We've been featured in:

Medical Conditions Data Breach Claims

Welcome to our guide on what to do in the event of a medical conditions data breach. 

Here we’ll explain what causes a data breach and what kind of compensation you could get if you make a claim. 

If you’d like to discuss claiming with Legal Expert today, or if you have any questions about the process, you can:

medical conditions data breach

A guide to claiming after a medical conditions data breach

Select A Section

  1. What Is A Medical Conditions Data Breach?
  2. What Organisations And Individuals Could Breach Your Medical Data Privacy?
  3. Types Of Medical Data
  4. Examples Of ICO Fines For Medical Data Breaches
  5. Medical Conditions Data Breach Settlement Calculator
  6. Talk To Us About No Win No Fee Medical Conditions Data Breach Claims

What Is A Medical Conditions Data Breach?

Whenever you visit a medical facility, like a hospital, GP surgery, dental practice or pharmacy, you will likely need to provide information about yourself.

Data breaches could occur if medical service providers fail to secure this information, or if they use your information in ways you haven’t authorised.

A data breach is a breach of data security that results in the unlawful or accidental alteration, loss, destruction of, disclosure of or access to personal data. 

The UK General Data Protection Regulation (GDPR) states that personal data is any information that can identify you.

The Information Commissioner’s Office (ICO) upholds data protection rights and takes action against organisations that breach the Data Protection Act (2018) or other data protection laws.

Healthcare Data Breach Statistics

In the second quarter of 2021/22, the ICO found data security incidents were most common in the healthcare industry compared to all other sectors.

In Q2, there were a total of 2,431 reported incidents. Out of these, 1,717 were non-cyber data breaches, while 714 were cyber breaches. 

What Organisations And Individuals Could Breach Your Medical Data Privacy?

Different medical service providers, trusts, individuals and other bodies can store medical data. Private healthcare companies and insurance companies may also hold your medical data. Organisations and individuals that store this, and may therefore potentially breach your medical data privacy, include:

  • NHS: Holds the medical record of around 65m people in the UK
  • IQVIA: Healthcare data company that received 502 data releases from the NHS in 2020/21
  • Health Data Research UK: Registered charity and national institute for health data science
  • Capita: A government contractor that uses health data to determine disability claims for the Department for Work and Pensions
  • Aviva: The UK’s largest insurer consisting of more than 15m customers
  • GPs: GPs store and control medical records

Has an organisation or individual breached your medical data privacy? For example, you may have been subjected to a GP data breach. Our team of advisors can offer expert advice on what to do next.

Source: https://www.ft.com/content/6f9f6f1f-e2d1-4646-b5ec-7d704e45149e 

Types Of Medical Data 

In Article 4 of the Data Protection Act (2018), the UK GDPR describes data concerning health as the “personal data related to the physical and mental health of a natural person, including the provision of healthcare services, which reveal information about his or her health status”.

Subsequently, there are many types of medical data. Below are some examples:

  • Any information on your medical history, including medical opinions, diagnosis and clinical treatment
  • Data collected during a medical examination or test, or when you have registered to use health services
  • Appointment details can also reveal someone’s medical condition

Our advisors can offer guidance on the steps to take if you have been harmed by a medical condition data breach. Begin your claim process with Legal Expert today.

Examples Of ICO Fines For Medical Data Breaches

A medical conditions data breach can happen as a result of cyber-attacks or if confidential data is not securely stored. Additionally, human error can cause a data breach. 

This occurred in 2018 when data breaches affected 150,000 NHS patients in England. At this time, some patients had their health data used for research purposes, despite opting out of this when asked. The NHS data breach was reportedly due to a coding error. 

Source: https://www.bbc.co.uk/news/technology-44682369 

Healthcare Organisations Fined By The ICO 

The ICO may issue penalties to organisations or individuals that cause a medical conditions data breach. The following examples show what type of action the ICO has taken in past instances:

  • Bayswater Medical Centre received a £35,000 fine in 2018 for leaving highly sensitive medical information in an empty building for more than 18 months
  • Bupa Insurance Services Limited, a health insurance company, was fined £175,000 after an employee stole the personal data of 547,000 customers and offered it for sale on the dark web
  • Doorstep Dispensaree Ltd, a London-based pharmacy, received a £275,000 fine for failing to ensure the security of health data
  • A London NHS Trust was fined £180,000 after a sexual health clinic it operated accidentally leaked the details of 781 people who had attended HIV clinics

If you fear you have been the victim of a medical conditions data breach, you may want to seek legal advice.  Speak to our team of advisors for more information. 

