We've been featured in:

BMI Healthcare Data Breach Compensation Claims Guide – How Much Compensation Can I Claim? – Amounts For BMI Healthcare Data Breach

How To Claim If Subject To A BMI Healthcare Data Breach

There is a lot of highly sensitive and personal information held by healthcare providers which you wouldn’t want to get into the wrong hands. Luckily, the introduction of the General Data Protection Regulation (GDPR) means companies have to keep your data secure at all times. However, mistakes can happen and so this guide is going to look at claiming for the harm that could be caused by a BMI Healthcare data breach.

BMI Healthcare data breach claims guideSince the introduction of the GDPR and The Data Protection Act 2018, you now have much more control over who can use your personal information, how it can be used and whether it is allowed to be shared with others.

The new laws have emphasised the need for companies to implement processes and systems to protect any personal information they store. If they don’t and a data breach occurs, the Information Commissioner’s Office (ICO) can issue massive fines for breaking data protection laws.

If you’re considering making a data breach claim, why not let Legal Expert help you? We offer a no-obligation telephone assessment of any claim and our advisors provide free legal advice. If your claim looks like it’s viable, you could be referred to one of our solicitors who provide a No Win No Fee service for any claim they accept.

To find out more about the claims process, please call our team on 0800 073 8804 today. Alternatively, please continue reading to find out more about claiming compensation for a healthcare data breach.

Select A Section

A Guide To NHS Data Breach Claims Against BMI Healthcare

When you visit a GP, a hospital or other medical facility, you’ll often sign paperwork to register for a service or consent to treatment being carried out. If you read through the paperwork, you’ll probably see questions about how the healthcare provider can use your personal information.

Since the GDPR was introduced, any organisation who wants to make use of your data needs your explicit permission to do so. Once you’ve shared your preferences with them, they must only use your data in the ways that you’ve agreed to. If they don’t, not only could the ICO impose a heavy financial penalty but you could go on to claim compensation from them.

Within this guide, we’ll look at what could cause a healthcare data breach to happen, the harm they could lead to and when you might be eligible to claim compensation for any financial or mental health impact.

When making a claim, you need to be aware that there are time limits that apply. In general, the time limit is 6-years but that can be reduced to just 1-year if the claim is regarding a breach of human rights.

Even though 6-years is a long time, we always offer the advice that it’s best to begin your claim as early as possible. By doing so, your solicitor will find it much easier to obtain evidence to support your case and you’ll find it a lot easier to recall the impact of the data breach.

Our team can help if you’re considering making a claim. If you get in touch with us today, an advisor can assess your case on a no-obligation basis and provide free legal advice even if you don’t go on to start a claim.

What Are BMI Healthcare Data Breaches?

When we talk about a personal data breach, what are we actually referring to? Well, they are defined in the GDPR as a security breach which causes personal information about you to be lost, accessed, disclosed, altered or destroyed by methods that you’ve not agreed to. The information could relate to physical printed documents or data stored electronically. Also, the act that leads to the breach could be accidental, deliberate or illegal.

While we commonly think that a data breach happens when a hacker breaks into a computer system and steals our information, they can also involve simple mistakes such as sending a letter containing personalised information to the wrong customer.

Although this guide relates to claims for a BMI Healthcare data breach, the information we’ll provide could relate to any other private health provider as well. Therefore, if you’ve been the victim of a healthcare data breach involving a private health company or the NHS and can prove the breach and harm caused, please contact our team today for free claims advice.

How The GDPR Protects Private Health Data

The responsibilities for those who handle your personal information are defined by what role they have assigned to them. Here are some of the key roles listed in the GDPR:

  • A data controller is a company who defines why and how your data needs to be processed.
  • The data processor is the organisation responsible for processing the data on behalf of the controller.
  • A data subject is a person whose information is going to be processed.

There are also several data principles associated with data processing, including:

  • Data processing should be fair, legal and transparent to the data subject.
  • It should be made clear to the data subject why their data needs to be processed.
  • Information can only be stored for the amount of time agreed at the time of processing.
  • The minimum amount of data should be processed.
  • Personal information which is stored needs to be kept up to date.
  • The processing of data should be confidential and secure.
  • The data controller must be able to demonstrate compliance with these principles.

If you suspect a data breach has occurred because these rules were not adhered to, please let us know so that an advisor can review your case.

