nhs digital data breach

Major NHS data breach revealed

It has been revealed that 150,000 patients have had their confidential data used without consent. The shocking breach comes just one month after the GDPR placed new data protection obligations on organisations operating in Europe.

If you are affected, you may be able to start a claim for compensation.

What happened?

In this case, confidential personal data –given on the basis that it was to be used to provide medical care – was exploited for clinical audit and research purposes by the NHS, without the consent of patients.

It is understood that the breach occurred due to a software error which failed to correctly record objections to patient data being used for research purposes. Software developer TPP has “apologised unreservedly” for the mistake and has said that it is working with NHS Digital to fix the error.

NHS Digital has informed the Information Commissioner’s Office (ICO) and the National Data Guardian for Health and Care, and investigations are now taking place.

Have you been affected by the NHS data breach?

All GP practices using the software have been contacted to make sure they are aware of the issue. Likewise, any patients affected will receive a letter from NHS Digital. However, while there is no risk to patient care, if the thought of your data being used in a way you did not agree to has caused you distress, you should start a claim for compensation.

Healthcare breaches are on the rise

Healthcare is rapidly going digital. And, this online information revolution has seen most organisations move away from paper record keeping. However, as our health and social care system becomes digital, it is vital that there are adequate and robust protections in place to secure the data and information held within it. And that healthcare staff have the knowledge and ability to handle such data securely.

In reality, over the last few years, healthcare has proved a lucrative target for hackers, leading to a rise in medical data breaches. In fact, one in 13 patients will have their records stolen after a healthcare provider data breach.

While in this case it was a software error that led to the data being misused, the distress felt by patients is just as concerning.

How can you start a claim for compensation?

If you have objected to your data being shared by NHS Digital for any purpose other than your individual care (type 2 objections), you may have a claim for compensation. The objections not upheld were made between March 2015 and June 26th 2018.

If you have suffered damage or distress caused by a medical or other healthcare organisation breaching any part of the Data Protection Act, you have a right to claim compensation.

At Hayes Connor Solicitors, we’ve been helping people to do just that for over 50 years, so we know what it takes to make a successful medical data breach compensation claim.

With strict-time limits in place for making most compensation claims, if you want to achieve maximum recompense in the minimum amount of time, it’s essential to act now.

Start a claim for compensation

, , ,

Can you make a data breach claim against the Bayswater Medical Centre?

The Bayswater Medical Centre has been found guilty of a serious data protection breach. The London based GP and healthcare provider has been fined £35,000 by the Information Commissioner’s Office (ICO) after it left highly sensitive medical records, registration forms and repeat prescription information unsecured in an empty building for a year and a half. The data was left on decks, in unlocked cabinets, on windowsills, and in bins.

With medical data breaches often having severe consequences for those affected, patients of the Bayswater Medical Centre may now be able to claim compensation.

What happened in this case?

The breach occurred after the Bayswater Medical Centre vacated a practice but continued to use the building for storage. The failure to protect sensitive patient data was only discovered after another GP practice visited the site to take over the lease.

Perhaps most worryingly, despite repeated warnings from the new surgery and a local Clinical Commissioning Group, Bayswater Medical Centre did nothing to collect and secure the sensitive information.

Concerns were escalated to NHS England (NHSE). And, when officers investigated the building, they found that “it would have been apparent to anyone looking through the window that the premises were abandoned and patient files left littered throughout the premises with windows left ajar with potential access”. Medical records were also left on a windowsill, with the blinds not closed and the window not secure. NHSE also reported that the building was secured by a single lock, and had no other physical security measures such as an alarm. In fact, just one week after the records were eventually removed, the building was broken into.

What was the result of the investigation?

The ICO has called the breach a “serious contravention” of data protection legislation that could lead to serious damage and distress for victims. In fact, the ICO said that any concerns by patients went beyond mere irritation and that fears about data falling into the wrong hands were understandable – even if such fears didn’t actually happen. As such, the ICO found that the severity of the breach merited a £35,000 fine.

What can you do?

While the ICO has the power to impose hefty fines on organisations who fail to meet their data protection obligations, it does not award compensation to victims. But, once an organisation has been found guilty by the ICO – as in this case – you can use that information to support a data protection compensation claim.

What’s more, it doesn’t matter that the data remained secure in the building and didn’t fall into the hands of criminals. If the data breach has caused you stress or anxiety (in a way that could be diagnosed by a psychologist), then the law agrees that you are entitled to compensation.

If you registered with Bayswater Medical Centre before July 2015 (even if you have since moved to another practice), and are concerned that your data was treated negligently, contact Hayes Connor Solicitors immediately. We can help you to claim the maximum amount of compensation in the minimum amount of time, on a no-win, no-fee basis.

Before the General Data Protection Regulation came into force in May 2018, organisations were not obligated to tell individuals if their data was breached, so, you may not know if your medical records were put at risk. But if you are in any doubt, it’s worth finding out, and we can do this for you.

With strict-time limits in place for making most compensation claims, if you want to achieve maximum recompense in the minimum amount of time, it’s essential to act now.