Data breaches – are you covered?

Post date: 19/01/2021 | Time to read article: 2 mins

The information within this article was correct at the time of publishing. Last updated 19/01/2021

Data breaches are a common cause of claims but the indemnity issues surrounding them can be complex. Dr Dawn McGuire, Medicolegal Consultant at Medical Protection, looks at a case and explains more.

Case study: accessing a friend’s records

Mr T worked as an administrator in a GP practice. He heard that an old friend, Mr B, had been looking a shadow of himself and that his wife had left him. Mr T knew that Mr B was registered with his practice. When he was on late shift one day, Mr T looked into Mr B’s medical records and discovered that Mr B was recently tested for HIV and the result came back positive. Mr T could not contain his shock and revealed this to a mutual friend when they met later the same day.

Two weeks later, Mr T was called into the practice manager’s office. Mr B had made a formal complaint to the practice as he suspected that someone from the practice had accessed his records and publicised his HIV status. An audit trail had revealed that Mr T had accessed Mr B’s record without any valid reason. Mr T underwent disciplinary action and was dismissed. The practice manager wrote a very apologetic and empathic letter to Mr B.

Another month later, the practice received a letter of claim requesting £50,000 compensation for Mr B’s psychological trauma. Mr B claimed that his family and friends had deserted him, and he was now a recluse and terminally depressed. The senior partner of the practice contacted Medical Protection to request assistance. She was advised to notify their public liability insurer (PLI) instead. Their PLI took over the conduct of this claim.

How data breach claims are handled

Claims arising from data or confidentiality breaches are not uncommon. As a healthcare professional, you may be pursued for these alleged breaches, whether within or outside healthcare provision, and from your personal conduct or that of others, usually employees.

Some case scenarios of claims reported to Medical Protection:

  • Divulging medical information or test results to a patient’s relative or ‘representative’ without the patient’s consent
  • Employees accessing the patients’ medical records without valid reasons
  • Sending medical information to the wrong recipient or address
  • Leaving medical records in a public place
  • Loss of medical records in your care

Claims or monetary penalties arising from data loss or data breaches fall outside healthcare indemnity and is therefore out of scope of Medical Protection assistance. This is in line with NHS Resolution’s position where the Clinical Negligence Scheme for General Practice (CNSGP) does not cover activities arising from breaches of data protection regulations.

It is therefore crucial for healthcare organisations like GP practices, private clinics and private hospitals to ensure adequate cover is in place for these claims, usually through their public liability insurer.

Learning points

  • Be familiar with data protection laws and confidentiality
  • Ensure that your staff members are adequately trained
  • Explore adequate indemnity cover with your public liability insurer or other appropriate insurers, for example employers’ liability or directors’ liability insurances

References

Medical Protection, Understanding your Membership

NHS Resolution, Clinical Negligence Scheme for General Practice (CNSGP)

ICO, Guide to Data Protection

Share this article

Share
New site feature tour

Introducing an improved
online experience

You'll notice a few things have changed on our website. After asking our members what they want in an online platform, we've made it easier to access our membership benefits and created a more personalised user experience.

Why not take our quick 60-second tour? We'll show you how it all works and it should only take a minute.

Take the tour Continue to site

Medicolegal advice
0800 561 9090
Membership information
0800 561 9000

Key contact details

Should you need to contact us, our phone numbers are always visible.

Personalise your search

We'll save your profession in the "I am a..." dropdown filter for next time.

Tour completed

Now you've seen all of the updated features, it's time for you to try them out.

Continue to site
Take again