Ways In Which Private Healthcare Providers Could Breach Your Data Privacy

In this section, we’re going to consider ways in which a healthcare data breach could happen. As you’ll see from the following examples, not all breaches are related to cybersecurity issues:

  • If documentation relating to patients is disposed of with normal rubbish rather than being securely destroyed.
  • When your personal information is posted or emailed to a different patient.
  • If a computer screen is left unlocked resulting in a non-medical staff member reading your records.
  • Where a computer system is infected with ransomware, viruses or malware.
  • If a member of staff reads your records when there is no medical reason to do so.
  • Where data is shared with another organisation who you’ve not authorised.
  • If the company holding your data is hacked and cyber criminals access your personal information.

The ways in which a company identifies a data breach varies from case to case, but they could include:

  • Being held to ransom by criminals who have stolen the data.
  • When a member of the public goes to the press to expose information they’ve found.
  • Where a proactive internal audit spots that the data breach has occurred.
  • Following an investigation launched after receiving a complaint.

Where a breach has occurred and the company becomes aware of it, they have a duty to let the affected parties know when the breach took place, how it happened, and what information was exposed.

For free advice on whether you’re eligible to claim for a healthcare data breach, please call our team today.

Examples Of Private Healthcare Companies Fined For Data Breaches

As we mentioned earlier, the Information Commissioner’s Office is able to issue financial penalties to any company who has broken data protection laws. Here are some examples of healthcare breaches that the ICO has had to investigate:

  • Babylon Health who provide an app allowing doctors to hold video consultations with their patients self-referred itself to the ICO because a software error meant patients could access other patient’s video files.
  • BUPA had to apologise to customers and start legal proceedings against an employee who stole personal data from the company’s database and shared it with competitors.
  • A London HIV clinic was fined by the ICO for sending an email to 800 patient’s who’d used its services but failed to use the BCC field. This meant that it was possible for all recipients of the email to potentially see each other’s names and email addresses.

Later on, we’ll look at how an ICO investigation could help your solicitor when claiming compensation for a data breach.

Making Complaints To The ICO About The Health And Social Care Sector

When you make the decision to claim compensation for a healthcare data security incident, you’ll need to gather evidence to show what happened. This will usually come from an internal investigation or when the ICO looks at what happened. While neither will result in you receiving compensation, they could help you prove liability for the breach and mean a claim might be possible.

In the first instance, you should contact the healthcare provider and lodge a formal complaint. They should then conduct an investigation and provide you with a response. If you’re not satisfied with their answer, you’ll usually be told of an escalation path. Once you’ve jumped through all of the hoops that you’re able to, if you are still unhappy with the outcome, you could complain to the ICO.

The ICO say that complaints should be raised when it’s been 3-months since your last meaningful communication with the company you believe is responsible. If you leave it too long, the ICO could refuse to investigate.

Our advice is that you should seek legal representation before going to the ICO. That’s because there may already be enough evidence to mean that a solicitor can take legal action against the healthcare provider and try to reach an amicable settlement without the need for an ICO investigation. In other cases, they might decide that the findings of the ICO could strengthen your case and advise you to wait for the outcome of an official response.

To reiterate, while the ICO can fine an organisation for data protection failures, they won’t be able to award compensation to you. Therefore, if you’d like one of our team of solicitors to start legal action against BMI Healthcare on your behalf, please let an advisor know what happened and how you were affected today.

What Compensation Could You Claim For A BMI Healthcare Data Breach?

Now we’re going to look at what you’re able to claim compensation for if you’ve suffered harm caused by a data breach. We’d love to provide the exact details of what you could include in your claim, but we know from experience that each claim is unique. Therefore, we’ll only be able to offer a personalised explanation of what you could claim for once your case has been properly assessed.

In general, though, a solicitor will usually split a claim into two key components:

  • Material damages aim to compensate you when you’ve suffered financial losses following a data breach.
  • Non-material damages are claimed for psychological injuries you’ve sustained as a result of the breach.

Your lawyer will scrutinise in detail every aspect of your case before submitting a claim to ensure everything has been considered. For instance, when they look at your financial losses, they’ll consider costs you’ve incurred already and how you might be affected in the future. An example of this might be where your private data has been used in credit fraud which could impact your ability to take out finance in years to come.

In a similar way, your solicitor won’t just claim for psychological injuries, they’ll use medical specialists to look at how your everyday life, work, education, or relationships have been impacted by anxiety, depression or stress and whether you’ll be affected in the long-term.

This process is important as you can only make one claim. That’s because once a claim is settled with the defendant, it’s not possible to reopen it and seek more if you do realise you’ve been affected in ways you hadn’t considered at the time.

To see if one of our solicitors could review your claim, why not discuss your case with an advisor today.

