confidentiality......accessing medical records

GlasweJen

Apparently someone was sacked from the team I work with for being caught searching through her own electronic record so there must be some auditing somewhere.

SueMaggie

The Information Commissioner's Office (ICO), which is the UK's data protection regulator, prosecutes people for accessing medical records when they don't need to.

A couple of examples below -

https://ico.org.uk/action-weve-taken/enforcement/beverley-wooltorton/

https://ico.org.uk/action-weve-taken/enforcement/zita-driaunevicius-cookson/

Floss

OP, contact the Information Governance team at the Trust you will be attending for your op, and also at your GP practice. Explain your concerns, as it IS possible to restrict access to an electronic patient record to clinicians only, and request that this is done. You will probably need to request in writing, but I would speak to them first.

Yes it is misconduct to access a medical record without a clinical reason, and all NHS staff have to undergo compulsory annual IG training (including a patient confidentiality module) from cleaners to the Chief Exec and all levels in-between.

[Deleted User]

Mostly, my GP records contain staff names by the entries, but there are also numerous entries such as "Unknown staff member" and "Updated by Unknown". All the entries appear to relate to someone modifying the notes, so it's not clear that there's any record at all if someone just reads them. My hospital notes are non-computerised, so presumably anyone can rummage without leaving any trace.

Publications are full to the brim with fine words about all the rights patients have, but the reality is that they don't mean Jack because there's no enforcement or comeback. They can flout the rules whenever they like and there's absolutely nothing you can do about it.

Several people have mentioned the ICO, here's a brief passage from a letter they sent me last August relating to the NHS refusing access to some documents:

"The Trust has explained to the Information Commissioner's Office that the pages of the report were not sent to you because they are blank. I understand that you do not believe this to be the case. However, the Information Commissioner's Office must take the Trust's response in good faith and, as a regulator, we do not have the power to enter and search premises to check whether the report contains information which is being withheld from you."

Good faith? My records contain hundreds of pages of blank documents that have already been copied to me.

gettingtheresometime wrote: »

if I ever found out that a health care professional had blabbed about my medical records then God help them

And what would you do about it, 99% of complaints against the NHS are rejected. I've had remarks from a family member that were very obviously prompted by a comment from another family member who works at the hospital. I've also had remarks from hospital staff that have come from the family.

Proxima_Centauri

jack_pott wrote: »

Mostly, my GP records contain staff names by the entries, but there are also numerous entries such as "Unknown staff member" and "Updated by Unknown". All the entries appear to relate to someone modifying the notes, so it's not clear that there's any record at all if someone just reads them. My hospital notes are non-computerised, so presumably anyone can rummage without leaving any trace.

Publications are full to the brim with fine words about all the rights patients have, but the reality is that they don't mean Jack because there's no enforcement or comeback. They can flout the rules whenever they like and there's absolutely nothing you can do about it.

Several people have mentioned the ICO, here's a brief passage from a letter they sent me last August relating to the NHS refusing access to some documents:

"The Trust has explained to the Information Commissioner's Office that the pages of the report were not sent to you because they are blank. I understand that you do not believe this to be the case. However, the Information Commissioner's Office must take the Trust's response in good faith and, as a regulator, we do not have the power to enter and search premises to check whether the report contains information which is being withheld from you."

Good faith? My records contain hundreds of pages of blank documents that have already been copied to me.



And what would you do about it, 99% of complaints against the NHS are rejected. I've had remarks from a family member that were very obviously prompted by a comment from another family member who works at the hospital. I've also had remarks from hospital staff that have come from the family.

Some very valid points raised in this post.

Are we the only country where the State has the right to keep a health record on each individual citizen, and for individuals to not be able to see these records without paying a fee or to alter (mistakes on) them in any way?

And that's not even counting the fact that many of these records are being kept secret from the patient.

I used to study the former East Germany as part of my degree course, and it is reminiscent of their old Stasi files!!

Floss

Proxima_Centauri wrote: »

Some very valid points raised in this post.

Are we the only country where the State has the right to keep a health record on each individual citizen, and for individuals to not be able to see these records without paying a fee or to alter (mistakes on) them in any way?

And that's not even counting the fact that many of these records are being kept secret from the patient.

I used to study the former East Germany as part of my degree course, and it is reminiscent of their old Stasi files!!

