How To Claim For Unauthorised Access To Patient Medical Records

This guide is about claiming compensation for unauthorised access to patient medical records. We’ll look at what harm could result from access and why you could be compensated.

When you visit a GP, dentist, hospital, optician or other medical services, details of your appointment are recorded in your medical records. One of the reasons for that is so other medical professionals that treat you in the future will be aware of the treatment and any medication that you’ve had prescribed. This can help save time and prevent mistakes from being made. As the information recorded is personal and sensitive, you probably wouldn’t want it to be shared.

Legal Helpline is here to offer support if you wish to claim. We will review your case on a no-obligation basis and provide free legal advice. If the claim appears suitable, we may connect you to a data breach lawyer from our panel. Any case they agree to work on will be managed on a No Win No Fee basis.

If you are interested in talking about your claim today, please get in touch on 0161 696 9685. Alternatively, to learn about how the General Data Protection Regulation (GDPR)  protects access to your personal information, please read on.

Patient medical records data breach compensation claims guide

Select A Section

A Guide On Claiming Compensation For Unauthorised Access To Patient Medical Records UK

As well as the GDPR, The Data Protection Act 2018 has been introduced to try and give you extra control over the ways in which your personal data is used. The idea is that organisations need to implement extra security measures to keep information safe. Furthermore, they need a lawful basis before processing any personal information. This can be gained in a number of ways. One common method is to ask for your permission to use your information after telling you why it is needed.

Unauthorised access to patient medical records could be a data breach according to the GDPR. That’s because the data found within a medical record could be used to help identify a patient. If the patient (the data subject) suffers psychological injuries or financial losses as a result of the data breach, they could seek damages to cover that suffering.

Organisations could be fined or ordered to change their data protection processes if they are found guilty of breaking the new laws. The watchdog that could enforce action on them is the Information Commissioner’s Office (ICO). However, you will still need to take action yourself if you want to be compensated. That’s because the ICO doesn’t have any legal powers to award data breach compensation.

Claims will need to be made within the relevant time limits. Generally, you’ll have 6-years to claim from the date you obtained knowledge of the breach. However, cases centring on human rights breaches may only have 1-year.

If you would like to check how long you have to claim, ask any questions, or start your claim, why not call our specialist advisors after completing this article?

What Is Unauthorised Access To Patient Medical Records?

Some examples of how unauthorised access to your medical records could lead to a claim include:

  • If details from your medical records are sent in a letter (intended for you) to the wrong address.
  • Where staff look up information about you without a medical reason.
  • If medical records enter the public domain because they are disposed of insecurely.
  • If a laptop is stolen from a medical practice that is unencrypted and means your records are accessible.
  • Where cybercriminals use phishing emails, keyloggers, ransomware or viruses to gain access to insecure IT systems.

What’s important here is that it does not matter if the data breach is illegal, deliberate or accidental. For any type of breach where your data is exposed and you suffer damage as a result, you could be eligible to seek compensation.

To find out if you might be eligible to claim, why not get in touch today? We can review your case for free and explain your legal options.

Calculating Compensation For Unauthorised Access To Patient Medical Records In The UK

In this section, we will review how much compensation could be awarded to cover mental harm resulting from a personal data breach. Our compensation table offers some examples but you can get a more personalised estimate by speaking to our team.

An important hearing at the Court of Appeal gave guidance on data breach claims. The Court stated in Vidal-Hall and others v Google Inc [2015] that:

  • Compensation should be considered if the claimant has been harmed mentally following a data protection breach. This is the case whether money has been lost or not.
  • Settlement figures for mental harm should be paid using formulas established in personal injury law.

As a result, the figures in the table below are from the Judicial College Guidelines. This is a resource used in personal injury cases to help value different injuries.

Type Of ClaimSettlement Bracket
Severe psychiatric damage£51,460 to £108,620
Severe PTSD£56,180 to £94,470
Moderately severe psychiatric damage£17,900 to £51,460
Moderately severe PTSD£21,730 to £56,180
Moderate psychiatric damage£5,500 to £17,900
Moderate PTSD£7,680 to £21,730

You will need to demonstrate the extent of your suffering during the claim. Therefore, as part of the process, you’ll need a medical assessment. The lawyers on our panel are able to arrange a local appointment so that you won’t need to travel too far.

Your assessment will be managed by an independent specialist. To establish what injuries have been sustained and to offer a prognosis, they will refer to your medical records and ask some questions. Once they have finished, a report will be prepared and sent to your lawyer. This will be used to value your injuries and prove that the breach was the cause.

For a more specific estimate or to learn more about what you can claim for, please get in touch.

No Win No Fee Compensation Claims For Unauthorised Access To Patient Medical Records In The UK

The main concern that many people have when seeking compensation is losing money in legal fees. If you ask us to help you though, you don’t need to worry as much. That is because our panel of lawyers offer a No Win No Fee service if your case is accepted. Therefore, you could benefit from the experience of the data breach lawyers from our panel, but your financial risk will be lower.

Importantly, the merits of your claim will need to be reviewed before it is taken on. If the lawyer is happy to help you, they will supply you with a Conditional Fee Agreement (CFA). This is the formal name for a No Win No Fee agreement. This contract tells you what your solicitor will need to do if they wish to be paid. Furthermore, it will make it clear that:

  • You won’t need to pay any lawyer’s fees in advance.
  • While your claim is being processed, you won’t need to pay your lawyer for their work.
  • Should the claim fail, you won’t be liable for your lawyer’s fees whatsoever.

In cases where compensation is awarded, your lawyer will be paid a success fee. This is listed within the CFA as a fixed percentage of any settlement. That means you will know the percentage before you agree to work with the lawyer. Also, to try to prevent overcharging, No Win No Fee success fees are legally capped.

Talk To Our Data Breach Team

We hope that our guide on claiming for unauthorised access to medical records has been helpful. Furthermore, if you are going to claim, we hope you would like Legal Helpline to support you. If that’s the case, you can contact us by:

As we know how busy life can be, we operate our claims line 24-hours a day.

 Where To Learn More About Medical Data Breaches

Thanks for visiting Legal Helpline today. We hope that this article about unauthorised access to patient medical records has helped. In this final section, we have linked to some resources that might help you further.

  • The General Medical Council – The regulatory body that helps to improve medical practice and protect patients.
  • Do I Need To Consent? – ICO advice on whether organisations need to seek your consent before using personal information.
  • Flashbacks – Information on what causes flashbacks which can be a symptom of PTSD.
  • Below you will find a few more of our articles relating to data breach claims.
  • Pharmaceutical Data Breaches – Advice on how to claim if you’ve suffered following a data protection breach by a pharmacy.
  • HMRC Breaches – This guide shows the options available if a breach involving your data happens at HMRC.
  • Human Resources Data Breaches – Information about claiming if your workplace HR department leaks your data.
  • Solicitor Lost My Medical File – If your solicitor has committed professional negligence and lost your medical records find out how to claim in this article.

Thanks for reading our guide to making a data breach claim following unauthorised access to patient medical records.

Guide by BH

Edited by REB