GDPR Corner - Confidential Medical Records
Let's Talk Shop
Unless you’ve resided on a desert island for the last year, you will no doubt be aware of GDPR – the new privacy regulation implemented as of 25 May 2018.
Its effects are far-reaching, not least with regards to medical records, where it is worth noting that a patient can generally no longer be charged for the provision of medical records. The British Medical Association (BMA) has issued some guidance to its members on this, which confirms that patients in most cases will be given access free of charge, including authorising a third party such as their solicitors.
A ‘reasonable fee’ can only be charged if the request is manifestly unfounded or excessive, however, those circumstances are likely to be rare. Whilst claimant solicitors cannot be charged, the guidance is now clear that this does not apply when insurers (and presumably representatives of insurers) seek records.
The BMA states that there is a clear distinction between a solicitor acting in the interests of the patient and those representing an insurance company. Furthermore, the Information Commissioners Office has declared that the use of subject access requests (SARs) by insurance companies in order to obtain full medical records, is an abuse of SAR rights.
Whilst there is no specific guidance regarding self-insureds, it is safe to assume at this point that the outcome will be the same. It is also reasonable to suggest that, whilst we can object to the claimant having paid fees for release of medical records when arguing a claimant’s costs, we will not enjoy the same free access.