NHS Breach Of Information – Data Protection Claims Guide
What could you do if the NHS breached your information in a data protection incident? Medical records will be filled with lots of personal data relating to your health. Under data protection legislation, personal data is protected. This means that those who handle your data should ensure that they comply with applicable laws in order to keep it secure, available and confidential.
The Data Protection Act 2018 and UK General Data Protection Regulation (UK GDPR) run alongside each governing how organisations process a data subject’s personal data. These laws outline data responsibilities to all organisations, whether private or public, large or small.
An independent body called the Information Commissioners Office (ICO) can investigate and fine any organisation that fails to properly apply the UK GDPR. But whilst the ICO cannot compensate you after a data breach, a solicitor could help you with your own claim. With this in mind, perhaps you would prefer to speak to our team now? If so, you can:
- Call us on 0800 073 8804
- Claim online
- Or discuss your claim with an advisor below.
Select A Section
- Can I Claim For An NHS Breach Of Information?
- How Could Information Data Breaches Happen?
- Who Do I Report A Data Breach To?
- What Could You Claim If The NHS Breach Your Information?
- How To Get Help If The NHS Breach Your Information
Can I Claim For An NHS Breach Of Information?
A personal data breach can result from accidental or deliberate acts that compromise the integrity, confidentiality or availability of personal data. This can be innocent human error or a malicious action such as an outside cyber-attack. A personal data breach can typically be any loss, unlawful use, alteration, destruction and unauthorised sharing of personal data.
Personal data is any piece of information that can be used independently or alongside other details to positively identify you. Therefore, this can include:
- Your name and address
- Date of birth
- Email address
- Debit and credit card details
- Passwords or security answers
- NHS number
- National Insurance number
Data controllers and processors are the two main entities that will have responsibility for your data when they process it. A data controller is usually an organisation like the NHS that will have control of the means for processing your personal data. Controllers may choose to outsource data processing to a third party.
In addition to the normal protection of personal data, an enhanced duty applies to certain types of personal data known as ‘special category’ data of which medical information is part.
Organisations must fulfil at least one of six lawful bases to request and process personal data. Furthermore, they must comply with the 7 Core Principles of the UK GDPR.
Failure To Comply With UK GDPR and DPA
Central to a personal data breach claim is showing how the data controller or processor failed to appropriately apply data protection laws. This can be any action (or inaction) on the part of controllers and processors. You will need also to show how this led to a personal data breach that caused you harm.
Healthcare Sector Data Breach Statistics
The organisations that suffer data breaches that infringe on your rights must be reported to the ICO. The ICO then use these reportable data breaches and compile statistics. Below we have used these data security incidents to provide statistics reported by the health sector: from 2019 to fiscal quarter 2 of 2022 there were a total of;
- 6,035 data security incidents reported to the ICO
- 5,577 were non-cyber related, while
- 458 were caused by cyber means
How Could Information Data Breaches Happen?
Data breaches can be accidental, i.e. through human error. This may happen because of a lack of staff training in data awareness or a failure of organisations to correctly implement policies that incorporate the UK GDPR and DPA. Data breaches can also happen through deliberate attacks such as cyber-attacks. If organisations do not have the correct cyber security defences, this can make them vulnerable to online data breaches. Here we look at examples of how data breaches could occur;
- When patient notes are shared with an unauthorised person, such as a fax sent to the wrong person or a letter posted to the wrong address
- Failure to use unredacted emails or blind copy carbon (Bcc) options
- After a member of staff alters or destroys data in an unauthorised way
- The loss or theft of devices containing data
- Unauthorised verbal disclosures
Speak to our advisors for help and advice if the NHS breach your information.
Who Do I Report A Data Breach To?
If you suspect that your personal information has been breached, you can contact the organisation and ask for information on whether your data has been breached and what information this included. However, if you receive a data breach notification from an organisation, you can;
- Firstly, you can complain directly to the data controller and ask what data has been breached and what they are doing to rectify the situation.
- Secondly, if you are not happy with the response, you can escalate this internally to a more senior department.
- You can also complain to the ICO. The ICO may agree to investigate your complaint, but they could refuse if you leave it longer than 3 months after your last correspondents with the data controller.
- We strongly advise seeking legal advice from a data breach solicitor. Here at Legal Expert, we can provide free legal advice on your options. Also, our claims team can assess your case in a free no-obligation consultation.
What Could You Claim If The NHS Breach Your Information
If you make a successful personal data breach claim, you could be compensated in two ways. Firstly you could be compensated for the material damage you suffer as a consequence of the personal data breach. This could include:
- Stolen money from your bank account or credit card
- The costs of getting counselling to deal with the stress
- Damage to your credit score
- Evidence of fraud carried out in your name
In addition, you could be compensated for non-material damage, the psychological harm caused by the breach. The Judicial College Guidelines is very often used by solicitors and lawyers when valuing injuries and illnesses. We have taken compensation brackets from the JCG for the table below.
| Manner of Psychological/Psychiatric Harm | Definition | JC Guideline Award Bracket |
|---|---|---|
| General Types of Psychiatric Damage | Impacted person will notice detrimental and serious impact in all areas of life | (a) Severe Cases – £54,830 to £115,730 |
| General Types of Psychiatric Damage | Similar levels of harm in the same area as above but a better prognosis | (b) Moderately Severe Cases – £19,070 to £54,830 |
| General Types of Psychiatric Damage | Improvements seen by the time the case may be needed to go to trial | (c) Moderate Cases – £5,860 to £19,070 |
| General Types of Psychiatric Damage | This bracket looks at the length of injury. | (d) Less Severe Cases – £1,540 to £5,860 |
| Post-Traumatic Stress Disorder (PTSD) | An acute and profound trauma response that is permanent. | (a) Severe Levels – £59,860 to £100,670 |
| Post-Traumatic Stress Disorder (PTSD) | A more favourable outcome after professional intervention has taken place. | (b) Moderately Severe Levels – £23,150 to £59,860 |
| Post-Traumatic Stress Disorder (PTSD) | A good level of recovery with only potentially manageable issues persisting | (c) Moderate Levels – £8,180 to £23,150 |
| Post-Traumatic Stress Disorder (PTSD) | A near complete recovery within a 12 – 24 month period and only minor symptoms beyond this point. | (d) Less Severe Levels – £3,950 to £8,180 |
These are only guideline amounts, not guarantees but speak to our team to have an estimate made tailored to the aspects of your case.
How To Get Help If The NHS Breach Your Information
If an organisation has done all it can to adhere to data protection legislation and suffers a breach, it is unlikely that you will be able to claim if you are affected. So to find out if you have a valid personal data breach claim, why not call our advisors today to have your case assessed for free? Should you have a solid case for a personal data breach claim, one of our No Win No Fee solicitors could offer to take on your case under a Conditional Fee Agreement.
The benefits of working with a solicitor under a CFA generally are;
- No fee upfront is needed to pay the solicitor,
- No fees while the case moves forward,
- If the claim fails, no fees are needed to pay the solicitor
However, if your personal data breach claim is successful, the solicitor will take a percentage that is legally capped from the compensation as their success fee.
- Call us on 0800 073 8804
- Claim online
- Or discuss your claim with an advisor below
Personal Data Breach Claim Resources
Below are some more of our data breach claim guides;
- Learn more about how a private healthcare facility could breach your data.
- More details on what to do if your mental health information was breached
In addition to this, the links below offer further general reading:
