1. No category

Controlled document This document is uncontrolled when

ACCESS TO HEALTH RECORDS
LITIGATION & CLAIMS DEPARTMENT DISCLOSURE PROCEDURE
Controlled document
This document is uncontrolled when downloaded or printed.
Reference number
WHHT G032
Version
4
Author
Kate Hallam Head of Legal
Date ratified
June 2015
Committee/individual
responsible
Quality and Safety Group
Issue date
June 2015
Review date
June 2018
Target audience
Litigation and Claims Department staff
Key Words
Access to Health Records Disclosure
Previous Policy Name
(If applicable )
Ref: WHHT: G032
Author: Kate Hallam
Date: June 2015
Review Date: June 2018
Version no: 4
Page 1 of 14
CONTRIBUTION LIST
Key individuals involved in developing this version of the document
Name
Kate Hallam
Martina Brooker
Designation
Head of Legal
Access
to
Administrator
Approved by Committee
June 2015 QSG
Health
Records
Change History
Version Date
4
June 2015
3
May 2013
2.1
2
May 2011
April 2009
Ref: WHHT: G032
Author: Kate Hallam
Author
Kate Hallam
Reason
Formal review
Reviewed. Additional guidance added to a
number of
sections to provide more detailed
information.
Reviewed. Minor amendments made.
Removed MVH Contact Details, Renamed
Data
Protection Manager to Information
Governance
Manager and additional responsibilities
added.
Additions to Monitoring & Review. Add
‘Related
Policies’ section.
Date: June 2015
Review Date: June 2018
Version no: 4
Page 2 of 14
CONTENTS
1
Aim ...................................................................................................................... 4
2
Objectives ........................................................................................................... 4
3
Definitions ........................................................................................................... 4
4
Scope .................................................................................................................. 4
4.1
The Right to Disclosure under the DPA .................................................... 4
4.2
The Right to Disclosure under the AHRA ................................................. 5
4.3
Children ....................................................................................................... 5
4.4
Incapacitated Adults ................................................................................... 6
4.5
Powers of Attorney ..................................................................................... 6
4.6
Police ........................................................................................................... 6
4.7
Regulatory Bodies ...................................................................................... 7
5
Procedure ........................................................................................................... 7
6
Responsibilities .................................................................................................. 9
7
Related Policies ................................................................................................ 10
8
Equality Impact Assessment ........................................................................... 10
9
Policy and Procedure Sign-off Sheet ............................................................. 11
10
Policy Ratification Form .............................................................................. 12
11
Appendix 1 .................................................................................................... 14
Ref: WHHT: G032
Author: Kate Hallam
Date: June 2015
Review Date: June 2018
Version no: 4
Page 3 of 14
1
Aim
To provide the process to be followed by the Litigation and Claims Department on
receipt of a request for disclosure of health records, and/or clinical and personal
identifiable information
2 Objectives
To ensure compliance with:
 The Data Protection Act 1998;
 The Access to Health Records Act 1990;
and the Trust’s:
 Access to Health Records Policy;
 Information Security Policy;
 Email Policy;
 IT Policy;
and:
 The Litigation and Claims Department Policy on Disclosure of Health
Records and Personal Identifiable Information (Appendix 1).;
 The Caldicott Principles;
 Safeguarding
3
Definitions
 Data Subject – any individual who is the subject of the data.
 Relevant clinician – normally the individual who is or was responsible
for the care of the Data Subject during the period to which the
application applies.
 Data Protection Act 1998 (‘’DPA’’)
 Access to Health Records Act 1990 (‘’AHRA’’)
4
Scope
4.1
The Right to Disclosure under the DPA




Information about a living person is personal data.
Information about physical or mental health or condition is sensitive
personal data
It is a breach of confidentiality if personal data is disclosed in breach of the
DPA.
Medical information about a deceased person remains confidential but is
not governed by the DPA. The right to access is regulated by the AHRA
(see below).
Ref: WHHT: G032
Author: Kate Hallam
Date: June 2015
Review Date: June 2018
Version no: 4
Page 4 of 14



