We've been featured in:

  • bbc logo
  • daily mail logo
  • itv logo
  • skynews logo

What Can I Do After A Medical Data Breach?

Across the NHS and the private sector, more and more vital functions are becoming digital. Medical records, prescriptions, and other documentation are stored digitally, and even appointments are held online or over the phone. Mostly, this information is handled correctly, but what happens when it isn’t, and you become eligible for medical data breach compensation?

We understand that having your health data breached could cause an array of mental distress. Knowing that those who have no authority to view such sensitive information now have access to some of the most personal aspects of your life. That is why we have created this guide; firstly, so you can actually see if your data has been breached, but also whether you can be compensated for the harm it caused.

We set out to explain if you are eligible to make a data breach claim, how your medical information can be breached, what you can be compensated for and finally, how to begin the process.

Contact Us

We are here to help. If you have any further questions about the data breach claims process or your eligibility, contact a member of our team today by:

A data breach solicitor stands in front of a blue background

Jump To A Section

  1. Can I Claim After My Medical Data Has Been Breached?
  2. Can I Claim Damages For Distress Caused By Incorrect Medical Records?
  3. Am I Able To Claim After My Medical Information Was Shared?
  4. What If My Medical Records Have Been Stolen?
  5. Claiming After My Medical Records Have Been Accessed Inappropriately
  6. How Much Medical Data Breach Compensation Could I Get?
  7. How Can I Make A Medical Data Breach Compensation Claim?
  8. What Can Legal Expert Help Me With?
  9. More Information

Can I Claim After My Medical Data Has Been Breached?

You may be wondering whether you can make a data breach claim if your medical information has been breached. A personal data breach occurs when the integrity, availability, or confidentiality of any of this data is affected by a security incident. 

However, not all personal data breaches will mean a compensation claim can be made. In order to make a successful medical data breach claim, you have to prove that the organisation responsible breached your data by failing to follow data protection law. For UK residents, your data is protected under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA).

You can claim for a medical data breach if you can prove that:

  • An organisation, such as a hospital or GP surgery, did not follow data protection law
  • This meant that your medical data was breached or compromised
  • This lead to you suffering mentally or financially 

There’s a subset of personal data called special category data, which is particularly relevant in medical data breach claims; this is because it covers information that needs extra protection, including information regarding your:

  • Race or ethnicity
  • Religious or philosophical beliefs
  • Sexual orientation or sex life
  • Health or medical conditions
  • Genetic or biometric data

So, if you’ve been harmed due to a personal data breach because someone failed to adhere to data protection law, then you may have an eligible claim.

Will I Be Able To Make A Medical Data Breach Claim Against The NHS?

Yes, you can make a medical data breach claim against the NHS as long as you meet the criteria outlined above. It doesn’t matter whether you were harmed by a breach caused by the NHS or a private healthcare provider: your right to make a data breach claim remains the same.

Our team of advisors are here to help. If you’d like to learn whether you could be eligible for compensation, speak to a member of our team today.

Paper medical records laying on a table after a human error data breach

Can I Claim Damages For Distress Caused By Incorrect Medical Records?

Yes, you can claim damages for distress caused by incorrect medical records. Organisations are expected to keep records accurate and up-to-date; In fact, accuracy is one of the core principles of data protection.

Some examples of how this kind of breach could occur include:

  • You make your GP surgery aware that you have moved to a new postal address, but they fail to update their records. This leads them to send a letter about your HIV status to your old house, allowing your parents to access it, resulting in severe emotional distress.
  • Despite making them aware of your new phone number, a gender identity clinic sends information regarding your hormone replacement therapy over text to your old number. This causes significant anxiety.

What To Do If Medical Records Are Incorrect

If your records are incorrect, then you have the right to have them amended. This is called your right to rectification. If you feel that your medical records or other records held by a clinic or other medical service provider aren’t correct, you can contact them and have them amended.

Keep reading to learn more about how failing to adhere to data protection law could lead to a medical data breach compensation claim. Or, if you’re ready to get started, contact our team of advisors today.

Am I Able To Claim After My Medical Information Was Shared?

Yes, you can claim if your medical information was shared without any legal basis. This means that you need to establish that they had no legal right to share your information. For example:

  • You have recently turned eighteen, and your parents no longer need to be notified of your medical information. However, your GP still informs your parents that you are pregnant, causing severe distress.
  • A sexual health clinic sends a group email out to all of their patients suffering from chlamydia. However, they fail to appropriately use the Blind Carbon Copy (BCC) feature, allowing all the other recipients to see your email address. This causes significant anxiety, and you need to travel further to go to a different clinic.

Remember, failing to adhere to data protection law alone isn’t enough to make a personal data breach claim; you also need to suffer emotional or financial harm. Contact our team today for more information on when you could claim medical data breach compensation, or keep reading for more examples of potential claims.

What If My Medical Records Have Been Stolen?

If your medical records have been stolen, you could potentially make a claim. Organisations that handle personal data are expected to have adequate protections, and this goes for physical data as well as digital data. For example, you could potentially make a compensation claim if:

  • Your GP surgery keeps paper files in an unlocked filing cabinet. A thief breaks in and steals the paperwork, and the lack of any physical security allows them to access files containing your personal data, including your address. This causes so much anxiety that you need to relocate. 
  • Your cosmetic surgeon keeps records of your procedures on their servers, but they do not have adequate firewalls or cybersecurity policies installed. This allows cybercriminals to hack into their servers and steal the information, which causes so much anxiety that you develop Post-Traumatic Stress Disorder (PTSD).

