Medical Records Data Breach Compensation Claims Explained

If you have suffered harm following a medical records data breach, you may be wondering if you could be eligible to claim compensation. In this guide, we will explain the criteria that your case must meet in order to be able to claim. We will also explain what a personal data breach is, and what kind of data could be stored in your medical records.

Medical records data breach

Medical records data breach claims guide

The UK General Data Protection Regulation (UK GDPR) and an updated version of the Data Protection Act 2018 (DPA) are two pieces of legislation that govern data protection for UK residents. If an organisation does not comply with these laws, this could cause a personal data breach.

Our advisors can provide more information on how to start your claim and can provide free legal advice. If they find your claim to be valid, they may put you in contact with a No Win No Fee solicitor from our panel. To learn how a solicitor from our panel could help you, or to start your potential claim today, get in touch by:

Select a Section

  1. What Is A Medical Records Data Breach?
  2. Causes And Impacts Of Data Breaches Involving Medical Records
  3. What Are My Data Protection Rights?
  4. What To Do After A Medical Records Data Breach
  5. Calculating Data Breach Compensation Claims
  6. Contact A Solicitor About Your Medical Records Data Breach
  7. Useful Information

What Is A Medical Records Data Breach?

Medical records are files that document your medical history, including treatments, medical conditions, surgeries, prescriptions, and consultations. These records contain both personal data, and a sub-category of personal data known as special category data.

Personal data is information that can be used to identify you and includes your:

  • Name
  • Date of birth
  • Postal address and postcode
  • Phone number
  • Email address

Special category data needs more protection, according to data protection legislation. This is due to the sensitive nature of the information. Special category data includes information such as health data, biometric data, genetic data, and information regarding your race, ethnicity, or sexual orientation and details of your trade union membership.

A personal data breach is a security incident that affects your personal data’s confidentiality, integrity, or availability. However, not all data breaches form valid claims. To form the basis of a valid claim, the breach must occur as a result of an organisation’s failings. You must also suffer harm because of the breach. This could be financial or mental harm.

To find out if you could have a valid medical records data breach claim, contact our team today.

Causes And Impacts Of Data Breaches Involving Medical Records

Some medical records data breaches happen because of errors made by staff. Medical data breaches can also happen because of malicious or criminal behaviour.

One example of how human error could cause a data breach is sending personal information to the wrong address. For example, a GP surgery could post a patient’s test results to the wrong patient. Therefore, sharing confidential information about the patient with the wrong party. Or a receptionist at a hospital may leave their computer screen unlocked, displaying patient records to members of the public.

Data breaches can also occur as a result of criminal activity. For example, computers or hard drives containing medical records could be stolen from a medical facility that does not have adequate physical security in place, such as alarms and CCTV cameras. Or cyber criminals could target medical organisations with inadequate cyber security systems, causing a data breach through, ransomware attacks or malicious software.

Patients who have had their personal medical data breached could suffer emotional distress. If the records contained private information about their medical history, this could be particularly upsetting, and could lead to a host of psychological issues. Data breaches can also lead to financial harm if they expose banking details like your credit card number.

If you have been impacted by a personal data breach, contact our team of advisors to find out what steps you could take next.

What Are My Data Protection Rights?

The UK GDPR and DPA protect the personal data of residents of the UK, which includes medical data. Data controllers and processors must comply with legislation. A data controller controls the purpose for which your data will be used and can process this data themselves, whereas a data processor acts on the data controller’s behalf.

If a medical records data protection breach could affect your rights or freedoms, the organisation responsible must report it to the Information Commissioner’s Office (ICO) within 72 hours. Alongside this, they must alert you to the breach without undue delay.

Generally, you have six years to start a personal data breach claim. However, if you are claiming against a public body this will fall to one year.

To learn more about your rights following a data protection breach, contact our advisors today.

What To Do After A Medical Records Data Breach

As we mentioned in the section above, if a data breach could affect your rights or freedoms, you must be informed as soon as possible. The organisation must also report the breach to the ICO within 72 hours.

However, if you do not receive a notification but still suspect a breach of your medical records, you can contact the organisation. They may be able to provide more information, such as confirming that there was a breach or informing you of what information was affected. If you do not receive a response from the organisation, or if the response is unsatisfactory, you can make a complaint to the ICO.

The ICO cannot provide compensation or handle your claim. However, they can investigate organisations that do not comply with data protection legislation. The ICO can impose fines on organisations found to be in breach of legislation, as well as taking other enforcement action.

Contact our advisors today to learn more about making a personal data breach claim and the steps you can take following a breach.

Calculating Data Breach Compensation Claims

You may be wondering how much you can claim following a medical records data breach. In these claims, you can pursue non-material damage and material damage.

Material damage is awarded for financial losses caused by a personal data breach. For example, there could be damage to your credit score or loans that are taken out in your name could cause you debt and arrears.

Non-material damage is awarded for psychological injuries that you have sustained due to the personal data breach. This can include stress, anxiety, distress and in more severe cases, post-traumatic stress disorder.

You may wish to use a data breach compensation calculator to get an estimate of how much your claim is worth. However, we have provided a table containing figures for different psychological harm below.

The figures in the table are based on Judicial College Guidelines (JCG). The JCG often helps solicitors in assigning a value to the non-material damage head of claim by providing guideline compensation brackets for various physical and mental injuries.

Type Of Psychological InjurySeverityNotesGuideline Bracket
Psychiatric Harm(a) SeverePermanent and severe effect on the ability to cope with daily life and relationships.£54,830 to £115,730
Psychiatric Harm(b) Moderately severeSimilar to severe cases but with a better prognosis£19,070 to £54,830
Psychiatric Harm(c) ModerateImprovement of symptoms and a good prognosis.£5,860 to £19,070
Psychiatric Harm(d) Less severeThe settlement will take into account how long the person was affected and the severity of the remaining symptoms.£1,540 to £5,860
Post-Traumatic Stress Disorder (PTSD)(a) SevereSevere impact on the ability to function at the pre-trauma level.£59,860 to £100,670
Post-Traumatic Stress Disorder (PTSD)(b) Moderately severeSome recovery is possible with professional help, reflected in a more optimistic prognosis. £23,150 to £59,860
Post-Traumatic Stress Disorder (PTSD)(c) ModerateNo remaining effects are grossly disabling.£8,180 to £23,150
Post-Traumatic Stress Disorder (PTSD)(d) Less severeOnly minor effects remain following a recovery achieved within 1-2 years.£3,950 to £8,180

These figures are guidelines only because the actual amount of compensation you could potentially receive may vary. For a free estimate of what you could receive, contact our advisors today.

Contact A Solicitor About Your Medical Records Data Breach

A solicitor from our panel could help you through the process of making a claim for the breach of your personal data. When working with our panel, you can get legal representation under a No Win No Fee arrangement known as a Conditional Fee Agreement (CFA).

With a CFA, you generally will not have to pay any upfront or ongoing fees for your solicitor’s services. If your claim succeeds, your solicitor will take their payment through a success fee. This fee will be discussed in advance and has a legal cap. However, you will not pay this fee if your claim is unsuccessful.

To find out if a solicitor from our panel could help you make a medical records data breach claim, contact our team of advisors today by:

Useful Information

For more helpful guides:

Or, for more external information:

Contact our advisors for more information on medical records data breach claims.

Writer Hana Carlisle

Publisher Cat Hunt/ Meg Moon