Accessing patient records – when is it ok? When is it not?

PATIENT records contain a wealth of important – and sensitive – information, much of which is only a click away for healthcare teams.

Doctors quite rightly are allowed to access records to provide direct patient care – but what if you need to look at a record for another reason?

The General Medical Council (GMC) makes it clear in its Confidentiality guidance that “you must not access a patient’s personal information unless you have a legitimate reason to view it”.

So what exactly is a “legitimate reason” and what other factors should doctors consider?

Achieving balance

The GMC recognises that patient information contributes to the overall delivery of health and social care: “Without information about patients the health and social care system would be unable to plan, develop, innovate, conduct research or be publicly accountable for the services it provides.”

Patient information is crucial for a range of areas like health services management, research, epidemiology, public health surveillance, and education and training. There are also wider uses, including disclosures for the administration of justice, and for purposes such as financial audit and insurance or benefits claims.

However, a high threshold exists in relation to accessing or using information for purposes other than the provision of direct care, as set out in the GMC’s Using and disclosing patient information for secondary purposes. The Information Commissioner’s Office (ICO) has reminded NHS staff of the potentially significant ramifications of accessing patient records inappropriately, including fines, disciplinary action and regulatory investigation.

Utilising patient information is an important part of everyday practice, but doctors must act professionally when accessing and/or sharing patient information and ensure they have a good understanding of how to navigate this part of their practice.

Consent for sharing data

Where information is shared for the purpose of direct patient care, a doctor can rely on implied patient consent, providing that patients understand how their information may be used and that they have the right to object (and, importantly, they have not objected).

The GMC guidance also makes clear that you should generally ask for explicit (or “express”) consent if you suspect a patient would be surprised to learn how their personal information will be accessed or shared, bearing in mind there are situations where this may not be appropriate or practicable.

Implied consent can also be relied upon to disclose information for local clinical audit, providing certain conditions are met (see scenario 2 below). Explicit patient consent will be required if the audit is being carried out by someone outside the direct-care team.

In all other cases, you should ask for explicit consent to disclose personal identifiable information unless it is not appropriate or practicable to do so (Confidentiality paragraph 14 provides examples).

Anonymise where possible

When sharing information for reasons other than direct patient care, anonymised information will usually be sufficient and should be used where possible.

The ICO’s anonymisation code of practice provides related guidance and states that data is anonymised when presented in such a way that individuals are not (or are no longer) identifiable. This may mean more than simply removing patient details such as name and date of birth.

A member of the direct care team may anonymise data, however they must have a clear understanding of how to do this, and seek support from suitable experts/colleagues when necessary.

Putting into practice

Situations may arise where it is not immediately clear how to access or share information in accordance with the relevant laws, guidance or policies. You would usually be able to explain and justify such access if you apply the fundamental principles outlined above and comply with GMC guidance.

Below we consider approaches to some common scenarios about accessing and sharing patient data for secondary purposes. You may find the following questions helpful when deciding how to proceed:

• Is the question being asked to do with accessing the notes or sharing the data?
• Would anonymised information be sufficient for the purpose? If so, when in the process should this occur and how do I do this?
• Is it appropriate or practical to seek explicit consent? What if the patient does not have the capacity to make the decision?
• Could implied consent be relied upon?

- Is the data being shared for the purpose of direct patient care?

- Is the data being shared for the purpose of local clinical audit?

For all the scenarios below, it is also important to check if there is a local policy or guidance to ensure you are acting in accordance with expected standards.

1. An educational presentation

A medical registrar is asked to give a presentation on Takotsubo cardiomyopathy for her colleagues. She has requested a report of all the patients whose discharge diagnosis has been coded as Takotsubo cardiomyopathy and related terms. She plans to create fictitious history and examination stories, based on their notes, and use their anonymised echocardiograms to bring her presentation to life. How should you respond?

In this scenario, the doctor has a legitimate reason to access the notes. She is involved in appropriate education and training of colleagues, which is recognised by the GMC as an important contribution to the overall delivery of health and social care. Providing that it is possible to truly anonymise the patient data, there is no need to obtain patient consent. Otherwise, explicit patient consent would be required before disclosing the data to anyone outside the direct care team.

