Access to deceased records

Access to a deceased patient’s medical or dental records can be requested for a number of reasons. This advice addresses some of the most common queries, together with appropriate suggested responses.

Reasons to request access

• Those close to the patient wish to look into the care and treatment in the lead up to death.
  The General Medical Council advises doctors that they should disclose relevant information where a partner, close relative or friend seeks information about the circumstances of the death, if it will assist them in coming to terms with their loss. However, this must be considered within the context that the deceased retains the right to confidentiality even after death, especially where they have explicitly requested that specific information remains confidential, or that it would be obvious to the healthcare professional that this should be the case. The same criteria would apply where a relative wishes to check for specific genetic or family risk of illness following the death of a patient. All releases of information should be dealt with by considering: whether the disclosure is likely to be of benefit, whether it includes third-party information, and whether the information requested is already public knowledge.

• Relatives considering making a claim on behalf of the estate of a deceased.
  The Access to Health Records Act 1990 applies to records made from 1st November 1991 onwards and allows the personal representative of the deceased to apply for access to information. In practice this will normally be the executor of the estate.

• An individual making a claim arising out of the death.
  The Access to Health Records Act 1990 allows anyone who may have a claim arising from the death in question to apply for access to relevant information. A ‘claim’ is not defined, but in practice would include life insurance and travel insurance claims. 
  
  
• Relatives exploring whether a deceased had capacity when their will was changed.
  Solicitors will often say that inquiries about the testamentary capacity of a patient who has now died are legitimate inquires under the Access to Health Records Act 1990 as the inquiry is pertaining to a claim arising out of the death. However it is inappropriate to disclose information on this basis, and MDDUS advise the consent of the personal representative should be obtained before disclosing to other family members for this specific purpose.
  
  
• The procurator fiscal (Scotland) or coroner (England, Wales & Northern Ireland) requests a full copy of the deceased’s records for the purpose of investigating the circumstances of their death.
  Such requests commonly come via an approach by the police, who in these circumstances act as an agent for the procurator fiscal or coroner and the data controller is usually obliged to comply.
  
  
• Where information is required by law or is justified in the public interest for education or research. The GMC advises that there may be other circumstances in which relevant information concerning a deceased person (i.e. not the whole patient record) should be disclosed. These include: for the purposes of National Confidential Enquiries or for local audit, information contained in death certificates, and for public health surveillance purposes (in which case the information should be anonymised or coded).

Common pitfalls

• Seriously harmful and other confidential third-party information is disclosed because adequate checks and redactions have not been carried out before release of the medical records.
• Specific requests that certain information remains confidential after death have not been recorded in the patient’s health record.
• Failing to comply with a lawful request to release health records to a procurator fiscal or coroner investigating the death of a patient.
• Providing confidential or other sensitive information in response to general “fishing exercises” driven by curiosity.

Key points

• Always consider the ongoing right to confidentiality after death before disclosing any patient information.
• Check and confirm identities of persons requesting access to the health information of deceased patients.
• Carefully consider how much information needs to be disclosed, dependent on the circumstances
• Ensure that all staff with a responsibility for processing patient information are appropriately trained and understand the potential risks associated with disclosing and/or sharing such information.
• Seek further advice from MDDUS before disclosing if you are unsure.

Further guidance

• Access to Health Records Act 1990
• General Medical Council. Confidentiality: Good practice in handling patient information (paragraphs 134-138)
• General Dental Council. Focus on standards. Principle 4 Maintain and protect patients’ information

MDDUS Training & CPD resources