4.2
4.3
Sensitive personal data must be processed in accordance with the First
Data Principle and Schedule 3 of the DPA. One of the following conditions
of Schedule 3 must be met:
a) Explicit consent of data subject;
b) To protect the vital interests of data subject or another person and
consent cannot be obtained or is unreasonably withheld by the data
subject;
c) For establishing, exercising or defending legal rights;
d) Administration of justice or functions conferred on any person by or
under an enactment;
e) Necessary for medical purposes (including the purposes of
preventative medicine, medical diagnosis, provision of care and
treatment, and the management of health services).
The data subject must be notified their data is being processed unless one
of the exceptions in DPA applies:
a) Prevention or detection of crime AND telling the data subject would
prejudice those purposes.
b) Apprehension or prosecution of offenders AND telling the data
subject would prejudice those purposes.
c) Regulatory functions (notifying GMC/NMC/GDC etc.).
The DPA provides that access must be provided (where there is a right to
access) within 40 calendar days from the date of the request and receipt of
the fee.
The Right to Disclosure under the AHRA
 The right to access is restricted to the personal representative and those
who may have a claim arising from the death.
 A personal representative is the person(s) entitled to administer the
deceased person’s estate by virtue of a grant of probate or letters of
administration.
 The right is restricted to the information ‘relevant to the claim’.
 Disclosure is prohibited if there is a statement in notes that the data
subject does not wish disclosure to be made to that individual.
Children
Young people aged 16 and 17 are to be treated as adults. Under the age
of 16 a decision has to be made in respect of the young person’s capacity
to consent to disclosure
 If a young person is under the age of 16 access can be given to someone
with parental responsibility if:
a) The child understands what the application is about and has consented to
disclosure to the person with parental responsibility, or

Ref: WHHT: G032
Author: Kate Hallam
Date: June 2015
Review Date: June 2018
Version no: 4
Page 5 of 14
b) The child is not capable of understanding the nature of the application and
disclosure is in their vital interests
Parental responsibility is defined by the Children Act 1998. The following people
may, in England and Wales have parental responsibility:
a) Mother
b) Father if married to the mother at the time of birth or jointly registered the
birth with the mother (from 1 December 2003) or has become registered
as the father or by a formal agreement or Court Order.
c) Same sex partners if civil partners at child’s birth or formal parental
agreement.
d) Court Order appointing guardian or person appointed by parents in the
event of death.
e) Person who has Residence Order made by the Court.
f) Local Authority which has Care Order.
g) Person who has Emergency Protection Order.
h) Provisions for Scotland and Northern Ireland vary and must be checked.
4.4 Incapacitated Adults
Points to consider when deciding whether disclosure should be made:
 Is it in the best interests of the incapacitated adult to share information
about them?
 Is it in their vital interests that information be shared?
 Does the good achieved by disclosure outweigh the obligations of
confidentiality to the individual and broader public interest in provision of a
confidential service.
 Is the person applying for disclosure an Independent Mental Capacity
Advocate.
4.5 Powers of Attorney
An individual acting under a Lasting Power of Attorney can ask to see information
relevant to the decisions the attorney has the legal right to make. Health information
can also be shared with a person holding a Power of Attorney if it is in the patient’s
best interests. If the Attorney does not have a clear right to disclosure they can apply
to the Court for an Order for disclosure.
4.6
Police
 A request from the Police must be accompanied by a section 29 notice
signed by a senior officer, unless the police provide signed consent to
disclosure from the data subject. The section 29 notice should explain:
a) What the police need (they are unlikely to need all the data subjects
health records), only the minimum should be released.
Ref: WHHT: G032
Author: Kate Hallam
Date: June 2015
Review Date: June 2018
Version no: 4
Page 6 of 14

