Medical records kept on file?????

[topbint]

Hello. I am a newbie, and would like to ask for help, please. My employer has decided that to clamp down on staff throwing sickies, they have now said that if anyone has a hospital appointment, or is having an operation, we MUST bring in the letter from the hospital with all our personal details on it. They will then photocopy this and keep it 'on file'. This also applies to any hospital visits I make with my children, so they will in effect have my childrens medical information on file. What I would like to know is, can they keep these hospital letters on file without my permission, after all, some of the letters detail medical proceedures which are very personal, and what can they 'do to me' if I refuse to let them copy the letters?. I must say that I am very genuine, and always used to bring in letters and appointments out of curtesy, and am happy to let my supervisor see them. What I object to is the fact they want to hold copies of these letters. Is it breaking data protection, or medical confidentiality etc? Surely, this information is between myself and the medical profession?

Thanks in advance.

[silverbird_9t9]

Have you considered copying the letter yourself and obliterating any personal information such as medical conditions?

[honeybee13]

Good idea Silverbird. Do they really need to keep copies? I would have thought that if they really don't trust their staff, it should be enough for someone to see the letter or a copy of it and enter that fact on the personnel records.

 

There are strict rules about medical records and their confidentiality. It would be worth checking that they are getting this right. There the Access to Medical Records rules and I think it comes under the Information Commissioner as well. I'll have a look if I get time.

[honeybee13]

Hello again. I hope it's OK to post this, from the Information Commissioner's website. This is part of the Data Protection regulations and covers an organisation's legal responsibilities.

 

 

 

'The Data Protection Act doesn't guarantee personal privacy at all costs, but aims to strike a balance between the rights of individuals and the sometimes competing interests of those with legitimate reasons for using personal information. It applies to some paper records as well as computer records.

This short checklist will help you comply with the Data Protection Act. Being able to answer 'yes' to every question does not guarantee compliance, and you may need more advice in particular areas, but it should mean that you are heading in the right direction.

 

• Do I really need this information about an individual? Do I know what I'm going to use it for?
  
• Do the people whose information I hold know that I've got it, and are they likely to understand what it will be used for?
  
• If I'm asked to pass on personal information, would the people about whom I hold information expect me to do this?
  
• Am I satisfied the information is being held securely, whether it's on paper or on computer? And what about my website? Is it secure?
  
• Is access to personal information limited to those with a strict need to know?
  
• Am I sure the personal information is accurate and up to date?
  
• Do I delete or destroy personal information as soon as I have no more need for it?
  
• Have I trained my staff in their duties and responsibilities under the Data Protection Act, and are they putting them into practice?
  
• Do I need to notify the Information Commissioner and if so is my notification up to date?
  

To help determine how well you comply with the data protection principles, please read the complete audit guide.

[topbint]

Thanks very much for your help, everyone. I spoke to my local hospital yesterday, and their laywer called me back and basically said that my employer can't copy the appointment letter and hold it without my permission. What I have asked the hopspital to do is ,when I (or a family member) get a letter about an appointment, to pop an appointment card in with the letter just stating time, date, and doctors name. As far as I'm concerned, thats all my employer needs to know. I feel that this is an acceptable compromise, but if my work still insists on the actual hospital letter, I will have no choice but to open a case with the info commission, as they suggested. Once again, I am grateful for your replies, have a good weekend everyone!!!!

[honeybee13]

Hi, that's a good result. I didn't even know hospitals had lawyers! Well done, that's one in the eye for your employer. Are you going to tell your colleagues?

[topbint]

Yes, definately. There are many of us who object to such personal information being copied and stored without our consent, but as I said, it remains to be seen if the company will accept this. If not, I will take it further. This is a great forum, I didn't know it existed, but it has loads of information on it. I will keep checking back. It's also nice to know that there are more people going through the same things.

Have a good weekend, when it gets here!!!!