Information relating to our health is often of an extremely personal and confidential nature and is classified as special category data under data protection law. This means (generally speaking) that it cannot be disclosed without the consent of the patient. Yet data breaches by the NHS and healthcare organisations remain the most common data breach incidents reported to the ICO (read more here ).And there is no evidence that this will change any time soon.

While the NHS is quickly digitalising its systems (a good thing!) it becomes ever more important that proper security measures are in place to protect patients’ data. The digitalization of patient records could lead to the stealing of the data of millions of people. This is because the NHS is more prone to malicious cyber-attacks, which can lead to  devastating consequences.

Even so, cyber-security (or hacking) incidents still account for a smaller percentage of the total number of NHS data breaches. The most common category of data breaches by the NHS happen because of human error. Some example are:

  • sending patients’ personal data to the wrong recipient
  • the incorrect use of the BCC function while sending emails.

Is the NHS learning from its mistakes?

In July 2020 Hampshire Hospitals NHS Foundation Trust reported a data breach committed by a staff member working at the Basingstoke Hospital. The incident occurred when senior manager within the trust received a spreadsheet containing personal data of 1,000 staff members.  The Trust reported the breach to the ICO. The ICO recommended that the Trust should instruct the staff to check and control what information is disseminated by email.

Less than a month later, even though the breach was made public only at the end of 2020, another data breach was committed by the same Basingstoke Hospital. In this incident online papers published details of female patients who had suffered miscarriages, pregnancy terminations and stillbirths.

The consequences of having this category of highly personal medical information disseminated to the world at large can be devastating. You could receive compensation if you have suffered such a data breach. We understand the implications that a breach of your medical data can have on you and your family, so do not hesitate to get in touch with one of our data breach solicitors at DRM Legal for advice on making a claim for compensation to which you might be entitled.