Medical breaches hit the headlines
The issue of medical data breaches has hit the news again due to the actions of two medical workers.
Medical data breach due to inappropriate use of patient information
In the first case, a medical worker has been suspended from a hospital in Kilmarnock after it was alleged that he inappropriately accessed patient records and contacted some female patients using the information he stole.
With medical data breaches often having severe consequences for those affected, patients of Crosshouse Hospital in Kilmarnock may now have a claim for compensation.
It is claimed that the man used the information to contact a number of women who attended the X-ray department at Crosshouse Hospital. The breach occurred between April and September this year.
One of the women affected told BBC Scotland that she had "received a couple of messages saying 'hello' from an unknown number a few months ago" but that she didn't know who the messages were from as she didn't respond. However, she has since received a letter from the NHS, telling her about the breach.
She has said that she is "absolutely livid that someone had done this, and that it was allowed to happen". She also says that she has "no faith in the hospital, especially with confidentiality."
Police Scotland have confirmed they are investigating the claims and NHS Ayrshire and Arran are looking into the breach.
Commenting on the alleged incident, a spokeswoman for the hospital said: "NHS Ayrshire & Arran has been made aware of a member of staff inappropriately accessing patient records. This individual is currently excluded from work.
"We are currently investigating and are contacting a number of patients to ascertain the extent of this breach. We wish to apologise to anyone affected by this. We take patient confidentially extremely serious and will ensure a full investigation is conducted.
"We are working closely with Police Scotland and the Information Commissioner's Office (ICO). As this is an ongoing police investigation, we are not able to confirm any further details."
Medical data breach due to employee reading patient information without consent
In the second case, the ICO has fined a former GP surgery secretary for reading the medical records of 231 patients without any good reason or consent.
The former trainee secretary has admitted unlawfully reading the records of patients of Fakenham Medical Practice in Norfolk for two years; despite having been trained in the legal and ethical requirements for patient confidentiality.
An investigation into the data breach by the surgery found that the woman had accessed the records of colleagues and their families, her own relatives, friends and acquaintances and members of the public.
Due to breaching the Data Protection Act the woman was fined £350 and was also ordered to pay costs of £643.75 and a victim surcharge of £35.
What are we seeing?
At Hayes Connor, we have noticed an increase in enquires from clients who have been the victim of a health care data breach. Worryingly, while these breaches are avoidable the health authorities and their legal advisers do not understand the considerable distress and harm caused by such violations.
In our experience, in three out of five cases psychological trauma is caused by the data breach which requires the victim to undergo treatment such as counselling. What's more, in two out of fives case there is a significant knock-on effect which results in family members also becoming affected.
What can you do?
The healthcare sector handles some of our most sensitive personal data, and, as patients, we have the right to expect this will be looked after. However, all too often this isn't the case. The UK health sector accounts for nearly half of all data breaches, with the number of incidents rising year-on-year.
Where a breach occurs, the ICO can respond with actions such as financial penalties and prosecutions
Furthermore, if you have suffered damage or distress caused by this, or any other medical or other healthcare organisation breaching any part of the Data Protection Act, you have a right to claim compensation.
At Hayes Connor Solicitors we have extensive experience in this area and are currently working on another case in which a data breach occurred due to a third-party accessing medical records.
If you are in any way concerned that your data has been breached you should let the ICO know. You can report a personal data breach here.