Login

u/Fine-Love-1553

▲ 0 r/legaladviceireland

Hi all, looking for some advice regarding a GDPR/data breach situation in Ireland.

I requested my medical records (AMH blood test results) from a women’s health clinic. When they emailed me my results, the attachment also included another patient’s results with her name, address, and sensitive medical information.

I reported this to the clinic straight away and made a formal complaint. They acknowledged it was an error (said it was scanned in with my documents by mistake), apologised, and confirmed they contacted the other patient. They also stated they have no evidence my own data was shared with anyone else.

However, I raised concerns about the seriousness of the breach (given it involves sensitive medical data), the distress it caused me, and asked about compensation.

This is the latest reply I received from them:

"Thank you for your email and for confirming that you have securely deleted the documentation provided in error.

We acknowledge your concerns regarding the circumstances of this incident and the distress you have outlined. We again sincerely regret that this occurred.

As previously advised, a full review has been conducted, and appropriate steps have been implemented to minimise the risk of any recurrence. We have no evidence that the information disclosed had been misused or further shared.

Following our review, we have concluded that compensation is not applicable as no personal data relating to you was disclosed.

We remain committed to maintaining the highest standards of data protection and patient confidentiality."

I’m unsure where I stand now. My understanding was that even if my own data wasn’t shared, receiving someone else’s sensitive medical information is still a GDPR breach, and I did experience stress/anxiety from it.

My questions:

Is this considered a reportable GDPR breach in Ireland even if my own data wasn’t disclosed?

Do I have any basis to pursue compensation for distress?

Should I escalate this to the Data Protection Commission at this stage?

Is it worth contacting a solicitor or is this unlikely to go anywhere?

Any advice appreciated, especially if anyone has dealt with something similar in Ireland.

reddit.com
u/Fine-Love-1553 — 16 days ago