Private Healthcare Medical Data Breach Compensation Calculator

Now we’re going to discuss the amount of compensation you could receive following a medical data breach. There was an important trial at the Court of Appeal (Vidal-Hall and others v Google Inc [2015]) in which the judges decided that it is possible to claim compensation for mental illnesses caused by a data breach even if no financial losses were incurred. The ruling went on to confirm that the amount of compensation paid for such harm should fall in line with personal injury claims.

The following table uses data from the Judicial College Guidelines (JCG) to show possible awards for different psychological injuries which could result from a data breach. The JCG is a document which legal professionals often use to help determine settlement figures.

Edit
Claims For: How Severe? Compensation Range Comments
Psychiatric Damage Severe £51,460 to £108,620 In this range of compensation, the claimant will suffer serious problems relating to coping with life, work or education and relationships. Moreover, they will have a poor prognosis, be vulnerable in the future and treatment is unlikely to help.
Psychiatric Damage Moderately Severe £17,900 to £51,460 In this range of compensation, the claimant will suffer significant problems that are similar issues to above. However, the prognosis will be much better.
Psychiatric Damage Less Severe Up to £5,500 Mild symptoms that resolve fully within a year or two.
Post-Traumatic Stress Disorder Severe £56,180 to £94,470 Symptoms such as nightmares, mood disorders, sleep disturbance and flashbacks will be permanent in this compensation range and will affect all aspect of the claimants life. As a result, a return to pre-trauma functioning levels will be impossible.
Post-Traumatic Stress Disorder Moderate £7,680 to £21,730 In this range of compensation, the types of symptoms the claimant will suffer are likely to be the same as above but there will be a better prognosis because, with professional support, there could be some improvements.

Due to the fact that compensation is awarded based on the severity of any injuries, your solicitor will book you in for a local medical assessment as part of your claim. In your appointment, a medical specialist will ask several questions about the impact of the data breach and review your medical notes. Then a report will be compiled setting out the specialist’s findings. As the report is so important, medical assessments are mandatory for all claims.

No Win No Fee Data Breach Claims Against BMI Healthcare

There are a lot of people who worry about the cost of hiring a legal team to make a compensation claim. We completely understand that and it’s the reason that Legal Expert’s team of solicitors work on a No Win No Fee basis for claims they take on. Not only does that reduce the amount of stress related to your claim, but it also alleviates a lot of the financial risks.

At the start of your claim, a solicitor will check it has a good chance of being successful. If so, they’ll draft a Conditional Fee Agreement (or CFA) for you. This document will provide details of what work your solicitor will conduct and it will also explain that:

  • You won’t be asked to pay any upfront charges.
  • While the case is ongoing there will be no fees to pay.
  • Should the claim be lost, you won’t be asked to pay any solicitor’s fees at all.

The fee forms a small portion of your compensation and is used to pay the solicitor for their work. So that you know the exact percentage you’ll pay (which is capped by law), the success fee will be declared in the CFA from the start.

To check if you’re able to use our No Win No Fee service, please speak to a member of our team today.

How To Find A Lawyer Who Could Handle A Medical Data Breach Claim

When you have decided that it’s time to start a claim for a BMI Healthcare data breach, how do you choose a law firm to help you? You might think that looking for the most local solicitor will do, you could ask a member of your family for a recommendation, or you could read online reviews to help you decide who to use.

While every one of those actions could mean you’ll find the best solicitor to help you claim, they could take a while and there’s no guarantee you’ll be happy with the outcome.

To make your search a lot easier, why not call Legal Expert today? If your claim is taken on, you’ll be linked with one of our specialist solicitors. Our team have been representing clients in all sorts of claims for decades.

While you’re claim is ongoing, your solicitor will be on hand to answer any questions and provide updates. They’ll work hard for you and always try to ensure you’re compensated fairly.

Talking To A Specialist Lawyer

We hope that you’ve found this guide about claiming for a data breach by BMI Healthcare useful and are now ready to begin your claim. If that’s the case, you can contact us by:

Extra Resources

In our final section of this guide relating to BMI Healthcare data breach claims, we’ve listed some extra guides and links which we hope you’ll find useful. If there is any further information you’d like, please don’t hesitate to ask.

BMI Healthcare Inspection Report – Ratings from the Care Quality Commission for BMI clinics and hospitals.

Access Your Information – Details from the ICO on how you can request the information about you that is held by public bodies.

Access Mental Health Services – NHS advice on how to access free mental health services.

Negligent Doctor Claims – Details on when you could claim damages for suffering caused by a negligent doctor.

NHS Data Breach Claims – This guide looks at when a claim might be possible following an NHS data breach.

Private Healthcare Negligence – Information on how to claim against a private medical provider for injuries caused by negligence.

Other Useful Compensation Guides

Guide by Hambridge

Edited by Billing