By Danielle Jordan. Last Updated 11th June 2024. In this guide, we focus on claiming personal data breach compensation for the effects of inappropriate access to medical records in the UK. Winning a claim entitles you to compensation that could cover both material and non-material damage, which we explain in detail at the beginning of the guide.
The personal data in your medical records is protected by two major pieces of data protection acts. We cover both and explain what a personal data breach is before laying out the criteria you must meet to have a valid compensation claim.
Read through our guide to see examples of inappropriate medical records access and how you could benefit from being represented by one of our expert No Win No Fee solicitors.
Our advisors are available right now for further guidance and a free assessment of your potential claim. Learn more by going through any of these avenues:
- Call 0800 073 8804.
- Ask about your claim online so we can get back to you.
- Talk to an advisor today through the live chat feature below.
Select A Section
- How Much Could You Claim For Inappropriate Access To Medical Records In The UK?
- What Is Inappropriate Access To A Patient’s Medical Records In The UK?
- Can Someone Access My Medical Records Without My Permission?
- Can You Sue For Inappropriate Access To Health Records?
- What Should I Do If My Medical Records Are Accessed?
- How Legal Expert Could Help With No Win No Fee Data Breach Claims
How Much Could You Claim For Inappropriate Access To Medical Records In The UK?
If someone has inappropriately accessed your medical records in the UK, you may be curious as to know if you could make a data breach claim for the harm this has caused you. Further down our guide, we look at the eligibility criteria that must satisfied to have an eligible personal data breach claim. In this section, we look at the types of compensation that could be awarded for the impacts a data breach has had on you, the data subject.
If you have suffered emotionally or mentally, this is known as non-material damage for which you will be compensated for should your claim be successful. This could include post-traumatic stress disorder, otherwise known as PTSD, as well as other forms of psychological injury like anxiety or depression.
Guideline compensation figures for psychological injuries can be found in the Judicial College Guidelines (JCG), a document that may be used by those figuring out your non-material damage payout.
We have used JCG figures in the table below, plus an entry at the top (which is not part of the JCG), to illustrate how compensation for severe mental injuries and substantial financial loss could look. Please note that this is only a guide.
| INJURY | SEVERITY | COMPENSATION |
|---|---|---|
| Very Severe Psychological Injury Plus Material Damage | Very Severe | Up to £250,000 and above |
| General Psychiatric Harm | Severe | £66,920 to £141,240 |
| Moderately Severe | £23,270 to £66,920 | |
| Moderate | £7,150 to £23,270 | |
| Post-Traumatic Stress Disorder (PTSD) | Severe | £73,050 to £122,850 |
| Moderately Severe | £28,250 to £73,050 | |
| Moderate | £9,980 to £28,250 |
Financial Losses
The financial impact of a personal breach is known as material damage. For example, if you lose out on work earnings due to the stress of a breach, those losses could be factored into your payout.
Due to a Court of Appeal ruling in the case of Vidal-Hall and others v Google Inc [2015], it is possible to claim both material and non-material damage or to claim for either independently.
Call the number above today if you would like to learn whether you could make a personal data breach compensation claim for the impact of inappropriate access to your medical records.
What Is Inappropriate Access To A Patient’s Medical Records In The UK?
For a person or company to access your medical records they must have authorisation to do so. To process these records there will need to be a lawful basis in place under data protection law.
Inappropriate access to medical records in the UK could be when someone views your health records under the wrong circumstances. For example:
- A nurse views the medical records of someone they consider to be famous or in the public eye.
- A doctor accesses a relative’s health records even though they are not their patient.
- A colleague in a hospital looks up the medical records of another colleague.
What is the difference between unauthorised access to patient medical records and inappropriately viewing them? Someone who inappropriately views the medical records of someone may have the authorisation to view their records, but they are not doing it for a medical purpose. A person who has no authorisation would have no authority to ever view this information.
Case Study: Inappropriate Access To Medical Records
There have been quite a few cases where medical staff have gained inappropriate access to medical records.
Between 2017 and 2022, there were 194 incidents involving doctors accessing medical records without a clinical reason that resulted in complaints to the General Medical Council (GMC). 24 of these incidents resulted in the GMC taking disciplinary action, including 2 cases of doctors being struck off.
Another case occurred in 2017. Two members of the hospital staff were disciplined for gaining access to musician Ed Sheeran’s medical records without reason while he was in the hospital for a broken arm. One member of the medical staff received a written warning, while a member of the admin staff was fired.
Sources: https://www.theguardian.com/society/2023/jun/13/doctors-censured-medical-record-breaches-gmc
https://www.bbc.co.uk/news/uk-england-suffolk-44155784
Contact our advisors today if you have any questions about making a medical data breach claim.
