The UK's data watchdog, the Information Commissioner's Office (ICO), has issued guidance for GP's on how to handle subject access requests (SAR) from patients and/or their representatives.
The practical advice, in the form of a blog, includes the following tips:
- Practices may be able to comply with a SAR by offering to provide a patient with online access to their health records, where available.
- Practices can provide the SAR response electronically (subject to safeguards such as encryption). A surgery only needs to print paper copies if it is asked to do so and this is reasonable.
- If GP's hold a large amount of information about a patient they can ask the patient or their representative to clarify the information that would be acceptable to satisfy the SAR.
- While the costs of providing initial copies need to be borne by the GP practice, it’s worth knowing that further copies can be charged for.
The blog confirms that GP's have reported a significant increase in SAR's from May 2018, and this is also in line with reports from other sectors.
Requests are often received from legal representatives on behalf of patients and insurers managing policies and dealing with claims. Detailed guidance is available for legal representatives and insurers on what is expected of them in making a request.
At Markel Law we regularly comment on SME related matters.
Follow this link to find out more about Markel Law and how we can assist your business.
A patient’s right to access their own medical records from their GP is a long-established principle supported and strengthened by data protection law, most recently the General Data Protection Regulation (GDPR).