Unauthorised Access To Patient Medical Records – Data Breach Claims

100% No Win, No Fee Claims
Nothing to pay if you lose.

  • Free legal advice from a friendly solicitor.
  • Specialist solicitors with up to 30 years experience
  • Find out if you can claim compensation on 0800 073 8804

Start My Claim Online

We've been featured in:

Unauthorised Access To Patient Medical Records – Can I Claim?

By Cat Way. Last Updated 6th February 2024. In this guide, we look at how you could go about claiming compensation for unauthorised access to patient medical records in UK hospitals. Your medical records may contain sensitive information relating to illnesses and medical conditions that you either currently have or have experienced in the past. They also usually contain personal details such as your name and address, your next of kin, your ethnic origin and other personal data.

medical professionals working on a laptop

As such, any organisation that processes your medical records should take great care to ensure they protect that personal data. But what happens if someone gains unauthorised access to patient medical records in the UK? What consequences could this cause? And could a person who suffers harm because of inappropriate access to medical records in the UK claim compensation?

You can also watch our video below which explains the key takeaways from our guide:

Select A Section

Can I Claim Compensation If Someone Gained Unauthorised Access To My Medical Records?

There are a number of different service providers that can decide why and how they need to use your personal data (to add to your medical records, for example). As such, they could be considered a data controller or a data processor. A data controller decides how and why your personal data is used, whereas a processor follows their instructions to process the data.

All data controllers and processors must comply with the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR). If they fail to do so, this could lead to a personal data breach. A data breach occurs when a security incident affects the confidentiality, availability, or integrity of your personal data.

You could potentially claim compensation for unauthorised access to patient medical records if you can establish that:

  • You were directly affected by this breach of data
  • The breach caused you to suffer emotional and/or financial harm
  • The breach occurred because the organisation responsible for holding your medical records failed to take the correct steps to secure this information through positive wrongful conduct

What Is Personal Data?

Personal data is any information that could be used to identify you. This could be on its own or in combination with other information. For example, this could include your:

  • Full name.
  • Postal address.
  • Email address.
  • Phone number.
  • Date of birth. 

Special category data is a subcategory of personal data that needs extra protection under data protection legislation, as it is is more sensitive information. Special category data can include information relating to your:

  • Health and medical conditions.
  • Sexual orientation. 
  • Gender. 
  • Ethnicity.
  • Religious beliefs.

Special category data and wider personal data can both be found within your medical records. For example, most records will include your full name, date of birth, and contact details, along with the details of past and present medical conditions. Most will also have information on your ethnicity and gender.

In some cases, your medical records may contain references to your sexual orientation, religious beliefs, or immigration status. 

To find out the steps you could take if your personal data was compromised in a breach, continue reading or contact our team of expert advisors.

Unauthorised Access To Patient Medical Records – What Evidence Do You Need To Claim?

You may be wondering what evidence could support a personal data breach claim after unauthorised parties had access to your medical records in the UK.

Evidence can help strengthen multiple areas of your claim, and you can collect this alone or with the help of an expert No Win No Fee solicitor. For example, with the right evidence, you can illustrate how the breach occurred, how it has affected your mental health, and how it has affected your finances. Some examples of evidence you could use to support your claim include:

  • Letter of notification: In some cases, you may receive a letter of notification from the organisation responsible for the breach. This can then be used as evidence, as it may state what data was affected and how the breach occurred.
  • Correspondence with the ICO: Correspondence with the ICO, such as the results of an investigation or a complaint, could also be used as evidence in your claim.
  • Medical records: Your medical records can support a claim for damage to your mental health, as these can illustrate the effect the breach has had on your well-being.
  • Financial statements: Financial documents such as bank statements and credit reports can help demonstrate how the breach has affected you financially.

These are only a few examples of evidence that you could collate and use to help strengthen your claim. To learn more about claiming after a data breach that has affected a patient’s medical records, contact our team today.

How Could Unauthorised Access To Patient Medical Records Happen?

The Information Commissioner’s Office (ICO) is the UK’s independent body that ensures organisations comply with data protection legislation. They define a personal data breach as a security incident which may result in your information being accidentally or unlawfully destroyed, lost, altercated, disclosed or accessed.

Unauthorized access to patient medical records in the UK is when medical data is unlawfully accessed by staff or persons who are not required to process the data in their daily job roles and is classed as a medical data breach. This may occur via a phishing attack, or through medical computer systems being hacked or targeted by malware. It is down to organisations to protect you against such threats by ensuring staff receive cybersecurity training and having their computer systems protected by a firewall.

However, such a data breach could also occur via a non-cyber incident. For example, if an organisation does not store your medical records in locked filing cabinets, your data could be lost or stolen. Additionally, your medical records could be emailed to the wrong home address despite your correct address being on file.

