In recent months we have been inundated with instructions to act on behalf of clients who have received letters from the NHS Trust confirming that their private data has been accessed and/or misplaced.

Obviously each case differs but we are aware that there has been many occasions of names, addresses, and most worryingly, detailed medical history being divulged in error. The full extent of these breaches still remains unclear but we believe that many thousands of patients could have been directly affected by these breaches of confidentiality/misuse of private information.

Farleys Solicitors are acting for these clients in relation to compensation/damages claim against NHS Trusts where their rights relating to data have been breached.

The Data Protection Act 2018 protects individuals against the wrongful processing of personal data and compensation can be awarded for the loss and distress that an individual experiences as a result of the data breach/misuse of private information.

On the 6th September 2019 the Guardian published that almost 2,000 patients with the NHS Gender Identity Clinic had their email addresses disclosed in a catastrophic breach of patient confidentiality. Patients of the Taxistock and Portman NHS Foundation Trust, London who were transitioning gender or considering the possibility of doing so had their email addressed divulged and “left visible” in an email by an official at the Trust when in fact it should have been sent to recipients on a “blind copy” basis.

The Trust openly admitted that just under 2,000 patients’ email addresses had been released to all recipients by mistake and accepted that the leak was extremely serious.

A Trust spokesman said “We are currently investigating a data security incident. This incident involved an email from our patient and public involvement team regarding an art project that we were looking forward to launching. Unfortunately, due to an error, the email addresses of some of those we are inviting to participate were not hidden and therefore visible to all. We can confirm that we are reporting this breach to the Information Commissioner’s Office (ICO) as well as treating as a serious incident within the Trust”.

The Trust official apparently sent an email out about art competitions for patients, displaying all of the patients’ email addresses at 14.03. He apparently immediately realised his mistake and a minute later sent a second email using the blind copy function, seeking to recall the first email sent to all.

If you have been directly affected by an NHS data breach, please contact our specialist team of Data Protection Solicitors who will be delighted to assist you and discuss privately your potential claim for loss and distress. Call the team on 0845 287 0939 or submit your enquiry online.