Poorly folded letters lead to exposure of medical data
gdpr nhs · 11 comments · 400 words · read ~261 times.
I returned home from holiday to a pile of letters. Mostly junk, a few Christmas cards, and something from the NHS.
This is what the envelope looked like:
As it happens, I'm not particularly concerned about who knows I had a fairly normal medical procedure. I've blogged a bit about it and Tweeted about the experience in an attempt to de-stigmatise it.
But there will be plenty of people who are mortified that their postie knows that someone shoved a camera up their bum. Or that other people living in their home know that their guts are playing up. I'm sure you can imagine a worst-case scenario.
There are several ways to prevent this - each with potential drawbacks:
- Use a cover sheet which only has the address on. Will this double the cost?
- Print the address on one side of the paper and the letter on the other side. How does that test with users though?
- Don't use a windowed envelope and print the address separately. Are there cost implications?
- Ensure that the first few lines don't contain any sensitive information. How can that be enforced?
- Manually check outgoing letters to ensure they're compliant. Again, what's the cost of that?
I'm sure you can think of a few more. Some people have even tried to standardise this:
Thankfully, the letter told me that I didn't need an additional screening. Which was something of a relief.
Now, if you'll excuse me, I need to find the Data Protection Officer and become a pain in their arse!
@Edent Heh yeah… I see #din5008 was mentioned before.It's hard implementing this right[1] but there are good reasons for this 😜 [1] been there, done that- DIN5008
@Edent that’s kinda horrifying! Our local GP is really good about putting the address on a blank sheet of paper that then just wraps around the actual letter to prevent this exact thing happening. We haven’t had anything sensitive from them but they seem to just do it for everything as a standard process.
@Edent yeah, I'd say a non-windowed envelope would have been more suitable. And probably better for the environment too (easier to produce, no plastic window).
@Edent I love this post! It goes that one step beyond "this is broken! 😡" to "but how would you fix it tho? 🤔"
@Edent if only years of printing progress had lead us to some way of printing an address onto a paper envelope. I guess it’s just too complex.
Pleased to see this being 'normalised'. The bowel prep is certainly the worst. But talking about stuff is important. I was less lucky but so far have lived to tell the tale. In my experience, if you are less lucky you will not be informed by post!
@gadgetoid @Edent Or even by default formatting the letter to put the body of the text much further down the page.
@gadgetoid @Edent I guess then there's the chance someone or some machine will put the letter in the wrong envelope like I did with my Xmas cards to neighbours last year.
@solderandchaos @Edent I guess banks fixed this with the paper-is-the-envelope approach, which might be slightly over the top for Christmas cards but also maybe not 🤔
@Edent I worked for a few months at the local Dept of Revenue (state taxes) mailroom in the USA - matching letters to printed envelopes is a nightmare when it goes wrong! Windowed envelopes remove the matching problem. The letter printer/folder/stuffer machines ran at, I believe 2-3 per second (8 hours per day with only maybe 10 minutes between jobs). But, at the least, they could leave a few more blank lines below the address, so that no personal id stuff was "above the fold"
Zoë Turner says:
I think this is a problem with how the letter is printed and, more importantly, folded. I had to work out the best letter format myself years ago so a nice solution would be a word template (if there isn't already one).
Folding takes practice though and relies heavily upon people. If an organisation has huge turnover of staff where senior admin people have left, juniors will have to work these things out themselves and things like this are not taught in schools. Courses on being an administrator exist but organisations rarely invest in something so basic, overlooking how important the role is of administrator. And organisations probably don't want to make that investment if there is such a high turnover of the lower paid staff anyway.
More comments on Mastodon.