Lost Medical Records Data Breach Compensation Claims

Health care providers such as the NHS or private healthcare facilities are known as data controllers because they process your personal and sensitive data. This means they are legally obliged to protect certain kinds of data.

Generally for the most part health data is protected by data security laws in the UK. In some cases, lost medical data can have very serious consequences for your health. This guide looks at how medical records can be lost or exposed, in a data breach.

Lost medical records data breach compensation claims guide

Lost medical records data breach compensation claims guide

Your claim will be at least partially unique in some way. It might be similar to other claims but not completely identical. We tell you this because we can’t hope to cover every possible question in one short guide. But we want you to know that you can still get the answers that you need. All you have to do is phone and speak to our team on 020 3870 4868. or if you prefer, request a callback by using our contact form.

Select A Section:

What Is A Lost Medical Records Data Breach?

Much of the information contained in our medical records is classified as protected data under UK law. Furthermore, lost healthcare data means that records of our previous medical conditions and treatment are no longer available. It should not take much imagination to realise that lost medical records could result in negative consequences for your health. Especially if you suffer from conditions that need monitoring or medication and treatment.

This guide will look at how to start a data breach claim due to lost healthcare records. We will discuss how this data can be lost. We will also go over how you can find a good lawyer to help you claim data breach compensation in some cases.

Laws That Apply To Data

In the UK, we have laws that are in place, to protect certain types of data from unlawful processing or being accessed without authority. This consists, primarily, of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA).

Overseeing these laws, and compliance with them, is the Information Commissioner’s Office (ICO). The ICO can take action against any healthcare provider that contravenes these laws. You are also able to make a complaint about a data breach to the ICO, as a member of the public.

Data Covered By Law

Only your special category and personal data are protected. We have given some examples of each type of data below, so that you can better understand.

  • Personal data – some examples of personal data would include your name, date of birth, postal address, email address, and phone number. It would also cover your bank account information and details of your credit card or debit card.
  • Special data – a few examples would include your sexual preferences, your race or genome data, your religious beliefs, health data and your trade union membership.

Medical Data Breach Statistics

The ICO publishes data security trends each financial quarter and we used some of this to create the graph you can see below on the page. It shows how non-cyber security-related (human errors and mistakes) are common causes of data breaches in healthcare. The data period is the third fiscal quarter 21/22.

statistical graph dentist data breach

Data Incident Statistics For The Health Sector

Who Can Access Healthcare Records?

Access to your medical records is restricted. So just who has access to patients records? We have provided some examples below of those who may need to access your medical records:

  • Your GP and the staff at your GP surgery.
  • A psychiatrist or councillor who is providing you with mental health therapy.
  • A surgeon and surgical team when you undergo an operation.
  • Doctors and nurses at a hospital if you visit for emergency treatment.
  • Your dentist and optician.
  • A private healthcare facility.

How Lost Medical Records Could Happen

  • A digital device is lost or stolen and it stored your data.
  • A cybercriminal successfully breaches computer and network security and deletes your data.
  • Physical records can be dropped, lost or stolen.
  • Your medical records might be thrown away by mistake.

As a data subject, you have the right to make a data breach claim for compensation under the UK GDPR. However, just because you are a data breach victim does not automatically mean you are eligible to claim compensation.

This is where evidence is key. Firstly it must be established that the medical facility where your data was breached is actually at fault for the exposure. This would mean proving they did not follow data protection laws.

And secondly, you would need to show how you suffered because of the lost medical records. For example, did this affect your health and /or your finances?

Types Of Healthcare And Medical Records

As we have mentioned data protection laws in this country do not cover all the information that is processed about you. They cover personally identifiable data such as your name, phone number, address and DOB.

They also cover what is known as special category data. This is all information that tells something about you such as your health records, religious affiliation, and trade union membership. When a medical facility processes this type of data about you they must protect it and keep it secure.

A medical data breach could affect any of these types of data. Medical records that are lost may never be found. Additionally, this does not only mean that your data has been breached but it could also mean that vital medical information is no longer recorded having further effects on your health.

How Lost Medical Records Could Affect You

Lost medical records could have significant consequences on your health. For example, imagine that you are known to be severely allergic to certain medications. If your medical records are lost, a doctor treating you won’t know about this when prescribing medication.

Another example would be your mental health records being lost. If you have undergone potentially years of therapy, the notes taken by your therapist could be lost. This could cause a significant setback.

Lost Medical Records Data Breach Compensation Amounts

The case Vidal-Hall and others v Google Inc was heard in the Court of Appeal in 2015. This claim was a success. The claimants won compensation for mental hardship, even though they had not lost out financially.

It is not possible to give an average amount of compensation you might get if you win a claim for a lost medical records data breach. However, the table below provides you with actual examples of ranges of compensation for different mental health problems. Non-material damages might make up part of your claim. We used the updated 2022 Judicial College guidelines to make this table. These guidelines are referred to by the legal system to value injuries.

You may also be able to claim for material damages. To cover financial losses you suffered due to the data breach itself, or while dealing with the claim. You can call and talk to our claims team to learn more about claiming material damages.

Psychological Injury Notes Severity Level Potential Damages
Psychological Injury The person will suffer with all areas of life including work, education, social life and relationships. There is little chance of recovery. Severe £54,830 to £115,730
Psychological Injury This category differentiates from above because with professional help the prognosis is a little brighter. Moderately Severe £19,070 to £54,830
Psychological Injury There is a good chance of recovery in this category especially by the time the case is heard in court. Moderate £5,860 to £19,070
Psychological Injury When determining the amount of compensation for mental harm, the severity and duration of the harm must be considered. Less Severe £1,540 to £5,860
(PTSD) Post-Traumatic Stress Disorder The chances if returning to a pre-trauma state are very slight. Severe £59,860 to £100,670
(PTSD) Post-Traumatic Stress Disorder There will need to be professional help if any recovery is likely to happen. Moderately Severe £23,150 to £59,860
(PTSD) Post-Traumatic Stress Disorder Since the patient has nearly recovered, any remaining symptoms shouldn’t have an adverse effect on them. Moderate £8,180 to £23,150
(PTSD) Post-Traumatic Stress Disorder After two years of suffering from PTSD, the significant symptoms would be recovered from. Less Severe £3,950 to £8,180

Contact Us If Your Medical Records Were Lost In A Data Breach

A No Win No Fee agreement can be used to fund the services of a data breach solicitor. What does this mean?  Firstly, there is no upfront payment to a solicitor under this agreement. A Conditional Fee Agreement CFA would be signed to make this official. Then you would only pay a success fee, which is capped by law, to your solicitor if the case was won. For whatever reason, the case may fail you would not pay this success fee to the solicitor.

Our expert advisors can help you further:

Telephone number: 020 3870 4868

Contact form and webchat

Healthcare Data Breach Resources

Useful links.

These links have useful additional information,

Personal Data Breaches Explained

Data Protection: A Guide

Complaining About A Data Breach

HIV Data Protection Breach – Can I Claim Compensation?

More guides for you.

Optician Data Breach Compensation Claims

Dentist Data Breach Compensation Claims

Who Can Claim After A UK GDPR Breach?

How To Claim For The Unauthorised Access To Patient Medical Records In The UK

Writer CE

Checked by IE.