Medical Test Results Data Breach Compensation Claims
By Lewis Cobain. Last Updated 26th July 2023. A medical test results data breach can cause enormous distress to the person it affects. Did the NHS or a private clinic fail to properly safeguard your medical personal data in a way that caused you emotional or financial harm? Perhaps the details of a recent medical test were sent to the wrong postal or email address? If the personal data breach happened because of a failure to adhere to data protection legislation you may be eligible to make a claim.
When you contact our team, they could connect you with a member of our data breach specialist solicitors to assess your claim. With this in mind, it’s easy to find out more and there’s no obligation to start a claim with us. Simply:
- Call our advisors on 0800 073 8804
- Request a callback and contact us online
- Access free legal advice through our ‘live support’ option
- Read on the sections below and access more from the highlighted links
Select A Section
- What Is A Medical Test Results Data Breach?
- Covered By The UK GDPR?
- Causes Of A Medical Test Results Data Breach
- What Material Or Non-Material Damages Could You Claim For?
- Medical Test Results Data Breach Calculator
- No Win No Fee Claims For A Medical Test Result Data Breach
The Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (UK GDPR) are UK laws that require all agencies, organisations, and businesses that handle your personal data to do so in the scope of the law. These legal obligations are enforced by an independent agency called the Information Commissioner’s Office (ICO) which has the authority to investigate and issue penalties to anyone who fails to adhere to these laws.
It’s important to note that all staff in medical facilities are bound by UK GDPR. So it is vital that employers train staff on how to prevent a data breach that could cause harm to a data subject. In fact, medical personal data is considered special category data and it is expected that the handling of this data should be even more careful. Personal data breaches are a security incident that means your personal and sensitive information could be:
- Shared or accessed without authorisation
- Destruction or duplication
- Disclosure of personal data
In addition to this, data controllers and processors, those who handle personal data, must abide by the ‘7 Core Principles’.
A medical test results data breach can be the result of human error. Such as results being posted to the wrong recipient. Test results could be leaked because of a stolen computer. It may also occur due to an external cyber-attack caused by weak IT defences in the clinic. In some cases, it can be a deliberate and malicious act.
Data protection laws classify data concerning health to be any information that relates to the past, present or future physical and mental health of a person. So this can be can include:
- Details of illnesses or medical procedures
- Planned courses of treatment
- Past or planned surgeries
- Blood test results
- Pregnancy and child-related data
- Hereditary conditions
- Emotional and psychiatric evaluations
- Sexually transmitted disease information
- Any acquired or congenital medical conditions that could identify that person
Health data is a special category as it is information that has the potential to cause significant harm to the data subject if breached. The stress and anxiety in the aftermath of health details being leaked can create issues as serious as post-traumatic stress disorder.
Below we look at some possible medical test results data breach scenarios:
- A member of staff in the clinic posted your results to the wrong address
- The NHS Trust failed to update your details and contacted the wrong person with your results
- Data shared without a lawful basis
- A verbal disclosure between clinical staff on a patient’s test results over heard by other patients.
- An internet post contained unredacted patient personal details
- Staff left an indiscrete answerphone message
Medical test results data breach claims will hinge on your ability to show that the parties who possessed your personal data failed to meet UK GDPR expectations and this led to personal information breaches. Proving this can be complex so please get in touch for help.
A medical facility or NHS Trust has a duty to inform patients of a data breach that affects their rights and freedoms as soon as possible. They must inform the ICO within 72 hours of discovery. As an impacted individual, you can start to assemble a case if you feel that you have a valid claim in the following ways:
- Raise a complaint with the NHS or private clinic
- Access your medical records
- Obtain proof of test results error in handling
- Start to retain the proof of how the data breach has impacted you emotionally or financially
- Consider legal representation
- There is a time limit on data breach claims – you have 6 years or one when claiming against a public body.
