St George’s Healthcare NHS Trust Data Breach Compensation Claims Guide – How Much Compensation Can I Claim? – Amounts For St. George’s Healthcare NHS Trust Data Breach
What Is A St George’s Healthcare NHS Trust Data Breach And Do I Have A Claim?
The rules around personal data have changed a lot over recent years. Since the launch of the General Data Protection Regulation (GDPR), which came into British law with the enactment of The Data Protection Act 2018, organisations such as the NHS have had to ensure data is processed and stored confidentially and securely. In this guide, we’re going to look at when a St George’s Healthcare NHS Trust data breach might mean you’re entitled to seek compensation.
The GDPR gives you a lot more control over who can collect data from you, how it’s processed, who it can be shared with and how long it can be retained. While most organisations have put procedures and systems in place to meet their legal duties under the GDPR, mistakes can happen which lead to your data being exposed. Therefore, we’ll look at what harm can result from an NHS data breach and how much compensation might be paid if you’re entitled to make a claim.
Legal Expert has a team of advisors ready to help you if you decide to begin a claim. They provide a no-obligation assessment of your claim and provide completely free advice regarding your legal options. If there is a reasonable chance your claim could be successful, they’ll refer you to one of our specialist No Win No Fee solicitors.
If you’d like to discuss making a claim today, please call us on 0800 073 8804. Should you want more details about claiming against St George’s Healthcare NHS Trust, please continue reading.
Select A Section
- A Guide To St George’s Healthcare NHS Trust Data Breach Claims
- What Is A St George’s Healthcare NHS Trust Data Protection Breach?
- The GDPR And The Protection Of Hospital Data
- What Constitutes A Breach Of The GDPR Or Data Protection Law?
- Examples Of ICO Fines Against St George’s Healthcare NHS Trust
- Do You Have To Complain To The Information Commissioner’s Office (ICO) Before Making A Claim?
- How Could You Be Compensated For A Hospital’s Data Breach?
- Estimating What Your Data Breach Claim Could Be Worth
- No Win No Fee St George’s Healthcare NHS Trust Data Breach Claims
- Finding A Solicitor Conducting Claims For Data Breaches
- Contact A Solicitor About A Breach Of Your Medical Data
- Extra Medical And Data Breach Claim Resources
A Guide To St George’s Healthcare NHS Trust Data Breach Claims
You might not realise it, but you’re probably involved in GDPR interactions on a daily basis when you visit a website, and an annoying pop-up box appears asking for permission to use your information. In most cases, we simply click on the agree button and move on. But do we ever realise that we could be letting the website use our personal information?
In NHS scenarios, you’ll probably encounter data protection questions when you make an appointment, visit a hospital or sign to agree to surgery. Usually, the forms or questionnaires hospitals use will contain a section where they ask you to tick boxes to choose who the hospital can share your data with. Once your choices have been processed, the hospital must only use your data in ways that you’ve agreed to.
As we go through this guide, we’ll explain when you could be entitled to make a St George’s Healthcare NHS Trust data breach claim. We’ll also explain how breaches could happen and the process you could follow to make a claim for any harm caused. If you want to claim, there is a 6-year time limit to do so but this reduces to 1-year if your claim is based on a breach of your human rights.
To allow your solicitor as much time as possible to gather evidence to back up your allegations, we advise you to begin your claim as soon as you can. By doing so, you’ll probably find it easier to recall details than you would 6-years down the road.
What Is A St George’s Healthcare NHS Trust Data Protection Breach?
Article 4 of the GDPR defines a personal data breach as a security breach which allows the unlawful or accidental loss, destructions, alteration, unauthorised disclosure, or access to stored or transmitted personal data.
The lapse of security leading to a data breach could be deliberate or accidental and might include physical documentation containing personal information or data that has been stored electronically. While a data breach might cause no harm at all, it could result in sensitive information being obtained by inappropriate parties and could cause the victim to suffer stress, anxiety or financial losses.
As well as digital data breaches, mistakes made with printed documentation might be the cause of data breaches. For instance, documentation may need to be shredded securely rather than being thrown in a skip to prevent sensitive data being exposed.
If you are considering making a St George’s Healthcare NHS Trust data breach claim, why not ask our team for advice? They’ll assess your case for free and explain whether you could receive compensation or not.
The GDPR And The Protection Of Hospital Data
To help identify who is responsible for data ownership, storage and processing, the GDPR lists some different roles, including:
- The Data Controller. This is the organisation who defines why your personal data needs to be processed and how the processing should be carried out.
- A Data Processor. An organisation or individual who’s employed by the data controller to conduct data processing.
- A Data Subject. In this scenario, the data subject is a patient of the NHS i.e. the person whose data is being processed.
In accordance with the rules of the GDPR, data processing should be completed based on the following principles:
- There needs to be a legitimate reason behind why data processing is needed, and the data subject should be aware of it.
- Processing needs to be fair, lawful and transparent to the data subject.
- Only the minimum amount of data should be processed.
- Data should only be kept for as long as was agreed at the time it was processed.
