This guide offers a medical information data breach compensation case study to help you if your personal information was compromised. Data breaches can cause far-reaching emotional and financial disruption. So in the sections below, we will explain who is eligible to seek damages for a personal data breach, helping you to make a more informed choice about starting a claim.
All organisations have an obligation to protect our personal data. Two main pieces of legislation called the UK General Data Protection Regulation (UK GDPR), and the Data Protection Act 2018 (DPA), establish certain responsibilities for those that use personal information. An independent watchdog called the Information Commissioner’s Office (ICO), upholds data protection laws and can investigate and take action against any organisation that breaches data protection laws.
After our case study, we explore the steps you can take after a medical data breach. We then look at the compensation that can apply, how it is calculated and what areas of harm it seeks to address. The article then looks at the advantages of launching a claim with a data breach specialist solicitor from our panel.
Our panel can help you assemble supporting evidence and skillfully negotiate the best possible settlement, whether your claim actually needs to go all the way to court or not.
The first step is to receive a free assessment of your claim from our advisors. If they find you have grounds to proceed, they could connect you with a solicitor today. Start by:
- Calling us on 020 8050 3051
- Using the live chat feature.
- Seeing what your claim could be worth when you contact us online.
Jump To A Section
-
- Can You Claim For A Medical Information Data Breach?
- Medical Information Data Breach Compensation Case Study: £50,000 Payout
- What Should You Do After Your Medical Data Has Been Involved In A Data Breach?
- Potential Data Breach Compensation Payouts
- Use No Win No Fee Solicitors To Claim Data Breach Compensation
- Useful Resources About Claiming For A Medical Information Data Breach
Can You Claim For A Medical Information Data Breach?
Article 82 of the UK GDPR sets out the eligibility criteria that must be met to start a data breach compensation claim:
- The breach must be a result of an organisation’s failure to comply with the DPA and UK GDPR laws. Within organisations, two groups typically work with data. Controllers set the purpose for data collection, whilst processors work with it on their behalf. Failure either to comply with data law is known as wrongful conduct.
- The breach must involve your personal data.
- The breach must have caused you either psychological and/or financial harm.
Personal data is defined by the ICO as information that might be used to identify an individual. This includes their name, email address, and phone number. In addition to this, there is special category data which covers information concerning medical records and a person’s health.
Personal data breaches typically involve the loss of confidentiality, integrity or availability of data. Wrongful conduct with data like this could lead to a breach of data protection and qualify someone to seek damages if harmed by it. Some examples:
- A GP letter is sent to the wrong address containing personal data.
- Staff at a healthcare clinic discuss your medical condition with unauthorised parties.
- An NHS data breach occurs because of weak or insufficient cyber defence.
- A private hospital fails to correctly dispose of your debit or credit card details.
There are other examples of medical data breaches caused by human error or deliberate actions. So to access personalised guidance on your potential claim, please connect with advisors on the number above.
Medical Information Data Breach Compensation Case Study: £50,000 Payout
Miss Green suspected a breach of her data after noticing an increase in unwanted spam emails and cold calls. She was able to trace the problem back to her GP surgery which had recently suffered a breach when a staff member lost a laptop containing patient files.
The anxiety and stress triggered by the data breach meant Miss Green missed time from work. In addition, knowing her personal health details about a miscarriage were in the public realm was so distressing she needed to seek counselling.
Miss Green was diagnosed with post-traumatic stress disorder and placed on medication. A data breach solicitor helped her receive £30,000 for psychiatric harm (non-material damage), £15,000 for her lost income and £5,000 for counselling costs under material damage.
If you’d like to see if you could benefit in the same way Miss Green in our medical information data breach compensation case study, call on the number above.
*Please note – this medical information data breach compensation case study is for illustrative purposes only.
What Should You Do After Your Medical Data Has Been Involved In A Data Breach?
There are steps you can take if you have grounds to suspect that your medical data has been compromised in some way:
- The organisation responsible for the data breach must notify impacted data subjects immediately if the breach threatens to jeopardise their freedoms and rights. They must also inform the ICO within 72 hours. Keep this correspondence as proof.
