening Searchlight wrote: »
    How did you get on OP?

    Hi there,

    I reported both breaches to the Data Commission.

    They are going to investigate it and revert;

    It just so happens I got the email to say I was being let go the same day the diagnosis was revealed to HR!

    Poppy


Advertisement