Select country
Menu

Data breaches – are you covered?

Post date: 19/01/2021 | Time to read article: 2 mins

The information within this article was correct at the time of publishing. Last updated 19/01/2021

Claims Data Protection

Data breaches are a common cause of claims but the indemnity issues surrounding them can be complex. Dr Dawn McGuire, Medicolegal Consultant at Medical Protection, looks at a case and explains more.

Case study: accessing a friend’s records

Mr T worked as an administrator in a GP practice. He heard that an old friend, Mr B, had been looking a shadow of himself and that his wife had left him. Mr T knew that Mr B was registered with his practice. When he was on late shift one day, Mr T looked into Mr B’s medical records and discovered that Mr B was recently tested for HIV and the result came back positive. Mr T could not contain his shock and revealed this to a mutual friend when they met later the same day.

Two weeks later, Mr T was called into the practice manager’s office. Mr B had made a formal complaint to the practice as he suspected that someone from the practice had accessed his records and publicised his HIV status. An audit trail had revealed that Mr T had accessed Mr B’s record without any valid reason. Mr T underwent disciplinary action and was dismissed. The practice manager wrote a very apologetic and empathic letter to Mr B.

Another month later, the practice received a letter of claim requesting £50,000 compensation for Mr B’s psychological trauma. Mr B claimed that his family and friends had deserted him, and he was now a recluse and terminally depressed. The senior partner of the practice contacted Medical Protection to request assistance. She was advised to notify their public liability insurer (PLI) instead. Their PLI took over the conduct of this claim.

How data breach claims are handled

Claims arising from data or confidentiality breaches are not uncommon. As a healthcare professional, you may be pursued for these alleged breaches, whether within or outside healthcare provision, and from your personal conduct or that of others, usually employees.

Some case scenarios of claims reported to Medical Protection:

  • Divulging medical information or test results to a patient’s relative or ‘representative’ without the patient’s consent
  • Employees accessing the patients’ medical records without valid reasons
  • Sending medical information to the wrong recipient or address
  • Leaving medical records in a public place
  • Loss of medical records in your care

Claims or monetary penalties arising from data loss or data breaches fall outside healthcare indemnity and is therefore out of scope of Medical Protection assistance. This is in line with NHS Resolution’s position where the Clinical Negligence Scheme for General Practice (CNSGP) does not cover activities arising from breaches of data protection regulations.

It is therefore crucial for healthcare organisations like GP practices, private clinics and private hospitals to ensure adequate cover is in place for these claims, usually through their public liability insurer.

Learning points

  • Be familiar with data protection laws and confidentiality
  • Ensure that your staff members are adequately trained
  • Explore adequate indemnity cover with your public liability insurer or other appropriate insurers, for example employers’ liability or directors’ liability insurances

References

Medical Protection, Understanding your Membership

NHS Resolution, Clinical Negligence Scheme for General Practice (CNSGP)

ICO, Guide to Data Protection

Share this article

Share

Related Articles:

Article

Safe prescribing - Northern Ireland

 Article

Case study: A consultant surgeon turns to Medical Protection when ele...

 Article

Professional boundaries

More for you

2210274452 MP UK IMG Business Block 2 360x124px

Ready to join?

Explore our membership benefits. Find out more
2210274452 MP UK IMG Business Block 1 360x124px

Guidance to Living and Working in the UK

Visit our advice centre for more help and information on starting your medical career in the UK. Find out more
2210274452 MP UK IMG Business Block 4 360x124px

Everything you need to know

Discover the facts about indemnity in the UK Find out more
2210274452 MP UK IMG Business Block 3 360x124px

Sign up or watch on demand

We run free, specially-tailored events for IMGs throughout the year. Find out more

Social

New site feature tour

Introducing an improved
online experience

You'll notice a few things have changed on our website. After asking our members what they want in an online platform, we've made it easier to access our membership benefits and created a more personalised user experience.

Why not take our quick 60-second tour? We'll show you how it all works and it should only take a minute.

Take the tour Continue to site

Medicolegal advice
0800 561 9090
Membership information
0800 561 9000

Main navigation

Use the top navigation bar to access essential links from any page of the site.

Key contact details

Should you need to contact us, our phone numbers are always visible.

Dropdown filters

Start your search by choosing your profession and/or area of interest through the two dropdowns.

Search bar

Enter keywords to find specific resources. For exact terms, just use speech marks, e.g. "record keeping".

Personalise your search

We'll save your profession in the "I am a..." dropdown filter for next time.

Refined search

Narrow your search based on theme, field, format, article, type or location.

Suggested links

Based on the pages you visit, we'll also provide useful links under the 'More' tab.

Tour completed

Now you've seen all of the updated features, it's time for you to try them out.

Continue to site
Take again

Continue to site