Confidentiality is at the centre of maintaining trust between patients and doctors. But what are your obligations to a patient after they have died?
Data relating to an identifiable individual should be held securely, in accordance with the Data Protection Act 2018 (see our factsheet on the General Data Protection Regulations) and GMC guidance on Confidentiality. The information held should be accurate, relevant and up-to-date, and kept only as long as necessary for the purpose of providing healthcare.
After a patient has died
Your duty of confidentiality to your patient remains after death. In some situations, such as a complaint arising after a patient’s death, you should discuss relevant information with the family, especially if the patient was a child. If you reasonably believe that the patient wished that specific information should remain confidential after their death, or if the patient has asked, you should usually respect that wish.
In the event of a claim arising out of the patient’s death, such as a life assurance claim or a claim in negligence, a ‘personal representative’ of the patient (usually an executor of the will or an administrator if there is no will) can apply for access to the part of a patient’s medical records (excepting harmful or third party information) that is relevant to the claim. In Northern Ireland, under the Access to Health Records (Northern Ireland) Order 1993, the personal representative of the deceased and people who may have a claim arising from the patient’s death may be permitted access to the records. Disclosure should be limited to that which is relevant to the claim in question.
In respect of disclosure potentially associated with assisted suicide (eg Dignitas), specific advice should be sought from Medical Protection.