This site is intended for health professionals only

Doctors concerned over third-party data requests

20 March 2014

Share this article

There has been a sharp rise in healthcare professionals requesting advice on disclosing medical records to third parties. 

In 2013, UK-wide medical defence organisation MDDUS received a 65% rise in the number of calls or emails looking for advice on the matter compared to last year. 

Many members were unsure whether to comply with requests from third parties such as the police or insurance companies. 

MDDUS medical adviser Dr Naeem Nazem reminded doctors to seek patient consent before disclosing any medical information to a third party. 

He said that some of the most common third-party requests are fathers without parental responsibility wanting access to their child’s medical records, police seeking records for a criminal case or relatives requesting a patient’s records after death.

“While the basic principle of providing patients with access to their own medical records seems fairly straightforward, in reality there are a number of things doctors must carefully consider before granting access,” said Dr Nazem.

MDDUS has also received a number of calls for advice from members relating to the disclosure of third-party information contained within a patient’s records.

The Data Protection Act 1998 allows patients to access their medical records but information relating to some third parties cannot be disclosed without their consent.

Dr Nazem said: “When a patient requests access to their own records, doctors should remove identifiable third-party information, other than from other healthcare professionals acting in that capacity. The exception to this position is if the third party provides their consent to the disclosure.

“Likewise, if the record contains personal sensitive data which is likely to cause serious physical or psychological harm to either the patient or third party, this should be removed if appropriate.”