Many Trusts will allow viewing of an electronic record f.o.c but paper ones cost for retrieval from archive so will be charged for.

Undervalued

Floss wrote: »

OP, contact the Information Governance team at the Trust you will be attending for your op, and also at your GP practice. Explain your concerns, as it IS possible to restrict access to an electronic patient record to clinicians only, and request that this is done. You will probably need to request in writing, but I would speak to them first.

Yes it is misconduct to access a medical record without a clinical reason, and all NHS staff have to undergo compulsory annual IG training (including a patient confidentiality module) from cleaners to the Chief Exec and all levels in-between.

I have twice been on the receiving end of breaches of confidentiality by medical "professionals".

In one case the clinician I was seeing, during a period of long term sickness absence, turned out to be the next door neighbour and a close friend of a work colleague. Despite us having discussed my work situation in detail they did not declare the conflict of interest. I know, but cannot prove, that some of what we discussed was passed on to their friend!

The second instance was a consultant who took it upon himself to contact a charitable trust I had been seeing without my permission. The charity, to their credit, told him where to go and immediately reported the contact in writing to me. The only reason I didn't make a formal complaint to the GMC was that I genuinely believed that his intentions were good and that he was extremely helpful in other ways. However it was a clear breach of protocol and should not have happened.

So, I'm afraid "trust me I'm a doctor" took a bit of a knock!

DomRavioli

Undervalued wrote: »

I have twice been on the receiving end of breaches of confidentiality by medical "professionals".

In one case the clinician I was seeing, during a period of long term sickness absence, turned out to be the next door neighbour and a close friend of a work colleague. Despite us having discussed my work situation in detail they did not declare the conflict of interest. I know, but cannot prove, that some of what we discussed was passed on to their friend! Having a clinician who knows someone you work with isn't a conflict of interest. That would be immediate family and very close friends. If they discussed confidential information with anyone who was not privvy to that, then that is misconduct.

The second instance was a consultant who took it upon himself to contact a charitable trust I had been seeing without my permission. The charity, to their credit, told him where to go and immediately reported the contact in writing to me. The only reason I didn't make a formal complaint to the GMC was that I genuinely believed that his intentions were good and that he was extremely helpful in other ways. However it was a clear breach of protocol and should not have happened. That was seriously naughty of them, and consultants usually have no idea of protocol in these kinds of situations (the secretary or support staff should have realised before any comms sent).

So, I'm afraid "trust me I'm a doctor" took a bit of a knock!

Not all doctors, and their support teams, are like that. There's a few who are missing the common sense part of their persona, but they usually have a good secretary who saves their bottom frequently.

Undervalued

DomRavioli wrote: »

Not all doctors, and their support teams, are like that. There's a few who are missing the common sense part of their persona, but they usually have a good secretary who saves their bottom frequently.

Originally Posted by Undervalued

I have twice been on the receiving end of breaches of confidentiality by medical "professionals".

In one case the clinician I was seeing, during a period of long term sickness absence, turned out to be the next door neighbour and a close friend of a work colleague. Despite us having discussed my work situation in detail they did not declare the conflict of interest. I know, but cannot prove, that some of what we discussed was passed on to their friend! Having a clinician who knows someone you work with isn't a conflict of interest. That would be immediate family and very close friends. If they discussed confidential information with anyone who was not privvy to that, then that is misconduct.

The second instance was a consultant who took it upon himself to contact a charitable trust I had been seeing without my permission. The charity, to their credit, told him where to go and immediately reported the contact in writing to me. The only reason I didn't make a formal complaint to the GMC was that I genuinely believed that his intentions were good and that he was extremely helpful in other ways. However it was a clear breach of protocol and should not have happened. That was seriously naughty of them, and consultants usually have no idea of protocol in these kinds of situations (the secretary or support staff should have realised before any comms sent).

So, I'm afraid "trust me I'm a doctor" took a bit of a knock!

Your first point in red.

Yes they did "leak" information to their friend but I had no hard proof to present otherwise I would have raised merry hell!.

Second point.

The contact was by phone. The charity kept a formal written note and immediately reported it to me, initially by phone, then confirmed it in writing.

As you say very stupid / naughty but I do genuinely believe his intentions were good which was why I let it pass.