The introduction of the General Data Protection Regulation (GDPR) back in May generated a lot of uncertainty and work for businesses but created clear benefits for us all as individual “data subjects”. One up-side that went largely unnoticed is the right for clinical negligence claimants to have free access to their medical records.

Before this summer, even just the mention of GDPR might be met with groans from colleagues tired of hearing about this important but inevitably complex piece of legislation that all of us in any sort of business had to get our heads around, to some extent.

However, one specific aspect that has been of particular interest to all of us who work on behalf of people who have been harmed by medical malpractice, is the impact that the Regulation has had on accessing a client’s medical records.

The right to see the information that medical professionals have recorded about us isn’t new, of course. Such rights were certainly codified under GDPR’s predecessor the Data Protection Act in 1998 and, to a limited extent, the Access to Medical Reports Act back in 1988.

Two key aspects of GDPR have already had a significant impact on how such matters are progressed. First, the regulation has reduced the amount of time that an organisation has to respond to a subject access request (SAR) from 40 to 30 calendar days, speeding up the process of assessing a claim which should be ultimately beneficial for all parties.

Second, and perhaps more important, has been GDPRs provision that organisations are no longer permitted to charge an administration fee for responding to a SAR, in most instances. As well as making it easier for prospective clinical negligence clients to get hold of their medical records before a specialist solicitor assesses the merits of their case, this also has the effect of speeding up the claims process.

These implications of GDPR are not entirely uncontentious and there has been some resistance, particularly for some smaller medical organisations such as GP surgeries, claiming to be overwhelmed by the demand to review large, historic medical files in order to redact data about any third parties who may not have consented to the release of any information about them.

There remains some uncertainty around precisely where such responsibilities fall but, on the whole, GDPR appears to have supplied a rare improvement for claimants trying to assert their legal rights in what are often the most difficult of circumstances.

While surveying its members on the impact of such requests, the BMA has produced some useful guidance for the medical profession about GDPR, particularly its FAQs related to SARs.

Like all legislation, there are clearly some wrinkles that still need to be ironed out. Nonetheless, anything that speeds up the lengthy process of seeking redress for injury caused by clinical negligence can only be a good thing, for all parties involved.

Lisa Blog Signature

Disclaimer - all information in this article was correct at time of publishing.