4.7
b) Why they need the information. If the Trust does not release the data
will this significantly harm any attempt by the police to prevent crime or
catch a suspect?
There is also a need to consider if the therapeutic relationship with the
patient will be affected or if there are wider public interest factors. If there
are any concerns the police must be required to produce a Court Order for
disclosure.
Regulatory Bodies
Certain regulatory bodies e.g. the GMC, NMC, GDC, have a statutory
a) right to disclosure without consent of the data subject. A check must
be
b) made that a statutory right exists and that the application is being
made
c) under the statutory right. Only relevant records should be disclosed.
 S31 of the DPA provides an exception to the duty to notify the data
a)
subject their personal data is being processed if it is likely to
prejudice the
b)
proper discharge of the regulatory function.

5
Procedure
a) Request for access received.
b) Log request on Datix.
c) Respond acknowledging receipt of request to applicant and if the
request was not on the Trust’s application form, enclose a form for the
applicant to complete and return.
d) Completed application form for disclosure received.
e) Check application form is properly completed and person requesting
disclosure has the right to access. Confirm receipt of application form
to applicant.
f) For individuals requesting disclosure proof of identity and address must
be obtained and recorded on Datix.
g) Check administration fee has been provided, record receipt on Datix.
h) Request administration fee if this has not been provided. Explain not
entitled to disclosure until fee receive. Record on Datix.
i) Request consent of data subject or proof of right to access if this has
not been provided. Explain disclosure cannot be made until this has
been received. Record on Datix.
j) When right to access is proved and the fee paid write advising
disclosure will be made within 40 days, state the date by which
disclosure will be made. This is 40 days from receipt of a legitimate
request and the fee. Record on Datix.
Ref: WHHT: G032
Author: Kate Hallam
Date: June 2015
Review Date: June 2018
Version no: 4
Page 7 of 14
k)
l)
m)
n)
o)
p)
q)
r)
s)
t)
u)
v)
Make a note of the disclosure due date and reminder in Datix to update
the applicant prior to expiry of the 40 day period if disclosure will not
take place within the 40day period.
If the 40 day time limit is going to be exceeded the applicant must be
notified of this prior to the expiry of the 40 days and given the reason
e.g. clinic appointment, still trying to locate records.
If the applicant has requested, on the application form to view the
records rather than have copies, contact the applicant to arrange a
convenient time and date for them to come to the Trust to view the
records with a member of the Access to Health Records team.
Before health records or any clinical or personal identifiable data are
disclosed (including being viewed in person) they must be redacted to
remove any third party data. The data subject’s records from another
hospital/clinic/GP contained in the WHHT records can be disclosed as
they form part of the health record held by WHHT.
Check if the patient’s wishes in respect of disclosure are recorded. Do
not disclose against the patient’s wishes. (This may be permissible in
very limited circumstances, legal advice should be obtained).
Send the health records to a relevant clinician for confirmation the
information to be disclosed is not likely to cause serious harm to the
physical or mental health of the applicant or another person. If the
health records are small in volume, and are not a child’s records, and
there is clearly no concern that the information to be disclosed would
be likely to cause serious harm to the physical or mental health of the
applicant or another person they need not be sent to a relevant
clinician.
Children’s health records must always be sent to the relevant clinician
for confirmation that the information to be disclosed is not likely to
cause serious harm to the physical or mental health of the applicant or
another person.
Children’s health records must be checked by the Safeguarding team
before they are disclosed to a Local Authority.
Children’s health records should only be disclosed to person claiming
parental responsibility if proof of parental responsibility has been seen
and recorded on Datix.
Records to be disclosed must be securely packaged and sent by
special delivery or sent on a password protected disk (with the
password provided separately) or collected by the data subject or other
individual with the right to disclosure.
In case of urgency e.g. a request from a court for immediate delivery
authority to use a courier must be obtained or they must be hand
delivered.
If heath records are sent by post or courier there must be more than
one address label and a return address on the packaging.
Ref: WHHT: G032
Author: Kate Hallam
Date: June 2015
Review Date: June 2018
Version no: 4
Page 8 of 14
w) A copy of the letter accompanying the records disclosed must be put
on Datix.
Letters before Action.







