Check out our animation about keeping your health data secure:
What is an accidental internal data breach?
wow
Follow Amir's story to learn more
START
Amir recently had heart surgery. He was being cared for by Dr Jackson in the cardiology ward.
+ info
CONTINUE
He has now been discharged to Dr Williams in outpatient services for check-ups during his recovery.
Dr Williams has some questions about the surgery to make sure she gives Amir the best care.
She emails Dr Jackson her questions, some of which refer to sensitive information from Amir’s medical record.
CONTINUE
However, she accidentally sends it to the wrong colleague - someone else with the same name in the same hospital.
CONTINUE
This email wasn't meant for me...
The recipient realises what’s happened, deletes the email, and contacts Dr Williams to inform her immediately.
CONTINUE
Dr Williams reports the incident to hospital administration.
She sends the email to the right Dr. Jackson to ensure Amir gets the right care.
What has the recipient done with the email?
How many people have been affected?
When did this happen?
Have you now emailed the correct person for what you need?
+ info
CONTINUE
This is an accidental internal breach. Amir’s health data has accidentally been put at risk within the hospital in which he recieved care.
CONTINUE
However, the ICO recommends that the hospital learns from this incident and that action is taken to prevent against these type of mistakes happening in the future.
The Information Commissioner’s Officer, or ICO, regulate and enforce data protection laws in the UK. They recommend that organisations must complete a risk assessment as soon as possible after a breach.
The risk assessment shows that there is an unlikely risk of harm or detriment to Amir. Therefore, there is no legal obligation for Dr Williams to report the breach to the ICO or to inform Amir that this happened.
CONTINUE
Where the risk to you is judged to be low, you may not know that a breach has happened to your data.
This can still be worrying to think about, but in this instance, there is nothing you need to do.
However, if you have any concerns, you can get support from the ICO on what to do.
CONTINUE
However if there had been a likely high risk to Amir, Dr Williams would have had to report it to the ICO within 72 hours and notify Amir.
An example of a high risk to Amir would have been if Dr Williams had emailed sensitive information to someone outside of her organisation.
If a breach like this happens...
... to your data and there is a likely high risk to you, you will be notified by the service, such as the hospital or GP practice, with information about what occurred and the process for what happens next.
CONTINUE
Health services take many steps to support the security of your data.
Services must review and report on their data security practices in line with clear quality standards.
Provide ongoing data security training to staff.
Appoint specific roles who monitor and advise on data security to health services.
CONTINUE
When it comes to health services, the ICO have an array of tools to regulate how your personal data is looked after...
CONTINUE
Their priority is to support services to make changes and prevent mistakes happening in the future.
In the case of the most serious errors, organisations can receive large fines as a penalty for breaches... but this is a last resort for the public sector as fines would take money out of the health service, which would only put patients at further risk.
CONTINUE
Click the buttons below for more information:
Read the research behind these resources.
Explore ICO information for the public.
Review NHS England guidance on data breaches.
Check out UPD’s health data policy explainers.
Find out how the ICO has been taking action in response to incidents in the health sector.
Check how well specific services perform on data security measures.
Read about an example of new technology improving security.
Learn about some examples of security roles in services.
Got an idea?
Let the communication flow!
With Genially templates, you can include visual resources to wow your audience. You can also highlight a particular sentence or piece of information so that it sticks in your audience’s minds, or even embed external content to surprise them: Whatever you like! Do you need more reasons to create dynamic content? No problem! 90% of the information we assimilate is received through sight and, what’s more, we retain 42% more information when the content moves.
- Generate experiences with your content.
- It’s got the Wow effect. Very Wow.
- Make sure your audience remembers the message.
Got an idea?
Let the communication flow!
With Genially templates, you can include visual resources to wow your audience. You can also highlight a particular sentence or piece of information so that it sticks in your audience’s minds, or even embed external content to surprise them: Whatever you like! Do you need more reasons to create dynamic content? No problem! 90% of the information we assimilate is received through sight and, what’s more, we retain 42% more information when the content moves.
- Generate experiences with your content.
- It’s got the Wow effect. Very Wow.
- Make sure your audience remembers the message.
