When you register for healthcare services, you will need to provide a lot of personal information to the provider. Some of the information you provide will probably be sensitive and not something you’d want to be shared with others. Luckily, since the General Data Protection Regulation (GDPR) was introduced, data security rules have been tightened. If data breaches do occur, they can lead to stress, embarrassment, anxiety and financial losses. Therefore, this guide is going to look at the harm a GDPR data breach by a private healthcare provider could lead to. Additionally, we will discuss when the suffering that results from such a breach could mean you are eligible to claim compensation.
Legal Helpline is happy to support you if you are thinking of claiming. The specialists operating our advice line offer a no-obligation assessment of your case. You will also receive free legal advice.
There’s no pressure on you to proceed with a claim but if your case is suitable, we could appoint a specialist data breach lawyer from our panel. If they choose to take you on as a client, you’ll benefit from their No Win No Fee service.
If you believe you should be compensated following a private healthcare data breach, why not call us on 0161 696 9685 today? You’ll be given free legal advice whatever happens. Alternatively, you can find out more about what you could claim and how much compensation could be paid by reading the rest of this guide.
Select A Section
- A Guide On Claims For A Data Breach By A Private Healthcare Provider
- What Is A Data Breach By A Private Healthcare Provider?
- Third Party Data Sharing And GDPR Compliance?
- Enforcement Action Taken By The ICO Against Private Healthcare Providers
- Calculating Compensation For A Data Breach By A Private Healthcare Provider
- Types Of Data Breach Compensation You Could Be Awarded
- How To Get Help From The Information Commissioner
- No Win No Fee Claims For A Data Breach By A Private Healthcare Provider
- Dealing With A Data Breach Through A Solicitor
- What Should You Do If You’re The Victim Of A Data Breach?
- Talk To A Data Protection Breach Lawyer
- Healthcare Data Breach FAQs
- Where To Learn More
A Guide On Claims For A Data Breach By A Private Healthcare Provider
The Data Protection Act 2018 and the GDPR go hand in hand. Together, they provide individuals (or data subjects) better control over the use of their personal information. Organisations (data controllers) must now have a lawful reason to process personal data. In many cases, they will now tell you when your data is required, and you will sometimes need to consent before it is used.
Security measures must also be put in place by data controllers when handling your information to try and keep it as secure as possible. Failure to keep data safe could mean that the Information Commissioner’s Office (ICO) will launch an investigation. If found guilty of breaking data protection laws, an organisation could be forced to pay a hefty fine. However, the ICO won’t be able to issue compensation to those who’ve been harmed by data breaches. For that reason, you would need to launch your own legal proceedings.
Claims for the suffering caused by data breaches are time-limited. Generally, claims must be made within 6-years from the date you obtained knowledge of the breach. However, should the claim relate to human rights breaches, that time limit reduces to 1-year.
Throughout our guide, we will consider how data breaches could occur in private healthcare companies. Remember, though, whether your data is exposed because of an accident or because of criminal activity, you could seek compensation for any harm that results.
Once you have completed our guide, please feel free to call if you have any questions. Also, if you decide you would like to begin a claim, we can help. You’ll receive free claims advice, and we could refer you to a specialist data breach lawyer from our panel. If they agree to work on your case, their services will be carried out on a No Win No Fee basis.
What Is A Data Breach By A Private Healthcare Provider?
Private healthcare providers have a responsibility to try and keep your personal data secure. Data breaches occur when some form of security incident results in information about a data subject being accessed, altered, lost, destroyed or disclosed in a way that has not been authorised. Whether the security incident is accidental, illegal or deliberate does not matter – if you have suffered financial or mental damage, you could claim compensation.
As well as demonstrating that your data has been exposed in some way, you will also need evidence to prove you have suffered as a result. Claims are possible if you have had financial losses or been made ill because of the breach.
It is quite common these days to hear stories about data breaches caused by cyber attackers. They will often employ techniques like deploying viruses, ransomware, key loggers, denial of service attacks or phishing emails to gain access to personal information. However, you could also claim for a GDPR data breach that involves physical documentation as well.
The GDPR explains that personal data is any information that could be used to identify a data subject. This includes information like your name, patient number, home address, telephone number or email address. Additionally, some information about your characteristics could help identify you, so that is covered too. This includes data regarding your age, gender, marital status and ethnicity.
Third-Party Data Sharing And GDPR Compliance?
As we mentioned earlier, there needs to be a lawful reason to process your personal information. This also applies when sharing personal data with others. That means a private healthcare provider cannot:
- Pass information about you to marketing companies unless you have authorised them to.
