BACKGROUND: AN MDDUS medical adviser takes a call from a Mr G whose wife was a member of MDDUS and recently died. Ms G had practised for 25 years in London as a private gynaecologist and obstetrician before retiring 10 years ago. In sorting out his wife’s possessions Mr G found numerous boxes of private patient records stored in the attic. He is concerned about what should be done with the records. Can they be disposed of or taken into storage by the local hospital? The adviser consults with an MDDUS lawyer and contacts Mr G with further advice.
ANALYSIS AND OUTCOME: Medical and dental consultants who provide private patient care outside the NHS are data controllers (as defined by the Data Protection Act 1998) in respect to the clinical records of their patients and are responsible for safeguarding that data. In the event of death that responsibility passes to the clinician’s estate or personal representative.
Private practitioners are advised to adhere to the retention periods set out in local NHS guidelines. In England hospital records relating to adults should be kept for eight years after the conclusion of treatment or death. As Ms G ceased practice 10 years ago it is reasonable to assume that the gynaecological patient records can be disposed of securely. Indeed the fifth principle of the Data Protection Act 1998 prohibits the retention of personal data for longer than is necessary.
Obstetric records must be retained for 25 years after birth and thus any such records must be kept secure by Ms G’s estate for the requisite time period. Ensuring such records are stored securely is also in the interests of MDDUS as claims involving newborns have in the past been brought before the courts over 20 years after an incident.
MDDUS advises Mr G to contact the lawyer handling his wife’s estate to arrange for the records to be moved to a specialist medical records storage unit such as to allow access to relevant obstetric records by MDDUS in the event of a complaint or claim falling within the 25-year retention period. Moving the records out of the attic is also necessary in terms of data security to ensure there is no breach in confidentiality of Ms G’s former patients.
• Ensure adherence to the retention timescales for medical records by checking local NHS guidance.
• Do not retain records for any longer than is necessary.
• Ensure patient records are secure from inappropriate disclosure.
• Make long-term plans for the safe disposal/retention of any medical records in your possession.