Medical data leak compensation claims

You can be entitled to make a claim for compensation with us on a No Win, No Fee basis for a medical data leak incident.

These kinds of breaches can be common. In fact, one of the most common types of individual cases that we take forward involve medical information being misused or exposed, and this applies to several of the group and multi-party actions we’re involved with. You should never suffer in silence and victims should know that they have the right to seek justice when medical information is subject to a breach. We know from first-hand experience just how devastating the damage can be for people.

If this has happened to you, read on for more advice and information about what you can do and how we might be able to help you.

Can you claim for a medical data leak?

You could be entitled to make a claim for compensation on a No Win, No Fee basis with us if you the victim of a medical data leak.

Most leaks happen by accident, or where there’s a consent issue. In a case like this, if we can establish negligence, that’s when you can be eligible to make a claim. If the leak is caused by an employee of an organisation, the organisation itself can be held vicariously liable. This means that you can claim directly from the organisation for the negligence of their employee.

Typical examples where you may be eligible to pursue a claim can include:

• Information being leaked by email or post – where it’s sent to the wrong person, for example;
• Medical data being disclosed without your clear and informed consent – perhaps to an employee, a relative or your partner;
• The sharing of information with other third-parties without consent or clear reason to do so;
• Data left unsecured that can be accessed inappropriately.

What can you claim for?

When you make a claim for compensation for a medical data leak, you can be entitled to receive compensation for the distress caused by the loss of control of your personal information.

The GDPR allows victims to be able to make a claim for such distress. When it comes to a matter as personal and sensitive as medical information, the distress that people can suffer from can be significant. This is precisely the kind of data that most people prefer to be kept confidential.

When we value medical data claims for compensation, we can look at factors such as:

• The precise nature of the data involved;
• How much information has been leaked;
• Who data has been leaked to.

Infamous group actions

Some of the most infamous group and multi-party actions that we’re involved with have stemmed from a serious medical data leak, such as:

• The 56 Dean Street Clinic Leak: in 2015, an email was sent to almost 800 users of an HIV service. To send the email, the CC function was used instead of the BCC function, which leaked everyone’s contact data and HIV identity to the other recipients;
• Charing Cross Gender Identity Clinic: in 2019, the clinic did the same thing as the 56 Dean Street Clinic but for almost 2,000 recipients;
• NHS Digital Consent Leak: where NHS patients who had specifically opted out of patient data being shared had their information shared without consent.

In many instances, leaks like this are seen as “human error” incidents but, in reality, they arise from preventable systemic failures. Employees should never be put in a position where they could leak medical data at all.

For more information about making a medical data breach compensation case, please see our specialist advice page here.