Moreover, as our health and social care system becomes increasingly digital, there are concerns that the robust protections required are simply not in place.
Our healthcare sector does a fantastic job, often under incredibly challenging circumstances. But data privacy is often being treated as an after-thought. No one wants to sue the NHS, but sometimes making a claim is the only way to force improvements in patient security. It is also worth mentioning that the NHS is insured against compensation claims.
At Keller Lenkner UK, we help our clients make compensation claims against a wide range of healthcare organisations, including:
Keller Lenkner UK has gained an enviable reputation in data breach law. And, with a team of data breach experts led by Kingsley Hayes – arguably the UK’s foremost data breach solicitor – and considerable expertise in this field, it’s easy to see why. Here are just some examples of the health and medical cases our data protection lawyers have dealt with…
Kate had breast augmentation surgery at a leading UK clinic. She later started showing signs of breast cancer and made a subject access request (SAR) to the clinic to get a copy of her medical records. A SAR enshrines in law the right of access to your data, and organisations should provide the information requested via a SAR within one month.
The clinic failed to respond to the SAR, and Kate’s health deteriorated as a result.
We are helping Kate to claim compensation for the distress and unavoidable damage to her health she has suffered as a result.
After experiencing a period of sustained harassment at work, Tom took the matter to HR. During the subsequent formal grievance process, an employee left his confidential file on a trolley in his workplace. This file not only contained details of the harassment Tom had suffered, but it also contained ‘special category’ data such as an in-depth record of his medical history, including his numerous and severe health conditions, details of counselling sections he had attended, and GP meetings.
Tom has no idea who, or how many people have seen these records, and his mental health has deteriorated as a result.
We are helping Tom to claim compensation for the distress he has suffered because of this breach.
Denise took part in a clinical trial when she was a student. Some years later, cybercriminals attacked the computer systems of the medical research company and published her personal and medical details online.
Denise became very distressed due to the extremely sensitive and confidential information accessed (which included photographs and confidential medical records).
We are helping Denise claim compensation for the distress and data privacy suffered because of this breach.
*Names have been changed to protect client confidentiality.
In some cases, you won’t be the only person to experience a medical data breach. In these instances, it might be worth joining a data breach group action. Our current medical group actions include:
The Maze ransomware group attacked the computer systems of Hammersmith Medicines Research (HMR) – a company which performs early clinical trials of drugs and vaccines. The criminal group had previously promised not to attack medical organisations during the coronavirus outbreak.
According to an article in the Financial Times, the NHS has shared a wealth of data with several companies. Any organisation can apply for access to NHS patient data, but while some use it for planning and research purposes (e.g. local governments, public bodies, and universities), the Financial Times has discovered that it was also shared with 43 commercial businesses.
In this handy guide, we’ve explained what happened in the HMR breach, how you can find out if your data was breached, and what you can do about it.
Head of Data Breach Kingsley Hayes comments on recent statistics that reveal the health sector as reporting the highest number of data violations, in Legal Futures. Kingsley’s article was published in Legal Futures, 15 July 2021.
Our healthcare sector does a fantastic job, often under incredibly challenging circumstances. But data privacy is constantly being treated as an after-thought. No one wants to sue the NHS, or indeed any healthcare business, but sometimes making a claim is the only way to force improvements in patient security. It is also worth mentioning that the NHS is insured against compensation claims.
Many former HMR volunteers still do not know that their personal data was involved in this privacy violation. In fact, despite HMR contacting some of those affected, of those who have contacted Keller Lenkner UK about the breach, approximately 60% have not received any confirmation of involvement from HMR. So, your data could have been stolen in the HMR data breach and not know it.
While each case is judged on its own merits, there are some things we would typically look for when it comes to when claiming compensation following a data breach, cybercrime or other GDPR violation:
With stolen data, cybercriminals can make purchases using your bank and credit cards, apply for credit in your name, set up fraudulent bank accounts and access your existing online accounts.
GDPR failures, cybercrime and data breaches can have a significant impact on you, both mentally and physically. They can cause or exacerbate anxiety, stress and other psychological conditions.