policy on the release of personal and clinical information
TRANSCRIPT
V5.0 June 2012 1
TPP 108 – Policy & Procedure
Policy on the Release of Personal and Clinical Information
Version: 5.0 Role of Policy Lead(s): Information Governance & Assurance
Manager (Milton Shoriwa) Role of Executive Lead: Director of Corporate Affairs Date Approved by Executive Lead: 7th June 2012 Name of Responsible Committee: Information Governance Working Group Date Approved by Responsible Committee: 30th May 2012 Date Approved by Policy Review Group: 7th June 2012 Date Ratified by Executive Board: 20th June 2012 Date Issued: June 2012 Review Date: June 2015 Target Audience: General – All Trust Staff
Key Points
• No member of staff may release information about patients, other members of staff or other individuals without appropriate authorisation
• All staff must familiarise themselves with the Trust’s Confidentiality Code of Conduct
(TPP 619b) • All staff authorised to disclose confidential information must be conversant with this
policy • No member of staff may disclose personal information to third parties (including next of
kin) without the consent of the patient (or member of staff) even if they believe it is in their best interests to do so. There are exceptions to this e.g. in life threatening situations or serious crimes etc.
V5.0 June 2012 2
Version Control Sheet Version Date Policy Lead(s) Status Comment
V3.0 May 2004
Claims and Legal Services Manager (Phil
Jacques)
Final
V4.0 Mar 2009
Head of Knowledge and Information Services
(Sarah Pallot)
Final
V4.1 Apr 2012
Information Governance & Assurance Manager
(Milton Shoriwa)
Draft Changes to format and Appendix A. Added references
V5.0 Jun 2012
Information Governance & Assurance Manager
(Milton Shoriwa)
Final Approved and ratified
Document Location Document Type Location Electronic Trust Intranet Paper Information Governance Department Related documents Document Type Document Name Policy TPP 619 Data Protection Policy
Policy TPP 602 Electronic Information Security Policy
Policy TPP 151 Policy on the Freedom of Information Act 2000
V5.0 June 2012 3
Contents Page No
1. Introduction …………………………………………………… 4
2. Scope of the Policy …………………………………………………… 4
3. Definitions …………………………………………………… 4
4. Purpose of the Policy …………………………………………………… 5
5. The Policy …………………………………………………… 5
6. Duties / Organisational Structure …………………………………………………… 6
The Procedure ……………………………………………………
7. Phone Call Disclosure …………………………………………………… 7 8. Court of Law Orders and Other Requests …………………………………………………… 7
9. Information Requests by Police …………………………………………………… 8 10. Public Interest / Protecting the Public …………………………………………………… 8 11. Parties Engaged in Civil Legal Proceedings …………………………………………………… 10
12. Staff Accidents …………………………………………………… 10
13. Mental Capacity …………………………………………………… 10 14. Media Enquiries and Condition Checks …………………………………………………… 10 15. Disclosure or Sharing of Clinical Information About Children
…………………………………………………… 11
16. Bulk Data Transfers …………………………………………………… 11
17. Raising Awareness / Training …………………………………………………… 12
18. Implementation Plan …………………………………………………… 12 19. Monitoring Compliance of Policy & Procedure …………………………………………………… 12
20. References …………………………………………………… 13 Appendix A: Access to Health Records …………………………………………………… 14 Appendix B: Application for Personal Information …………………………………………………… 18
Appendix C: Press Enquiry Sheet …………………………………………………… 19 Appendix D: Template Consent To Share Information Form …………………………………………………… 21
V5.0 June 2012 4
1. Introduction 1.1 This policy is concerned with the disclosure of all personal and clinical information
relating to patients or staff in circumstances other than the routine exchange of information necessary for patient care or personnel management.
1.2 Heatherwood & Wexham Park Hospitals NHS Foundation Trust is committed to the
provision of a service that is fair, accessible and meets the needs of all individuals. 2. Scope of the Policy 2.1 This policy and accompanying procedure applies to all members of staff employed
by Heatherwood and Wexham Park Hospitals NHS Foundation Trust, and especially to those staff who are responsible for releasing personal and clinical data.