- Share your personal information for research purposes unless you’ve consented.
However, some sharing of your data might be possible without your consent under the GDPR. For example, if there is a medical emergency, they could share information from your medical records with a hospital.
Enforcement Action Taken By The ICO Against Private Healthcare Providers
In this section, we are going to look at a reported data breach by a private healthcare provider.
The incident involved Bupa Global, the international health insurance division of Bupa. They have explained on their website that personal information about some policyholders was exposed in a data breach. Financial and medical information was not leaked but the breach did include information such as names, nationalities, dates of birth, membership numbers and some contact information.
This breach was caused by a deliberate act by an employee. The report suggests that around 108,000 policyholder’s details were copied and removed from the company’s database.
As a result of the breach, the company contacted the affected customers to apologise. They believed that the stolen data was shared with other parties. The company went onto explain that they have introduced new security procedures and informed regulators about the breach. Additionally, they are taking legal action against the employee who has since been dismissed.
Further information: https://www.bupa.com/corporate/who-we-are/customer-update
If you would like our support with starting a private healthcare data breach claim, please call our free legal advice line today. We offer free telephone consultations and could refer your case to data breach lawyers on our panel.
Calculating Compensation For A Data Breach By A Private Healthcare Provider
Now we are going to take a look at the potential compensation amounts that might be payable in data breach claims. Our compensation table below concentrates on injuries like psychiatric damage and Post-Traumatic Stress Disorder (PTSD).
The case of Vidal-Hall and others v Google Inc  at the Court of Appeal is important in data breach claims. That’s because two important decisions were made during it:
- You are allowed to make a claim for injuries that result from data breaches whether money was lost or not. Previously you had to have suffered financial damage to claim psychological harm.
- The amount of compensation paid should be in line with settlements paid in personal injury claims.
Therefore, we have populated our table with data from the Judicial College Guidelines. This is a document that insurers, legal professionals and courts use to value injuries.
|£51,460 to £108,620
|The claimant will have marked problems coping with life in general and work. Their prognosis will be very poor as they will remain vulnerable in the future, treatment won't be useful and they will have problems maintaining relationships.
|£17,900 to £51,460
|The claimant will have significant problems that mirror those listed above. However, their prognosis will be more optimistic.
|£56,180 to £94,470
|The symptoms in this category will be permanent. They will prevent a return to pre-trauma levels of functioning and stop the claimant from working. All aspects of life will be affected.
|£21,730 to £56,180
|The claimant will endure similar levels of suffering as listed above. However, with professional support, there will be some recovery.
|£7,680 to £21,730
|In this category, the claimant will have largely recovered from the symptoms of PTSD.
You will need to demonstrate the severity of any injury you claim for. Therefore, you will need to undergo a medical assessment during the claims process. Our panel of lawyers always try to book these locally to avoid unnecessary travelling.
An independent medical specialist will ask you questions and read your medical records during your appointment. Once they have finished, they will send a medical report to your lawyer that sets out your prognosis and lists your injuries.
Types Of Data Breach Compensation You Could Be Awarded
Getting a data breach claim right can be a complex process. That’s because as well as claiming for any losses or suffering you’ve already suffered, you also need to consider future suffering as well. This is important because it’s only possible to make a single claim.
In most cases, your claim will be split into two different parts. Material damages could be claimed to cover any money you’ve lost or expenses you’ve incurred because of the breach. Non-material damages might be claimable if you have suffered because of psychiatric injuries.
When claiming for material damages, you will usually begin by considering how much money has already been lost. However, if there’s a risk of losing more money in the future, this may need to be factored in as well. For example, where your details are being passed around the dark web by criminals, you could continue to lose out until you’ve managed to block all of your accounts.
Claiming for psychiatric injuries will usually start with conditions that have already been medically diagnosed. Then you might have to claim for future suffering that has been identified in your medical assessment. For example, if anxiety is going to mean you are going to struggle with personal relationships, you may need to consider that in your claim.
We believe that having an experienced data breach lawyer on your side could help you get this process right. In fact, it could be the difference between receiving the right amount of compensation or not receiving anything at all.
If your claim is taken on by a lawyer from our panel, they will work hard to try and make sure all elements of your suffering are considered in your claim. To find out more about claiming, please call today.
How To Get Help From The Information Commissioner
You have the option to ask the ICO to take a look at your complaint relating to a private healthcare provider’s data breach. However, you will need to complain to the company directly first.
The ICO says that after you have followed the formal complaints process, you should escalate the complaint where possible. After it has been 3-months since you last heard anything meaningful, you could ask the ICO to investigate.