Accidental internal data breach v2
Lauren McDonald
Created on August 22, 2025
Start designing with a free template
Discover more than 1500 professional designs like these:
View
Smart Presentation
View
Practical Presentation
View
Essential Presentation
View
Akihabara Presentation
View
Flow Presentation
View
Dynamic Visual Presentation
View
Pastel Color Presentation
Explore all templates
Transcript
Check out our animation about keeping your health data secure:
What is an accidental internal data breach?
wow
Follow Amir's story to learn more
START
Amir recently had heart surgery. He was being cared for by Dr Jackson in the cardiology ward.
+ info
CONTINUE
He has now been discharged to Dr Williams in outpatient services for check-ups during his recovery.
Dr Williams has some questions about the surgery to make sure she gives Amir the best care.
She emails Dr Jackson her questions, some of which refer to sensitive information from Amir’s medical record.
CONTINUE
However, she accidentally sends it to the wrong colleague - someone else with the same name in the same hospital.
CONTINUE
This email wasn't meant for me...
The recipient realises what’s happened, deletes the email, and contacts Dr Williams to inform her immediately.
CONTINUE
Dr Williams reports the incident to hospital administration.
She sends the email to the right Dr. Jackson to ensure Amir gets the right care.
What has the recipient done with the email?
How many people have been affected?
When did this happen?
Have you now emailed the correct person for what you need?
+ info
CONTINUE
This is an accidental internal breach. Amir’s health data has accidentally been put at risk within the hospital in which he recieved care.
CONTINUE
However, the ICO recommends that the hospital learns from this incident and that action is taken to prevent against these type of mistakes happening in the future.
The Information Commissioner’s Officer, or ICO, regulate and enforce data protection laws in the UK. They recommend that organisations must complete a risk assessment as soon as possible after a breach.
The risk assessment shows that there is an unlikely risk of harm or detriment to Amir. Therefore, there is no legal obligation for Dr Williams to report the breach to the ICO or to inform Amir that this happened.
CONTINUE
Where the risk to you is judged to be low, you may not know that a breach has happened to your data.
This can still be worrying to think about, but in this instance, there is nothing you need to do.
However, if you have any concerns, you can get support from the ICO on what to do.
CONTINUE
However if there had been a likely high risk to Amir, Dr Williams would have had to report it to the ICO within 72 hours and notify Amir.
An example of a high risk to Amir would have been if Dr Williams had emailed sensitive information to someone outside of her organisation.
If a breach like this happens...
... to your data and there is a likely high risk to you, you will be notified by the service, such as the hospital or GP practice, with information about what occurred and the process for what happens next.
CONTINUE
Health services take many steps to support the security of your data.
Services must review and report on their data security practices in line with clear quality standards.
Provide ongoing data security training to staff.
Appoint specific roles who monitor and advise on data security to health services.
CONTINUE
When it comes to health services, the ICO have an array of tools to regulate how your personal data is looked after...
CONTINUE
Their priority is to support services to make changes and prevent mistakes happening in the future.
In the case of the most serious errors, organisations can receive large fines as a penalty for breaches... but this is a last resort for the public sector as fines would take money out of the health service, which would only put patients at further risk.
CONTINUE
Click the buttons below for more information:
Read the research behind these resources.
Explore ICO information for the public.
Review NHS England guidance on data breaches.
Check out UPD’s health data policy explainers.
Find out how the ICO has been taking action in response to incidents in the health sector.
Check how well specific services perform on data security measures.
Read about an example of new technology improving security.
Learn about some examples of security roles in services.
Got an idea?
Let the communication flow!
With Genially templates, you can include visual resources to wow your audience. You can also highlight a particular sentence or piece of information so that it sticks in your audience’s minds, or even embed external content to surprise them: Whatever you like! Do you need more reasons to create dynamic content? No problem! 90% of the information we assimilate is received through sight and, what’s more, we retain 42% more information when the content moves.
Got an idea?
Let the communication flow!
With Genially templates, you can include visual resources to wow your audience. You can also highlight a particular sentence or piece of information so that it sticks in your audience’s minds, or even embed external content to surprise them: Whatever you like! Do you need more reasons to create dynamic content? No problem! 90% of the information we assimilate is received through sight and, what’s more, we retain 42% more information when the content moves.