3. Definitions 3.1 Clinical information is defined as:
• Clinical case notes • Radiographs / x-rays and corresponding reports • Medical photographs • Pathology reports and specimens • Nursing and other healthcare professionals’ records (including transmissions
from other agencies) 3.2 Data Custodians are managers or staff responsible for the safe custody, transport
and storage of the data and the implementation of business rules, policies and procedures related to the management and processing of that data.
3.3 PID or PII is Person Identifiable Data or Information. This is data, either on its own or
in combination with other data that could identify a living person, e.g. postal code and date of birth.
3.4 Legitimate relationship: A connection to a patient or member of staff that may justify
access to that individual’s personal data 3.5 Bulk data transfers are transfers of 51 or more records containing personal data. 3.6 Subject access requests are requests received from data subjects for access to
their own records. 3.7 Third party requests are requests for personal information from individuals who are
not the data subjects 3.8 SIRO: Senior Information Risk Officer. This person sits on the Board and is
responsible for championing Information Governance risk matters at this level and for promoting good practice in information security throughout the Trust
3.9 Caldicott Guardian acts as the conscience of the organisation in the sharing of
patient information and champions confidentiality matters at Board level
V5.0 June 2012 5
4. Purpose of the Policy 4.1 The aim of this policy is to ensure that personal and clinical information is not
released inappropriately and that the Trust complies with the law and guidance relating to subject access requests and requests for personal data.
5. The Policy 5.1 The contents of medical or clinical records must not be disclosed to any person,
other than to those staff who have a legitimate relationship with the patient, i.e. those staff involved in their care unless it is under certain circumstances.
5.2 Under certain circumstances, patient records can be disclosed to other approved
persons or bodies, the most common of whom/which are: • Giving information to patients/relatives/friends over the telephone – subject to
the Procedure and the Trust’s Confidentiality Code of Conduct (TPP 619b) • To the Courts, on receipt of a subpoena or if ordered to do so by a judge • To the HM Coroner • To a medical advisor of the Department of Work and Pensions • To any party engaged in bona fide legal proceedings, where the Trust is to
provide clinical information by way of a third party • To any party engaged in bona fide civil legal proceedings against the Trust
where clinical evidence is germane to the case in hand • To the Care Quality Commission (or any other relevant national body) in
connection with an investigation into a complaint against the Trust or NHS or to any senior officer of the Trust who is involved with a similar investigation
• To any person making a bona fide application under the terms of the Access
to Health Records Act • To the Police • To health care providers (NHS or non-NHS) responsible for delivering patient
care or some other patient-related service. These disclosures could be ongoing or ad hoc.
5.3 All subject access requests and requests from third parties for patient records or
parts of them will be met promptly, if possible within 21 days. The maximum time limit according to the Data Protection Act is 40 days (Appendix A).
5.4 All requests for personal information, either ad hoc or routine will be evaluated and
approved before information can be released (Appendix B). 5.5 In the case of children, particular care must be taken before releasing notes to
parents or guardians. Children’s wishes and their best interests must be taken into account and advice sought from the relevant paediatrician before disclosure can be made.
5.6 Only staff who have been delegated the authority to release PID to third parties
may do so. The Trust will maintain a list of these staff.
V5.0 June 2012 6
5.7 Except in special circumstances, consent must be sought from data subjects
before information about them can be released to a third party. This includes the next of kin (Appendix D).
5.8 Where there is regular sharing of patient and clinical information with other
organisations, e.g. Social Services, Berkshire East PCT, etc., information sharing protocols must be in place.
5.9 The key principle of the duty of confidence is that information confided must not be
used or disclosed further in an identifiable form, except as originally understood by the confider, or with his or her subsequent permission. NHS organisations must have, or be putting in place, procedures for reviewing the appropriateness and necessity of using confidential patient information to support specific purposes. They must also be developing staff codes of practice and putting in place information sharing protocols to govern working across organisational boundaries.
6. Duties / Organisational Structure 6.1 The Chief Executive Officer has ultimate responsibility for ensuring that the Trust
complies with Data Protection legislation, although in practical terms, it is the SIRO who acts on their behalf
6.2 The Trust Senior Information Risk Owner (SIRO)/ Director of Corporate
Affairs is responsible for understanding how the strategic business goals of the Trust may be impacted by information risks and for the ongoing development and day-to-day management of the Trust’s Risk Management Programme for information privacy and security. • The SIRO will review and agree action in respect of identified information
risks, ensure that the Trust’s approach to information risk is effective in terms of resource, commitment and execution and that this is communicated to all staff
• The SIRO will provide a focal point for the resolution and/or discussion of
information risk issues and ensure the Board is adequately briefed on information risks.
