Government plans to share the NHS data of 61 million patients have raised concerns. Not least because, rather than opting into the scheme, people in England have until September 1 to opt out. And, if they do not, it will not be possible to remove their information from the new database.
The General Practice Data for Planning and Research (GPDPR) – not to be confused with the GDPR – aims to advance the understanding of medical issues. However, with a wealth of data on physical, mental, and sexual health, sex, ethnicity and sexual orientation, critics of the scheme have described it as a data grab. To meet data protection regulations, the GPDPR will pseudonymise the patient data it collects and shares. But some opponents have said that, in practice, this guarantee of anonymity is worthless as it will still be possible to identify people via their medical histories.
There are also concerns about the overall data security of the NHS. Indeed, according to the ICO, our healthcare sector experienced over 200 reported data breach incidents in Q1 2020-21. That is more than any other sector.
NHS data breaches are on the rise
As patients, we expect our confidential medical data to be taken care of. But, according to Clearswift, 67% of UK healthcare organisations experienced a cybersecurity incident during 2019. And, as our health and social care system become increasingly digital, there are concerns that the robust protections required are not in place.
Our healthcare sector does a fantastic job, often under incredibly challenging circumstances. But data privacy is constantly being treated as an after-thought. No one wants to sue the NHS, or indeed any healthcare business, but sometimes making a claim is the only way to force improvements in patient security. It is also worth mentioning that the NHS is insured against compensation claims.
Data violations involving health and medical information
At Keller Lenkner UK, our solicitors deal with a range of medical privacy violations on behalf of our clients. Here are just some examples.
Kates* breast surgery data breach
Kate had breast augmentation surgery at a leading UK clinic. She later started showing signs of breast cancer and made a subject access request (SAR) to the clinic to get a copy of her medical records. A SAR enshrines in law the right to access your data, and organisations should provide the information requested via a SAR within one month. The clinic failed to respond to the SAR, and Kate’s health deteriorated as a result. We are helping Kate to claim compensation for the distress and unavoidable damage to her health she has suffered as a result.
Denise's* clinical trial data breach
Denise took part in a clinical trial when she was a student. Some years later, cybercriminals attacked the computer systems of the medical research company and published her personal and medical details online. Denise became very distressed due to the extremely sensitive and confidential information exposed (which included photographs and confidential medical records). We are helping Denise claim compensation for the distress and data privacy suffered because of this breach.
*Names have been changed to protect client confidentiality.
How do you make an NHS data breach compensation claim?
At Keller Lenkner UK, we help our clients make compensation claims against a wide range of healthcare organisations, including:
- Hospitals/NHS Trusts
- Individual healthcare staff
- Private health companies
In some cases, you will not be the only person to experience a medical data breach. In these instances, it might be worth joining a data breach group action. With strict time limits in place for making most data breach compensation claims, it is essential to act now.