My Medical Records Went Missing – Could I Claim Data Breach Compensation?

In this guide, we shall discuss whether your medical records going missing are considered a personal data breach. As you will see, there are two main pieces of legislation in the UK that govern the protection of personal data. Health data is considered a type of personal data that needs extra protection. Throughout this guide, we shall examine what criteria must be met in order to make a personal data breach compensation claim. 

Medical records went missing

My medical records went missing, can I claim?

In this guide, we’ll look at some of the instances in which the security, confidentiality, or integrity of a person’s health data could be compromised. We’ll also look at the  Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (UK GDPR), and how they govern data protection for residents of the UK.

Here at UK Law, we can asses any lost medical records data breach claims for free. We have a team of experienced advisors that can help you with your claim, from providing free legal advice to putting you in touch with a solicitor from our panel.

To contact us:

Select A Section

  1. Types Of Medical And Healthcare Records
  2. How Could You Be Impacted If Your Medical Records Went Missing?
  3. Examples Of How Your Medical Records May Be Lost
  4. Can You Claim If Your Medical Records Went Missing?
  5. What Could You Claim if Your Medical Records Went Missing?
  6. Contact UK Law If Your Medical Records Went Missing

Types Of Medical And Healthcare Records 

There are a variety of types of medical and healthcare documents that may contain personal and special category data. For example, these could include:

  • Test results
  • Emails scheduling appointments, 
  • Scanned records
  • Consent forms
  • Laboratory results 
  • X-Ray films
  • Handwritten clinical notes

Personal data is information that could identify you. If an organisation holds your personal data they become what is known as a data controller and have a legal obligation to protect your personal data. The UK GDPR and DPA define health data as a type of personal data and is also known as special category data. This kind of personal data requires extra protection because of the sensitive nature of the information.

If the confidentiality, availability, or integrity of your personal data is compromised in a security incident, this is a personal data breach. However, a breach must occur due to an organisation’s failings to make a claim. You must also suffer harm as a result of the breach.

Contact us today for more information on who could be eligible to claim for a personal data breach.

How Could You Be Impacted If Your Medical Records Went Missing?

Medical records can contain extremely personal information, and it is for this reason that they need extra protection. If your medical records went missing, this may have caused significant harm to you.

For example, lost medical records could lead to psychological injuries such as distress, anxiety, and depression.

It can also impact you financially. For example, if you paid for your treatment via a bank card and this data was compromised in a data breach it could leave you vulnerable to fraud, identity theft, damage to credit scores and more. 

We have a team of advisors that can provide you with advice and guidance on your claim. They can also provide an assessment of your claim. This service is available 24 hours a day, 7 days a week. 

Examples Of How Your Medical Records May Be Lost

Data breaches happen for a variety of reasons, from cyberattacks to human error. However, as we mentioned earlier, not all cases of a lost medical records data breach will form a valid claim. To form a claim, you must prove that the breach was a result of wrongful conduct on the part of the data controller or processor. You must also suffer harm to claim.

Some examples of how medical records data breaches could happen include:

  • Sending information to the wrong recipient: For example, if a fax containing your medical records was sent using the wrong pin code, arriving at the wrong machine. Or, if an email containing your medical records goes to the wrong email address, this could result in a personal data breach.
  • Lost or stolen devices: Devices such as mobile phones, laptops, or hard drives containing your medical records could be stolen or lost if the proper physical security measures aren’t in place. Additionally, these devices should have proper password protection to ensure that information is not easily accessible to unauthorised people.
  • Ransomware attacks: Ransomware is a kind of malware that infects a device and holds the information for ransom by encrypting it and rendering it inaccessible to the original user. The cybercriminals behind the scheme then demand an amount of money for the return of the information.

For more information on how medical records might go missing, contact our advisors.

Medical Data Breach Statistics

The Information Commissioner’s Office (ICO) publishes quarterly statistics regarding data security incident trends. According to these statistics, 427 data security incidents occurred in the health sector in Q4 of the 2021/22 financial year. Of this number, 400 incidents were non-cyber, with the remaining 27 incidents attributed to cyber incidents.

