Advice On Hospital Data Breach Compensation Claims

This guide looks at who could be eligible to start a hospital data breach claim. We will examine what obligations hospitals have to protect your data under data protection legislation and how failures to meet these obligations can result in personal data breaches. 

We have also included information concerning the damage that could be caused by having your personal data breached and the potential data breach compensation you could receive if your claim is a success.

The penultimate section of our guide discusses the No Win No Fee agreement our panel of specialist data breach solicitors can offer, as well as the benefits you will enjoy if you start a claim with us under this specific No Win No Fee contract.

To understand more about who is eligible to potentially start a data breach claim, talk to our advisors. Our team can explain the process of making a data breach claim as well as provide an assessment free of charge of your specific circumstances. Contact our team via:

  • Phone on 0161 696 9685
  • Complete our “Contact Us” form here.
  • Click the live chat button for a fast response to your questions.
hospital data breach

How To Make A Hospital Data Breach Claim

Select A Section

  1. Who Could Claim For A Hospital Data Breach?
  2. Types Of Healthcare Data
  3. Evidence To Support Hospital Data Breach Claims
  4. What Is The Average Data Breach Claims Payout?
  5. Begin Your Medical Data Breach Claim Today
  6. More Advice On Hospital Data Breach Claims

Who Could Claim For A Hospital Data Breach?

There are 3 different parties that are relevant to data breach claims. These are:

  • The data subject: The living identifiable individual to whom the personal data relates.
  • The data controller: Often an organisation that decides when, how and why your personal data will be stored, handled and processed.
  • The data processor: Some data controllers may make use of an external party to process your data, called the data processor who acts on the controllers instruction. The data controller may alternatively choose to process the data internally.

Personal data is information that can, either directly or indirectly, be used to identify an individual. This can be your name and contact information, as well as your credit card details or address. Data concerning your health is classed as special category data, which means it is given extra protection due to it being sensitive in nature.

The Information Commissioner’s Office (ICO), the public body set up to govern data protection in the UK, defines a personal data breach as a security incident affecting the confidentiality, integrity or availability of personal data. This definition applies both to accidental and deliberate data breaches.

As per the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (UK GDPR), both data processors and controllers have obligations to protect your data. Failures to comply with obligations under these laws can lead to personal data breaches. 

You could be eligible to start a hospital data breach compensation claim if you can meet the following criteria:

  1. The data controller or processor failed to uphold their obligations under data protection law.
  2. These failures caused a data breach in which your personal data was affected.
  3. You suffered psychological injury, financial harm,  or both, as a result of your personal data being affected by the data breach.

Is There A Time Limit For Making A Hospital Data Breach Claim?

In most cases, data breach claims are subject to a 6-year limitation period. This is reduced to 1 if claiming against a public body. For further guidance on the relevant time limit for your medical data breach claim, speak to our advisors via the contact information above.

Types Of Healthcare Data

The ICO define health data as information concerning both physical and mental health, as well as the provision of health care services. As mentioned above, personal data concerning health is classed as special category data and therefore necessitates a higher level of security.

Healthcare data can include data relating to, for example; health conditions, reproductive outcomes, cause of death and details of medical procedures. Your bank account or card information could also be affected by a hospital data breach if you have paid for treatment, such as when seeking private healthcare.

A breach of medical data could therefore expose sensitive information regarding your health to unauthorised persons. We have provided some scenarios examining how your health data could be impacted by a data breach:

  • A letter containing details of your cancer diagnosis was addressed to your brother instead of you. Your family subsequently found out about your diagnosis causing you stress and anxiety.
  • Due to inadequately trained staff, physical copies of your personal data from a gender identity clinic were misplaced while in hospital. Your patient medical records were subsequently accessed by unauthorised persons.
  • Failures in IT security resulted in data regarding an abortion procedure entering the public domain following a cyber attack.

Discuss your specific case with our team by calling the number above. They can assess whether you’re eligible to pursue a claim for a hospital data breach.

Evidence To Support Hospital Data Breach Claims

There are several types of evidence that could help support a hospital data breach claim, such as:

  • Correspondence from the hospital explaining that a data breach affecting your personal data has occurred.
  • Medical evidence that demonstrates the psychological harm caused by the data breach.
  • Financial evidence, such as your bank account or credit card statements, that shows unauthorised activity in your accounts.

