News & Resources

How secure are your medical records?

  • Posted on

The healthcare industry holds the largest amount of personal data on any one individual. And, a rise in digital and mobile technologies is only making the sector more vulnerable when it comes to cybercrime and data breaches. So what do we know about medical data breaches?

In October alone, three UK hospitals were hit by serious data security incidents:

  • A data breach at Bolton NHS Foundation Trust saw the personal details of 425 pupils from two Greater Manchester secondary schools 'misplaced'. The privacy violation occurred when the school nursing service transferred records of children moving from primary to secondary school
  • A data error at Norfolk and Norwich University Hospital resulted in the personal details of 11 patients being sent to the wrong address
  • A breach at North Devon District Hospital saw a patient's voicemail message, containing personal patient details, becoming the hospital's answerphone message. Because she had provided her phone number in her message, she was subsequently inundated with calls from patients giving details about their health problems.

What are our data breach experts seeing?

At Hayes Connor, we are seeing a significant rise in the number of people contacting us following a data breach at a hospital or GP practice. And, in the most part, these medical data breaches haven't been caused by human error or cybercriminals. Instead, many privacy violations are happening due to healthcare staff deliberately and inappropriately accessing patient medical records.

In most cases, patients are finding out that their personal information has been accessed following internal audits at the hospital/medical practice. This is because, once a breach is discovered, healthcare organisations are legally obliged to tell anyone who has been affected. Others have found out after suspecting a privacy infringement and complaining to the relevant healthcare provider.

Why are people looking at your medical records?

For the most part, healthcare professionals will only access your records when they have a good reason to do so. For example, when providing you with medical care. But people are also inherently curious. Especially when it comes to their friends, families and neighbours. So, in a large number of cases, where data has been erroneously accessed, it has been done by relatives/people known to patients.

But whether this is done with good intentions, to be nosey or with malicious intent, this is a serious breach of data protection law.

Medical data breach cases

In one high-profile breach, more than 2,000 confidential hospital patient records were accessed by an employee at Wigan hospital who had no legitimate reason to read the files and was not permitted to do so. As a result of this incident, the Information Commissioner's Office (ICO) has launched a criminal investigation.

In another case, our client had her medical records unlawfully accessed by her ex. She only found out after she was informed by a mutual friend that her ex-partner had illegally obtained her medical records. He could do this because he was employed by a local NHS Trust. The breach revealed our client's new home address and contact details to her ex. He was also able to establish every time she had received services provided by the NHS Trust. Because of this data breach, our client suffered significant stress and anxiety.

Who is at fault?

Nobody wants to sue the NHS. It does a great job under challenging circumstances. But something has to be done to make healthcare organisations accountable for any harm they help cause.

Commenting on the increase in medical data breach enquiries we are receiving, senior solicitor at Hayes Connor Christine Sabino said:

"I've seen first-hand just how distressing a medical data breach experience can be. Especially when personal and highly sensitive information is accessed by someone the patient knows. The consequences on a person's homelife, mental health and wellbeing can be devastating.

"Of course, it's easy to blame the individual who looked at the records. But there must be robust protections in place to stop such violations from being possible. Furthermore, all healthcare staff must have training to ensure that they fully understand how to handle data securely, and the consequences of breaching their professional obligations."

What can you do if your medical information has been breached?

If you have received a letter from your doctor or hospital letting you know that your data has been breached, you could be entitled to compensation.

At Hayes Connor, our expert solicitors deal with a significant number of medical data breach cases. During our work, we see many different types of claims. So, we understand how medical data breaches can affect people in different ways.

Our professional, friendly team will advise you on whether you have a valid claim against a medical or healthcare organisation. If you are not sure whether your sensitive medical information has been misused or mishandled, we can find this out for you.

If we believe you have a substantial case, we may be able to act on a NO WIN, NO FEE basis. Crucially, you have a right to claim compensation for a privacy violation, even if you haven't suffered as a result.

Contact ustoday for a free initial assessment.

Contact us