Estimated read time: 5 mins
Claims arising from data or confidentiality breaches are not uncommon. For example, Medical Protection has been notified of claims after medical information or test results have been divulged to a patient’s relative or representative without the patient’s consent. Claims have also been reported to us following doctors or their secretaries accidentally sending medical information to the wrong recipient or address, losing medical records in their care, and accidentally leaving medical records in a public place.
These case examples demonstrate how data or confidentiality claims can come about:
It is vital that healthcare professionals as well as healthcare administrative team members are familiar with data protection laws, confidentiality and information security, and are adequately trained. The Information Commissioner’s office (ICO) provides a useful guide to data protection for organisations and employees who have day-to-day responsibility for data protectioni.1
Claims or fines arising from data loss or data breaches fall outside of healthcare indemnity and is therefore out of scope for MDO assistance. This is in line with NHS Resolution’s position where the Clinical Negligence Scheme for Trusts (CNST) and Clinical Negligence Scheme for General Practice (CNSGP) also do not protect against issues arising from data protection regulation breachesii.2 NHS organisations, however, can turn to NHSR’s Liabilities to Third Parties Scheme for data breach claims.3
In a private healthcare setting, hospitals and clinics need to ensure adequate protection is in place for these claims. Directors and managers can explore protection options with a PLI or other appropriate insurer, for example employers’ liability or directors’ liability insurances.
Private consultants who hold practicing privileges in private hospitals, and are not employees, may not be protected for confidentiality or data breach claims and may find themselves personally liable for these claims. It is therefore imperative that doctors are familiar with these matters, take steps to protect themselves on a personal level if necessary, and exercise great caution in ensuring that patient confidentiality is protected.
References
https://ico.org.uk/for-organisations/guide-to-data-protection
Clinical Negligence Scheme for General Practice (CNSGP)
https://resolution.nhs.uk/resources/liabilities-to-third-parties-ltps-rules