Three years have passed since the NHS Digital data breach was reported, in a wide-reaching incident affecting around 150,000 patients across the country. Patients affected had chosen to opt-out from their medical information being used for non-care related purposes, but a mistake made by the IT and data branch of the NHS caused their requests to not be upheld.
Medical details represent perhaps the most sensitive type of personal information about us, so health professionals and services owe an important duty to their patients to protect this information and keep it confidential. This includes giving patients the option to choose how their data is processed and used, empowering them to take control of data disclosure. As such, when the health service fails to observe the choices of patients, it can be an indication of inept and inadequate data protection.
We began taking on claims for those affected by the NHS Digital data breach soon after it came to light, and we can still register claims despite the time that has elapsed since the incident. Contact us now to receive free, no-obligation advice on your claim.
The NHS Digital data breach – what happened?
In July 2018, it was revealed that NHS Digital had been using patients’ data for research purposes without their knowledge or consent. Although these patients had opted out from data being used for reasons outside their own medical care, a system fault reportedly caused their choices to be registered incorrectly.
The failure was blamed on a “coding error”, which meant that the software being used to register the patients’ requests did not communicate the message to the NHS’s IT provider. As a result, thousands of patients’ information was used in a way that was contrary to their specific requests.
Following the breach, NHS Digital contacted affected patients and their GPs about the error. All those who were notified of the unauthorised use of their data could be eligible to claim compensation.
NHS Digital and the use of patient data
More recently, NHS Digital’s use of patient information has again been called into question after it was revealed that the organisation was planning to transfer patient data held by individual GP surgeries to a central NHS database. Patients have the option to opt-out of the transfer of their information, but the move has been delayed after NHS Digital and the government were criticised for not doing enough to raise awareness of the new system.
Compensation claims for data breach victims
If you have been denied the ability to opt-out of the processing of your medical data, you may be able to make a compensation claim. Sharing your information without your consent can constitute a breach of data protection law, and we believe that NHS Digital should be held responsible for its error, regardless of how unintentional it may have been.
Your Lawyers (t/a The Data Leak Lawyers) are leading, specialists who have been representing victims for privacy matters since 2014, developing our expertise in a number of high-profile data group actions. We are currently involved in the action against British Airways, which is the first GDPR Group Litigation Order in England and Wales.
If you have a claim to make, you can contact our specialist team for free, no-obligation advice on your case.