Menu Home Search

Insurance and Other Third Party Reports

Updated on Monday, 22 December 2014, 1030 views

Insurance Reports using the Data Protection Act

Increasingly , insurance companies  have taken to submitting requests for full copies of patient notes under the Data Protection Act rather than asking for the traditional Private Medical Attendant’s Report (PMAR) that  for many years been the subject of an agreement between the Association of British Insurers (ABI) and the BMA. This itemises the information that should be disclosed and specifies the fee for providing it.

In recent years the growing computerisation of records has led to some practices sending unedited print-outs of patient notes in response to such requests.

In response, some insurers are now offering a reduced fee of £50 for such reports, and at least one has withdrawn from the ABI/BMA agreement and has started to make applications for records under the Data Protection Act.  Apart from only offering a maximum fee of £50, including costs, this means that the GP has to check the printout closely to ensure that third party and other inappropriate information is not disclosed.

DPA Disclosure

LMCs generally advise practices that they should not send unedited printouts in response to a PMAR request. This is partly because it is not in the spirit of the ABI/BMA agreement, but also because it risks breaching the requirements laid onto the practice as the data controller. It is a fundamental principle of information governance that only relevant and necessary information should be disclosed.

With the proper consent, an insurance company is allowed to request a DPA disclosure on behalf of a patient. However, it is likely that some patients will not know that when an insurance company requests a copy of the records, this includes every piece of information in the notes ­ far more than is disclosed in a traditional PMAR.  Consequently, it is not certain that patients are giving informed consent when approached in this way.

If you are uncertain about the information that you are being asked to disclose, it is reasonable to contact the patient to ask him or her to review this before it is despatched. You should tell the  company requesting the information that you have taken this step, and, if appropriate, suggest that it should obtain further instructions from it’s  potential client.

The practice is required under the DPA to provide the requested data within 40 days after the fee has been paid. If payment does not accompany the request, practices are expected to seek this within a reasonable timescale.  The 40 days does not start until payment has been received by the practice, so if a cheque is sent this should be cleared into the practice account first.

Related guidance...

Access to medical reports for insurance purposes

Access to Medical Reports Act 1998 has replaced the use of Subject Access Requests for insurance purposes We have been aware for some...

Intelligent General Practice Reporting Tool (iGPR)

The GPC’s IT Subcommittee has received a number of queries from LMCs about the iGPR tool, which allows practices to respond to requests...

GDPR- Headline Requirements with GPC and NHS Digital guidance

NHS Digital have now published a GDPR guidance note . This guidance is from the national GDPR working group and Information Governance...

Police requests for medical notes from general practice

There is clear guidance regarding the obligations that GPs have with respect to copying and/or release of the GP record. For your...

Freedom of Information Request

Our thanks to Londonwide LMCs' and LMC Law for this advice to practices GP practices are public bodies for the purposes of the Freedom...

Somerset LMC Weekly Update Friday 29th June 2018

All Somerset GPs and Practice Managers This and previous updates can be found here GDPR Subject Access Requests (SARs) by...

Retention of Medical Records

It is not possible to be absolutely prescriptive on these matters but the following information should give some basic...

Collaborative Arrangements

Since 1974 collaborative arrangements have enabled local authorities to secure primary care medical services that are essential for the...

Online Patient Services for Children

Practices may get requests from patients for online access to their records from children below the age of 16 who are classed as Fraser...

Professional Fees

The BMA used to provide guidance on what fee could be charged by doctors for the provision of services that fall outside of national...