Slater and Gordon Lawyers is investigating potential legal action against Lister Hospital’s IVF Clinic. We are looking to claim compensation for those affected. This is after the Information Commissioner’s Office fined the hospital £200,000 for a data breach allowing patients’ sensitive health data to be leaked online. Our specialist team of privacy breach lawyers are investigating this case. If you have been affected you should sign up on the form below.

The Information Commissioner’s Office (ICO) fined the exclusive Chelsea hospital, owned by the private health group HCA International Ltd, after it emerged that the hospital was making audio recordings of intimate conversations between doctors and patients seeking fertility treatment.

Sign up for free to be kept informed about the potential action and any compensation which you could receive:






The recordings of sensitive doctor/patients conversations were sent to a company in India for transcription where they were held on an unsecure server and leaked online. A patient discovered the breach after finding her confidential medical records were available using a simple Google search.

What is going to happen if you join this action?

  1. Our lawyers will be working on the case to gather evidence and investigate the possibility of a legal action on behalf of those affected
  2. Once we establish how many patients were affected by the breach and have more information from the people who have contacted us, we will consider the best course of legal action against the hospital for those affected.
  3. How the case is progressed from this point depends on the number of people who contact us. The structure and funding of any action will depend on the number of people affected. We hope to be able to offer representation to our clients on a ‘no win, no fee’ basis.

The ICO made the following findings against Lister Hospital:

  • HCA sent unencrypted recordings by email to the data processor in India.
  • HCA had no guarantee that the data processor would use a secure FTP server.
  • HCA had no guarantee that the data processor would erase the recordings after they had been transcribed.
  • HCA failed to monitor the data processor in relation to any security measures taken.
  • HCA did not have a DPA compliant contract with the data processor in relation to the processing.

What is the law around this data breach?

UK data protection law requires that sensitive personal information must be processed fairly and lawfully in accordance with the Data Protection Act. Until last year, claims could only be made if you suffered financial loss. However, following the recent case against Google arising out of their use of ‘cookies’, claims can now be brought on the basis of ‘distress’ alone.

The ICO noted that given the extremely sensitive nature of the information, patients whose data was unlawfully processed had a right to be distressed regardless of whether their information was leaked online or not. The fact that the information was held on an unsecure server and may have been accessed by people with no right to see it is distressing enough.

Head of ICO enforcement, Steve Eckersley said: “The reputation of the medical profession is built on trust. HCA International has not only broken the law, it has betrayed the trust of its patients.”

If you received treatment at the Lister IVF Clinic between January 2009 and April 2015 we want to hear from you. For more information about how we can help please contact Slater and Gordon confidentially on freephone 0808 175 8000 or fill in the form above to be kept up to date with this case.