By law, all therapists and healthcare providers must safeguard your personal information. But sometimes, they fail to keep medical records private and secure. If you are harmed because other patients accessed your data or it was lost or otherwise compromised, you might be entitled to claim compensation. To illustrate, you’ll find a therapy treatment data breach compensation case study below where a payout of £8,500 was awarded after other patients or clients accessed the compromised data.
In the following sections, we outline the eligibility criteria for making a data breach compensation claim. After this, our guide looks at what damages you could be compensated for and how it could be calculated. We explain some proactive steps you can take to reduce the impact of a data breach and prove your claim. The final section explains how a data breach solicitor from our panel could help.
Medical data breach compensation claims can be complex, so don’t hesitate to connect with our friendly advisors for free guidance at any point. Also, they can offer a no-obligation case check when you:
- Call them on 020 8050 3051
- Contact us via our website to chat about your claim.
- Use the discussion window to ask anything.
Jump To A Section
- Are You Able To Claim Compensation For A Therapy Treatment Data Breach?
- Therapy Treatment Data Breach Compensation Case Study: £8,500 Payout
- What Can Be Awarded For A Medical Records Data Breach?
- What Could You Do After A Data Breach?
- Make A Data Breach Claim With A No Win No Fee Solicitor
- More Information About Claiming For A Therapy Records Data Breach
Are You Able To Claim Compensation For A Therapy Treatment Data Breach?
Personal data is classed as any information that might reveal or infer your identity. This includes your name, home address. mobile and email address. In addition to this, certain personal data such as medical records are more sensitive and are classed as special category data. Information like this is given extra protection.
The two main groups who use personal data are called controllers and processors. The controller gathers the data for a specific purpose and the processor works with it on their instruction as part of the same organisation or in an out-sourced capacity.
Both groups need to comply with the data processing regulations set out within the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA). Accidental or deliberate failure to comply with these laws can create a security incident that leads to a personal data breach.
The Information Commissioner’s Office (ICO) is an independent watchdog that enforces and upholds data protection law in the UK. They define a personal data breach as an incident that prompts the unlawful or accidental destruction, loss, alteration, unauthorised disclosure or access of personal data.
With this in mind, to have eligible grounds to start a claim for a therapy treatment data breach, you need to prove the following:
-
- The data controller or processor failed to adhere to data protection laws, resulting in a security incident (known as wrongful conduct).
- Your data was compromised in this security incident.
- As a consequence, you suffered financially or psychologically.
What Are Potential Examples Of A Therapy Records Data Breach?
Some examples of how patients could see your personal data because of wrongful conduct:
- A physiotherapist left your personal file on a desk revealing your medical conditions to other patients. This caused you significant worry and distress.
- A therapy clinic failed to upgrade software security and an avoidable hacking incident compromised your payment details.
- Your personal data was shared without consent with others in a group email when a therapist attached your medical information to the wrong recipient. This resulted in you experiencing emotional distress and financial harm.
These are just a few examples. To discuss your case in particular, it’s best to get in touch. Next, our case study explores how personal data could be compromised, the potential consequences, and the amount of damages that might apply.
Therapy Treatment Data Breach Compensation Case Study: £8,500 Payout
Please note: This case study is for illustrative purposes only.
Mr Blake was in the middle of a private physiotherapy treatment plan after a cycling accident. During his time with the clinic, he became aware of an increase in unwanted emails and cold calls. He found this very stressful. Additionally, he started to receive phone calls where he could hear someone on the other end of the line but couldn’t make out what they were saying, as well as receiving unwanted post.
After looking into the matter, he discovered that the staff at the physiotherapy clinic had disposed of his paperwork incorrectly. Other patients were able to find his records in a bin and used them to sign him up for various items as well as make prank calls to his mobile phone.
Because of this human error, Mr Blake suffered significant anxiety and damage to his income. A solicitor took up his case and was able to negotiate a £8,500 settlement when the clinic admitted liability. This covered both Mr.Blake’s financial losses, as well as compensation for the distress caused to him.
Again, this therapy treatment data breach compensation case study is just an example. But to find out if you could receive similar help, get in contact with a member of our advisory team.
What Can Be Awarded For A Medical Records Data Breach?
After reading our therapy treatment data breach compensation case study, you may wonder what damages a settlement will cover. Two areas can receive compensation in a successful data breach claim.
The emotional and psychological harm is referred to as non-material damage. It covers general stress and other diagnosed mental health conditions such as anxiety, depression or post-traumatic stress disorder (PTSD). To clearly establish this, it might be necessary for you to sit for an independent psychological assessment.