Can You Claim If Your Medical Records Went Missing?

In terms of claiming for a personal data breach, your case must meet the criteria set out in the earlier sections. If the breach could threaten your rights or freedoms, the organisation responsible must inform the ICO within 72 hours. Furthermore, they must alert you without undue delay. Keeping a record of this confirmation may help to strengthen your claim.

However, if you don’t receive notification but still believe there has been a breach of your personal data, you can contact the organisation yourself. If they do not reply, or if their response is unsatisfactory, you can make a complaint to the ICO.

You cannot make a claim through the ICO, and they cannot provide compensation. However, they may open an investigation into the breach. Similarly, if the organisation is found to be responsible, the ICO can impose a fine.

Contact our advisors to learn more about claiming personal data breach compensation if your medical records go missing.

What Could You Claim if Your Medical Records Went Missing?

When making a personal data breach claim, the compensation you may pursue can be split into non-material and material damage.

Material damage aims to provide compensation for the financial impacts of a personal data breach. For example, a breach of your credit card details may lead to fraudulent loans, charges to your credit or debit cards, and damage to your credit score.

Non-material damage addresses the psychological impacts of a personal data breach. For example, you may suffer stress, anxiety, or depression following a breach of your medical records.

You can find some compensation brackets for non-material damage amounts in the table below. The information and figures present in the table have been taken from the Judicial College Guidelines (JCG) 16th edition, published in 2022. The JCG can also be used for medical negligence, accident at work, and personal injury claims.

Psychological Harm Compensation Brackets Description of Injury
Psychological Injury: Severe £54,830 to £115,730 A large and permanent impact on a person’s daily life, with a poor prognosis.
Psychological Injury: Moderately Severe £19,070 to £54,830 Similar issues to the case above, however, the prognosis may be more optimistic.
Psychological Injury: Moderate £5,860 to £19,070 Significant improvement of symptoms by the time of trial is reflected in the prognosis.
Psychological Injury: Less Severe £1,540 to £5,860 Consideration is given to remaining effects, such as disturbance of sleep.
Anxiety Disorder: Severe £59,860 to £100,670 A severe and permanent effect preventing function at the pre-trauma level.
Anxiety Disorder: Moderately Severe £23,150 to £59,860 Significant issues with daily life, but a brighter prognosis due to some chance of recovery with professional help.
Anxiety Disorder: Moderate £8,180 to £23,150 No grossly disabling effects following a large recovery.
Anxiety Disorder: Less Severe £3,950 to £8,180 Only minor symptoms remain following a recovery within 1-2 years.

Previously, non-material damage awards were only available to those who claimed for material damage simultaneously. However, following the ruling of Vidal-Hall and Others v Google Inc [2015], claimants may receive non-material damage alone or in conjunction with material damage awards.

These figures are guidelines only. For a free estimate of what your claim could be worth, we advise that you contact our team today.

Contact UK Law If Your Medical Records Went Missing

While it can be daunting to begin a personal data breach claim following your medical records going missing, our panel of solicitors can help. Our panel offer legal representation under a type of No Win No Fee arrangement that is also known as a Conditional Fee Agreement (CFA).

Seeking legal representation under a CFA usually means that there are no upfront fees to pay and no ongoing costs. Should your claim be successful, you will pay your solicitor through a legally capped percentage of your compensation. This percentage is a success fee and will be agreed upon beforehand to prevent any surprise costs. However, if your claim does not succeed, you will not pay this fee.

Our advisors can provide free legal advice and more information on how a solicitor from our panel could help you. To get in touch today:

Resources To Support You If Your Medical Records Have Gone Missing

For more helpful guides:

For more information:

Contact us today, for any additional information on what steps you can take to make a data breach claim for your medical records going missing. 

Writer ZS

Checked by HP