Our team of advisors are here to help. If you’d like to learn more about making a medical data breach claim for stolen records, contact us today.

Claiming After My Medical Records Have Been Accessed Inappropriately

Your medical records should only be accessed by those who are involved in your treatment or who otherwise have a lawful basis to do so. If your medical records are accessed inappropriately, this can cause significant emotional and financial distress. For example: 

  • If a receptionist were to leave a paper file containing your medical data open on a public-facing desk, this could allow anyone walking by to access it. 
  • A hospital worker who isn’t currently treating you is curious about your case, and accesses your information without having a legal basis to do so. This causes you significant embarrassment and distress.

These are only a few examples of how a data breach can occur in a medical setting. Keep reading to find out what a medical data breach compensation payout can look like, or contact our team today to get started.

How Much Medical Data Breach Compensation Could I Get?

So, how much medical data breach compensation could you get? This depends on a number of factors, including:

  • How severely you were emotionally harmed
  • The total amount of financial losses you suffered because of the breach
  • How much evidence you have 

You can claim compensation for the psychological injuries you suffer as a result of the breach. For example, this can include anxiety, depression, and PTSD. This is called non-material damage compensation.

Below, you can find a table containing entries from the Judicial College Guidelines (JCG). This is a document that professionals use to help them value claims by referencing guideline compensation brackets.

Please note that these are not guaranteed amounts, and that the first entry in this table is not from the JCG.

Psychological InjuryCompensation
Several instances of severe emotional harm combined with special damages, including lost earnings and the cost of counselling.Up to £250,000+
Severe Psychiatric Damage£66,920 to £141,240
Moderately Severe Psychiatric Damage£23,270 to £66,920
Moderate Psychiatric Damage£7,150 to £23,270
Less Severe Psychiatric Damage£1,880 to £7,150
Severe PTSD£73,050 to £122,850
Moderately Severe PTSD£28,250 to £73,050
Moderate PTSD£9,980 to £28,250
Less Severe PTSD£4,820 to £9,980

How Can Financial Losses Be Covered Under Data Breach Compensation?

You could also claim compensation for your material damage, which is financial losses caused by the breach. For example, this could include the cost of:

  • Counselling and therapy 
  • Travel to and from appointments
  • Lost earnings if you had to take time off work to recover
  • Private medical treatment
  • Relocation if you are no longer safe in your home

Our team can provide more in-depth information on claiming data breach compensation when you get in touch. Contact us today by following the details at the top of the page, or keep reading to learn more.

A compensation calculator used to find out how much compensation you could get from a successful data breach claim

How Can I Make A Medical Data Breach Compensation Claim?

To make a medical data breach compensation claim, there are a number of steps you can consider taking, including:

  • Seeking medical attention: If the breach affected your mental health, then seeking medical attention ensures that you get the help you need, but it can also help your claim by making a permanent record of the harm you suffered.
  • Assessing your financial losses: Keeping records of your financial losses can make it easier for your claim to be valued at a later date.
  • Gathering evidence: Your claim hinges on the amount of evidence that you have, so collecting evidence is crucial. This can include letters or emails with the organisation at fault, medical records showing your mental harm, and financial records that show your financial losses.
  • Seeking legal help: We always recommend seeking legal advice before starting the data breach claims process. Our solicitors have years of combined experience, and can use this experience to guide you through your claim.

If you’d like to learn more about how one of our expert data breach solicitors could help you, keep reading or contact one of our advisors today.

What Can Legal Expert Help Me With?

Legal Expert can help you with every step of your claim, from your free initial consultation all the way up to negotiating your settlement and arranging further help for your recovery. We work with a range of experts, including therapists and occupational specialists, who can help you focus on your recovery while we focus on your claim. 

At our core, we believe that legal help should be available to anyone, regardless of their financial status. To uphold this belief, all of our solicitors work on a No Win No Fee basis. This means that they offer their services through a Conditional Fee Agreement (CFA), which means you don’t pay:

  • Any fees for their work upfront
  • Any fees for their work as your claim continues
  • Any fees for their work at all if your claim fails 

If you make a successful medical data breach compensation claim, then your solicitor will take a success fee. This fee is taken straight from your compensation as a small percentage, which is capped by law. This legal cap helps to make sure that you keep the majority of what you receive. 

Our solicitors have decades of combined experience, and we’ve already recovered over £80 million worth of compensation for our clients. If you are ready to start, why not start with us?

Contact Our Data Breach Solicitors

Are you ready to get started on your claim? Do you want more information? Get in touch with our advisors today to start your totally free consultation today by:

Specialist data breach solicitors help a client claim for a data protection breach from behind a desk

More Information

For more information on how to make a data breach claim:

Or, for further resources:

Thank you for reading our guide on medical data breach compensation claims.

Meet The Team

  • Patrick Mallon legal expert author

    Patrick Mallon (BA, PgDl) is a Grade A personal injury solicitor and head of our EL/PL department, which handles accidents at work and public liability claims, such as slips, trips and falls. He qualified in 2005 and has over 20 years of experience. Patrick is an expert No Win No Fee lawyer and well-known for his successful case, Billie Mae Smith v McDonalds. You can learn all about Patrick, his qualifications and his experience as a solicitor here. Get in touch today for free to see how Patrick and the team can help you.

    View all posts Personal Injury Solicitor