This page contains a Flash digital edition of a book.
Manager


Practice


RISKDISCLOSURE OF PATIENT DETAILS


fr A visitomthe police relish hearing. A


But neither should it be cause for undue panic. A police constable might turn up at your reception desk for any number of reasons and these could include seeking verbal information relating to a particular patient or making a demand for surrender of a specific medical record. In such scenarios it is important to


remember that under the Data Protection Act 1998 (DPA) the prac- tice is considered a “data controller” and has a legal obligation to ensure that any such requests are lawful before disclosure is made. Impor- tantly, all such requests must comply with Section 29 of the DPA, which specifically relates to matters of crime and taxation and gives the ‘data


POLICEMAN is asking for you at reception” – words no practice manger is likely to


food for thought. Paragraph 53 states: “Disclosure of personal infor- mation about a patient without consent may be justified in the public interest if failure to disclose may expose others to a risk of death or serious harm. You should still seek the patient’s consent to disclosure if practicable and consider any reasons for refusal”. So far, so good. However, the


guidance goes on to state that such a situation might arise, for example, where disclosure would be likely to assist in the prevention, detection or prosecution of “serious crime”, espe- cially crimes against the person. It might be considered helpful to understand what the GMC considers to constitute a serious crime, but alas there is no agreed definition. This leaves the final decision whether to disclose or not up to the healthcare


REQUESTS MAY BE ASSOCIATED WITH AN INVESTIGATION INTO AN ALLEGED CRIME, WHERE DISCLOSURE IS NECESSARY FOR THE PREVENTION OR DETECTION OF AN UNLAWFUL ACT


controller’ statutory authority to process personal information held by the practice in relation to these matters. Such requests may be associated


with an investigation into an alleged crime, where disclosure is necessary in the public interest for the preven- tion or detection of an unlawful act. The arrangements created by Section 29 do not cover the disclosure of all personal information in any circum- stance but only for the stated purpose and only if not releasing it would be likely to prejudice any attempt by the police to prevent crime or apprehend a suspect. Whereas the Data Protection Act


is fairly straightforward and prescrip- tive in the area of disclosure of patient information, healthcare professionals must also be aware of the guidance on confidentiality and consent issued by the various regulatory bodies. For example, the General Medical


Council (GMC), Guidance for Doctors – Confidentiality – provides additional


practitioner and potentially leaves a doctor open to further investigation and possible criticism or censure. Reference is made by the GMC to a


previously published NHS code of practice from the Department of Health in 2003. This provides some examples of what may constitute a serious crime and also gives some suggestion of crimes that are not usually serious enough to warrant disclosure without consent. However, the message here is one


of “buyer beware”, and MDDUS members are encouraged to speak to one of our medical or dental advisers where any specific doubt exists. Alternatively, the police may have


a court order or warrant in their possession which requires the prac- tice to surrender specific identified personal information. The existence of a lawful warrant or court order allows the practice to disclose the specified information without fear of breaching the DPA. Before complying, the practice should always carefully


check the content of any order or warrant and supply only the informa- tion requested, and in all such cases confirm the identity of the requesting police officer. It is likely that the police will also


ask for the originals of any paper records that are held. This relates to the rules of “best evidence”, whereby a court expects original documenta- tion to be presented, rather than a facsimile. Such a request can and often does present real difficulties, as the practice could be deprived of the original record for an extended period of time. Under these circumstances, it would be reasonable to ask the police if they will accept an authenti- cated copy.


Indeed, in Scotland an agreement


has been reached with the Crown Office that the NHS will no longer routinely provide the Crown with the original medical records of patients who are still alive for use in criminal proceedings. Instead, suitably authenticated copy medical records will be provided in the first instance. However, the Crown reserves the right to request the original records in certain circumstances. The full details and application of these arrangements were set out in The Scottish Government, Primary and Community Care Directorate CEL 11 (2007) letter. Scottish-based prac- tices should make themselves fully aware of the new arrangements, as the police officer who turns up at your practice may not be aware of them either.


See the case study on page 14 for more on disclosure of patient records.


Releasing information to prevent or detect crime is a handy guidance notice on the practical applica- tions of Section 29 produced by the office of the Information Commissioner for the UK. It can be found at www.ico.gov.uk


Alan Frame is risk adviser with MDDUS Training and Consultancy


WWW.MDDUS.COM


09 9


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16