• The SIRO, the Legal Services Manager and Data Protection lead are jointly
responsible for ensuring that this policy is adhered to. 6.3 The Caldicott Guardian will oversee all arrangements, protocols and procedures
where confidential patient information may be shared with external bodies both within, and outside, the NHS. This includes flows of information to and from partner agencies, sharing through the centralised patient records systems, disclosure to research bodies and disclosure to the police. In practice, a lot of the CG’s day-to-day work is devolved to the Head of Risk and Compliance.
6.4 The Legal Services Manager is responsible for ensuring that procedures are in
place for subject access requests to be dealt with promptly and within the legal framework and for ensuring that a register of all requests for “clinical information" is maintained. This includes requests that are dealt with outside the Legal Department, for instance, by the Rehabilitation Department or Radiology.
6.5 The Information Governance Department are the Trust Data Protection Lead
responsible for assessing risks in relation to the release of PID and for approving
V5.0 June 2012 7
requests for it. Together with others as appropriate, the IG Department approves bulk transfers of information, especially of non-routine ones (Appendix B). • The IG Department will ensure that all registers of information releases are
being maintained and that they could be made available if requested by auditors.
6.6 Consultant on Call will be responsible for authorising any disclosures of
confidential patient information out of hours. 6.7 The Trust Press team is responsible for handling requests for patient condition
checks from police media leads or local media. 6.8 All Managers are responsible for ensuring that their department complies with this
policy through the development of local procedures in line with this policy and making sure that all their staff are aware of this policy.
6.9 All Trust Staff have a duty to abide by this policy. The Procedure 7. Phone Call Disclosure 7.1 Relatives and friends of in-patients phone for a condition report on a daily basis
and wards must appoint a nurse of sufficient experience and seniority to deal with these enquiries.
7.2 Once the identity of the caller has been established, information given over the
phone must be limited to brief details of condition and welfare. If an enquirer requests further details about a patient’s condition, consent to share that information with them must be sought from the patient before disclosing more details. Callers will be encouraged to visit in person to speak to a member of staff about their relative’s or friend’s condition but if this is impossible, detailed information may be divulged over the phone once permission has been given by the patient concerned.
7.3 If the patient is incapacitated and unable to consent, information must not be given
out apart from to the person who has Lasting Power of Attorney or to the Independent Mental Capacity Advocate (see Mental Capacity Act) except in exceptional circumstances, e.g. life-threatening situation. However, common sense must prevail and those entrusted with the task of deciding what information will be shared with relatives and friends will need to assess what these people will be told. This will depend on the status of the enquirer, e.g. spouse, or other close relative, neighbour, main carer, etc.
7.4 Calls received regarding other than current in-patients must be subject to the
restrictions imposed by this Policy. 8. Court of Law Order and Other Requests 8.1 If ordered to make a disclosure by a Court of Law, the respective manager will
inform the Consultant(s) and the appropriate Manager. In the event of such an order being made in connection with circumstances described or if any other complication ensues, the Legal Services Manager will be consulted in the first instance.
V5.0 June 2012 8
8.2 In all other cases, the Manager arranging for disclosure to be made will, in the first instance: • Ensure that the full reason for the request has been stated in writing by the
applicant and that this reason conforms with one of the accepted criteria outlined.
• The Access to Health Records form requires Subject access requestors of
medical records to state the reason for application in order to ensure adequate support is given such as arranging an appointment with the relevant Consultant to allay the requestors anxieties, or inviting the requestor to view their records.
• Ensure that the patient’s written permission has been received or, in the case
of a deceased patient, the written permission of the next of kin.
• Obtain the approval of the consultant(s) in charge of the treatment in question. (Consultants have confirmed that they no longer wish to be approached following applications under the Access to Health Records Act, or the Data Protection Act, unless exceptional circumstances apply and/or their guidance is needed.)
• Copies only will be transmitted to the applicant. Charges for copying and
postage will be made in accordance with the rates agreed in the Trust at the time, or as determined in law.