A data controller is required to promptly inform all affected data subjects that a breach has occurred. Data controllers must also, within 72 hours, inform the ICO of the breach if the breach meets the standards for reporting. Once notified, the ICO can open an investigation into the data breach. Any findings from the ICO investigation can be used as evidence for your claim.

Data subjects have the legal right to express dissatisfaction with how their data is being handled at any time. You could complain to the ICO if you are unsatisfied with the response from the data controller. It is not a requirement to report a data breach to the ICO before starting the claims process.

If you can show, with clear evidence, that the hospital failed to adhere to the standards set out by the UK GDPR or DPA, and this caused a breach of your personal data which led to you experiencing financial loss, emotional damage, or both, you may be able to start a data breach claim.

Speak to our advisors to find out more about your eligibility to start a hospital data breach compensation claim. You can use any of the contact details provided below to reach one of our team.

What Is The Average Data Breach Claims Payout?

Data breach compensation can be awarded for two different types of damage following a successful hospital data breach claim. These are:

  • Material damage refers to the financial losses stemming from the personal data breach. For example, if money was stolen from your account due to a breach of your debit card details, you could claim this back. Alternatively, if you required time off work to deal with the emotional harm caused by the breach, you could seek reimbursement for the lost income incurred as a result.
  • Non-material damage refers to any psychiatric damage caused by the personal data breach, such as stress or in more severe cases, post-traumatic stress disorder (PTSD).

Solicitors can refer to the figures in the Judicial College Guidelines (JCG) to assist them in calculating the potential value of non-material damage. This is a publication that lists a multitude of different types of harm alongside their guideline brackets. We have used some of these brackets to create our table.

Compensation Table

This table is intended for use as guidance only as data breach compensation is calculated individually. 

InjurySeverityGuideline BracketNotes
Psychological DamageSevere (a)£54,830 to £115,730Cases involving marked impacts on multiple aspects of the injured persons life with a very poor prognosis.
Moderately Severe (b)£19,070 to £54,830Significant problems across multiple aspects of the injured person's life but the prognosis will be significantly improved compared to the bracket above.
Moderate (c)£5,860 to £19,070Problems relating to the injured person's work and social life will be present, although a significant improvement will have taken place and the prognosis will be good.
Less Severe (d)£1,540 to £5,860Awards in this bracket will consider the length of the period of disability, and any impact on sleep patterns and daily activities.
PTSDSevere (a)£59,860 to £100,670Severe and permanent effects that render the injured person unable to work or function at a pre-trauma level and badly affecting all aspects of their life.
Moderately Severe (b)£23,150 to £59,860Although a better prognosis than in the bracket above, the effects will remain significant for the foreseeable future.
Moderate (c)£8,180 to £23,150Cases where the injured person has substantially recovered and is not experiencing any grossly disabling continuing effects.
Less Severe (d)£3,950 to £8,180Virtual recovery within two years, with minor symptoms persisting over a longer period.

For a more in-depth assessment of the potential value of your data breach claim, speak to our advisors using the details given below.

Begin Your Medical Data Breach Claim Today

Following an assessment of your potential hospital data breach claim, our advisors could connect you with a dedicated data breach solicitor from our panel, provided your case satisfies the eligibility criteria. Our panel can offer a No Win No Fee contract called a Conditional Fee Agreement (CFA).

Making a claim under a CFA has several benefits for claimants. In most cases, you will not be paying any fees upfront for work to begin on your claim. You will likewise not incur ongoing fees for the solicitor’s work as the claims process moves forward. Following an unsuccessful claim, there will be no fee for the solicitor’s services.

If your claim succeeds, you could receive compensation for both material and non-material damage. The solicitor will deduct a percentage of this compensation as their success fee. The maximum success fee percentage that solicitors can charge is legally capped. What this means is that you will keep the majority of your awarded compensation. 

Our team can explain the process of making a data breach claim as well as provide an assessment free of charge of your specific circumstances. Contact our team via:

  • Phone on 0161 696 9685
  • Complete our “Contact Us” form here.
  • Click the live chat button for a fast response to your questions.

More Advice On Hospital Data Breach Claims

See more of our data breach guides here:

External resources:

Thank you for reading our guide on who could be eligible to make a hospital data breach claim. Our advisors offer further guidance on data breaches, as well as a free assessment of your particular circumstances. Get in touch via any of the contact details given above.