As a result of an ICO investigation, companies could receive a fine or be told that they have to change how they work. However, they won’t be ordered to compensate you. The only way you could be compensated is if you take action against the company yourself.
No Win No Fee Claims For A Data Breach By A Private Healthcare Provider
It is very common for those affected by data breaches to worry about losing money because of legal fees. However, if your case is accepted by a lawyer from our panel, you won’t need to worry so much. That’s because they offer a No Win No Fee service to lower your financial risk.
Before accepting you as a client, the lawyer will review the merits of your case with you. A Conditional Fee Agreement (CFA) will fund your case if the lawyer agrees to take it on. The CFA explains to you what needs to be achieved before the lawyer is paid. Claiming in this way means that:
- You won’t have to transfer funds to the lawyer upfront.
- There won’t be any lawyer’s fees payable while they process your claim.
- Should the claim fail, you won’t have to cover any lawyer’s fees at all.
Your lawyer will only receive a success fee if you are compensated. The success fee is a small percentage of your compensation amount. So that you know about it before you agree to work with the lawyer, it is listed clearly in the CFA. By law, success fees are capped to prevent overcharging.
Dealing With A Data Breach Through A Solicitor
The amount of work needed when making data breach claims means we advise you to consider taking on legal representation. By doing so, we think the claims process will be easier and that you’re more likely to be compensated fairly. If your claim is taken on, a lawyer from our panel will:
- Discuss your claim in full with you so that they fully understand how you have been affected.
- Collect any evidence that could help prove how you’ve suffered.
- Arrange a medical assessment for you (locally).
- Compile all of the evidence and forward the claim to the defendant.
- Deal with all communication so you don’t need to speak to the defendant or their insurers.
- Try to achieve the highest settlement amount possible in your case.
What Should You Do If You’re The Victim Of A Data Breach?
As we have provided a lot of information in this guide, we are quickly going to reiterate how to proceed with a claim.
In the first instance, you should direct a complaint to the healthcare provider. They should provide a formal response in due course. If you don’t agree with their findings, you could ask the ICO to investigate after you have escalated the complaint as far as possible.
As mentioned, the ICO does not have any power when it comes to awarding compensation. Therefore, you may wish to take on legal representation to help your claim. If you decide to work with us, and a lawyer from our panel agrees to take you on, they will provide advice about whether you need to liaise with the ICO or not.
Talk To A Data Protection Breach Lawyer
We are fast approaching the end of our article about private healthcare data breaches. Hopefully, you have gained all of the information you need to help you decide what to do next. If you would like Legal Helpline to support you with a claim, you can contact us by:
- Calling our free advice centre on 0161 696 9685.
- Emailing us with information about your claim to [email protected].
- Submitting an online enquiry so that we can arrange to call you back.
- Explaining what happened to an online advisor.
Healthcare Data Breach FAQs
To provide extra support, we have answered some commonly asked questions relating to data protection breaches. If you have any unanswered queries after reading this guide, please contact our team today.
What are the consequences of breaching data protection?
If your personal data is exposed by a data breach, you could suffer psychiatric injuries. These could be caused by anxiety, stress or depression. You may also suffer financially if criminals obtain your information. Furthermore, companies can be held to ransom by criminals who have accessed personal data that they are responsible for.
How much is the fine for a data protection breach?
The Information Commissioner’s Office has the power to issue fines to organisations that breach data protection laws. The maximum fine they can issue is £17.5 million or 4% of the company’s worldwide turnover.
Who is liable for a data breach?
If your data is exposed in a personal data breach, your claim will usually be made against the data controller. If the breach resulted from an individual’s actions, the data controller may choose to take appropriate action against them.
Where To Learn More
Thank you for visiting our site today. We hope this guide about claiming for private healthcare data security breaches has helped. In this final part of our guide, we have listed some useful information from external sources. If you require anything further, please feel free to call us on the number above.
Independent Healthcare Services – Information about how the Care Quality Commission covers private healthcare providers.
Identity Theft – This guide from the ICO provides advice on how to reduce the risk of identity theft.
Anxiety Support – Anxiety UK are a charity that offers support to anybody suffering from various forms of anxiety.
Legal Helpline offers support for many different types of compensation claims. Therefore, we have added a few more of our guides below:
GDPR Data Breach Compensation Claims – check out our guide to GDPR data breach compensation.
Medical Data Breach Claims – find out more about medical data breach claims here.
Bank Data Breach Claims – if you’ve fallen victim to a bank data breach, this guide will help.
Thank you for reading our guide on claiming for a data breach by a private healthcare provider.
Guide by BH
Edited by REB