9. Information Requested by the Police 9.1 The Police have no automatic right of access to clinical information. The Trust’s
overriding duty is to maintain confidentiality on the information that it holds on individuals. Nevertheless, there are occasions when the Trust also has a duty to act in the best interests of the public. There is, therefore, a need to balance these two duties in the context of Police enquiries. The Trust’s actions are governed by the Department of Health Code of Practice on Confidentiality.
9.2 There are exceptions to the duty of confidence that may make the use or
disclosure of confidential information appropriate. Statute law requires or permits the disclosure of confidential patient information in certain circumstances, and the Courts may also order disclosures. Case law has also established that confidentiality can be breached where there is an overriding public interest.
9.3 In some circumstances however, there is no reasonably practicable way of meeting
these common law obligations whilst still effectively satisfying an important requirement. Where this is accepted to be the case by the independent statutory Patient Information Advisory Group (PIAG) it may be possible to use powers provided under section 60 of the Health & Social Care Act 2001 to set aside obligations of confidentiality, in effect replacing them with a regulatory code. When section 60 support is provided, it is lawful to share information.
10. Public Interest / Protecting the Public 10.1 Under common law, staff are permitted to disclose personal information in order to
prevent and support detection, investigation and punishment of serious crime and/or to prevent abuse or serious harm to others where they judge, on a case by case basis, that the public good that would be achieved by the disclosure outweighs both the obligation of confidentiality to the individual patient concerned and the broader public interest in the provision of a confidential service.
V5.0 June 2012 9
10.2 Whoever authorises disclosure must make a record of any such circumstances, so
that there is clear evidence of the reasoning used and the circumstances prevailing. Disclosures in the public interest must also be proportionate and be limited to relevant details. It may be necessary to justify such disclosures to the courts or to regulatory bodies and a clear record of the decision making process and the advice sought is in the interest of both staff and the organisations they work with.
10.3 Wherever possible the issue of disclosure will be discussed with the individual
concerned and consent sought (in writing – Appendix D). Where this is not forthcoming, the individual should be told of any decision to disclose against their wishes. This will not be possible in certain circumstances, e.g. where the likelihood of a violent response is significant or where informing a potential suspect in a criminal investigation might allow them to evade custody, destroy evidence or disrupt an investigation
10.4 Each case must be considered on its merits. Decisions will sometimes be finely
balanced and staff may find it difficult to make a judgement. It may be necessary to seek legal or other specialist advice (e.g. from professional, regulatory or indemnifying bodies) or to await or seek a court order. Staff need to know who and where to turn to for advice in such circumstances.
10.5 Examples of disclosure to protect the public are:
• Serious Crime and National Security o The definition of serious crime is not entirely clear. Murder,
manslaughter, rape, treason, kidnapping, child abuse or other cases where individuals have suffered serious harm may all warrant breaching confidentiality. Serious harm to the security of the state or to public order and crimes that involve substantial financial gain or loss will also generally fall within this category. In contrast, theft, fraud or damage to property where loss or damage is less substantial would generally not warrant breach of confidence.
• Risk of Harm
o Disclosures to prevent serious harm or abuse also warrant breach of confidence. The risk of child abuse or neglect, assault, a traffic accident or the spread of an infectious disease are perhaps the most common that staff may face. However, consideration of harm should also inform decisions about disclosure in relation to crime. Serious fraud or theft involving NHS resources would be likely to harm individuals waiting for treatment. A comparatively minor prescription fraud may actually be linked to serious harm if prescriptions for controlled drugs are being forged. It is also important to consider the impact of harm or neglect from the point of view of the victim(s) and to take account of psychological as well as physical damage. For example, the psychological impact of child abuse or neglect may harm siblings who know of it in addition to the child concerned.
10.6 All enquiries/responses under this heading must be prefaced as being either
“alleged”, or “potential”. 10.7 Enquiries by the Police in connection with treatment in the A&E Department will be
handled by the Consultant in charge of that Department. Police media team
V5.0 June 2012 10
enquiries will be handled by Corporate Communications. All other enquiries by Police and kindred bodies will be handled by the Claims and Legal Services Manger, or lead Director (if appropriate).
11. Parties Engaged in Civil Legal Proceedings 11.1 The Law provides that any party engaged in Civil Legal Proceedings has the right
to obtain from another party engaged in those proceedings or from any third party any information or documents which are relevant to those proceedings.