Solicitors must provide consent to disclosure from the data subject or
other person with the right to disclosure.
Compliance the Pre-Action Protocol for the Resolution of Clinical
Disputes should be required to provide sufficient information to enable
the Trust to determine which records are relevant.
The health records must be disclosed within 40 days.
Solicitors must be advised they will be invoiced for the fee payable.
If the applicant has not instructed solicitors they must be asked to pay
the fee and payment must be received before the records are disclosed.
The 40 days will not start to run until the fee has been received in the
Trust. This should be explained in writing to the applicant.
Before disclosure the health records must be checked by a relevant
clinician and confirmation received that disclosure would not be likely to
cause serious harm to the physical or mental health of the applicant or
another person.
Third party data must be redacted.
Complex/unusual Cases

6
Advice can be obtained from the Claims and Litigation Manager,
Information Governance Manager, and Caldicott Guardian. If concerns
about disclosure remain unresolved advice can be obtained from the
Trust’s solicitors. In certain cases it may be necessary for a Court Order
for Disclosure to be obtained by the applicant.
Responsibilities
 Head of Legal is responsible for overseeing the writing of this
Procedure and ensuring it is used within the Litigation and Claims
Department.
 All staff in the Litigation and Claims Department are responsible for
reading and complying with the Procedure.
 All staff within the Litigation and Claims Department are responsible for
notifying any required changes to the Procedure to the Head of Legal.
Ref: WHHT: G032
Author: Kate Hallam
Date: June 2015
Review Date: June 2018
Version no: 4
Page 9 of 14
7
Related Policies
 WHHT Access to Health Records Policy;
 WHHT Information Security Policy;
 WHHT Email Policy;
 WHHT IT Policy;
 The Litigation and Claims Department Policy on Disclosure of Health
Records and Personal Identifiable Information (Appendix 1).
8
Equality Impact Assessment
Yes/No
1.
2.
3.
4.
5.
6.
7.
Does the policy/guidance affect one
group less or more favourably than
another on the basis of:
Race
Ethnic origins (including gypsies and
travellers)
Nationality
Gender
Culture
Religion or belief
Sexual orientation including lesbian,
gay and bisexual people
Age
Disability
learning
disabilities,
physical disability, sensory impairment
and mental health problems
Marriage & Civil partnership
Pregnancy & maternity
Is there any evidence that some
groups are affected differently?
If you have identified potential
discrimination, are any exceptions
valid, legal and/or justifiable?
Is the impact of the policy/guidance
likely to be negative?
If so can the impact be avoided?
What alternatives are there to
achieving the policy/guidance without
the impact?
Can we reduce the impact by taking
different action?
Ref: WHHT: G032
Author: Kate Hallam
Comments
No
No
No
No
No
No
No
No
No
No
No
No
No
No
N/A
N/A
N/A
Date: June 2015
Review Date: June 2018
Version no: 4
Page 10 of 14
9
Policy and Procedure Sign-off Sheet
Policy Name and Number: Access to Health Records Litigation and
Claims Department Disclosure Policy
Version Number and Date:
No:
Service Location: Watford General Hospital
All staff members must sign to confirm they have read and
understood this policy.
Name
Signature
Name
Signature
Ref: WHHT: G032
Author: Kate Hallam
Date: June 2015
Review Date: June 2018
Version no: 4
Page 11 of 14
10 Policy Ratification Form
Name of Document:
Date:
Ratification
Name of Persons
Job Title
Date
Divisional Support (Direct Line Manager / Matron / Consultant / Divisional Manager)
Consultation Process (list of stakeholders consulted / staff groups presented to)
Endorsement By Panel/Group
Name of Committee
Chair of Committee
Document Checklist
Date
Yes / No
1. Style & Format
Is the title clear and unambiguous?
Is the font in Arial?
Is the format for the front sheet as per Appendix 1 of the policy
framework
Has the Trust Logo been added to the Front sheet of the policy?
Is it clear whether the document is a guideline, policy, protocol or
standard operating procedure?
2. Rationale
Are reasons for development of the document stated?
3. Content
Is there an introduction?
Is the objective of the document clear?
Does the policy describe how it will be implemented?
Are the statements clear and unambiguous?
Are definitions included?
Are the responsibilities of individuals outlined?
4. Evidence Base
Is the type of evidence to support the document identified explicitly?
Are key references cited?
Are supporting documents referenced?
5. Approval
Does the document identify which committee/group will approve it?
Ref: WHHT: G032
Author: Kate Hallam
Date: June 2015
Review Date: June 2018
Version no: 4
Page 12 of 14
Document Checklist
Yes / No
6. Review Date
Is the review date identified?
Is the frequency of review identified? If so is it acceptable?
7. Process to Monitor Compliance and Effectiveness
Are there measurable standards or Key Performance Indicators to
support the monitoring of compliance with and effectiveness of the
document?
Is there a plan to review or audit compliance with the document?
Standard Equality Impact Assessment Tool
Persons likely to be affected by policy change / Staff
implementation
Are there concerns that the proposed documentation / change could have an
adverse impact on:
Race. Ethnicity, National Origin, Culture, Heritage
Religion, Faith, Philosophical Belief
Gender, Marital Status, Pregnancy
Physical or Learning Disabilities
Mental Health
Sexual Orientation / Gender Reassignment
Age
Homelessness, Gypsy / Travellers, Refugees / Asylum Seekers
Please give details of any adverse impact identified:
If adverse impacts are identified, are these considered justifiable? (Please give
reasoning)
There is unlikely to be an adverse impact on different minority groups
Name
of
Person
Ratification Form
completing Job Title
Ratification Group/Committee
Ref: WHHT: G032
Author: Kate Hallam
Chair
Date: June 2015
Review Date: June 2018
Date
Signature
Date
Version no: 4
Page 13 of 14
11 Appendix 1
Litigation and Claims Department Policy on Disclosure of Health Records and
clinical and Personal Identifiable Information.









