We use cookies to help provide you with the best possible online experience.
By using this site, you agree that we may store and access cookies on your device. Cookie policy.
Cookie settings.
Functional Cookies
Functional Cookies are enabled by default at all times so that we can save your preferences for cookie settings and ensure site works and delivers best experience.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Important Information Regarding Email Sent on 25 February
We would like to inform patients about a recent data protection incident involving a bulk email communication sent on 25 February.
What Happened
A Primary Care Network (PCN) staff member sent a general email inviting patients to sign up to the GetUBetter app. Unfortunately, the email was sent using the “To” field instead of “BCC”. As a result, recipient email addresses were visible to other recipients.
Approximately 500 individuals received the email. No clinical information, medical records, or special category data were included in the message. The only information disclosed was recipients’ email addresses.
This communication was issued by the PCN, which manages certain communications across practices within the local catchment area. It was not directly sent by The Spitalfields Practice.
Immediate Actions Taken
As soon as the error was identified, the PCN took the following steps:
- Attempted to recall the email (with support from NEL IT and NHSmail Helpdesk; recall was not possible)
- Issued a follow-up email apologising and requesting that recipients delete the original email and not forward it
- Formally logged and documented the incident internally
- Initiated a formal risk assessment through the PCN Data Protection Officer (DPO)
- Began reinforcing staff guidance on the correct use of BCC for bulk communications and implementing refresher Information Governance training
The incident has been recorded in the PCN’s internal data breach register and DSPT evidence file.
Reporting and Risk Assessment
A formal risk assessment is being completed by the PCN Data Protection Officer to determine whether the incident meets the threshold for notification to the Information Commissioner’s Office (ICO). Confirmation of the reporting position will follow once this assessment has concluded.
If You Were Affected
If you received the email in error or have concerns about your information, please be reassured that:
- Only email addresses were visible
- No medical or sensitive personal information was shared
- There is no evidence of further data disclosure
If you have any questions or wish to raise a concern, you may contact the PCN’s Data Protection Officer. Our practice team can assist in directing your enquiry if needed.
We sincerely apologise for the concern this incident may have caused and thank you for your understanding while this matter is reviewed and addressed.
Published: Mar 2, 2026