Can Someone Access My Medical Records Without My Permission?
To view a person’s medical records you must have authorisation to do so. This means that in most cases, your permission will be needed for anyone to view the information contained within your health records. To process these records, there must be a lawful basis. There are 6 lawful bases and only one of these is consent. Below we look at examples of entities that can access your medical records:
- Power of attorney – someone you trust is in charge of your affairs
- Be in a position to act on someone else’s behalf as you have their consent.
- Have a legal basis for accessing medical records, such as your GP or hospital.
To find out if you could make a personal data breach claim because someone inappropriately accessed your medical records, call us today, and an advisor can provide you with a free assessment of your potential claim.
Can You Sue For Inappropriate Access To Health Records?
Those who process your personal data and any personally sensitive data, such as personal information related to your health, must do so in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. These data protection laws set out the responsibilities for those who handle your data.
There are two entities under these laws that are responsible for the protection of your personal data:
- Data controllers, who determine why and how your data is processed.
- Data processors. They may be instructed to process data by a data controller, though a controller can choose to do it themselves.
If either party fails to follow data protection law, then a personal data breach could occur, for example, a hospital (data controller) could fail to train their staff on the importance of data protection, and a member of staff could disclose the medical data of a patient to an unauthorised person.
A personal data breach, as defined by the Information Commissioner’s Office (ICO), an independent public body that works to protect the public’s data rights, is a security incident impacting the confidentiality, availability or integrity of someone’s personal data.
The eligibility criteria to make a personal data breach compensation claim under data protection laws are as follows:
- A data controller or processor failed to uphold their responsibilities under data protection legislation.
- This led to a data breach that affected your personal data.
- Because of this breach, you suffered mental or financial damage or both.
What Should I Do If My Medical Records Are Accessed?
If your medical records have been accessed in a data breach, then you should be notified without delay if this affects your rights and freedoms. You should be sent a data breach notification letter which could be used as evidence if you go on to make a claim.
If you haven’t been informed of a personal data breach but believe one has occurred, you could contact the data controller directly. Keep hold of any correspondence you have with them, as it could form part of the evidence you submit if you make a medical data breach compensation claim.
Do I Need To Let The ICO Know About The Inappropriate Access To My Medical Records?
If you do not get a satisfactory response, wait no longer than three months, before you contact the ICO and make them aware of the situation. If they investigate and determine that a data controller or processor’s failings caused a breach, their findings could be used to back up your claim.
Also collect proof of any financial loss, through bank or credit card statements, or payslips. A psychiatrist’s report could act as evidence of psychological injury suffered because of the data breach.
How Legal Expert Could Help With No Win No Fee Data Breach Claims
If you are in the UK and have been affected by your medical records being accessed inappropriately, call us to discuss your potential to claim. If you have valid grounds, one of our experienced data breach claim solicitors could help you seek compensation.
Our solicitors offer their services on a No Win No Fee basis, through a Conditional Fee Agreement. This arrangement means you will not pay a penny for their work either upfront or as the case goes on. If the solicitor does not secure compensation for you, they do not collect payment for their services.
A success fee would go the solicitor’s way if you win. This will only be a small percentage of your payout, which is certain because The Conditional Fee Agreements Order 2013 sets a legal cap.
Contact Us
Why not call us today? There is nothing to lose from talking to us, and no obligation to begin legal proceedings. Our advisors can share relevant information and answer any data breach compensation questions you may have.
Furthermore, an assessment can show you whether you have good grounds to start a claim. If you do, we could save you time by connecting you to one of our expert solicitors so they can pick up your case right away.
It is completely free to contact us, so to get started, choose any of these options:
- Call 0800 073 8804.
- Write to us about your claim online and choose a time for us to call.
- Open the live chat tab at the bottom of this page and send a message.
Data Breach Resources For Breach Of Medical Records
You can also get useful guidance on data breach claims through our other articles, like the ones below:
- When you can claim for a psychiatrist data breach and how we can help.
- How you can make an anxiety data breach claim if a breach affected you psychologically.
- Claiming for the effects of medical conditions being exposed due to a data breach.
Further information relevant to data breaches can be found here:
- The ICO provides an example of someone illegally accessing medical records through a 2019 incident.
- Information from the ICO related to health data and your right of access.
- The NHS explains how you can view your GP health record online.
Thank you for reading our guide on making a data breach compensation claim for inappropriate access to medical records in the UK. Please call if you would like to discuss your possible claim for a breach of your medical records in detail.