12. Staff Accidents 12.1 If a member of staff is claiming against the Trust in respect of injury or illness
resulting from their employment the Trust will find itself operating in a dual role as both custodian of any clinical information which may be pertinent to the case and also as a party to the legal action concerned. In these circumstances, clinical information about the Claimant may not be used by the Trust without the former’s written consent. This includes Occupational Health records
12.2 The Health Service Commissioner is empowered to subpoena clinical records. 13. Mental Capacity 13.1 If a patient lacks mental capacity but has nominated a Lasting Power of Attorney
(as opposed to a Power of Attorney), their personal information can be disclosed to that person who would make decisions on their behalf. In certain circumstances, the Independent Mental Capacity Advocate could be consulted to help in making decisions about a mentally incapacitated patient. They are empowered to represent the patient and to act in their best interests.
14. Media Enquiries and Condition Checks 14.1 Requests may come into the Trust from local/national media or from Thames
Valley Police media teams in the form of a ‘condition check’. 14.2 Requests for condition checks from police media leads or local media will only be
handled by the Trust’s press team. Information on a patient’s condition must only be obtained from Managers or the appropriate nurse in charge.
14.3 Media and police enquiries into a patient’s condition will only be considered if the
enquirer can identify: • The patient’s full name • Date of admission • Circumstances of admission
14.4 Speculative requests from the media following events, e.g. RTAs, will only be
responded to on a corporate basis, i.e. confirmation that the Trust is involved. 14.5 Wards and departments must not give out any information to the media under any
circumstances. 14.6 For all police or media enquiries, a detailed media enquiry form (Appendix C) is
completed by the police press lead handling the call. Where a condition check is requested the police press lead contacts the relevant ward or department and every effort is made to gain consent from the patient. No condition checks will be given without verifying the call using the police password that will be provided for
V5.0 June 2012 11
each case. If a patient is 16 or over, no-one except the patient can consent to the release of condition check information. If a patient has been discharged, it is best to refer the enquirer to the patient themselves, to close relatives or friends or to the continuing care provider whichever is appropriate. If a patient is not yet 16, parents must give consent but the patient’s wishes will be taken into account too. Data Protection advice may be sought on these occasions.
14.7 In a criminal matter, requests for condition checks will be referred to the
appropriate police force. 14.8 Condition checks will not provide detailed information about a patient; they will only
verify if a patient is critical, serious, stable or comfortable and either admitted or discharged.
14.9 Media enquiries that are not condition checks will be handled under the Freedom
of Information Act and the Data Protection Act legislation in the normal manner. 15. Disclosure or Sharing of Clinical Information About Children 15.1 Sharing information about children with the right people can help to protect them
from harm and ensure they get the help they need. However, great caution needs to be taken before releasing information to separated or divorced parents and to guardians.
15.2 If possible, involve the child in the decision about giving access to their notes to
their parents and guardian. There may be reasons why a child may not want a certain parent to see their records.
15.3 As mentioned above, always seek advice of the paediatrician in charge of the
case. 15.4 Young people with capacity have the legal right to access their own health records
and can allow or prevent access by others, including their parents. They must not, however, be given access to information that could cause them harm.
16. Bulk Data Transfers 16.1 All bulk transfers of person identifiable data must be conducted in accordance with
TPP 602 and approved by suitably authorised managers. 16.2 All ad-hoc requests for PID will be assessed using the attached application form
(Appendix B) and approved before the transfer can proceed. 16.3 All staff conducting a bulk transfer of PID must first complete the Bulk Data
Transfer Form found on the Forms page of the Intranet before proceeding. 16.4 All data transfers will be recorded. Regular releases of PID, however, need only be
recorded annually or when changes are made, e.g. requirements, approver, etc. 16.5 All routine data transfers will be reviewed annually. 16.6 A list of those staff responsible for authorising bulk transfers is maintained on the
Intranet – see drop down authorisation list within the Bulk Data Transfers Form. The Trust’s data protection lead is responsible for authorising all ad hoc transfers of PID.