- Data processing needs to be confidential and secure i.e. personal data may need to be encrypted.
- Personal data is required to be kept up to date.
The person responsible for the data—the data controller—needs to be able to show compliance with these principles.
When an organisation doesn’t stick to the GDPR rules, and a data breach occurs, you might be entitled to claim compensation for any harm caused. If you’d like Legal Expert to review whether your claim could lead to a compensation settlement, please get in touch today.
What Constitutes A Breach Of The GDPR Or Data Protection Law?
The amount of personal information held by the NHS is vast and includes the likes of your name, date of birth, address, email address and telephone number. On its own, this information could cause problems if it got into the wrong hands and those problems could be made worse if sensitive medical information was leaked as well.
To show that data breaches don’t just involve hackers breaking into computer systems, we’ve provided a list of scenarios which could result in a data breach below:
- If documentation containing personal information is lost or disposed of incorrectly.
- Where a member of staff reads a patient’s medical records without good reason.
- If a member of staff leaves their computer unlocked meaning an unauthorised person can read personal information.
- When emails containing identifiable information are sent to the wrong patient.
- If your data is contained in a batch which is shared with another organisation who you haven’t permitted to see your information.
- When a computer virus, malware or ransomware infection occurs.
There are many ways in which a data breach might be discovered including:
- An internal audit.
- A member of the public reports finding information.
- If a patient becomes aware of their personal details being used in identity theft.
- When a patient is approached by another who says they’ve received information about them.
When a hospital becomes aware of a data breach, they have an obligation to let the victim and the Information Commissioner’s Office (ICO) know what happened and which information was accessed. If you’ve found out that your personal data has been leaked and would like Legal Expert to start a claim for you, please call a member of our team today.
Examples Of ICO Fines Against St. George’s Healthcare NHS Trust
We’re now going to review a real-life example of a St George’s Healthcare NHS Trust data breach which led to a £60,000 fine from the ICO. It happened because personal information about a patient was sent to an address that they had moved out of nearly 5-years ago.
As we discussed earlier, any personal information that’s held by the NHS needs to be kept updated in line with the GDPR rules. In this case, the patient had informed staff about their new address prior to a medical exam. The ICO investigation also found that the correct address had been correctly updated in another NHS system.
The ICO fined the Trust because staff had failed to use the address which the patient had supplied and also failed to check the address which they had on file matched the other IT system. Furthermore, although there was an onscreen prompt to check personal details when interacting with a patient, the Trust was aware that this could be bypassed but didn’t act to rectify the problem.
In total, 2 letters were sent containing personal medical information to the wrong address after the patient had tried to update their records.
Do You Have To Complain To The Information Commissioner’s Office (ICO) Before Making A Claim?
So, as we’ve already explained, the ICO are able to investigate potential data breaches but how do you lodge a complaint with them? Well, if you decide you want to complain, you should follow the NHS’s procedures first. That means writing to the department you wish to complain about and telling them what you would like to know.
When you receive a formal response, you will be told of how to escalate your complaint if you don’t agree with the NHS’s findings. This could go on for two or three steps but once you’ve exhausted all possible complaint routes within the NHS, you could ask the ICO to step in.
Their website suggests that you should get in touch around 3-months after your last meaningful contact with the organisation you’re complaining about. Be warned, though, if you leave it too late, the ICO may refuse to investigate your complaint.
If you are looking for compensation for harm caused by the data breach it’s important to note that, while the investigation can provide useful information, the ICO can’t issue compensation. The only way you could receive compensation is if you make a data breach claim against the NHS.
Our advice is to ask one of our solicitors to approach the NHS on your behalf to ask for compensation. In cases where the NHS admit liability, it is possible for your solicitor to negotiate a compensation settlement without an ICO investigation. If the NHS are unwilling to settle, then you may be advised by the solicitor to start interacting with the ICO so that they can investigate whether a data breach occurred.
How Could You Be Compensated For A Hospital’s Data Breach?
Now it’s time to consider what you could be compensated for, how much compensation might be awarded and if it’s possible to claim on a No Win No Fee basis.
The two main elements of a data breach claim are:
- Material damages – used to compensate you for monetary losses you’ve incurred
- Non-material damages – used to cover the psychological injuries caused by the data breach.
We’d really like to list everything you could claim for in this guide but, in our experience, every claim is unique. Therefore, the impact of your case needs to be assessed properly by your solicitor before they can tell you what they’d include in your claim.
For instance, when looking at financial losses, your solicitor will review any money you’ve lost already, but they would look at any future losses as well. For example, if your data was used by a cybercriminal to apply for loans or mortgages, there may be a long-term effect on your credit file.
Also, when considering any psychological harm caused, your solicitor would need to consider how your ability to cope with life (including work, education and managing relationships) has been affected by anxiety, depression or Post-Traumatic Stress Disorder (PTSD).
Taking all of the different aspects into account is important because you need to claim for everything at the same time. That’s because it’s not possible to request more compensation after you’ve settled, even if you realise that you’ve forgotten to include something in the original claim.
