Medical test results data breach can cause tremendous suffering to the patient they impact. Whether it’s the disclosed details of a pregnancy or a sexually transmitted disease, MRI scan, or blood test, these results are information of the most personal and sensitive kind and we quite rightly expect this information to be protected. This guide explains what you can do if a medical information data breach has caused you to suffer.
The sections below have additional highlighted links to other resources. If you would prefer to discuss starting a medical test results data breach case with someone in person, please feel free to :
- Call us on 0800 408 7825
- Contact us for a callback
- Live support help is available, in the bottom right
Select A Section
- What Is A Medical Test Results Data Breach?
- How The UK GDPR Protects Data Concerning Health
- In What Way Could A Medical Test Results Data Breach Happen?
- How To Claim For A Health Care Information Data Breach
- What Could You Claim For A Medical Test Results Data Breach
- Begin Your Medical Data Breach Claim Today
Data breaches in general are when information that can be used to identify us has been compromised in a way that can cause harm to that data subject. Medical records are very much part of the personal information that is protected under the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR).
These pieces of legislation seek to protect personal data rights and information security. They are enforced by an independent body called the Information Commissioner’s Office (ICO) which investigates serious data breaches and can fine data controllers when they fail to adhere to data protection laws. They have the power to issue fines but do not pay compensation to the data subject.
If you are able to prove that the data controller, those who handle personal data, failed to handle your data in accordance with lawful expectations you could request compensation for the harm it caused.
The UK GDPR class health data as any details that pertain to the physical and mental health of an individual, including what care they are being given now, in the past, or in the future. With this in mind, data protection laws protect any of the following personal data:
- MRI or CT scans
- Blood test results
- Medication and prescription records
- Psychotherapy or counselling details
There are ‘7 Core Principles’ of the UK GDPR which try to make it easier for companies and agencies to understand and implement good data protection. These principles require that personal data is lawfully used in the spirit of its original purpose. In addition, those purposes must be limited in scope and data kept to a minimum of what is needed.
Data must also be accurate in detail and retained only for as long as necessary. Furthermore, all parties concerned should practice personal accountability about data security and place the integrity of that information at the top of their priorities. With this in mind, a data breach could result from a failure on any of these fronts.
It’s also important to note that in addition to human error causing a medical test results data breach, so might poor IT security systems. Data controllers could fail to prevent an exterior cyber-attack on data records. Insufficient data security online systems could result in the medical agency being liable if your data was breached injuring you financially or emotionally. Other causes may include:
- The theft or loss of devices that contain details of patients’ medical records
- Physical loss, destruction, or unauthorised sharing of details
- Sending or sharing patient notes with the wrong recipient
- Employees accessing and misusing personal data
- Emailing the wrong patient or sending a letter to the wrong address.
Demonstrating data misuse with medical test results can be complex. Successful personal data breach claims will show how the data controller (an organisation that processed your data) was liable for the breach. If a data controller did all the right things when it came to protecting your information but a breach occurred anyway it is unlikely that a claim is valid.
Speak to our team and they can offer further help on where to start to assemble your evidence of this.
As you approach making a medical test results data breach compensation claim, there are some helpful things to consider to present the best case you can. You are free to do this independently or with the help of a data breach specialist, but it’s a good idea to:
- Access your medical notes in full
- Complain directly to the NHS or private clinic concerned in the breach
- Raise a concern with the ICO (who may not investigate but could lend your complaint weight)
- Track who received your medical test results and why
- Pinpoint when the breach may have happened or when you first started to feel the adverse consequences of it.
The ICO recommends that you wait no longer than three months from the date of last meaningful contact on the matter to raise an official complaint. After this period, the ICO might consider the matter settled.
Data breaches can cause both financial and emotional damages. But it wasn’t until a case called Vidal-Hall v Google that it was made possible to claim for mental illness without suffering any financial harm.
Material damages allow claimants to present documented proof of financial costs attached to the data breach with a view to reclaiming them. This may include:
- Proof of loss of earnings
- Bills and invoices that prove out-of-pocket costs
- Costs of alternative medical treatments
- In severe cases, for example, could mean someone needing to move after a medical status such as HIV/AIDS became common knowledge to hostile parties, the cost of relocating.
Non-material damages relate to the psychiatric distress and damage caused. A publication used in personal injury evaluation called the Judicial College Guidelines also includes guideline brackets for psychiatric damage as illustrated in an excerpt from the guide below:
|Type of Psychiatric Harm||Severity and JC Guideline Award Bracket||Supporting Notes|
|General Psychiatric Damage||(a) Severe Psychiatric Damage - £51,460 to £108,620||Serious impact on the persons ability to cope with life with a poor prognosis|
|General Psychiatric Damage||(b) More Moderate to Severe - £17,900 to £51,460||Similar cases to those above, with long-term disability implications but less intractable|
|General Psychiatric Damage||(c) Moderate levels of general psychiatric harm - £5,500 to £17,900||Lesser severity again with a likelihood of improvement by the time of trial|
|General Psychiatric Damage||(d) Lesser Severities of Psychiatric Harm - up to £5,500||Awards that reflect how long the person was disabled and how problems may have become a single phobia or disorder|
|Post-Traumatic Stress Disorder (PTSD)||(a) Severe cases of PTSD - £56,180 to|
|Permanent impacts of an acute form that disrupt every aspect of normal life in a profound way|
|Post-Traumatic Stress Disorder (PTSD)||(b) More Moderate to Severe Cases of PTSD - £21,730 to|
|A better prognosis with counselling helping significantly|
|Post-Traumatic Stress Disorder (PTSD)||(c) Moderate levels of PTSD - £7,680 to|
|Overall a good recovery with mild symptoms remaining|
|Post-Traumatic Stress Disorder (PTSD)||(d) Lesser Severity Levels of PTSD - up to £7,680||A full recovery within 2 years and only very minor persisting issues|
Depending on the severity of the medical test results data breach, you might experience:
- Panic attacks
- Post-traumatic stress disorder (PTSD)
Medical proof is essential to prove extreme reactions to the data breach. But with the two amounts combined, your ultimate compensation award could be much higher than previously thought.
You may be hesitant at the prospect of suing the NHS for a data breach? Or suing a private clinic for medical test results data breach. It is not something that you have to face alone. When you call our team on the number below, they could help assess your claim in minutes.
We could connect you with a member of our panel of data breach specialists. They offer No Win No Fee agreements as a way of funding their service. This means:
- You don’t need to pay an upfront fee
- Or pay anything while the case is ongoing
- There is also nothing to pay to your solicitors if the case does not succeed
Perhaps the most significant benefit of a No Win No Fee agreement is that a winning case only needs a maximum 25% percentage to be paid from your settlement to cover the success fee which is paid to the solicitor.
This legal limit ensures that the claimant always benefits the most from the compensation they receive. There is a 6-year time limit to starting a data breach claim that reduces to 1 year in cases against public bodies, so why not learn more about starting a claim for medical test results data breach today by:
- Calling our team on 0800 408 7825
- Or contact us for a callback
- Live support help is also available, at the bottom right
Health Information Data Protection Resources
Medical test results data breach claims are one area that we cover. In addition to this, below are further resources that may help:
- How to claim when prescribed the wrong medicine
- What to expect at a personal injury medical appointment to support my claim?
- Time limits for medical negligence claims are explained here
- Advice from the NHS regarding data breaches and medical matters
- Further reading on the action the ICO has taken
- Lastly, details about a data audit carried out by the ICO on an NHS healthcare provider
Article by EA