Hospital pays £47k compensation for data breaches

Stock photo of a person's hands on a computer keyboardImage source, PA Media
Image caption,

There has been a rise in cyber and non-cyber data breaches within the NHS

  • Published

A hospital has paid out £47,000 in compensation to five claimants over data breaches.

Norfolk and Norwich University Hospitals NHS Foundation Trust made the payments - the second-highest of any NHS trust in the UK - between 2020 and 2023.

Four of the claims involved patient data and one was a "contractual issue".

The trust said it took its use of data "extremely seriously" and that breaches were fully investigated so that lessons could be learned.

Image caption,

The trust says it follows NHS requirements on how it uses data

Freedom of information (FOI) data, obtained by personal injury solicitors firm Legal Expert, found NHS trusts across the UK had paid out £1.5m in data breach claims since 2021, external.

"Unauthorised access" to personal data was highlighted as the most common breach.

According to the Information Commissioner's Office, data breaches within the health sector rose by 21% between 2022 and 2023 to 1,949 incidents.

Eleanor Coleman, a data breach specialist at Legal Expert, said: "This rise in the health sector is worrying and we hope that organisations are ensuring that they have sufficient security in place to protect people's personal information."

Under the General Data Protection Regulation and the Data Protection Act, organisations such as the NHS can collect, store, use, share and dispose of personal information about individuals, but must have appropriate technical and organisational systems in place to ensure it is kept safe and not inappropriately disclosed to others.

When personal or sensitive data is breached, victims can claim compensation providing certain criteria are met.

A trust spokesperson said: "We follow NHS requirements as set out by the NHS Data Security and Protection Toolkit, of which we are compliant.

"We take our use of data extremely seriously and have a well-established mandatory approach to information governance training for all our staff – without exception.

"Any breach is fully investigated so that lessons can be learned."

An NHS England spokesperson added: "Organisations that have access to NHS patient data and systems are required to practise and provide evidence of good data security, so that personal information is handled correctly.

"It is vital that health and care organisations do everything they can to meet their legal responsibilities and data security standards, as well as reporting any breaches so that lessons can be learned and improvements made."

Follow Norfolk news on Facebook, external, Instagram, external and X, external. Got a story? Email eastofenglandnews@bbc.co.uk, external or WhatsApp us on 0800 169 1830