Increase in advice calls on third-party requests


For immediate release: Wednesday, 19 March 2014

UK-wide medical defence organisation MDDUS is reporting a sharp rise in calls from members seeking advice on disclosing medical records to third parties.

In 2013, MDDUS received a 65 per cent rise in the number of calls or emails looking for third-party related advice compared to the previous year. A large number of these advice calls came from members who were unsure whether to comply with requests from third parties such as the police or insurance companies.

Third parties can make a request for access to a patient’s medical records. However, there are a number of other considerations to take into account.

MDDUS medical adviser Dr Naeem Nazem says: “Doctors recognise their primary duty of confidentiality to patients and therefore should generally seek patient consent before disclosure of any medical information to a third party.

“Common third-party requests we encounter include fathers without parental responsibility wanting access to their child’s medical records, police seeking records for a criminal case or relatives requesting a patient’s records after death.”

MDDUS has also received a number of calls for advice from members relating to the disclosure of third-party information contained within a patient’s records.

The Data Protection Act 1998 allows patients to access their medical records but information relating to some third parties cannot be disclosed without their consent.

“While the basic principle of providing patients with access to their own medical records seems fairly straightforward, in reality there are a number of things doctors must carefully consider before granting access,” says Dr Nazem. “This is reflected in the number of calls we receive on the subject.

“When a patient requests access to their own records, doctors should remove identifiable third-party information, other than from other healthcare professionals acting in that capacity. The exception to this position is if the third party provides their consent to the disclosure.

“Likewise, if the record contains personal sensitive data which is likely to cause serious physical or psychological harm to either the patient or third party, this should be removed if appropriate.”

According to the Information Commissioner’s Office (ICO), third-party information can be disclosed under the Data Protection Act when consent has been attained or when “it is reasonable in all the circumstances to comply with the request without the individual’s consent.”

The ICO also states the decision to disclose will “involve balancing the data subject’s right of access against all the other individual’s rights in respect of their own personal data. If there is no consent, you must decide whether to disclose the information.”


For further information contact Richard Hendry on 0845 270 2034 or 07976 272266, or email

Note to editors

MDDUS (The Medical and Dental Defence Union of Scotland) is a medical and dental defence organisation providing access to professional indemnity and expert medico- and dento-legal advice for doctors, dentists and other healthcare professionals throughout the UK. For further information on MDDUS go to

This page was correct at the time of publication. Any guidance is intended as general guidance for members only. If you are a member and need specific advice relating to your own circumstances, please contact one of our advisers.

For registration, or any login issues, please visit our login page.