Medication Data Breaches – Could I Make A Compensation Claim?

In this guide, we will explore the effects of medication data breaches, and outline who could be eligible to make a claim for compensation.

Medication data breaches

Who can claim for medication data breaches?

We investigate the legislation that governs data protection. This legislation sets out your rights as a data subject as well as compensation eligibility criteria. 

We also look at what you could experience if information about what medications you take is breached. Additionally, we explore how a breach of your medical and medication data could occur.

Following this, we detail how compensation payouts for personal data breach claims are calculated, and provide examples of guideline compensation brackets.

If you decide to seek personal data breach compensation, you may find the legal process feels less stressful with legal representation. We will explore No Win No Fee arrangements to conclude this guide and detail how one of our personal data breach solicitors could help you.

To get in touch with our claims team:

Select A Section

  1. What Are Medication Data Breaches?
  2. How Could Medication Data Breaches Impact You?
  3. What Medication Information Could Be Affected?
  4. Who Could You Claim Against?
  5. Compensation Payouts For Medication Data Breaches
  6. How To Make A No Win No Fee Claim

What Are Medication Data Breaches?

Medication data breaches are a kind of personal data breach. When the integrity, confidentiality, or availability of your personal data is compromised in a security incident, this is a personal data breach.

The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA) govern data protection for UK residents. This legislation gives increased rights to data subjects over the processing of their personal data and sets out the protocols that data controllers and processors must follow. A data controller decides how and why they process your data, and a data processor acts on their behalf.

Personal data includes your:

  • Name
  • Phone number
  • Address
  • Date of birth
  • Email address

Your medical and health data require extra protection under data protection legislation, as they fall under a subtype of personal data known as special category data. A medication data breach may occur if personal data that refers to your specific medications or conditions is compromised.

Our medical data breach claims team are available to answer any questions if your medical records were compromised. 

How Often Do Healthcare Data Breaches Happen?

The Information Commissioner’s Office (ICO) is an independent body established to help protect data security rights. They collect and publish data security trends statistics. The graph below contains statistics regarding reported breaches in the health sector during the fourth quarter of the 2021/22 financial year, focusing on non-cyber incidents.

Medication breach of data protection Non-cyber security incidents in the health sector, Q4, 2021/22 financial year

Non-cyber security incidents in the health sector, Q4, 2021/22 financial year

How Could Medication Data Breaches Impact You?

There are many ways that a medication data breach could impact you. For example, you may experience emotional distress or financial harm. This could be psychological injuries such as anxiety, depression, or post-traumatic stress disorder. Or financial losses such as damage to your credit score or withdrawals made fraudulently from your bank account.

In this section, we examine what you need to prove to be eligible to make a data breach compensation claim. To make a valid claim for compensation, you must be able to prove that:

  • The organisation, such as a private healthcare provider, failed to comply with data protection laws. The breach must occur as a result of these failings.
  • The data breach included your personal data, which is any information that could identify you
  • You experienced harm as a direct result of the breach. This could be a monetary loss, a psychological injury, or both. 

To learn more about medication data breaches and how they could affect you, contact our advisors today.

What Medication Information Could Be Affected?

Medication data breaches could occur in a number of ways. An optician data breach could happen, for example, or a pharmacy data breach could occur. As we mentioned earlier, data that reveals anything about your health is special category data and requires special protection. This can include:

  • Your prescriptions
  • Your medical records
  • Test results
  • Past treatments
  • Information regarding your medications

Contact our data breach claims team to discuss what steps you could take following a medical data breach. 

Who Could You Claim Against?

If your case meets the eligibility outlined above, you may be able to claim against the organisation responsible. This could be any organisation that has access to information regarding your medications. For example, your pharmacy or GP surgery.

Generally, you have six years to start a personal data breach claim. However, if you intend to make your claim against a public body such as the NHS, this will fall to one year.

To discuss the breach of your treatment records, contact our data breach claims team. If your medication breach of data protection claim seems eligible, they could put you in touch with a No Win No Fee solicitor with specialist knowledge of data breach claims. 

Compensation Payouts For Medication Data Breaches

In this section we examine how compensation for a data breach is calculated. Your personal data breach claim could be made up of two heads: material damage and non-material damage. 

Before we examine the heads that could make up your claim, let us look at a Court of Appeal case. Vidal-Hall and others v. Google Inc. (2015) changed how damages in personal data breach claims could be awarded. Prior to this case, you could only claim for non-material damage if you also claimed for material damage at the same time. Now, however, you can claim for non-material damage without claiming material damage. 

To recover any financial damages incurred due to medication data breaches, you can claim material damage. For example, this could be money withdrawn from your account fraudulently or damage done to your credit score.

If the data breach of your medical information caused emotional distress, such as post-traumatic stress disorder (PTSD), you may wish to pursue non-material damage. To help assign value to your injuries, legal professionals, such as a data breach lawyer, will use the Judicial College Guidelines (JCG). This document lists guideline compensation brackets with their corresponding injury. Examples of figures for mental health injuries provided in the table below are from the 16th edition, published in April 2022. 

Injury Severity Potential Compensation Notes
Mental suffering Severe (a) £54,830 to £115,730 Significant issues coping with daily life, work and education. The prognosis is very poor.
Mental suffering Moderately severe (b) £19,070 to £54,830 Significant difficulties coping with life occur, but the prognosis is more optimistic than in severe mental suffering.
Mental suffering Moderate (c) £5,860 to £19,070 Improvements occur, but issues similar to the above may remain. The prognosis is good.
Mental suffering Less severe (d) £1,540 to £5,860 The award considers the impact on day-to-day activities and how long the disability lasted.
PTSD Severe (a) £59,860 to £100,670 The ability to function in any area of life to the same level as before the trauma does not return.
PTSD Moderately severe (b) £23,150 to £59,860 Some recovery is possible with professional help, but a significant disability occurs lasting into the foreseeable future.
PTSD Moderate (c) £8,180 to £23,150 A recovery has largely taken place, but some symptoms that are not grossly disabling may still be experienced.
PTSD Less severe (d) £3,950 to £8,180 A virtual full recovery occurs, but some minor symptoms might be experienced past 1-2 years.

Speak to a member of our data breach claims team for an estimate of what you could claim.

How To Make A No Win No Fee Claim

You may wish to seek legal advice before making a medical data breach claim. A specialist No Win No Fee solicitor could provide their services with a Conditional Fee Agreement (CFA)

When hiring one of our No Win No Fee solicitors, you generally won’t be charged for their services upfront. Instead of this upfront solicitors fee, your solicitor will take a percentage of your final award as their success fee. This percentage has a legal cap. However, if your claim is unsuccessful, you do not pay this fee.

Our team of advisors offer free legal advice and more help surrounding your claim. If they find your claim to be valid, they may connect you with one of our expert personal data breach solicitors. 

To get in touch with the data breach claims team:

Find Out More About Claims For Medication Data Breaches

The following links might help you:

Additional data breach claims guides:

Guide by DSB

Edited by CH