My Employer Shared My Medical Records Without Consent – Compensation Claims Guide
By Stephen Hudson. Last Updated 17th November 2023. If your employer shared your medical records without your consent, and this caused you harm, you may be wondering if you can claim. In this article, we will explain who can make a personal data breach claim and how data protection legislation works in the UK.
Under two pieces of legislation called the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (UK GDPR), any organisation that handles the personal data of UK residents must follow certain steps. These laws are enforced by the Information Commissioners Office (ICO), an independent data protection watchdog based in the UK.
Our advisors can tell you if you have a valid personal data breach claim when you get in touch today. They can also provide a free consultation of your claim. If our advisors can identify that you are eligible for compensation, they may put you in contact with one of our expert solicitors. To learn more, get in touch by:
Select A Section
- Can I Claim If My Employer Shared My Medical Records Without Consent?
- What Is Health And Medical Data Special Category Data?
- What Could I Claim If My Employer Shared My Medical Records Without Consent?
- Make A No Win No Fee Claim If Your Employer Shared Medical Records Without Consent
Under Article 4 of the UK GDPR, a data breach is defined as a breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data. This is any information that can identify you. We’ll discuss personal data further in the following section.
Data controllers and data processors are responsible for handling your personal data, and must do so in line with data protection law. A data controller decides how they want to use your data and why, whereas a processor follows the controller’s instructions in order to process it.
You might be wondering if you could make a claim for compensation after the disclosure of medical information without your consent in the UK. While you don’t always need to give consent in order for your personal data to be shared, you may be able to claim if you can prove that:
- A data breach occurred because a data controller or processor didn’t adhere to data protection law
- The data breach affected your personal data
- As a result, you experience financial and/or emotional losses
You can contact our advisors for free today to find out more about your eligibility to start a medical data breach claim.
The legislation above protects the personal data of UK residents. This means any information that could identify you, such as your name, your email address, or your phone number. However, this also extends to a type of personal data known as special category data.
Special category data needs extra protection because it is sensitive in nature. Some examples of special category data can include information that reveals anything about your:
- Sexuality or sex life
- Racial or ethnic origin
- Religious beliefs
- Political views
- Genetic data
- Biometric data
However, it is important to note that there are separate conditions that data controllers and processors must meet when processing special category data.
Get in touch with our team to help if your employer shared your medical records in some way without consent.
A personal data breach can cause significant damage to both your mental health and your financial wellbeing. For example, you may suffer from anxiety after a data breach. Or, you may suffer from depression after a breach. If a data security incident causes you suffer from psychological injuries or if it makes your existing mental health problems worse, you may be able to claim for non-material damage.
Because every personal data breach claim is unique, we cannot provide an average amount for personal data breach compensation. However, in terms of non-material damage, solicitors often use a document called the Judicial College Guidelines (JCG) to help them value compensation claims. This is because the JCG showcases guideline settlement amounts, some of which you can find in the table below.
|Type of Harm||Description||JC Guideline Award Amounts|
|General Psychiatric Harm||A very poor prognosis shows a negative impact in all areas of the individual's life.||(a) Severe - £54,830 to £115,730|
|General Psychiatric Harm||Still reflective of a long-standing disability but a better prognosis than the bracket above.||(b) Moderately Severe - £19,070 to £54,830|
|General Psychiatric Harm||An improvement is seen by the time that the case may need to be heard in court.||(c) Moderate - £5,860 to £19,070|
|General Psychiatric Harm||A consideration here is given to the length of time affected by symptoms and how the symptoms affect activities such as sleep.||(d) Less Severe - £1,540 to £5,860|
|Post-Traumatic Stress Disorder (PTSD)||An acute and profound impact on daily life, leaving no ability to function at the pre-trauma level.||(a) Severe - £59,860 to £100,670|
|PTSD||A better prognosis than above due to a chance of recovery with professional treatment.||(b) Moderately Severe - £23,150 to £59,860|
|PTSD||A large recovery though some non-disabling symptoms continue.||(c) Moderate - £8,180 to £23,150|
|PTSD||This award bracket is reflective of a full recovery within 1 - 2 years, with minor issues persisting beyond this point.||(d) Less Severe - £3,950 to £8,180|
You may also be eligible to claim for material damage. This head of compensation aims to recoup the financial losses you suffer as a result of the breach. For example, a breach of your credit card details could lead to identity theft and debt accrued in your name. Or, you may experience a loss of earnings as a result of taking time off work to recover from your psychological injuries.
To learn more about compensation in personal data breach claims, get in touch with our team of advisors today.
If your employer shared your medical records without consent, you might be interested in hiring legal representation to assist in your claim. Our No Win No Fee data breach solicitors could help you through a Conditional Fee Agreement (CFA).
Generally, a solicitor that you hire under a CFA won’t require any ongoing fees or upfront costs to start working on your claim. The only fee they will take comes if your claim is a success. This success fee is taken as a percentage of your compensation, though this percentage has a legal cap. But, if your claim does not succeed, you do not pay this fee.
My Employer Shared My Medical Records Without Consent – Learn More About Health Data In The Workplace
For more helpful guides:
- Medical Records Data Breach Compensation
- My Medical Records Have Been Stolen, Can I Claim?
- Medical Test Results Data Breach Claims
In addition to the articles above, you can read more below:
For more information on what to do if your employer shared your medical records without consent, contact our advisors today.
Written by Waters
Edited By Hampton