A big problem surrounding medical data breaches, and one of the most concerning, is when a member of staff breaches confidentiality by accessing patient records without clinical justification.
We entrust medical employees and NHS staff to safeguard our personal medical data and only access it as part of our treatment or care. That is why it is so concerning when a member of staff is accessing patient records with no medical reasoning or no proper authority to do so.
It is sometimes hard to know what exactly they are using the data for, potentially putting individuals at risk by exposing sensitive data. In many cases, the perpetrators know the victims, which can make the distress for the victims even worse.
Danger surrounding accessing patients records
Having medical and NHS staff accessing patient records without clinical justification can be a serious breach of patient confidentiality. When staff access patient records without reason or authority to do so, there is no telling what they are doing with the data and, in some cases, staff access the same patients’ records multiple times.
The Information Commissioner’s Office (ICO) has repeatedly warned NHS employees about the serious consequences of accessing patient records without a justified reason. In 2017, the ICO fined a former healthcare assistant £1,715 for unlawfully obtaining and unlawfully disclosing personal data, and this is not an isolated event. The ICO has issued penalties to medical staff for this kind of breach of data protection and patient confidentiality on a number of occasions.
Worryingly, it is a common issue in the healthcare profession and victims of such breaches can be eligible to make a compensation claim for it.
Many occurrences amongst NHS staff
This type of data breach has happened several times before, and there have been some high-profile cases where medical staff have been accessing patient records of famous people, such as Ed Sheeran and Sir Alex Ferguson.
Ed Sheeran had an NHS staff member access his medical records in 2018 whilst he was in Ipswich Hospital. It is understood that there were two staff members involved in the breach who were then disciplined by the hospital and, after complaints from Sheeran about signing autographs for staff members, the hospital launched a review of the care given to ‘high-profile’ patients.
A similar thing happened to Sir Alex Ferguson. He was taken to the Salford Royal Hospital in 2018 where it was reported that two doctors, a senior consultant and at least two nurses accessed his medical records even though he was not under their care.
This type of healthcare data breach is completely unacceptable and is a violation of basic privacy rights and patient confidentiality. We are here to help if you have been subject to a similar situation.
Have you been affected by a medical data breach?
Have you been affected by a data breach where medical professionals accessed your medical records with unjustified causation?
We could help bring you some form of justice as you may be eligible to make a compensation claim with us on a No Win, No Fee basis.
We have years of experience in dealing with the complex field of data breach law as a leading firm of data breach compensation lawyers. We know how upsetting it can be when your privacy is violated by the very people whose job it is to look after you. This is why we will do the very best we can to get you the compensation you deserve, and it is often the case that data breach compensation amounts are substantial when it comes to incidents like this.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.
First published by Matthew on November 25, 2020
Posted in the following categories: Claims Data GDPR Healthcare Security and tagged with compensation | cyber snooping | data breach | data controllers | data leak | database security | employee breaches | healthcare sector | ico | medical data breach | medical records | nhs | personal data