Envelopes and GDPR
Privacy is a funny concept, isn't it? Very few people want the whole world to know what medical complaints they have. But most hospitals are open-access buildings, where the waiting rooms have large monitors to tell patients that their doctor is running late.
A few years ago I was sat in the proctology waiting room. Anyone who knew me would have seen I was waiting for an bum doctor. They may not have known my specific complaint, but the laser-display board announced that my appointment was with Doctor X. Anyone can look up Doctor X online and see that they specialise in removing foreign objects which have mysteriously found their way inside a person. Whither privacy?
But that's the kind of trade-off we make. It would be expensive to have individual waiting cubicles. And most people aren't famous enough to be recognised in public. And the chances of your neighbour also being in hospital are slim. Any you might just be waiting for a friend. So we sort of hand-wave it away because it is a small but difficult problem to solve.
Anyway, a few months later, I received a letter from the hospital. It was delivered in a plain envelope with no hospital markings. The return address was a suitably anonymous bulk mailing service. There were no warning markings to say this was a medical letter. There is no way that my postman, my housemate, or my cleaner would have known what the letter was about.
But see if you can spot the incredibly subtle mistake that was made:
Printing a physical letter on paper and then folding it in such a way that both the address is displayed and the paper cannot slip is a surprisingly hard problem. I get letters from lots of organisations where this has happened.
But, before lighting up the pitchforks, what's the real harm that has occurred here and how could it be prevented?
My postie now knows some of my medical info. That's assuming they bothered reading past the address, and that they remember anything specific from the 500 letters they had that day. My postie seems nice enough - but I don't doubt that a postal worker somewhere could use this to blackmail or intimidate a vulnerable person.
Anyone with access to my letterbox, and who gets there before me, also has sight of my information. Again, I tend to trust the people I let in. But not everyone is so lucky. A sufficiently abusive person would have opened the letter regardless of what they saw.
A fully paper envelope with no plastic window reduces one specific class of error - but may be too expensive to implement at scale. And, of course, if there's no window then there is the chance that the wrong letter might go into an envelope addressed to someone else.
Would going digital solve this? Email is mostly end-to-end encrypted between the big providers, so it would be unlikely that anyone saw it as it was being delivered.
Most email clients show the first few lines of a message - and some of them will show that preview as a pop-up on a locked phone. So anyone with access to your device could see something untoward. A sender name and subject have to be useful to the receiver - but is "FROM: Proctology. RE: The object we pulled out of you" too revealing?
An email could be fairly anonymous and link to a download portal of the real message. But that's quite a lot of work for a user to do. And an abuser could still have access to your device.
An email encrypted with your public key and send with a cryptic subject line is the sort of theoretical magic that geeks love, while forgetting that most people reuse their passwords and leave their laptops unlocked in the coffee shop.
What I'm getting at is that there's no perfect solution. Only incremental changes which may introduce a new class of problem.
Ian says:
The MVP solution here is "don't put the word colonoscopy where it can find its way to the window"
Or if the letter refers instead to contraception or abortion, and is sent to a young woman who lives with her religiously-repressive parents?
In response to Ian's comment: Four line feeds might result in a small percentage of letters going on to an extra page. For an organisation as vast as the NHS, a small percentage can still mean a big cost, both financial and environmental.
| Reply to original comment on bsky.app
An option for a snailmail letter is not to use nasty plastic windowed envelopes (harder to recycle) and have a fully paper envelope with address on it separately. This is how hospitals around here do it.
My ortho hospital asks at clinic checkin on the stupid screens (they have other issues and bad touchscreens and terrible UI) if you are OK having your name up on the screen or not alongside the racist immigration and 'we don't actually comply with the AIS' sensory impairment questions.
The name calling screen doesn't say which doctor Named-Person is seeing just "go to rooms xx-to-yy" down a large corridor which is the clinic-area. The rooms are not consistent appt to appt, although I can guarantee as a mobility impaired person that when I have the most pain it's the furthest one (sodding Murphy)!
There is a separate screen with clinic names/doctors and approx waiting times.
So there's clearly hospitals who have thought of many of the issues you raise. None which would arise at this hospital!
More comments on Mastodon.