2. A clinical audit

A foundation year 2 doctor has been asked by his consultant to audit the use of pain relief in children presenting to the emergency department with fractures. He has obtained a list of children seen in this department with fractures and would like to examine their notes retrospectively to allow him to complete the audit. Is this permissible?

The GMC recognises the need to use patient information to contribute to the overall delivery of health and social care, and indeed doctors have a duty to participate in quality improvement and assurance work that includes clinical audit.

The regulator also reminds doctors that the same duties of confidentiality apply when using, sharing or disclosing information about children and young people as about adults.

In this scenario, accessing the records for the purpose of local clinical audit would qualify as a legitimate reason. If the information to be included in the audit is not to be anonymised, then the doctor may still be able to use the patient information on the basis of implied patient consent, providing that the safeguards mentioned above have been complied with.

3. Learning about a specific condition

During a ward round the consultant suggests to trainees that they might want to look at the notes of three patients who had presented to other teams in the hospital recently with spontaneous aortic dissection, to give them an idea of how this condition might present and be managed. Is this permissible?

The GMC’s guidance on disclosing information for education and training purposes covers the teaching and training of trainees and is applicable here. This acknowledges that most patients understand and accept that the training of healthcare professionals relies on them having access to information about patients and that if they are part of the team providing direct care they can have access to such information “unless the patient objects”.

However, if the doctor/student is not within that team (as in this scenario), anonymised information should be used whenever practicable. The GMC recognises this may not always be achievable, for example, on ward rounds, but that it will “usually be possible to seek the patient’s explicit consent”.

4. Preparing a case report

An anaesthetic trainee would like to access medical records in order to prepare and submit a case report to a journal about your patient with periodic paralysis. She was not involved in the patient’s care. How would you respond?

You should consider both access to the records and the sharing of the information in this scenario.

Follow the GMC’s guidance on publishing a journal article which states that if information “is likely to be more widely accessible (for example, published in a journal), and you consider that the patient could be identified, you should usually use the information only when you have the patient’s explicit consent”.

For this reason, and given that the trainee was not involved in the care of the patient, she would need to seek the patient’s explicit consent, both to access the records and then write up the case report.

The trainee must also consider the requirements of her own organisation and the journal. She may find it helpful to seek advice from a senior colleague, trainer or supervisor, or an expert in the information governance team. 

5. A doctor’s personal request

An immunologist from another hospital comes to you, anxious to find out the blood test and scan results for his 13-year-old daughter who was admitted to your ward last night following an episode of confusion. What should you do?

While the father may be a fellow healthcare professional, this would not impact on how you safeguard the patient’s sensitive medical information. The GMC confirms in its 0-18 years guidance relating to accessing medical records that children with capacity can allow or deny access by others, including their parents.

Parents may access their child’s medical records only if the child consents or lacks capacity, and as long as it does not go against the child’s best interests. Importantly, you should not normally disclose information given in confidence by children without their consent (even if they do not have capacity). The above-mentioned guidance expands on when you might share information without consent.

Another key step is to confirm that the requester has parental responsibility.

In this case, given the patient’s age, you should consider whether she has the capacity to allow or prevent access to her records by others (in Scotland anyone aged 12 or over is presumed to be of sufficient age and maturity to form a view, although it is important to remember that this presumption is only a starting point and that each child must be assessed as an individual to determine whether or not they have capacity). If the patient has capacity, then you can disclose the information with her consent. However, if she does not agree to disclosure, her decision should usually be respected, and you should advise her father that you cannot disclose the information without the patient’s consent.

6. Learning for a locum

A locum doctor is looking to access the notes of patients who they have referred for further assessment and treatment, for their own learning. How would you advise the doctor?

In this case the doctor is wishing to access patient information for their own learning rather than direct patient care or local clinical audit. As mentioned earlier, the GMC states that a doctor must only view a patient’s record if they have a legitimate reason to do so and therefore in this case it would be expected that explicit consent would be obtained. It would be appropriate for the locum doctor to ask the patient when referring them if they would be agreeable for the doctor to access their records later to review what happens next with their care. The discussion should include setting out clearly the purpose of reviewing the records (and the timescale expected to do so) and how this information will be used.