Examples Of Medical Data Breaches

There are many ways that someone could get unauthorised access to patient medical records, including:

  • A staff member leaves your records open and unattended on a public-facing desk.
  • Your medical records are faxed to the wrong address, or posted to the wrong postal address.
  • Inadequate cybersecurity defences allow cybercriminals to access your medical records online.

As we’ve already mentioned, you must be able to prove that the medical records data breach was caused by the organisation’s wrongful conduct in order to claim data breach compensation.

Our advisors are here to help if you’d like to learn more about making a data breach compensation claim. Get in touch today to start your free consultation.

Compensation Payouts For Medical Data Breaches

Should you make a successful personal data breach claim, you could receive up to two heads of compensation. These include material damage compensation, and non-material damage compensation.

The first head of claim, non-material damage compensation, relates to the psychological effects of the personal data breach. For example, you could suffer from stress, anxiety, or depression following a breach. Similarly, it could exacerbate any existing conditions, such as post-traumatic stress disorder. 

Those who value this head of your claim may refer to the Judicial College Guidelines (JCG). This document can help, as it provides guideline compensation amounts for different injuries, including psychological injuries.

Below, you can find some examples of these entries. The figures in this table are guidelines only, and the first entry in this table has not been taken from the JCG.

InjuryJCG Compensation BracketSeverity
Severe Psychological Harm Plus Financial LossesUp to £150,000+Severe psychological harm and compensation for financial losses such as a loss of earnings.
Psychiatric Damage Generally£54,830 to £115,730Severe - A very poor prognosis with the person having problems to cope with life.
Psychiatric Damage Generally£19,070 to £54,830Moderately Severe - Significant issues will be present but a more optimistic prognosis.
Psychiatric Damage Generally£5,860 to £19,070Moderate - There will have been various problems but significant improvements will have been made.
Psychiatric Damage Generally£1,540 to £5,860Less Severe - Length of disability and the extent to which various daily activities were impacted will determine the amount awarded.
PTSD£59,860 to £100,670Severe - The persona will be unable to return to a pre-trauma working or social life due to permanent effects.
PTSD£23,150 to £59,860Moderately Severe - There is some room for improvement with professional help. However, significant issues will still be present.
PTSD£8,180 to £23,150Moderate - A large recovery will have been made and any persisting issues will not be majorly disabling.
PTSD£3,950 to £8,180Less Severe - A practically complete recovery will have been made within one to two years.

What Is Material Damage Compensation?

Material damage compensation addresses the financial losses you incur as a result of the breach. For example, this could include lost earnings if you needed to take time off work to recover from the psychological effects of the breach.

This head of claim can also help if money is stolen from your account, your credit score is damaged, or if someone steals your identity.

To learn more about claiming compensation for unauthorised access to patient health records, contact our team today.

No Win No Fee Data Breach Claims

If you are interested in making a claim for inappropriate access to your medical records in the UK, one of our solicitors may be able to help. Working with a solicitor can bring many benefits to your claim. For example, a solicitor can help you gather evidence, talk to witnesses, and explain any complex legal jargon.

Our solicitors offer their services on a No Win No Fee basis. They do this by offering their clients a Conditional Fee Agreement (CFA). Under a CFA, your solicitor won’t take any fees to start working on your claim or to continue their services. Likewise, if your claim doesn’t succeed, our solicitor won’t take a fee for their work.

If your medical data breach claim does succeed, then your solicitor will be due a success fee. This fee is taken from your compensation as a small percentage, though the amount they can take is capped by law. This legislative cap allows you to keep the majority share of what you receive.

To find out if one of our solicitors could help you make a personal data breach claim, contact our team of advisors today. They can offer a free evaluation, following which they may be able to connect you with one of our solicitors. To get started:

Learn More About Claiming Compensation For A Personal Data Breach

Below, you can find more useful information on the topic of unauthorized access to patient medical records:

Other Legal Expert Guides:

Below, you can find more of our guides on data breach claims:

If you still have any questions about making claims in the UK for unauthorised access to patient medical records, then you can contact Legal Expert for advice and assistance. You can reach our advisors either online or on the phone by using the contact details featured in this guide. Our advisors can help with any queries you may have, such as whether you have grounds to claim because someone gained access to your medical records without permission.

    Contact Us

    Fill in your details below for a free callback

    Meet The Team

    • Patrick Mallon legal expert author

      Patrick is a Grade A solicitor having qualified in 2005. He's an an expert in accident at work and public liability claims and is currently our head of the EL/PL department. Get in touch today for free to see how we can help you.

      View all posts