NHS Information Breach – Could I Make A Compensation Claim?

NHS information data breach claims guide

NHS information data breach claims guide

In this guide, we will explain the steps you could take should an NHS information breach occur involving your personal data. The National Health Service is a publicly funded health system. Different types of organisations make up the NHS. When these organisations process the personal data of patients or staff, they become responsible for the personal data they handle. By law, when personal data is processed, it must be protected.

Those responsible for controlling the purposes and methods of processing personal data are often referred to as data controllers. They can opt to instruct data processors to act on their behalf. Anyone handling personal data has the responsibility to protect it. Therefore, if a data controller or processor fails to adhere to data protection laws, it could compromise your personal data and result in you sustaining harm, for which you could be eligible to make a claim. Although it is important to know that a data breach could still occur even if a data controller or processor has done everything they can to prevent it, for which a claim could not be made.

Continue reading this guide to learn how much potential compensation could be awarded for a successful personal data breach claim. Also, find out how a No Win No Fee solicitor could benefit your case.

If you have been harmed by a medical data breach caused by a failure to comply with data breach laws, Accident Claims UK could help you. Our advisors can assess your claim and offer free, confidential legal advice. Please get in touch with us today to see if you could be eligible to make a claim:

Select A Section

What Is An NHS Information Breach?

Personal data is information that could be used to identify a person, such as their name or address. It is protected under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. These pieces of legislation exist alongside one another to govern the storage and use of personal data. This covers information in both physical and digital forms. The UK GDPR requires organisations to take measures to protect personal data.

Under Article 9 of the UK GDPR, data concerning health is classified as special category data, which needs extra protection due to it being sensitive in nature.

A medical data breach could occur due to various causes; for example, it could be accidental or deliberate:

  • Human error – a worker accidentally sends an email containing personal health data to the wrong recipient.
  • Cyber attack – A criminal hacks into a medical database and steals personal data.

Please contact the Accident Claims UK team if you have evidence that your personal data has been compromised due to a data controller failing to comply with data protection law and, as a result, you have suffered harm.

How Common Are Healthcare Sector Data Breaches?

If an organisation discovers a data breach which threatens the rights and freedoms of those involved, it must report the breach to the Information Commissioner’s Office (ICO) within 72 hours. From the ICO’s data security incident trends, we can see that from Q2 2019 to Q2 2022, the healthcare sector reported:

  • 6,035 data security incidents
  • 5,577 of these were non-cyber incidents.
  • 458 of these were cyber incidents.
  • More data security incidents were reported in the health sector than in any other.

What To Do If An NHS Information Breach Occurs

When a data controller or processor discovers that a breach of data has occurred, they should inform those affected without undue delay and report it to the ICO within 72 hours of the discovery. This is providing that there is a risk to the data subject’s rights and freedoms. Also, if you believe you have discovered a healthcare data breach, you could follow the data protection complaints procedure below:

  • Firstly, contact the organisation that was responsible for your personal data to raise your concerns.
  • Secondly, if they do not respond or you find their response unsatisfactory, you could complain to the ICO. Although they cannot award compensation, their findings could prove useful evidence for your claim.

Additionally, we recommend that you seek legal advice. Please contact our advisors today for free and confidential advice.

Can I Make A Data Breach Compensation Claim?

Article 82 of the UK GDPR outlines the eligibility criteria for a data subject to be able to make a personal data breach claim.

To make a healthcare data breach claim, you must prove the following:

  • The data controller or processor failed in their legal obligation to follow data protection laws.
  • This caused a data breach involving your personal data.
  • As a result, you have experienced psychological injuries or financial damage.

If you have evidence that a failure to comply with the legislation has caused an NHS information breach to occur, resulting in you sustaining harm, call our advisors on the next steps you could take.

Average Settlements For A Healthcare Data Breach

For a successful case, there are two potential heads of claim: non-material and material damage.

Non-material damage can compensate for the psychological injuries caused by the personal data breach, such as emotional distress, anxiety and post-traumatic stress disorder. At the same time, material damage compensates for certain financial losses resulting from the personal data breach. You could make a claim for material or non-material damage alone or simultaneously with the other.

The compensation table below uses the Judicial College Guidelines (JCG), updated for 2022, to provide compensation amounts for non-material damage. Legal professionals, such as data breach solicitors, use the JCG to help them value settlements.

Type of Injury Severity Notes Compensation Brackets
Mental Injury Severe (a) A mental injury which causes marked problems with the person’s ability to cope with daily life. £54,830 to £115,730
Mental Injury Moderately Severe (b) There is a much more optimistic prognosis of recovery. Although the person will be impacted in a way similar to the above bracket. £19,070 to £54,830
Mental Injury Moderate (c) The person will have a good prognosis and will have markedly improved by the time of trial. £5,860 to £19,070
Mental Injury Less Severe (d) How much the person was affected and how long the effects lasted for determines the award. £1,540 to £5,860
Anxiety Disorder Severe (a) The effects of the injury will be permanent. It may prevent the person working and will badly affect all areas of their life. £59,860 to £100,670
Anxiety Disorder Moderately Severe (b) There will be a better prognosis with professional help. The effects could still cause disability for the foreseeable future. £23,150 to £59,860
Anxiety Disorder Moderate (c) The person will have largely recovered. £8,180 to £23,150
Anxiety Disorder Less Severe (d) The person is virtually fully recovered within one to two years. £3,950 to £8,180

Please be aware the contents of the table are a guide.

A data breach compensation claim could also include reimbursement for certain financial losses under material damage. This could include:

  • Money taken from your bank accounts
  • Damage to your credit score

It is important to know that you must provide evidence of any monetary losses. This could include a record of your credit history or bank records.

Please speak to our advisors today to learn more about the potential compensation for a data breach.

No Win No Fee Solicitors For Healthcare Data Breach Claims

When entering into any data breach claim, it may be a good idea to think about seeking the help of a professional such as a data breach claim solicitor. If you choose to enter into a Conditional Fee Agreement (CFA), a type of No Win No Fee agreement, with a solicitor, you won’t pay upfront or ongoing fees for their services. Nor will you pay for their services at any point if your claim is unsuccessful.

Alternatively, if your claim is successful, a solicitor will receive a ‘success fee’ taken from the compensation. This is a small, legally capped percentage.

Please contact Accident Claims UK to enquire about making a healthcare data breach claim:

  • Call us on 0800 073 8801 to speak to a claims advisor
  • Use our live support feature to write to us
  • Alternatively, contact us online via our webpage

Learn More About Data Breach Claims

If you would like to learn more about making a data breach compensation claim, take a look at more of our guides:

What Are My Rights After A Pharmacy Data Breach?

Lost Files Breach Of Data Protection – How To Claim

What Are My Rights After A Dentist Data Breach?

Additionally, we have provided some external links for further reading:

A guide to how the NHS uses your data

More advice from the Gov.UK site on data protection.

An ICO guide to recognising and avoiding identity theft

Thank you for reading our guide on the steps you could take should a potential NHS information breach occur and your personal data is involved.