Menu Home Search

Insurance and Other Third Party Reports

Updated on Monday 22 December 2014, 2195 views

Insurance Reports using the Data Protection Act

Increasingly , insurance companies  have taken to submitting requests for full copies of patient notes under the Data Protection Act rather than asking for the traditional Private Medical Attendant’s Report (PMAR) that  for many years been the subject of an agreement between the Association of British Insurers (ABI) and the BMA. This itemises the information that should be disclosed and specifies the fee for providing it.

In recent years the growing computerisation of records has led to some practices sending unedited print-outs of patient notes in response to such requests.

In response, some insurers are now offering a reduced fee of £50 for such reports, and at least one has withdrawn from the ABI/BMA agreement and has started to make applications for records under the Data Protection Act.  Apart from only offering a maximum fee of £50, including costs, this means that the GP has to check the printout closely to ensure that third party and other inappropriate information is not disclosed.

DPA Disclosure

LMCs generally advise practices that they should not send unedited printouts in response to a PMAR request. This is partly because it is not in the spirit of the ABI/BMA agreement, but also because it risks breaching the requirements laid onto the practice as the data controller. It is a fundamental principle of information governance that only relevant and necessary information should be disclosed.

With the proper consent, an insurance company is allowed to request a DPA disclosure on behalf of a patient. However, it is likely that some patients will not know that when an insurance company requests a copy of the records, this includes every piece of information in the notes ­ far more than is disclosed in a traditional PMAR.  Consequently, it is not certain that patients are giving informed consent when approached in this way.

If you are uncertain about the information that you are being asked to disclose, it is reasonable to contact the patient to ask him or her to review this before it is despatched. You should tell the  company requesting the information that you have taken this step, and, if appropriate, suggest that it should obtain further instructions from it’s  potential client.

The practice is required under the DPA to provide the requested data within 40 days after the fee has been paid. If payment does not accompany the request, practices are expected to seek this within a reasonable timescale.  The 40 days does not start until payment has been received by the practice, so if a cheque is sent this should be cleared into the practice account first.

Related guidance...

Access to medical reports for insurance purposes

Access to Medical Reports Act 1998 has replaced the use of Subject Access Requests for insurance purposes We have been aware for some...

Intelligent General Practice Reporting Tool (iGPR)

The GPC’s IT Subcommittee has received a number of queries from LMCs about the iGPR tool, which allows practices to respond to requests...

Disclosing patient information without consent

Disclosing patient information without consent- A precis of GMC advice You must disclose information if it is required by statute or if...

Confidentiality

Medical confidentiality is at the bedrock of the Doctor-Patient relationship and it is enshrined in a number of codes, guidelines and...

Workforce Minimum Data Set

Workforce Minimum Data Set - GPC Focus on May 2017 Introduction The GPC has been active in dialogue with the Department of Health...

Police requests for medical notes from general practice

There is clear guidance regarding the obligations that GPs have with respect to copying and/or release of the GP record. For your...

GDPR- Headline Requirements with GPC and NHS Digital guidance

NHS Digital have now published a GDPR guidance note . This guidance is from the national GDPR working group and Information Governance...

Professional Fees

The BMA used to provide guidance on what fee could be charged by doctors for the provision of services that fall outside of national...

Somerset LMC Weekly Update Friday 29th June 2018

All Somerset GPs and Practice Managers This and previous updates can be found here GDPR Subject Access Requests (SARs) by...

Information sharing with Separated Parents

Some important information for you to note when you are asked by separated parents for information about their child: Parents may have...