Those responsible for working out compensation can use this medical evidence. They can also consult the Judicial College Guidelines (JCG). This publication provides guideline compensation amounts for various types and degrees of physical and psychological harm. Below is a brief excerpt to illustrate.
Importantly, they are only general guidelines as every claim varies. Also, our first line entry was not taken from this source:
Compensation Guidelines
Type | Severity | Guideline | Notes |
---|---|---|---|
Severe Psychological Harm and Material Damage | Severe | Up to £500,000+ | This reflects severe multiple types of harm and material damage amounts for lost earnings, counselling and fraud. |
General Psychological Harm | (a) Severe | £66,920 to £141,240 | A very negative prognosis and permanent significant challenges across all areas of life. |
(b) Moderately Severe | £23,270 to £66,920 | A more positive prognosis than above but still long-standing disabilities remain, stopping a return to work. | |
(c) Moderate | £7,150 to £23,270 | A distinct level of improvement and a good prognosis indicated. | |
(d) Lesser Severity | £1,880 to £7,150 | Awards here reflect the duration of the disability. | |
PTSD | (a) Severe | £73,050 to £122,850 | Permanent trauma symptoms that halt any ability to function as before. |
(b) Moderately Severe | £28,250 to £73,050 | A degree of recovery after professional help but still a significant level of disability for the foreseeable future. | |
(c) Moderate | £9,980 to £28,250 | Largely a recovery with any continuing effects not considered grossly disabling. | |
(d) Lesser Severity | £4,820 to £9,980 | Within 12 - 24 months almost a full recovery is seen and only minor issues persisting past this. |
Claiming For Material Damage
The financial losses you encountered after a therapy treatment data breach are referred to as material damage. Here are some examples of material damage and the supporting documentation you would need to get compensated:
- Invoices for any psychotherapy to help you cope or recover.
- Proof of relocation expenses, such as invoices from movers and a bank statement showing how much rent you had to pay upfront.
- Invoices and receipts for costs related to security. For example, a receipt for a doorbell camera installation.
The consequences of a data breach in healthcare, can be far-reaching. Connect with the team to access the best advice about your potential claim.
What Could You Do After A Data Breach?
Once you discover a breach in your data, you should take action to assemble proof that backs up your claim, such as:
- Keeping any letter or email from the healthcare provider telling you that your personal information was compromised. By law, you must be notified of data breaches that have the potential to jeopardise your freedoms and rights.
- Contacting the therapist or clinic and ask them to look into the suspected data breach.
- If you receive an unsatisfactory response, within three months of your last significant correspondence with them on the matter, you can raise your concerns with the ICO.
- The ICO does not award compensation but they might investigate. If so, its findings may also bolster your claim.
- Collect evidence of your psychological harm, such as your medical records. Or a confirmed diagnosis from a mental health professional/psychiatrist.
- Retain all proof of your associated financial losses such as bank statements and payslips.
An advisor can discuss what items you could collect as evidence to support a data breach compensation claim. Call today.
Make A Data Breach Claim With A No Win No Fee Solicitor
Finding out if your data breach claim is valid doesn’t cost anything. Our advisors can determine eligibility in one phone call. They could then connect you with a data breach solicitor from our panel who will help you gather evidence, negotiate the best settlement and submit your claim on time.
Our panel offer their services through a Conditional Fee Agreement (CFA). This is a way of providing legal services on a No Win No Fee basis. It generally means you will not need to pay any initial fees for their work on your data breach case. Or any fees for their ongoing services as the claim develops.
What’s more, you will not have to pay them for their completed work if the claim fails. A small (and legally capped percentage) called a ‘success fee’ only needs to be paid if the claim is a success.
With the help of a solicitor, you could get a much higher compensation award if the claim is a success. Interested?
- Call the team 020 8050 3051
- Contact us via our website.
- Or use the live chat box below to discuss how the therapy treatment data breach compensation case study relates to your case.
More Information About Claiming For A Therapy Records Data Breach
As well as this therapy treatment data breach compensation case study, these other guides may help:
- How do GP data breach claims work?
- Information on time limits for data breach claims.
- Also, advice after accidental destruction of your data caused a breach.
External resources:
- Useful tips on how to stay safe online from GOV.UK
- Some guidance for families and individuals from the NCSC.
- Your right to get data corrected from the ICO.
Thanks for reading this guide. Please stay in touch with our team for more help.