Confusion as solicitors make medical record requests for clients under GDPR


Medical records: GDPR requests take a long time for no money, say doctors

There is confusion over whether solicitors can seek medical records for free by making subject access requests (SARs) under the General Data Protection Regulation (GDPR).

The issue – which means medics cannot charge for the information under the Access to Medical Records Act 1988 – is becoming increasingly prominent, with the British Medical Association (BMA) surveying its members about the scale of the problem ahead of talks with the government.

There was discussion about it on social media last week, with Dr Jonathan Tomlinson, a GP in Hackney, East London, and a director of the Centre for Health and the Public Interest, tweeting: “I’m getting several patient record requests every week from solicitors which we have to supply, free of charge, after removing all 3rd party references. Some notes are thousands of pages long. I don’t have time.”

There was also a written question in Parliament last week about what steps the government was taking to ensure that insurance companies requested medical reports under the Act rather than GDPR.

Digital policy minister Margot James replied: “If a solicitor is acting on behalf of an insurer and is seeking health information about a prospective customer, these are not subject access requests under the GDPR. Such requests should be made under the [Act] and standard charges apply.

“The Information Commissioner’s Office (ICO) is responsible for regulating compliance with data protection legislation and may consider taking action against insurance companies which fail to comply with the relevant legislation.”

Ms James was not asked if this would be the same for solicitors acting for claimants.

Guidance issued by the BMA earlier this month said: “If the request is for a medical report to be created, or for interpretation of information within a medical report/record, this will fall under the Access to Medical Report Act – as these both require new data to be created, which is out with the scope of the GDPR and [SARs]. In these cases, a fee can be charged.

“A medical report/record that already exists will be accessible, for free, as a SAR. A ‘reasonable fee’ can be charged for a SAR if the request is manifestly unfounded or excessive; however, these circumstances are likely to be rare.

“The ICO advise that a request may be deemed manifestly unfounded if the requestor makes it clear they are only requesting the information to cause disruption to the organisation or if the requestor makes completely unsubstantiated accusations against the controller.

“If however, the requestor has some form of genuine intention in obtaining their information, it is unlikely the request could be deemed as manifestly unfounded…

“We are very much aware that these changes are causing serious concerns to our members and we are doing all we can to ensure doctors and their practices do not suffer under these changes.

“We continue to collate information from our members to use in future planned discussions with government.”

Writing last month in Pulse, a magazine for GPs, Clive Elliott – business partner at Court Street Medical Practice in Telford – said the issue should be a “national scandal”.

He explained: “In a practice of our size, with 6,000 patients, we have in the past received approximately £10,000 per year in fees from solicitors and firms who collate records on their behalf under the Data Protection Act – a large contribution towards staff costs.

“Only last week, a set of medical records for a long-term chronically ill patient took one person an entire day to find, copy, collate, redact, print and post – meaning costs of nearly £100 (taking into account we pay at least the Living Wages Foundation wage rate, plus on-costs including paper and copying charges).

“This is an extreme example but, on average, I estimate it costs us £60 per subject access request. It just isn’t sustainable if we can no longer charge fees for this work.”

Mr Elliott extrapolated the figures to suggest that this was costing the NHS in England and Wales over £85m, and said the law could easily be changed if there was the political will.

“That’s also £85m in higher profits for solicitors and this just at primary care level. God alone knows what it is now costing hospitals and other NHS bodies but it must be into the hundreds of millions. Why this isn’t a national scandal fails me.”




    Readers Comments

  • Judith says:

    In response to the comment that solicitors get a ‘profit’ from not paying for the medical records…previously the cost of the records were paid for by a client or by receiving costs from the other side. The solicitor cannot charge a client for a cost that they don’t incur – it’s unlawful. So it makes no difference to the solicitor’s profit whether they pay or not. It makes it easier to assess the case to give advice.


Leave a Comment

By clicking Submit you consent to Legal Futures storing your personal data and confirm you have read our Privacy Policy and section 5 of our Terms & Conditions which deals with user-generated content. All comments will be moderated before posting.

Required fields are marked *
Email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog

18 October 2018
Claire Stockford

An analogue decision? Google defeats attempt at consumer ‘class action’

In an eagerly awaited judgment, the High Court handed down its ruling in Richard Lloyd v Google LLC on 8 October. It seems clear that there is a degree of reluctance to permit group litigation which will not materially benefit consumers. That being said, it is hard to ignore the increased possibilities of group litigation in the context of corporate data breaches, particularly following the implementation of GDPR earlier this year.

Read More