Q A practice nurse gets into a heated argument outside her son’s school with the mother of a classmate. They row over an alleged bullying incident between the two children and exchange insults before the nurse walks away. The nurse recognises the mother as a patient at her medical practice. She looks up her clinical records the next day, notes her phone number and calls to apologise. But the woman is furious that her personal details have been accessed in this way, especially as her phone number is ex-directory. She makes a complaint and the practice manager calls MDDUS for advice.
A An adviser confirms that the actions of the practice nurse, while understandable, were indeed improper – practice records should be accessed for medical purposes only. The manager was advised to write to the patient to apologise for this error and perhaps also explain that it resulted from a genuine desire to resolve the earlier disagreement at the school. The letter might further state that a practice meeting will be held in order to clarify confidentiality obligations and to update practice policy.
ISSUE OF CONSENT
Q A police officer arrives at a dental practice seeking access to the clinical records of a six-year-old patient. She says she is investigating a case of suspected child neglect and needs to see the records urgently but cannot provide evidence that valid consent has been obtained. The practice manager is worried about breaching the Data Protection Act.
A An MDDUS adviser explains that confidential information contained in dental records should not normally be released to a third party without explicit patient consent. Where the patient is a child under the age of legal capacity, consent from their parent/court appointed guardian is usually required. Practices must exercise caution when authorities such as the police ask for the notes of a child who lacks capacity. In this case, it’s reasonable to ask to see written consent from an adult with parental rights and responsibility. However, the police could object to this on the grounds that it may prejudice their investigation, and the matter would seem to constitute a “serious crime”. The urgency of the situation could also be questioned, as the police should normally operate through recognised local child protection arrangements, which may not be being followed in this case. Disclosure could be justified by the production of a court order or, if the request is pursuant to a statutory power, then this must be specified before disclosure. In any case, any information subsequently disclosed should be the minimum required to meet the purpose being requested. Assure the officer you are keen to cooperate and consider offering to contact the parent yourself to secure consent.
Q A young receptionist complains to the practice manager because a patient has been making comments to her that she is too young to have the job. The receptionist is upset and asks if something can be done to stop this harassment from continuing.
A The new Equality Act 2010 means the practice is potentially liable for harassment of employees by a third party – which includes patients. This covers harassment on the grounds of sex, age, disability, gender reassignment, race, religion or belief and sexual orientation. Employers have a duty to protect staff, to thoroughly investigate any claims and to take reasonable steps to prevent further harassment. An MDDUS adviser recommends the manager speaks to the patient and tells him his behaviour is not acceptable. If necessary, this can then be followed up with a written warning to inform the patient that if his behaviour continues he may be removed from the practice list. The practice manager should tell the receptionist what action she has taken and advise her to speak to her again if the patient makes any more inappropriate comments.
Q A dental practice manager plans to send out a mailshot to patients informing them about the new treatments available at the practice. But he is worried about breaching data protection rules and calls MDDUS to ask if he needs patients’ consent to send them this information.
A Practices should only use patient names and addresses to provide them with dental care or to inform them of the services a practice provides. If this information is used to tell patients about non-dental products, meetings or services then this could be a breach of the Data Protection Act 1998 (DPA). Breaching the act risks court action, a fine of up to £5,000 and could jeopardise professional registration. An MDDUS adviser tells the practice manager he must also ensure the mailshot is not sent out to former patients.
Q A patient comes in for a consultation with one of the practice GPs and is angry that the doctor is unaware she is a lesbian in a civil partnership. She asks for this to be recorded in her notes but the only place the doctor can find to record it is under a section named “Problem”. The patient says this is discriminatory so the GP asks the practice manager to call MDDUS for advice.
A Not all practice software is capable of recording all types of patient information but failure to record a patient’s status within a civil partnership could constitute unlawful discrimination under the Equality Act 2010. An adviser recommends the practice manager approach the software company to find out if the computer system can be updated to provide a way of recording same sex civil partnerships. The practice should consider checking with patients in future if they would like their sexual orientation noted in their clinical records. The manager should also ensure that literature relevant to lesbian, gay, bisexual and transgender health issues is made available in the practice
This page was correct at the time of publication. Any guidance is intended as general guidance for members only. If you are a member and need specific advice relating to your own circumstances, please contact one of our advisers.