Source: https://www.bbc.co.uk/news/technology-36247186#

Medical Conditions Data Breach Settlement Calculator

We refer to two types of damages when calculating a medical conditions data breach settlement.

Material damages cover any financial losses you have incurred as a result of the data breach. Evidence to support this could include your credit rating and bank statements

Non-material damages take into consideration any psychological damage that the data breach has caused. Psychiatric damage, like Post-Traumatic Stress Disorder (PTSD), can be valued in line with the Judicial College Guidelines. This is a publication that solicitors use to help when valuing claims

Following the Court of Appeal case, Vidal-Hall v Google Inc (2015), you can now file for non-material damages even if the data breach didn’t cause you any financial losses.

Edit
Injury Severity Injury Bracket

 Notes
Post Traumatic Stress Disorder (PTSD) Severe £59,860 to £100,670 Your ability to work could be detrimentally affected. You may suffer with relationships in your life too.
Post Traumatic Stress Disorder (PTSD) Moderately Severe £23,150 to £59,860 There is some chance of recovery with professional help, which garners are more optimistic prognosis.
Post Traumatic Stress Disorder (PTSD) Moderate £8,180 to £23,150 You may make a good recovery and any ongoing symptoms will not cause gross disability in the future.
Post Traumatic Stress Disorder (PTSD) Less Severe £3,950 to £8,180 You are expected to make a full recovery from any mental harm caused within two years.
General Psychiatric Damage Severe £54,830 to £115,730 Prognosis will be poor and you are likely to struggle coping with life and work in general.
General Psychiatric Damage Moderately Severe £19,070 to £54,830 The prognosis here is more optimistic even though symptoms are similar to those shown above.
General Psychiatric Damage Moderate £5,860 to £19,070 There is a marked improvement in symptoms and the prognosis is good.
General Psychiatric Damage Less Severe £1,540 to £5,860 The level of this award is decided on the length of the period of your disability and the extent to which daily activities and sleep were affected.

Our team of advisors can value your claim and potentially connect you with a solicitor. 

Talk To Us About No Win No Fee Medical Conditions Data Breach Claims

If you’ve suffered mental or financial harm as a result of a medical condition data breach, you might be interested in making a claim. However, the claims process can seem daunting, and you may not know where to start.

If this is the case, one of our No Win No Fee personal data breach solicitors may be able to help. Our solicitors offer their services on a No Win No Fee basis by providing their clients with a Conditional Fee Agreement (CFA). When you work with a solicitor under a CFA, they won’t ask for a fee to begin work on your claim, nor will they ask you to pay them for their continued services. You also won’t pay a fee for their work if your claim fails. 

However, if your data breach compensation claim succeeds, then your solicitor will take a success fee, which is a percentage of your compensation. This percentage is legally capped to ensure that you keep the majority share of what you receive and is taken directly from your award. 

Our advisors are on hand to help if you would like to learn more about how our solicitors could help. Get in touch today by:

Healthcare Data Protection Breach Resources

Here are some resources that you may find useful if you have been subjected to a medical conditions data breach: 

  • Health A to Z – An NHS guide on medical conditions.
  • Personal Data Breaches – NHS advice on what a personal data breach is and the steps that should be taken following an incident.
  • Your Data Matters – The ICO offer guidance on how to take your case to court and claim compensation.

Here are some more of our guides that you may find useful: 

Get in touch if you are ready to take the next step in making a claim following a medical conditions data breach.

    Contact Us

    Fill in your details below for a free callback

    Trustpilot

    Meet The Team

    • Patrick Mallon legal expert author

      Patrick is a Grade A solicitor having qualified in 2005. He's an an expert in accident at work and public liability claims and is currently our head of the EL/PL department. Get in touch today for free to see how we can help you.

      View all posts

    Our Top Legal Guides