Why not let one of our advisors review your claim for you? If they believe your claim is viable, they could refer you to one of our specialist solicitors who will review your case and try to make sure you receive a fair compensation settlement for the harm you’ve suffered.
Estimating What Your Data Breach Claim Could Be Worth
In some compensation claims, you cannot be compensated for psychiatric damage if you’ve not suffered financial losses. However, that is now possible for data breach claims following the ruling of the Court of Appeal in the case Vidal-Hall and others v Google Inc . The ruling also stated that any compensation awarded for non-material damage should be the same as in personal injury claims.
Therefore, the following table shows some potential compensation figures for injuries that could be caused by data breaches. The amounts listed come from a document used by solicitors, insurers and courts to help decide compensation awards called the Judicial College Guidelines.
|Type of Claim||Severity||Compensation Bracket||Further Details|
|General Psychiatric Damage||Severe||£51,460 to £108,620||This compensation bracket covers cases where the victim will have serious problems with work, life, education and handling relationships. The prognosis will be very poor and there is a chance the victim will be vulnerable in the future.|
|General Psychiatric Damage||Moderately Severe||£17,900 to £51,460||The victim will suffer from similar issues to those listed in the category above. However, the medical prognosis will be more optimistic.|
|Post-Traumatic Stress Disorder (PTSD)||Severe||£56,180 to £94,470||Symptoms including flashbacks, nightmares, hyper arousal or suicidal ideation will be permanent in this category and all aspects of their life will suffer. Work won't be possible and the victim won't function anywhere near the same level as they did prior to the trauma.|
|Post-Traumatic Stress Disorder (PTSD)||Moderately Severe||£21,730 to £56,180||The victim will suffer with similar symptoms to above and will be significantly disabled by the PTSD. However, the prognosis will be better and symptoms could improve with professional help.|
|Post-Traumatic Stress Disorder (PTSD)||Less Severe||Up to £7,680||The victim's symptoms will have been all but resolved in around a year or two. Any longer-term symptoms will be minor.|
When you make a claim, it’s important that the extent of your suffering can be proven as that’s what compensation amounts are based on. Therefore, while processing your claim, your solicitor will book you in for a local medical assessment.
During your appointment, a medical specialist will ask several questions to help determine the impact caused by the data breach. They’ll also review your medical records if they’re relevant to the case. Then a report will be compiled with all of the specialist’s findings and sent to your solicitor.
No Win No Fee St George’s Healthcare NHS Trust Data Breach Claims
We know that anybody considering a claim is worried that getting crucial access to justice might cost them a lot of money. In some cases, that worry can put them off starting a claim. To reduce your worry, and also your financial risk, our team of solicitors will conduct your case on a No Win No Fee basis if it’s accepted.
Before the claim starts, a solicitor will review it to make sure there’s a reasonable chance of winning it. Once both parties are happy to continue, the solicitor will prepare a Conditional Fee Agreement (CFA).
The CFA will state clearly that:
- You won’t be charged anything upfront.
- There won’t be any solicitor’s fees or hidden charges throughout the case.
- You won’t be liable for your solicitor’s fees if the case is lost.
To cover the solicitors time and costs, a success fee will be charged when a case is won. The success fee is a small percentage of your compensation which is capped by law. So that you know how much you’ll pay from the start of your claim, the success fee percentage will be listed in the CFA.
Finding A Solicitor Conducting Claims For Data Breaches
So, if you’re going to make a claim, how do you choose which solicitor to use? Many claimants decide by asking a friend for a recommendation, while others simply pick one by reading online reviews. In some cases, claimants simply pick the solicitor who is based nearest to them.
Each of those methods might result in you finding the right solicitor to take on your claim, but they could take time. Why not save yourself a lot of time and call Legal Expert instead. Our team of solicitors has decades of claims experience and are happy to discuss how we could help before you agree to continue. Why not check out some of our glowing reviews by clicking here?
Contact A Solicitor About A Breach Of Your Medical Data
To contact Legal Expert today, you can:
- Call our claims line on 0800 073 8804 and speak to a professional advisor.
- Request a call back by starting your claim online.
- Discuss how you’ve been affected with an advisor in our online chat.
- Email us with details of the claim to email@example.com.
Extra Medical And Data Breach Claim Resources
You’ve arrived at the final section of this article about claiming for a St George’s Healthcare NHS Trust data breach in which we’ve included some additional guides and resources that might prove useful.
London Medical Negligence Claims – Details on how to find solicitors covering London who specialise in medical negligence claims.
Dental Negligence Claims – Advice on starting a claim against a dentist for suffering caused by negligence.
GP Data Breach Claims – Information on how you could claim compensation for harm which was caused by a data breach by your GP.
Freedom Of Information – Advice from the ICO on handling FOI requests.
Data Protection Complaints – Further advice on data protection and data breach complaints from the government.
Clinical Depression – Information from the NHS on the causes, diagnosis and treatment of depression.
Guide by Hambridge
Edited by Billing