A researcher’s Facebook post inadvertently exposed the confidential patient data of 31 new mothers.
An Italian researcher who had been working on a study to improve the detection of pregnancies with a high risk of a complication known as preeclampsia is responsible for having caused the breach.
On 2 July, the researcher updated his Facebook status with a screenshot of his laptop and a caption reading “#SUNnyDAYOUTSIDE #research #workhardplayhard.” Visible in the screenshot was a spreadsheet containing the medical data of 31 women who gave birth at North Middlesex University Hospital, a facility which is a member of the United Kingdom’s National Health Service (NHS). The spreadsheet clearly displayed the women’s names, NHS numbers, and information pertaining to their children’s birth.
The social media team at North Middlesex University Hospital came across the post a week later and reported it to their superiors. After analyzing the study, officials at the hospital realized that “some of the patients on the spreadsheet had consented to take part [in the research project] but a few had not.” They’re now working to make sure similar breaches of privacy don’t happen in the future.
In the meantime, the facility has apologized to those affected by the Facebook post. As a spokesperson for North Middlesex University Hospital told Mirror:
“We have contacted each of them to explain what has happened and to say sorry. We have reported the data protection breach to the Information Commissioner and the Care Quality Commission. We ensured the researcher deleted it as soon as we became aware of it through our proactive daily monitoring of social media. He expressed his deep regret for his error of judgment.”
Since March 2017, the researcher had been working at North Middlesex University Hospital and King’s College Hospital as part of a research agreement with The Fetal Medicine Foundation. A spokesperson for the foundation said to Mirror that the researcher will no longer be working on the project. Concurrently, King’s College Hospital said it will now review the research agreement in light of the breach at North Middlesex University Hospital.
To avoid similar privacy incidents in the future, organizations like The Fetal Medicine Foundation and North Middlesex University Hospital need to obtain the permission from patients before they enter them into a research project. They also have a responsibility to train their employees on how to securely navigate the world of social media. Those practices include exercising caution when posting a photo so as not to reveal information like financial details, Social Security Numbers, and sensitive medical data.