Access to a deceased patient’s medical or dental records can be requested for a number of reasons. This advice addresses some of the most common queries, together with appropriate suggested responses.
Reasons to request access
-
Those close to the patient wish to look into the care and treatment in the lead up to death.
The General Medical Council advises doctors that they should disclose relevant information where a partner, close relative or friend seeks information about the circumstances of the death, if it will assist them in coming to terms with their loss. However, this must be considered within the context that the deceased retains the right to confidentiality even after death, especially where they have explicitly requested that specific information remains confidential, or that it would be obvious to the healthcare professional that this should be the case. The same criteria would apply where a relative wishes to check for specific genetic or family risk of illness following the death of a patient. All releases of information should be dealt with by considering: whether the disclosure is likely to be of benefit, whether it includes third-party information, and whether the information requested is already public knowledge.
- The patient's personal representative
The Access to Health Records Act allows a deceased patient’s representative access to their records. The personal representative would usually be the executor or appointed administrator of the patient’s estate. Information should not be disclosed where it is likely to cause serious harm to the physical or mental health of any individual, where it relates to an individual other than the patient or where the information was provided by the patient in the expectation that it would not be disclosed.
- An individual making a claim arising out of the death.
The Access to Health Records Act allows anyone who may have a claim arising from the death of the patient to apply for access to relevant information for their records. There is no specific definition of when a claim arises out of the death of the patient, but this might include clinical negligence, life insurance and travel insurance claims. If information is to be disclosed to anyone other than the personal representative, it is wise to contact them first to ensure there is no dispute or conflict of interest.
Information should not be disclosed where it is likely to cause serious harm to the physical or mental health of any individual, where it relates to an individual other than the patient or where the information was provided by the patient in the expectation that it would not be disclosed.
- Relatives exploring whether a deceased had capacity when their will was changed.
Solicitors will often say that inquiries about the testamentary capacity of a patient who has now died are legitimate inquires under the Access to Health Records Act 1990 as the inquiry is pertaining to a claim arising out of the death. However it is inappropriate to disclose information on this basis, and MDDUS advise the consent of the personal representative should be obtained before disclosing to other family members for this specific purpose.
- The procurator fiscal (Scotland) or coroner (England, Wales & Northern Ireland) requests a full copy of the deceased’s records for the purpose of investigating the circumstances of their death.
Such requests commonly come via an approach by the police, who in these circumstances act as an agent for the procurator fiscal or coroner and the data controller is usually obliged to comply.
- Where information is required by law or is justified in the public interest for education or research. The GMC advises that there may be other circumstances in which relevant information concerning a deceased person (i.e. not the whole patient record) should be disclosed. These include: for the purposes of National Confidential Enquiries or for local audit, information contained in death certificates, and for public health surveillance purposes (in which case the information should be anonymised or coded).
Common pitfalls
- Seriously harmful and other confidential third-party information is disclosed because adequate checks and redactions have not been carried out before release of the medical records.
- Specific requests that certain information remains confidential after death have not been recorded in the patient’s health record.
- Failing to comply with a lawful request to release health records to a procurator fiscal or coroner investigating the death of a patient.
- Providing confidential or other sensitive information in response to general “fishing exercises” driven by curiosity.
Key points
- Always consider the ongoing right to confidentiality after death before disclosing any patient information.
- Check and confirm identities of persons requesting access to the health information of deceased patients.
- Carefully consider how much information needs to be disclosed, dependent on the circumstances
- Ensure that all staff with a responsibility for processing patient information are appropriately trained and understand the potential risks associated with disclosing and/or sharing such information.
- Seek further advice from MDDUS before disclosing if you are unsure.
Further guidance
- Access to Health Records Act 1990
- General Medical Council. Confidentiality: Good practice in handling patient information (paragraphs 134-138)
- General Dental Council. Focus on standards. Principle 4 Maintain and protect patients’ information
This page was correct at the time of publication. Any guidance is intended as general guidance for members only. If you are a member and need specific advice relating to your own circumstances, please contact one of our advisers.