Keep it clinical

A scenario involving a potentially violent patient raises the issue of how non-clinical data is recorded and stored

MEDICAL staff often see people at their worst – feeling ill or worried either for themselves or a family member. Some rude or aggressive behaviour at the reception desk or in a consulting room is hardly surprising, unacceptable though it may be.

Deciding just when such behaviour goes beyond what is tolerable or even safe in terms of the personal security of practice staff can sometimes be difficult. MDDUS has, however, become aware that this type of behaviour is increasingly being logged within patients’ medical records.

A discussion of this topic at the recent MDDUS Practice Managers' Conference sparked some debate. The specific scenario concerned use of messaging facilities within practice IT systems.

Consider a patient – Mr A –who arrives at reception late and agitated for an appointment and snaps at the receptionist, calling her a “stupid cow”. In the time before he is called for his appointment the receptionist transmits a message via the practice IT system informing the GP that Mr A has been “threatening and abusive”. The expectation is that the GP – with justification – will confront Mr A on his inappropriate behaviour. But also at issue is what happens to that message. Depending on how it has been transmitted, the receptionist’s comment could be stored as part of Mr A’s permanent clinical record.

This scenario touches on a number of areas of concern including how practices manage patient information using clinical IT systems and other means of storing non-clinical data. It also concerns the duty of care to practice staff in regard to harassment or aggressive behaviour from patients.

Clinical records in principle

GP practices across the UK use a variety of IT systems to manage patient records, such as EMIS, SystemOne, Vision and Synergy. It is beyond the scope of this article to go into the fine details of how data is captured, stored and transmitted in each system. However, it is essential that practices understand how their IT systems operate in order to ensure compliance with the Data Protection Act 1998 and basic legal and regulatory requirements to ensure confidentiality.

In this scenario the message string used to inform the GP of the patient’s rudeness was automatically appended to the patient clinical records. It is doubtful that a record of this exchange entered by a receptionist would be considered of clinical relevance. A GP in some circumstances may wish to record a patient’s behaviour in the clinical notes – for example in cases of mental illness – but the choice of what is recorded and the format in which that information is logged is a clinical decision and one for the GP to make.

Extreme rudeness or aggression in a patient may be worth recording in other contexts, say if relevant to an ongoing behaviour issue or in connection with a potential complaint against the practice. But such records should be kept separate from clinical notes.

MDDUS has had many calls over the years from practices who have either inadvertently breached patient confidentiality by storing non-clinically relevant information in patient records, or have received complaints from patients who after a subject access request have objected to the recording of such information within the medical records. Among documents often misfiled with the clinical records are:

• Medical reports for insurance companies or DVLA, e.g. heavy goods vehicle (HGV) applications

• Case conference meeting minutes regarding issues of child protection or a vulnerable adult

• Correspondence with solicitors including reports for court purposes

• Reports and correspondence regarding employment issues

• Reports for the DWP or benefit agencies

• Correspondence in regard to medicolegal claims or complaints from the GMC or GDC

• Correspondence, notes and reports to do with the investigation and resolution of patient complaints.

Such information should be held in a separate file. The risk of inappropriate disclosure has been further increased by the computerisation of patient records. Many practices now routinely scan and store all patient-related correspondence in electronic folders. To copy and send a folder takes only a matter of seconds. But just as with paper records it is essential such records are thoroughly checked to prevent inappropriate disclosure of non-clinically relevant details or third-party information.

Some issues, such as a child protection order, can be noted on the medical file along with any relevant medical information but detailed files should not be kept in the clinical records. Remember that clinical records will follow a patient throughout their life.

Data protection risks

Another risk in recording non-clinical patient details comes under the Data Protection Act 1998. This Act applies UK-wide to all data about identifiable, living individuals. In the context of medical and dental practice it covers patient records held on computer or in paper files, and extends to handwritten notes and imaging. Under the Act a patient has a right of access to see personal information and to have it corrected if it is wrong. The Act introduces eight data protection principles that set out the standards for handling information. Data must be:

• fairly and lawfully processed

• processed for limited purposes

• adequate, relevant and not excessive

• accurate

• not kept for longer than is necessary

• processed in line with the data subject’s rights

• secure

• not transferred to countries outside the EU without adequate protection.

Anything recorded, no matter where it is stored, is potentially recoverable under the Data Protection Act so it should be made very clear to practice staff that relevant emails, text messages or other notes may someday be seen by a subject patient or carer and possibly challenged. Notes on patient behaviour should be neutral and non-judgemental – a simple statement of the facts: For example: “The patient clenched his fist and called me a …”

Not every heated confrontation need be recorded. The RCGP offers guidance on what is considered unacceptable behaviour, such as discriminatory abuse, sexual or racial harassment, physical or verbal abuse including threats and gestures, and violence.

Health and safety considerations

In the context of aggression and violence all practices have a legal duty of care not only to staff and other patients but all healthcare professionals who may come in contact with an abusive patient. Most practices will operate a zero tolerance policy towards violence against staff with all incidents followed by a formal warning and possible removal from the practice list. The RCGP provide clear guidance on removal of patients from a practice list and it is advised that wherever possible this guidance should be followed.

A formal system for placing violence markers on the electronic or paper records of potentially violent individuals is in place in some NHS service providers. Markers can be applied regardless of whether the act was intentional or not so as to “reduce possible risks to NHS staff by enabling them to consider and implement measures for their protection.”

Practices should be aware how their own local commissioning bodies or health authorities identify violent patients but should also be aware that any such schemes must be compliant with the Data Protection Act on issues of fairness. This will mean informing the patient that they have been identified as being potentially violent.

There are also obligations to staff under health and safety regulations. No less than five pieces of legislation are relevant to protecting employees from violence at work, including The Health and Safety at Work Act 1974.

It is important that serious incidents of patient aggression are logged and dealt with but the trick is to ensure that doing so brings no additional medico-legal risks for practices.

Jim Killgore, associate editor, Practice Manager, in discussion with Liz Price, training and consultancy manager, Alan Frame, risk adviser, and Dr Anthea Martin, senior medical adviser at MDDUS