Sensitive data breach settled for £4,000
Following a positive HIV test, our client started attending a clinic for treatment that they knew an ex-partner attended.
Our client understandably wished for attendance at the clinic to remain private. As such, it was requested that they were not given any appointments at the same time.
As a result of our client’s request, the hospital placed a note on both parties electronic hospital records.
Unfortunately, this note was then seen by the ex-partner and confirmed that our client was a patient of the clinic, and by inference, disclosed HIV status.
This caused our client significant distress and worry.
Our client contacted Fletchers on 22 June 2020 via Patient Claim Line; initially proposing that this was a case for medical negligence.
Our client had already received an apology from the Consultant at the Trust regarding the incident when approaching us.
After a consultation the case was accepted by Data Breach Claims Solicitor, Paul Cahill and Trainee Solicitor, Megan Tyrer.
A case was then presented against the clinic.
NHSR responded to admit that a data breach had occurred, however, they made no admissions in respect of the extent of exposure as exposure was limited to the first name only.
The real difficulty with the case was persuading NHSR that while exposure was limited to first name only, the consequences of that name being revealed were not minimal nor trivial.
By exposing our client’s first name only, it became clear to an ex-partner by inference that our client was HIV positive and because of that our client was easily identifiable.
Our client suffered considerable distress and worry from the data breach.
To make matters worse, abusive phone calls from the ex-partner were received.
Our client was extremely concerned that the ex-partner would make onward disclosures of HIV status to friends and family, who do not know about the private information in question.
The disclosure of our client’s highly sensitive health information also caused our client to suffer the loss of control of that data once it had been disclosed, which once lost, cannot be regained.
In addition, our client continues to fear the ongoing consequences of the breach due to the ex-partner having hold of the sensitive information.
On 24th February 2021 this case settled for £4,000.
The case had been ongoing for eight months; with multiple offers back and forth before settlement was achieved.
“This case truly demonstrates the importance of keeping highly sensitive medical information secure and while no amount of money will regain control of this information for our client, it will go some way to compensating for the distress it has caused.”