I’d like to get your opinion on something that has happened recently in our community. I manage a platform with over 200 online communities for people living with rare diseases worldwide.
Our members are a very unique group of people. They tend to be depressed, sad and frustrated but they are also very motivated and generous. In some of the cases, the disease limits their quality of life and they find it difficult to navigate the site. Some members like to stay to get help but also want to help others but others sign up looking for answers and they usually never come back. This is a bit of context.
We keep creating communities every time there’s a need, about 2 new communities per month. So in some cases, those members that had joined years ago when there was no community for their disease, get one now. So if they mentioned their disease on their profile description or on any post, we manually join them to the community and email them informing that a new community for X disease has been created. We basically do it to make things easier for them. And because they haven’t logged in in a long time, we help them reset their password, explain how the community is structured, etc. People are always very cool and thankful with this but I guess that there are always exceptions.
This is a particular case that happened a few days ago:
- We created a community for a rare disease and we emailed all the members that had mentioned living with this condition in the other communities. The usual.
- One of them was a member with multiple rare diseases diagnosis that had joined another community and posted her story 5 years ago. Hadn’t logged in in the last 2 years.
- This member replied to one of our automatic email alerts (a kind of welcome email) asking who we were and how we got her email address and that she wanted to “be removed from this group”
- I sent her a reply using my email address asking whether she wanted to be removed from the recently created community or from the entire platform since she entered her account in years and that I could help with both things.
- She was infuriated and came back to me saying that her email address was shared with someone and that we had infringed her HIPAA rights (illegal use of her identity, identity theft charges, etc) and that she was about to contact a lawyer
- I deeply apologized and explained things in the most clear way I could find. I explained again who I was and what had happened and that her email address hadn’t been shared with anyone and that I just needed some information before removing her account completely because I wasn’t sure that’s what she wanted.
- I’m still waiting for her reply.
I want her to see that her privacy was not violated at any time. It’s not the first time that people forget that they have an account or they even deny setting up one but when we explain it they usually understand.
I see now that even that some members appreciate when we facilitate things and join them to a new community, it can lead to situations like this one. We want to learn from this and we want to do things better. I also think we should be more strict and protect ourselves from future cases like this one.
Has this happened to any of you before? How did you handle it? How could we have manage it better?
Thanks for your input.