There are two types of damages that may be applicable in your claim. These are called non-material and material damages. Non-material damages are the amounts that can be attributed to emotional or psychiatric suffering. Material damage relates to money lost or stolen as a result of the breached data.
A court case called Vidal-Hall v Google set a precedent whereby it was upheld that non-material damages could be awarded for emotional suffering in data breach cases quite separately from any financial impacts. Therefore, using the Judicial College Guidelines, which are used in personal injury claims, can now also be used in data breach cases to help work out the value of your mental suffering.
|Psychiatric Type of Harm||JC Award Bracket Given and Severity||Additional Notes|
|Psychiatric and Psychological Damage||£54,830 to £115,730 - (a) Severe||Sufferers in this bracket will experience severe and significant difficulties with work and personal relationships|
|Psychiatric and Psychological Damage||£19,070 to £54,830 - (b) More Moderately Severe||A better prognosis than above but still with significant mental health challenges preventing normal life|
|Psychiatric and Psychological Damage||£5,860 to £19,070 - (c) Moderate in Type||Includes claimants for whom the symptoms have improved by the time of trial|
|Psychiatric and Psychological Damage||£1,540 to £5,860 - (d) Less Severe in Nature||Reflects duration of disability and impact on sleep, or a specific phobia problem|
|Anxiety Disorder||£59,860 to £100,670 - (a) Severe in Nature||Severe and profound trauma that effects every aspect of the sufferer's life|
|Anxiety Disorder||£23,150 to £59,860 - (b) Moderately Severe in Nature||Permanent impacts on the person's ability to work or function fully|
|Anxiety Disorder||£8,180 to £23,150 - (c) Moderate in Type||A more positive prognosis after professional help but significant disability still a feature|
|Anxiety Disorder||£3,950 to £8,180 - (d) Lesser Severities||On the whole a complete recovery within a one to two year period, leaving minor issues only|
In a similar fashion, material damages look at how the data breach affected you financially. This part can be split into two areas. Firstly we look at how mental suffering can lead to financial losses. Then we examine how the data breach may have a financial impact on you;
- You were unable to work and suffered a loss of earnings
- Had to pay expensive therapist or counselling bills
- Paid for medication
- Suffered damage to your business reputation and could show how the leaked information had negatively impacted you
- Due to financial information being leaked your bank accounts were targeted and you had money stolen
- Credit cards were used by fraudsters
- Needed to leave your job or even move home from unwanted and negative attention. This could apply if a pregnancy or HIV test result became public knowledge.
Our team can help explain what other costs may be eligible. Alternatively, you can use the compensation calculator to assess damages yourself.
When claiming for a medical data breach in the UK, our expert solicitors could assist you during the process. Using their years of experience, they’ll be able to collect evidence on your behalf and make the process for claiming a medical data breach compensation amount as smooth and as stress-free as possible.
Furthermore, our solicitors could offer you a Conditional Fee Agreement, which is a type of No Win No Fee contract. Under this arrangement, you usually won’t have to pay an upfront service fee to your solicitor. Additionally, you typically won’t be charged any service fees whilst the claims process is underway.
If your claim for a data protection breach of your medical information is unsuccessful, you will not be required to pay your solicitor for their work. However, should your claim succeed, you’ll pay a legally capped success fee to your solicitor. The success fee is automatically deducted from your compensation award, and there is a legal cap in place for the percentage that this fee can be.
To find out if you could be eligible to work with one of our No Win No Fee solicitors, you can get in contact with our advisory team. To get in touch with us, you can:
Health Data Breach Claim Resources
So in conclusion, at Legal Expert, as well as medical test results data breach explanations, we offer further reading on related topics such as:
- Dentist data breach compensation claims
- Data faxed to the incorrect recipient
- Reading on how to claim for negligence in a private hospital
- Advice about a new Government initiative to improve patient data security
- Lastly, guidance on test results from the NHS
Guide By Waters
Edited By Melissa.