V5.0 June 2012 12
16.7 The persons responsible for affecting disclosure - Data custodians will normally be
authorised to release PID and clinical information for which they are accountable but where sensitive data or high volumes of data are concerned, the authority of more senior staff may be required. Staff responsible for the categories of disclosures above are: • s5.2a Senior ward staff • s5.2b Legal Services Manager • s5.2c Senior Pathology Technician • s5.2d Head of Patient Records • s5.2e Legal Services Manager • s5.2f Legal Services Manager • s5.2g Director of Nursing or Patient Relations Manager • s5.2h Access to Health Records staff and nominated individuals in Radiology,
Rehabilitation and Maternity • s5.2i Senior staff under the guidance of the Legal Services Manager or Data
Protection lead • s5.2j Head of Patient Records
17. Raising Awareness and Training 17.1 This policy will be published on the Intranet and all staff will be notified of it.
Training will be given to staff who are regularly involved in releasing PID and clinical information.
17.2 Only appropriately trained staff may deal with subject access requests and
enquiries relating to patients 18. Implementation Plan 18.1 The Trust will maintain a register of all subject access requests and of other regular
and ad-hoc releases of PID. The register will be available for audit. 18.2 This policy will be discussed and approved by the Information Governance
Working Group prior to being submitted to PRG ratification. 19. Process for Monitoring Compliance with this Policy and Procedure 19.1 This procedure will be reviewed by the Information Governance Steering Group
periodically to ensure that staff are adhering to it. 19.2 The Information Governance department will carry out spot checks annually to find
out the level of knowledge in the organisation of aspects of this policy. 19.3 Departmental information governance assessments will be carried out by the IG
department annually to check compliance with all information governance policies
V5.0 June 2012 13
19.4 Internal audits will be carried out annually as part of the Trust’s Information Governance Toolkit compliance requirements
20. References
• Access to Health Records Act 1990 http://www.legislation.gov.uk/ukpga/1990/23/contents
• The “Caldicott Report”; Report on the Review of Patient-Identifiable
Information http://www.dh.gov.uk/en/Publicationsandstatistics/Publications/PublicationsPolicyAndGuidance/DH_4068403
• Confidentiality: NHS Code Of Practice
http://www.dh.gov.uk/prod_consum_dh/groups/dh_digitalassets/@dh/@en/documents/digitalasset/dh_4069254.pdf
• Data Protection Act 1998
http://www.legislation.gov.uk/ukpga/1998/29/contents • General Medical Council. (2007) 0 -18 years: guidance for all doctors. • Information Security Management: NHS Code of Practice
http://www.dh.gov.uk/en/Publicationsandstatistics/Publications/PublicationsPolicyAndGuidance/DH_074142
• Report on the review of patient-identifiable information – Department of Health
http://www.dh.gov.uk/en/Publicationsandstatistics/Publications/PublicationsPolicyAndGuidance/DH_4068403
• Section 60 of the Health and Social Care Act 2001
http://www.legislation.gov.uk/ukpga/2001/15/contents • Freedom of Information Act 2000
- 14 -
Appendix A
Wexham Park Hospital Wexham Street
Slough Berkshire SL2 4HL
ACCESS TO HEALTH RECORDS
NOTES FOR POTENTIAL APPLICANTS: The Data Protection Act 1998 provides the right of access to health records. Hospitals are allowed 40 days, from the date a correctly completed form has been received, to issue copies of the medical records requested. APPLICANTS The following applicants have rights of access: ♦ The patient ♦ A person authorised in writing to make the application on the patient’s behalf. ♦ A parent, where the patient is a child (i.e. under the age of 16 years) unless the child is
deemed capable of understanding the application and can therefore make an application personally or oppose application, or unless the health professional decides that parental access is not in the child’s best interest.
♦ Where the patient is incapable of managing his/her own affairs – any persons
appointed by a Court to manage those affairs. ♦ Where the patient has died, the patient’s personal representative and any persons who
may have a claim arising out of the patient’s death. RESTRICTIONS OF ACCESS The Act gives rights of access subject to the following restrictions, which are to be made at the discretion of the health professional concerned. There are no requirements to disclose the fact that information has been withheld. ♦ Where it is considered that access would disclose information likely to cause serious
harm to the physical or mental health of the patient or of any other individual. ♦ Where access would lead to the disclosure of the identity of another individual who has
not consented to the disclosure of the information, unless that individual is a health professional who has been involved in the care of the patient.
