Would really welcome opinions/views please?

 

We receive numerous subject access requests from claims handling companies who are not registered with the Solicitor's Regulation Authority or with the Claims Regulation Service (https://www.claimsregulation.gov.uk/search.aspx). These contain consent – which, frankly, anyone could have signed – and often relate to patients who were discharged some time ago. In accordance with section 7(3) of the Data Protection Act, which permits us to satisfy ourselves that the requester is entitled to the records, our acknowledgement/response contains the following wording

 

(please give us a tenner and) Proof of identity for the patient(copy of driving licence, passport or birth certificate) OR headed correspondence containing your SRA registration number or Claims Management Company Authorisation number OR a letter from SRA registered solicitor who appointed you in this matter, confirming your appointment to manage this specific request on the Solicitor’s behalf.

 

The response is usually just a cheque, then increasingly aggressive series of ‘chaser’ telephone calls where we explain that as data controllers, we do have a duty to ensure that we are releasing health records with proper authority, reiterating the above request, etc. This takes the caller off script, as we get nowhere. We’ve stopped sending chaser letters as these don’t have any effect: the claims handling computer systems can’t handle them.

 

I’m proposing changing the wording to

 

(please give us a tenner and) Please forward the fee of £10.00 for electronic records. By sending us this fee, you are confirming that you have valid authority to obtain these records from us, and that no liability for a breach of confidentiality is attached to Nottingham CityCare Partnership for disclosure of these records to you in exact accordance with your request. Alternatively, in accordance with section 7(3)(a) of the Data Protection Act, please forward proof etc (as current version).

 

I’m well aware that the above still doesn’t give us a leg to stand on, it might make them pay attention? If it ever did come to an ICO investigation, I have evidence in spades to demonstrate that we have repeatedly tried to implement a checking process and that the organisations concerned have not co-operated, so we’re now avoiding detriment to service users caused by delays to their request. Basically, it’s a balance of risk – patients complaining because we are holding up claims, time-consuming (and sometimes rude) claims handler calls vs potential ICO penalty.

 

In the meantime, I’ve reinforced to my poor admin support that rude callers must be referred to me – I’m responsible for policy, so if companies don’t like it, I’ll take the flack. To cheer me up, I’ve also flagged the three most frequent correspondents to the regulator.

 

What does everyone else do in relation to these checks? I find it hard to believe that “no-one else” asks these claims handlers for proof as often claimed …

 

Thanks and regards


Sandre

 

Sandre Jones
Information Governance Lead

Nottingham Citycare


T: 0115 883 9534

E: [log in to unmask]

 

Nottingham CityCare Partnership CIC is registered as a company limited by guarantee.
Company Registration Number: 07548602
Registered address: 1 Standard Court, Park Row, Nottingham, NG1 6GN

 


********************************************************************************************************************

This message may contain confidential information. If you are not the intended recipient please inform the
sender that you have received the message in error before deleting it.
Please do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents:
to do so is strictly prohibited and may be unlawful.

Thank you for your co-operation.

NHSmail is the secure email and directory service available for all NHS staff in England and Scotland
NHSmail is approved for exchanging patient data and other sensitive information with NHSmail and GSi recipients
NHSmail provides an email address for your career in the NHS and can be accessed anywhere

********************************************************************************************************************

All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]

Any queries about sending or receiving messages please send to the list owner [log in to unmask]

(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)