This site is intended for health professionals only

GP practices ‘intimidated’ into handing over patient data to police

by Carolyn Wickware
20 April 2018

Share this article

GP leaders in Kent have called on local police officers to stop ‘intimidating’ practices into handing over patient records.
The officers were said to have entered surgeries demanding patient records but were unable to show the request had been authorised by a supervisor.
LMC leaders said that, in some cases, practices ‘inadvertently’ gave police officers the data – later realising it is against patient confidentiality.
Kent Police said it has advised practices to send these officers away if they are unable to provide the relevant paperwork.
Dr John Allingham, medical secretary of Kent LMC, said the officers went into practices demanding patient records, saying it was their ‘right’ under the Data Protection Act to access the records.
Under the Act, officers are allowed to request access to personal data for ‘the prevention or detection of crime’, ‘the apprehension or prosecution of offenders’, or ‘the assessment or collection of any tax’.
However, practices are not obligated to supply the data and the legislation still requires the request to come from a police officer of a rank of inspector or above.
Dr Allingham, who has met with the police over the issue, said: ‘We have had a few instances where police officers – sometimes it’s been civilians working for the police – have said it’s our right, we want to see the medical records.
‘They can be quite intimidating and some practices have inadvertently given in to them. Our advice is: no you don’t have to do that.’
He added: ‘The request has to be proportionate and reasonable and, as the data controller, GPs have a right to say no if they don’t think the request is reasonable or they don’t think the police need the information.’
According to BMA guidance GPs who have been asked for patient records under section 29 of the Act ‘remain bound by the long-established common law duty of confidentiality and may only disclose information where the patient has given consent, or there is an overriding public interest’.
The guidance says: ‘Disclosures in the public interest based on common law are made where disclosure is essential to prevent a serious threat to public health, national security, the life of the individual or a third party, or to prevent or detect serious crime.’ 
Serious crimes are defined as murder, manslaughter, rape, treason, kidnapping and abuse of children or other vulnerable people as well as national security and serious fraud.
But according to the Kent LMC newsletter, the officers are ‘demanding sight of patients records with no paperwork’.
Dr Allingham said: ‘The police who are doing it are individual officers who are acting outside the regulation.
‘We’ve had a few significant instances where surgeries have stood their ground and ended up in disagreements with the police and we’ve had a few where surgeries have inadvertently let data go and realised afterwards that they shouldn’t have done it.
‘The police do need to consider that they need the authority of a senior officer to request data.’
GPs are currently able to charge a fee for producing patient medical records, but from May, new European legislation will ban GPs from charging for providing personal data.
A Kent Police spokesperson said: ‘Detective superintendent Susie Harper from Kent Police’s Partnerships & Public Protection Unit advised LMC members that in order for an officer to request patient information they should have the correct paperwork signed by a senior officer. If this is not the case, they must request the officer to obtain that signature before releasing the information.
‘Det Supt Harper has also offered to engage and explain to GPs, practice managers and office staff on the legal grounds and justification for disclosing data to the police for police enquiries as well as for Multi-Agency Risk Assessment Conference (MARAC) purposes.’
Patient data sharing has come under intense scrutiny with the House of Commons Health Committee declaring the agreement between NHS Digital and the Home Office to share patient data for immigration purposes is ‘entirely inappropriate’.
This story was first published by our sister publication Pulse.