FEES The law permits a statutory fee of £10.00 to be charged per application for access to health records, plus the cost of producing copy medical records and supplying radiology images on a CD. The total cost will not exceed £50.00. To cover the Trust’s initial costs for your application and copy medical records a cheque in the sum of £20.00 is required with the completed application form. Applications will not be processed until a cheque is received.
V5.0 June 2012 15
Should you require a CD containing radiology images together with copy medical records a cheque in the sum of £30.00 is required with the completed application form to cover the cost of the application fee, copy medical records and CD containing radiology images. Applications will not be processed until a cheque is received. Should you require a CD containing radiology images only, a cheque in the sum of £20.00 is required with the completed application form to cover the cost of the application fee and CD containing radiology images. Applications will not be processed until a cheque is received. Should any further charges be necessary in connection with disclosure, i.e. you may have more than one medical records folder which needs to be copied, you will be advised before the dispatch of your copy records, and a further cheque for any additional costs entailed will be requested from you. As mentioned above, the total cost will not exceed £50.00. Cheques should be made payable to Heatherwood & Wexham Park Hospitals NHS Foundation Trust and forwarded together with the completed application form to the Access to Health Records Department at the address below. DECEASED PATIENTS’ RECORDS Applications concerning copies of deceased patients’ medical records will be dealt with under the Access to Health Records Act 1990. The fees as outlined above will apply. There will not be a cost limit under this Act. VIEWING Applicants who only wish to view their notes at the Hospital, will not be charged an access fee. However, after viewing has taken place should copy records, and/or radiology images be required, the fees as outlined above will apply and a cheque will be required before the request can be processed. As prior arrangements must be made for viewing medical records with the Access to Health Records Officer, please would you provide a contact telephone number so that these arrangements can be made. Address for completed requests: Access to Health Records, Wexham Park Hospital, Wexham Street, Slough Berkshire SL2 4HL AHR Notes-Form Combined-05b (22.03.11).doc
V5.0 June 2012 16
APPLICATION FOR ACCESS TO HEALTH RECORDS
Details of Health Records to be accessed: PATIENT Surname: .................................................................................................... Maiden Name: .................................................................................................... Forename(s): .................................................................................................... Address: .................................................................................................... .................................................................................................... .................................................................................................... Date of Birth: .................................................................................................... Hospital Number: .................................................................................................... Treated at Heatherwood / Wexham (please delete as appropriate) RECORDS
Please indicate the copy records you require:
Copy Medical Records
Copy X-rays
View Only
In respect of: (please give details of condition/illness/treatment) .............................................................................................................................................. .............................................................................................................................................. Dates of Treatment: .................................................................................................... Consultant: .................................................................................................... Reason for Application would................................................................................................ be helpful to ensure relevant support is given: .................................................................................................... APPLICANT (if different from the patient) Surname: .................................................................................................... Forename(s) .................................................................................................... Address: .................................................................................................... .................................................................................................... Relationship to patient: .................................................................................................... DECLARATION Please tick the relevant box and sign below I declare that the information given by me is to the best of my knowledge correct and that I am entitled to apply for access to the health record referred to above under the terms of the Data Protection Act 1998.
1. I am the patient.
2.
I have been asked to act by the patient and attach the patient’s written consent.
3.
The patient is under the age of 16. I am a parent. (Guardians and others acting in place of parents will have to supply proof of status.)
4. I am the deceased patient’s next of kin.
V5.0 June 2012 17
5.
I am the deceased patient’s personal representative and attach confirmation of my appointment.
