Medical Information Was Shared Data Breach – Compensation Claims Experts

100% No Win, No Fee Claims
Nothing to pay if you lose.

  • Free legal advice from a friendly solicitor.
  • Specialist solicitors with up to 30 years experience
  • Find out if you can claim compensation Call 0800 073 8804

Start My Claim Online

My Medical Information Was Shared – Can I Claim Compensation?

If your medical information was shared unlawfully or accidentally, the organisation that shared it might have breached data protection. Medical institutions should protect health data under the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (UK GDPR). In this guide, we investigate how medical data breaches could occur.

Medical information was shared data breach

Medical information was shared data breach

If a medical organisation breached your data and the breach harmed you, you might qualify to make a data breach compensation claim. Please call Legal Expert today. An advisor can assess your case, and if we see that you might be owed compensation, Legal Expert can appoint a data breach solicitor to manage your compensation claim.

To enquire about claiming compensation for a health and social care data breach, please get in touch with us today:

  • Call 0800 073 8804 to speak to a claims advisor
  • Use our Web Chat service to ask us a question
  • Or fill out the form to see if you can begin your claim online

Select A Section

What Is A Medical Information Data Breach?

Personal data breaches are security incidents which can lead to the integrity, availability and confidentiality of your personal data being compromised. Indeed, data breaches can be data loss or data theft incidents. Or an incident where an organisation wrongfully discloses or shares personal data. Moreover, a data breach can happen if the organisation alters or destroys data accidentally or unlawfully.

Data breaches can breach your data protection rights. Under the UK General Data Protection Regulation (UK GDPR), organisations must protect the personal data they process. Therefore, medical institutions such as hospitals and GP surgeries may opt to:

  • Firstly, have strong internal administrative processes to avoid data breaches.
  • Secondly, medical institutions should train their staff to handle patient data securely.
  • Moreover, the institution could have security measures in place to prevent unlawful
    medical information sharing.
  • Additionally, an organisation should have adequate systems in place to prevent a cyber-security incident, such as hacking.

Organisations that are responsible for a data subject’s personal data have an obligation to ensure they take the correct steps in protecting this information. Failing to adhere to data protection laws can open up channels for data breaches to occur.

If a medical organisation misuses your medical records, you might have experienced stress due to a data breach or psychological injuries. So please contact Legal Expert; an advisor can help determine if you are eligible for compensation if your medical information was shared without a lawful basis.

When Can Medical Information Be Shared?

Medical information could be shared to provide treatment to patients, such as sharing between a GP and a consultant. In order for medical records concerning personal health data to be shared, there will need to be a lawful basis for doing this. Altogether there are 6 lawful bases, and one of them is consent. Each lawful basis is as important as the other; not one outranks another.

There are six lawful bases for processing personal data, and these include:

  • Consent
  • Contract
  • Legal Obligation
  • Legitimate interests
  • Public task, and
  •  Vital interest.

Additionally, data protection legislation protects personal data and a category of personal data that is known as ‘special category’ due to its sensitive nature. Health data is categorised as sensitive and requires even added protection when it is being processed.

Free legal advice is available from our data breach team if your medical information was shared without a lawful basis.

Types Of Error Which Could Leak Your Medical Information.

Very often, human error is the cause of medical information being shared in a data breach. Here are some examples of the causes of a data breach:

  • Hackers could target a clinic to gain illegal access to the clinic’s database due to lax cyber-security measures.
  • A hospital worker could disclose health data without a lawful basis.
  • A nursing home fails to redact information that identifies a patient from published marketing materials.
  • Misdelivery of data incidents happen. For example, a hospital department could send medical test results to the wrong home or wrong email address.
  • Documents containing patient personal information are lost or stolen.
  • A healthcare organisation sends out a mass email. However, the organisation could fail to use the BCC field. Therefore the email addresses are shared amongst the mailing list. The blind carbon copy (BCC) field conceals email addresses from others on the mailing list.

Our data breach claims team can advise you on what steps you could take if you learn your medical information was shared accidentally or unlawfully.

Examples Of Healthcare Data Breaches

During the last three financial years, 5,632 healthcare sector data security incidents were reported to the Information Commissioner’s Office (ICO).

Wrightington, Wigan and Leigh NHS Foundation Trust were investigated by the ICO in 2019 after discovering that staff accessed patient data without a lawful basis to do so.

Another incident occurred when the 56 Dean Street clinic, which specialises in sexual health, failed to use the BCC when they sent out a mass email. Consequently, the clinic shared nearly 800 email addresses of those that had attended HIV clinics. The ICO fined the clinic £180,000.

Source URLs:

My Medical Information Was Shared; What Could I Claim?

If your personal data breach claim for medical information being shared is successful, you could be eligible for two types of damage.

The data breach compensation payment can include up to two heads of claim. These are the following:

  • Material damage: This is compensation for the financial losses the data breach caused.
  • Non-material damage is compensation for the emotional distress or mental health injuries caused by the data breach.

You can use our compensation calculator to determine how much non-material damage compensation you could potentially be awarded. Or you can use our table below, which is based on 16th edition guidelines from the Judicial College. However, your compensation payment may differ if you make a successful claim.

Harm Suffered Notes On This Injury Potential Damages
Severe Psychiatric Damage (A) Psychiatric damage causing problems across all parts of people’s lives. This may be in work, in education or in relationships. £54,830 to £115,730
Moderately Severe Psychiatric Damage (B) Whilst injured in a similar way to more severe psychiatric damage, there is a better and more optimistic prognosis. £19,070 to £54,830
Moderate Psychiatric Damage (C) This person may still have faced problems across multiple areas of their life. This will have improved. £5,860 to £19,070
Less Severe Psychiatric Damage (D) The psychiatric injury could have impacted sleep patterns and daily activities. £1,540 to £5,860
Severe PTSD (A) The PTSD could lead to permanent impact on the person and prevent them from living in the way they did prior to trauma. £59,860 to £100,670
Moderately Severe PTSD (B) There is greater scope for the person to make a degree of recovery if they get professional help. £23,150 to £59,860
Moderate PTSD (C) Most of the recovery will already have happened. £8,180 to £23,150
Less Severe PTSD (D) A close to complete recovery will take place £3,950 to £8,180

Please contact Legal Expert today; an advisor can estimate the value of your claim.

Can I Claim If My Medical Information Was Shared?

Having your medical information shared does not mean a data breach has occurred. You may be eligible for compensation if you meet the following criteria.

  • Firstly, an organisation breached data protection laws,
  • Secondly, this led to your personal data being breached, and
  • Thirdly, the data breach caused you emotional distress or psychological injuries. On the other hand, you may have lost money or assets.

Opting to work with a No Win No Fee solicitor, you will pay a success fee if the claim is won. Moreover, you will pay your success fee from the data breach compensation payment at a capped rate. If your claim does not succeed, you will not have to pay a success fee.

Please get in contact with us today to see if you are eligible to make a data breach claim if your medical information was shared without a lawful basis. If your claim seems eligible, we could forward you to our solicitors.

  • Call 0800 073 8804 to consult an advisor
  • Please type a question for us into our Live Support online widget
  • Or request a call back about your claim online

Medical Information Data Breach Claims

We hope the guide has been helpful. Here are some other medical data breach guides you may find informative.

Thank you for reading our guide on what to do if your medical data is shared unlawfully.

    Contact Us

    Fill in your details below for a free callback

    Meet The Team

    • Patrick Mallon

      Patrick is a Grade A solicitor having qualified in 2005. He's an an expert in accident at work and public liability claims and is currently our head of the EL/PL department. Get in touch today for free to see how we can help you.

      View all posts