Expert Insights

Latest news stories and opinions about the Dental, GP and Care Industries. For your ease of use, we have established categories under which you can source the relevant articles and news items.

12th March 2019

GDPR: subject access requests and providing patient information free of charge

While many in general practice are focused on the big picture like the April 2019 contract changes in the English GP press, one element of which will ensure practices that have not yet done so will join large networks comprising 30-50,000 patients if they want to survive financially, there are existing everyday grass roots matters for busy surgery admin teams to consider and monitor in order to remain compliant with UK and European data management legislation.

Under the General Data Protection Regulation (GDPR), the requirements of which are mirrored in the UK’s Data Protection Act 2018 in readiness for whatever type of Brexit when or if it happens, practices cannot charge any level of fee whatsoever for providing patient information via subject access requests. This has recently been reinforced by the Culture, Media and Sport Minister, Margot James when the argument for exemption was put forward.

Practices report experiencing a significant rise in requests for patient information since charges were abolished under GDPR in late May 2018. While these requests for patient information are time-consuming and increase practice running costs as a result, charging for providing patient information would weaken patients’ rights according to the minister.

While practices are allowed to charge for excessive requests made by data subjects and those from third parties (e.g. insurers and solicitors) under the Access to Medical Reports Act 1988, there is nothing to define the extent of excessive requests.

The controversy that has arisen as a result of the minister’s position on general practice not being exempt from having to respond to subject access requests free of charge is that, where previously insurance companies and solicitors paid a fee to obtain patient information, they are now using GDPR to acquire this free of charge from practices. As a result, practices find themselves effectively supporting insurance companies and firms of solicitors financially – at their own cost through an inflated workload – because they are not permitted to pass on the cost of providing patient information (in whatever amount it is requested) to the third parties submitting subject access requests.

It looks as if the campaign to allow practices to charge commercial third parties for responding to subject access requests is not going to run out of steam any time soon. However, until general practice achieves formal exemption from the requirement to provide patient information free of charge under GDPR in response to subject access requests either from patients or third parties, it is important for everyone in the practice to remember that no charges can be made for providing patient information requested when the appropriate consent has been supplied and practices will continue to bear this cost.

*All information is correct at the time of publishing

Topics: GPs

Leah Biller

General Practice Specialist

Leah has an extensive background in all aspects of healthcare including practice management. She is seen as someone to depend on to take on a challenge and turn it around for the better. After a short time in working with the law she moved on to healthcare in 1985 after a routine appointment at her local GP had her walking out as practice manager. That started her on the general practice trail and then into acute, primary and community as well as health regeneration plus a Master’s in Primary Care from QMUL graduating in 2003 as the only non-clinician on the four-year course. Read more

Join over 53,000+ users already using the QCS Management System!
Start Free Trial
Back to Top

Register here for your FREE TRIAL

  • Try our unique Management System, or any of our individual packs
  • PLUS! Gain FREE trial access to our Mock Inspection Toolkit
  • Over 2,300+ pages of easy to use guidance and 300+ policies & procedures

Simply fill out the form below and get full access for 24 hours to a QCS Management System of your choice.

Start FREE Trial Click here