6. I have a claim arising from the patient’s death on the grounds that:
.................................................................................................... .................................................................................................... PLEASE COMPLETE PARAGRAPH (A) (B) OR (C) BELOW AS APPROPRIATE. (A) I enclose cheque number ……………………….. for £20.00 made payable to Heatherwood and Wexham Park Hospitals NHS Foundation Trust. This is to cover the Application Fee and copy medical records ONLY. I am aware that I may be required to pay a further sum should it prove necessary, i.e. I have more than one medical records folder that needs to be copied, and that I will be advised of this before the dispatch of my copy records. (B) I enclose cheque number…………………………….. for £30.00 made payable to Heatherwood and Wexham Park Hospitals NHS Foundation Trust. This is to cover the Application Fee, copy medical records and CD containing radiology images. I am aware that I may be required to pay a further sum should it prove necessary, i.e. I have more than one medical records folder that needs to be copied, and that I will be advised of this before the dispatch of my copy records/CD. (C) I enclose cheque number……………………………….for £20.00 made payable to Heatherwood and Wexham Park Hospitals NHS Foundation Trust. This is to cover the Application Fee and CD containing radiology images ONLY. Signed: ..................................................................... Date: ............................................... CERTIFICATION OF ABOVE SIGNATURE: THIS SECTION MUST BE COMPLETED BY SOMEONE WHO KNOWS YOU AS INDICATED IN THE DECLARATION BELOW. I certify that I am (name): ..................................................................................................... of (address): ......................................................................................................................... .............................................................................................................................................. and that I have known the applicant as named above for ……… years as an employee / client / patient / personal friend (please delete as appropriate) and have witnessed the applicant sign this form. Signed: ...................................................................... Date: ...............................................
V5.0 June 2012 18
Appendix B
APPLICATION FOR PERSONAL INFORMATION
Title of proposal / project / request: Your details: Name and job title Department and the organisation you work for
Tel no: Email address For what purpose do you need the information? Please attach your proposal or project paper or give a detailed description of what you are proposing to do together with your objectives. What are the benefits of your scheme / proposal?
What elements of personal data do you need and why? You must give reasons for each.
Will you be sharing this information with anyone / any other body / group of people and why? How will the data be transferred? Are the data subjects aware that this information about them is being collected and used as described above? What will be the effect of the sharing of the information on the data subjects? Is the consent of data subjects required? If so, has it been acquired? Is this information is to be required over a period of time? If so, for how long? Is the information going to be stored on a database? Who will have access to the information and why? Role / job title
Reasons for access
How will access be controlled? Do you have procedures in place to ensure that data is not kept for longer than necessary and that staff access is removed once they no longer need it? Please describe. Do you have procedures in place to deal with Subject Access requests? If so, please describe. Name of person carrying out assessment
Signature if completing in hard copy
Date of assessment Date approval given
V5.0 June 2012 19
Appendix C
Press Enquiry Sheet – CONFIDENTIAL Corporate Communications Name
Issue
Paper
Tel No
Cont….. Deadline
Contacted Date For what
Date
Time
Closed
CONDITION CHECK Patient name:
M/F DOB/Age A&E arrival date/time
Cause/incident/source
Ward: Ext No. Staff Member
RESPONSE Phone
Fax
Interview
Decline to comment
Response details
Aware ?
PC
JW
NT
V5.0 June 2012 20
Press Enquiry Sheet – Confidential Information continued
V5.0 June 2012 21
Appendix D
Template Consent to Share Information form Patient Name: Hospital No: Date of Birth: Date: The need to share your information Only Trust staff that are involved with your care, or are providing support to those caring for you, may see details of your clinical record. This may include doctors, nurses, therapists, mental health social workers and some administrative staff or staff from other non-NHS organisations that are contracted to provide healthcare services to you on behalf of the Trust. All Trust staff are mandated to abide by a strict Confidentiality Code of Conduct and information security policies. The Trust may also share some information with other staff who do not work for Heatherwood and Wexham Park Hospitals NHS foundation Trust. This may include your GP, Social Services, your carer or an other organisations contracted to provide services on behalf of the Trust. When considering who may see information about you our staff use the following principles as set out in the Data Protection Act 1998: • Only share information with those who need to know in order to provide good quality care. • Share the minimum information necessary to ensure the good quality care. All other organisations/ agencies/ individuals with whom we share information are required to abide by strict Sharing Information Protocols. PATIENT TO COMPLETE:
Part 1 - I agree to my information being shared, on a ‘need to know basis’ with the following people /organisations: Part 2 - I do NOT agree to my information being shared with: Please list any organisations/ agencies or individuals whom you do not want us to share your information with. You do not have to give a reason for this. If you are satisfied with the above please complete and sign. Print name: ________________________ Signed: ________________________ Date: ______________________ REVIEW OF CONSENT Consent should be reviewed on a regular basis as agreed with the service user/carer, as necessary. If there are any changes to this document a new form should be completed to reflect the current wishes of the patient (or, if the patient is incapable of giving consent, the review may be made by the health professional responsible should they feel it is necessary and in the best interest of the patient to do so).