HEALTHCARE professionals are acutely aware of the importance of patient confidentiality, and that this is a duty that extends even beyond death.
It is not uncommon for clinicians to receive requests from family, close friends with caring responsibilities or third party representatives for access to a deceased patient’s records. As COVID-19 continues to take its toll, it is likely that such requests will sharply increase from those involved in the care of a patient who died during the pandemic.
Requests for records may be made by grieving loved ones who are seeking to better understand the events surrounding the person’s death, or in relation to a complaint or negligence claim.
Regardless of the reason, it is important to be aware of the key patient confidentiality issues before you respond.
Access to a deceased patient’s records is not covered under the Data Protection Act 2018, but is instead governed by the Access to Health Records Act 1990 and Access to Health Records (Northern Ireland) Order 1993. It is under these regulations that a patient’s personal representative or any person who may have a claim arising from the patient’s death would have rights of access to relevant information from the records.
Para 135 of GMC guidance on Confidentiality highlights the circumstances "in which you must disclose relevant information about a patient who has died", including the following scenarios:
- when disclosure is required by law
- to help a coroner, procurator fiscal or other similar officer with an inquest or fatal accident inquiry
- on death certificates, which you must complete honestly and fully
- when a person has a right of access to records under the Access to Health Records Act 1990 or the Access to Health Records (Northern Ireland) Order 1993, unless an exemption applies
- when disclosure is necessary to meet a statutory duty of candour.
Dental professionals should also comply with the same legal and ethical obligations. The GDC makes it clear in its Standards guidance 4.2.8: "You must keep patient information confidential even after patients die".
You should review the clinical records carefully before any disclosure is made, to allow a thorough check of what part of the record should be made available to the applicant. You must redact any information that was provided by the patient in the expectation that it would not be disclosed beyond their death. You should also redact any information that is likely to cause serious physical or mental harm to any individual, and any third party information (names and any other identifiable information) other than that relating to treating healthcare professionals.
Where the applicant has requested the records in connection with a claim arising out of the patient’s death, then only records relevant to any such claim may be disclosed.
Some electronic records systems only allow access to the records of living persons. You should have a process in place for removing automatic remote access to a deceased person’s electronic record where indicated. If you are asked by relatives/carers if online access is still available after the patient’s death, seek advice from your IT support to check whether your clinical system allows it.
As some systems only allow for limited amounts of information to be viewed electronically, you may be asked for further details. The usual security and redaction process should already be in place on the electronic records as for hard copy records. For further guidance, read our previous risk alert on electronic records here.
For someone who died during the pandemic, it is possible that relatives or carers will seek to find out whether the death was preventable.
If there is no specific legal right granting an individual access to a patient’s records, you may still choose to meet/speak with the bereaved family/friend to answer any questions they may have relating to the person’s care and address any concerns, providing that you have no reason to believe that the patient would have objected to such disclosure.
Adopting an empathetic approach may also result in any potential complaint being resolved earlier and more effectively.
- Follow the steps provided within the Access to Health Records Act 1990 and Access to Health Records (Northern Ireland) Order 1993.
- Familiarise yourself with the relevant GMC/GDC guidance.
- Before disclosing, be sure to undertake any appropriate redactions in line with our advice above.
Kay Louise Grant is a risk adviser at MDDUS