Home / News & Resources / News & Updates / Claiming for unauthorised access to patient medical records in the UK

Claiming for unauthorised access to patient medical records in the UK

  • Posted on

There are important boundaries that medical professionals must follow when handling your medical records. Associate Mo Hussain explains what unauthorised access to patient medical records involves and what you can do if your data is compromised.

Unfortunately, there have been many instances of unauthorised access to patient medical records in the UK. Whether it is the result of staff negligence, inadequate security measures, or third-party interference, many patients have seen their medical records compromised, causing substantial damage and interference.

If you are the victim of inappropriate access to your medical records, you may be able to make a claim for compensation.

In this article, we will explore this and more, including:

  • What is unauthorised access to patient medical records?
  • Can someone access your medical records without your permission?
  • What could someone do with patient medical records?
  • Can you sue someone for looking at your medical records?
  • Can you sue for a breach of medical records?
  • What can you claim for if your patient medical records have been accessed?
  • What should you do following the unauthorised access of your patient medical records?
  • How Hayes Connor can help if you are the victim of inappropriate access to medical records

What is unauthorised access to patient medical records?

Unauthorised access to patient medical records in the UK will involve medical data being unlawfully accessed by anyone who is not required to process said data in their daily role.

Staff and patient access to medical records is strictly controlled, due to the sensitive nature of the corresponding data, meaning healthcare organisations are legally obligated to reduce any inappropriate access.

In addition, there is a clear procedure that needs to be followed when someone seeks to exercise their patient rights to their medical records, which is designed to reduce the risk of unauthorised access.

Unauthorised access to patient medical records can occur for several reasons:

Cybercrime

The extremely sensitive nature of patient medical records means that they are often a valuable target for cybercriminals. If a healthcare organisation does not have sufficient security policies in place, this could lead to patient medical records being stolen.

The organisation that failed to protect the medical records would ultimately be responsible for such a data breach.

Human errors

While the policies regarding patient medical records and personal information are clear cut, this does not account for the possibility of human error taking place. A mistake as simple as the wrong email being sent, or a password being shared with the wrong person, could result in inappropriate access to medical records.

Where a mistake like this occurs, resulting in patient access to medical records being compromised, the results could be just as damaging as a nefarious cyber attack.

Physical theft

There is a chance that inappropriate access to medical records could be the result of physical theft. While patient access to medical records should be extremely limited, and carefully monitored, an error as simple as a folder being misplaced, or records not being correctly destroyed could be incredibly damaging.

Can someone access your medical records without your permission?

Under normal circumstances, someone should not be able to access your personal medical records without your permission. To do so, they must:

  • Have a legal basis for accessing a patient medical report
  • Be in a position where they are acting on behalf of another person, and with their authorisation
  • Have a power of attorney to access their medical records

The only other way someone may be able to access your medical records is via illegal means, or if they were mistakenly sent medical records following a human error.

What could someone do with patient medical records?

Due to the sensitive nature of patient medical records, cybercriminals, or any other individual, can potentially take a number of actions.

A common tactic taken by cybercriminals is to hold the data they secure ‘ransom’. If the healthcare organisation that originally held the patient medical records does not pay the ransom demanded (which is often the case), they information could then be potentially leaked on to the dark web.

If any personal data is included in the patient medical records which are stolen, there is a risk that you could be susceptible to phishing attacks. These will be designed to extract further personal information.

If a phishing attack is successful, this could result in you giving away information that include sensitive financial records.

Can you sue someone for looking at your medical records?

It may be possible for you to sue someone for looking at your patient medical records. This is if it can be shown that:

  • You were directly affected by the breach of the data
  • The breach resulted in financial and/or emotional harm
  • The breach was caused by a healthcare organisation’s failure to uphold security measures

Can you sue for a breach of medical records?

You may also be able to take action for unauthorised access to patient medical records in the UK, even where a breach was caused by a third party.

All organisations in the UK are legally obligated to have certain measures in place which prevent any cybercriminals from being able to access sensitive personal information, including the NHS.

Making a claim against the NHS for the breach of your patient medical record may be a difficult decision. However, they are equally responsible as anyone else for mistakes, which means you may be able to sue them for damages if your records are accessed.

What can you claim for if your patient medical records have been accessed?

If your patient medical records have been accessed by an unauthorised third party, you could be able to claim compensation. Compensation could be used to help cover any direct financial losses you have experienced, as well as the distress caused.

Financial losses

Patient medical records do not exclusively relate to medical conditions. They also often include personal identifiers which could be used to carry out financial and identity theft. With enough information, someone could go as far as to apply for credit in your name, create a fraudulent bank account, or access any accounts you already have set up.

Distress

Even in situations where you may not have experienced any direct financial losses after your patient medical records have been accessed, you could still make a claim for compensation.

If your medical records are stolen, this is likely to be a very stressful situation and can have a major impact on both your mental and physical health. A lack of sleep, feeling ill, and being stressed are all common side effects of your patient medical records being accessed by an unauthorised third party.

What should you do following the unauthorised access of your patient medical records?

If you are aware that unauthorised access to your patient medical records has taken place, there are several actions you should take as soon as possible.

Report to the ICO

If you are aware of inappropriate access to your medical records, you should make the Information Commissioner’s Office (ICO) aware. A report from the ICO can be used to support your claim.

Change your credentials

It will be sensible to update any of your credentials if you believe they may have been compromised. This is likely to prevent further issues from taking place.

Speak to a data breach solicitor

A data breach solicitor will be in a strong position to advise you if your medical records have been accessed.

At Hayes Connor, our team can meet with you to discuss your situation and the impact it has had. If we think that you have grounds to bring forward a claim, we can take you through the next steps and tell you what sort of compensation you could be entitled to make a claim for.

How Hayes Connor can help if you are the victim of inappropriate access to medical records

If your patient medical records have been accessed without your permission, our team may be able to help you in making a claim. We act for clients on a no win, no fee basis, removing the financial risk of pursuing claims related to stolen medical records.

We are one of the largest teams of data breach claims specialists in the country, with a wealth of combined experience and expertise in supporting clients from a wide range of backgrounds. Our team can provide carefully tailored advice on whether you will have grounds to make a claim, the level of compensation you may be entitled to receive, and what steps need to be taken.

We want to ensure that anyone affected by the unauthorised access of patient medical records in the UK can access the compensation they deserve, while also making the entire process as straightforward and stress-free as possible.

You can find out more about our expertise and how we handle data breach claims here.

To start a claim, you can use our online claim form and we will get back to you shortly to let you know if we believe you have grounds for compensation.

If you would like to speak to a member of our team, please do not hesitate to give us a call on 0330 041 5139.