Attempt to get unauthorised access to medical records

crosoc

Are there is any offences committed if an employee or an organisation for that matter attempts to gain unauthorised access to medical information from a Consultant without seeking the consent of the person on whom the records/information are held in the first place?

I know there are certain circumstances in which this may be permissible, ie. court order, endangerment of the patient or public etc, however none of these situations apply in this case.

I might also add that there is no question of disclosure by the doctor, so there are no issues about professional ethics or breaches in patient confidentiality.

And this may sound completely stupid, but if this is an actual offence, who do you report it to?

Kristopherus

The medical file of a patient belongs to the Consultant or organisation. It does not belong to the patient. If you give an example of the type of incident you may get a clearer answer.

crosoc

I cant really go into the specific's of the case here.

But the organisation is not a hospital, GP, or an employer etc. The medical records are not the property of the organisation either, and the organisation has no contractual relationship with the consultant. The doctor in question is the patient's private consultant.

The doctor's name and contact details were processed by the organisation from the records that the organisation has on their files about the data subject. The employee decided to process this information and used this data to communicate with the doctor in writing. This was done without the knowledge of the data subject. The data subject learned (purely by accident) that this person had sent this letter and had asked the consultant to furnish him and/or the organisation (at this stage it is unclear) with detailed medical information about the patient. There was no attempt made to seek the consent of the patient prior to doing so.

I alway's thought that there was a legal requirement for obtaining informed consent before anybody would even think about seeking disclosure of private medical information.

Hope this clarifies this a bit more....

Our man in Havana

Has the consultant furnished this person with your records?

Delancey

Is the patient absolutely 100% certain they did not give consent ? Is it perhaps a case that they gave consent a long time ago and have forgotten ?
For example - I once worked for a Life Assurance company and on several occassions had to deal with customers huffing and puffing about the company writing to their Dr's for medical reports without their consent , needless to say a check of the relevant file always showed they had consented but just couldn't be bothered reading what they were signing up to.

crosoc

Haddockman wrote: »

Has the consultant furnished this person with your records?

Nope, so there are no professional issues about the consultant having disclosed the information - he was away on leave for quite a while so its a case where he is playing serious catch-up on the pile up of work that has accumulated over time.

Luckily I came aware of what this person was attempting to do in sufficient amount of time to stop any chance or possibility that there may have been any disclosure.

Kristopherus

As the other posters have indicated, there may be an issue with consent. The consent could have been given many moons ago. If you can establish that consent was 110% NOT given, then you may have a case. As in all of these kind of issues, the devil is in the detail, and the key is the consent issue. Good luck with it.

crosoc

delancey42 wrote: »

Is the patient absolutely 100% certain they did not give consent ? Is it perhaps a case that they gave consent a long time ago and have forgotten ?
For example - I once worked for a Life Assurance company and on several occassions had to deal with customers huffing and puffing about the company writing to their Dr's for medical reports without their consent , needless to say a check of the relevant file always showed they had consented but just couldn't be bothered reading what they were signing up to.

There was no consent given for this information to be requested or furnished....written or otherwise, and that is something I can say that I am 100% certain of!

And just to clarify the issue doesnt relate to PHI....as I wouldnt have an issue in that case. I fully understand the right to request and to disclosure as part of the terms and conditions of the PHI contract.

28064212

crosoc wrote: »

Are there is any offences committed if an employee or an organisation for that matter attempts to gain unauthorised access to medical information from a Consultant without seeking the consent of the person on whom the records/information are held in the first place?

I highly doubt it*. Assuming the attempt wasn't done illegally (e.g. they were caught breaking in to the building where the records were kept, or they attempted to bribe someone), simply asking is not an offence in itself.

The only situation where you may have a case is if you can show, beyond reasonable doubt, that the requester knew that what they were doing would be illegal if they were successful. And even then, the likely outcome is that they get a warning not to do it again

* Not a solicitor, not legal advice

MagicSean

28064212 wrote: »

I highly doubt it*. Assuming the attempt wasn't done illegally (e.g. they were caught breaking in to the building where the records were kept, or they attempted to bribe someone), simply asking is not an offence in itself.

The only situation where you may have a case is if you can show, beyond reasonable doubt, that the requester knew that what they were doing would be illegal if they were successful. And even then, the likely outcome is that they get a warning not to do it again

* Not a solicitor, not legal advice

This would be my thinking on the matter. I doubt a mere attempt would be sufficient for a criminal or civil action unless it involved some criminal act, such as theft or harassment.