- You can complain to the organisation if you suspect a personal data breach has occurred.
- If the organisation fails to respond (or the response is unsatisfactory), you can complain to the ICO yourself. Should the ICO look into the matter, the findings of their investigation can act as evidence in your data breach claim for compensation.
- Have any psychological injuries assessed by a professional and request a copy of their findings.
- Gather any and all proof of financial damage caused by the data breach.
- Consider seeking legal advice.
Potential Data Breach Compensation Payouts
There are two heads of loss that can be included in a successful compensation settlement for a data breach. Non-material damage is the psychological distress caused such as general anxiety, panic attacks, depression and trauma.
As part of the services offered by the data breach solicitors on our panel, a psychiatric assessment can be arranged for you. A report is generated, which determines the full compensation value.
Those who work out non-material damage values can also use documents such as the Judicial College Guidelines (JCG) to reach a figure. The JCG lists psychological injuries in type and severity, as our excerpt shows:
Compensation Guidelines
The first line does not come from the JCG:
| Injury | Severity | Guidelines | Notes |
|---|---|---|---|
| Severe Psychological Harm and non-material damage | Severe | Up to £250,000+ | This covers multiple types of severe mental harm, counselling fees, lost income and lost funds. |
| General Psychological Harm | (a) Severe | £66,920 to £141,240 | Very poor predicted recovery with permanent damage impacting all areas of normal life. |
| (b) Moderately Severe | £23,270 to £66,920 | Significant and similar issues to those above but a better prognosis. | |
| (c) Moderate | £7,150 to £23,270 | Some problems at work and in relationships but a marked improvement and better outlook. | |
| (d) Less Severe | £1,880 to £7,150 | Duration of illness is assessed in this bracket. | |
| Post-Traumatic Stress (PTSD) | (a) Severe | £73,050 to £122,850 | Significant and permanent trauma that impacts all area of life. |
| (b) Moderately Severe | £28,250 to £73,050 | A better outcome is indicated after professional help. However, effects are likely to cause significant disability for foreseeable future. | |
| (c) Moderate | £9,980 to £28,250 | The person recovers on the whole and any continuing problems are not severly disabling. | |
| (d) Less Severe | £4,820 to £9,980 | Within a 1-2 year period, virtually a full recovery is seen leaving only minor issues past this. |
Making A Material Damage Claim After A Data Breach
Material damage is the monetary loss caused by the data breach. To include material damage requests in a claim, it will be necessary to submit supporting documentation as proof, such as:
- Bank statements showing lost money.
- The costs of seeking help from a mental health counsellor.
- The expense of re-establishing your privacy.
With this in mind, it is important to retain any documentation that might bolster your claim for material loss caused by the data breach. If you’d like to learn more on how to do this, you can speak to our advisors who offer prompt, personalised advice over the phone.
Use No Win No Fee Solicitors To Claim Data Breach Compensation
The solicitors on our panel can bring years of expertise to bear via a type of No Win No Fee contract called a Conditional Fee Agreement (CFA). There are typically no upfront or ongoing fees for solicitors services needed under a Conditional Fee Agreement. Also, if your case is not successful, no fees are due for completed solicitors’ services.
Successful claim outcomes require the payment of a success fee to your solicitors. However, this percentage deduction is subject to a legal cap which ensures you benefit first and foremost from the settlement.
If you think this sounds of interest and feel your case qualifies, take the first step of speaking to an advisor by:
- Calling on 020 8050 3051
- Connecting through the live discussion portal.
- Requesting a call back via our ‘Contact Us’ form.
Useful Resources About Claiming For A Medical Information Data Breach
Lastly, more helpful guides:
- If your medical records were lost by a solicitor, this guide offers help.
- View our guide to real-life data breach case studies.
- Also, information on claims for personal information sharing without consent is available here.
External resources to help:
- This resource looks at individual data rights from the ICO.
- The charity Mind looks at anxiety here.
- A data protection guide from GOV.UK.
We hope our medical information data breach compensation case study was useful. Please connect to learn more about how we could help you.
