Editor-in-chief and medicolegal adviser (MLA) Dr Rachel Birch answers some recent queries from practices
Read this article to:
- Discover the risks involved in practice employees being registered as patients
- Learn about your obligations in relation to requests to assess patients and sign certificates for lasting power of attorney applications
“Some of our practice staff are registered as patients of the practice. In a neighbouring practice, we have been made aware that one staff member accessed another’s medical record, without a clinical reason. What steps can we take to ensure this cannot happen at our practice?”
As a practice, you have a duty of confidentiality to all your patients, whether staff members or not, and should ensure that personal information held is effectively protected at all times against improper use or disclosure.
In accordance with Caldicott principle number 41 and Department of Health guidance,2 access to personal confidential data should be on a strictly need-to-know basis.
Therefore, authorised healthcare professionals should be able to access the clinical information contained within a patient’s medical record. Other members of staff, such as the administrative team, may need access to information such as name, address, telephone number and date of birth, but not the full medical record. There may be different degrees of access required, depending on the specific role of the staff member.
You should discuss with your computer system provider how you can introduce such access controls.
The GMC3 advises doctors that they must not access a patient’s personal information unless they have a legitimate reason to view it. Thus, even if clinicians have access to a patient’s medical record, they should only go into the record if there is a clinical need.
It is essential that everyone with access to personal confidential data is aware of their responsibilities. You should ensure that all staff have had recent training on data protection. It is important that all staff sign a confidentiality document, stating that they will not disclose any confidential information either during or after employment at the practice.
As a general rule, it is preferable for practices not to have staff members as patients. However, in more rural areas this may be unavoidable.
You should explain to staff members who are patients that you will do all that is reasonably practicable to maintain their confidentiality, but that there may remain a risk that another member of staff might see some of their details.
Some practices may wish to take the additional step of password protecting staff members’ medical records. However, it is important to ensure that clinicians can access the records if they need to, such as in an emergency situation.
“Our doctors are often asked to assess patients and sign certificates for lasting power of attorney applications. Are they obliged to do this and what should they do if they don’t feel they can make this assessment?”
A lasting power of attorney (LPA) is a legal document and allows patients to appoint one or more people (known as ‘attorneys’) to help them make decisions or to make decisions on their behalf, in the event that they lose capacity.4
A LPA can be made for decisions relating to property and financial affairs, but can also be made so that health and welfare decisions can be made by the appointed attorney once the patient no longer has capacity to make such decisions.
In order for an LPA to be valid, the patient needs to have mental capacity at the time of making the LPA. If it is clear to the solicitor assisting the patient that there is no issue with capacity, a doctor will not necessarily be involved. However, if there is doubt about the patient’s capacity, doctors may be asked to certify that:
- The patient understands the purpose, the nature and the extent of the LPA
- The patient is not acting under undue influence or pressure
- There is nothing else that will prevent the creation of the LPA.
Certificates and processes vary slightly depending on the UK jurisdiction. However, the general principles are similar.5,6,7
On making this capacity assessment, doctors should speak to patients separately from their proposed attorneys who are often family members. They must ensure that the patient understands the decision they are making, is able to retain the information long enough to make the decision, can weigh up the pros and cons and can communicate back their decision. Doctors should encourage patients to explain why they wish to make the LPA, why they have chosen the attorney and what powers they will be giving them. Doctors should ensure there is no evidence of coercion or pressure. It is important to make detailed notes of this assessment of capacity, so that the decision can be justified in case of future dispute.
If doctors feel that a particular capacity assessment is difficult or outside their own expertise, they may wish to ask a patient’s treating psychiatrist to make the assessment, or consider referral if clinically indicated.
- Revised Caldicott principles 2013. https://www.igt.hscic.gov.uk/Caldicott2Principles.aspx
- Department of Health. Good Practice Guidelines for GP Electronic Patient Records (version 4, March 2011). https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/147397/dh_125350.pdf.pdf
- Confidentiality (2017). http://www.gmc-uk.org/guidance/ethical_guidance/confidentiality.asp