All staff must comply with the Trusts Information Security Policy, Email Policy and
IT Policy.
The Department responds to numerous requests for disclosure of heath records
and other clinical and personable identifiable information on a daily basis.
Disclosure must take place in accordance with the following arrangements and
Trust Policies.
Heath records are either to be scanned to a password protected disc and the disc
and password provided separately to the recipient. Alternatively copies of the
records may be posted by special delivery to the recipient. It is recognised that
many recipients, in particular patients, do not have facilities to view a disc and
wish to receive paper records.
All records sent by post must be securely packaged and have more than one
address label and a return address.
Correspondence with solicitors will be via Mimecast or the firm of solicitors’
equivalent Closed Circuit Messaging Webmail Service. If a firm of solicitors does
not have a closed circuit messaging webmail service communication will be by
post.
Communication with the NHSLA will be via the NHSLA Extranet.
Communication with other public and private sector organisations must be by
post unless sent from an NHS net address to an NHS net address.
In the case of urgency a courier should be used. In no circumstances should
email be used, unless from an NHS net address to an NHS net address.
In the case of any doubt or if for any reason it is not possible for disclosure, or
information to be communicated through the above channels advice must be sort
from the Head of Legal Affairs, a member of the Information Governance team or
the Caldicott Guardian.
Ref: WHHT: G032
Author: Kate Hallam
Date: June 2015
Review Date: June 2018
Version no: 4
Page 14 of 14

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2025 Paperzz