Accessing patient records is an issue that crops up time and again in the Medical Practitioners Tribunal hearings. Sometimes as a standalone issue in a case but more commonly it is part of other conduct which, as the following few cases show, rarely ends well.
Dr A was suspended for four months in circumstances where he had accessed a patient’s records without any clinical reason, he took photos of the records and sent them to another person who was also not connected with the patient’s care. In respect of other patients he took photos and sent them to another person, this was over a period of 4 months. Dr A was acting in an ill-judged attempt at humour and potentially subjected the patients to ridicule. The one patient who learnt of the disclosure was distressed by the disclosure.
Dr D accessed a patient’s records to obtain their mobile phone number and send WhatsApp messages which were sexually motivated. The Tribunal found that this access and the messages were inappropriate and went on to find impaired FTP. The Tribunal stated that it was wholly inappropriate for Dr D to obtain a telephone number for his personal use. There was some evidence that the patient had given consent for Dr D to have her number, but the Tribunal took the view the patient probably believed it was for clinical reasons not personal. Taken together with the other allegations, which including numerous sexually motivated messages and conversations with two patients, the Tribunal erased Dr D from the register.
Dr R was given a warning following her twice accessing a patient’s records without any clinical reason for doing so. Dr R admitted the facts, she had extensively searched the patient’s records and by her own admission agreed it was ‘sneaky’. There were further personal factors involved in the case and a particular dynamic between the patient and doctor which was a factor. The Tribunal considered all the facts, the level of remediation and found Dr R’s FTP was not impaired, they did however comment that it was a set of facts that was unlikely to arise again.
There are several paragraphs of GMP which are likely to apply regarding access to patient records:
- Good doctors work in partnership with patients and respect their rights to privacy and dignity. They treat each patient as an individual. They do their best to make sure all patients receive good care and treatment that will support them to live as well as possible, whatever their illness or disability.
- You must keep records that contain personal information about patients, colleagues or others securely, and in line with any data protection law requirements.
- You must treat patients as individuals and respect their dignity and privacy.
- You must treat information about patients as confidential. This includes after a patient has died.
- You must make sure that your conduct justifies your patients trust in you and the public’s trust in the profession.
There is also GMC Guidance available on this matter – ‘Confidentiality: good practice in handling patient information’.
The trite answer then is that accessing patient records without good clinical reason and without clear consent from the patient is laden with risk. The risks are regulatory and legal there are numerous dimensions; it is a data protection issue, it may be a welfare/social care issue, you may be required to disclose issues by law or for reporting purposes, you may be concerned about another doctor’s treatment or there may be some public interest element to the access. As an employment law issue, unauthorised access can amount to gross misconduct and therefore lead to a doctor being being dismissed. Do therefore exercise caution before accessing records, consider and record your reasons and if in any doubt seek advice in relation to your proposed access.
Please note that the comments in this cases review are generic and cannot be relied upon as legal advice, if you have any practise concerns please contact us directly for specific advice on your matter.