[DAYS_LEFT] days left of your Medeconomics free trial

Subscribe now

Your free trial has expired

Subscribe now to access Medeconomics

Practice dilemma: Receptionist accesses a family member's record

We have a new receptionist who was a patient at the practice. When she started working for us we asked her to join another practice but the rest of the family are still on our list. We recently discovered that the receptionist had looked at her 15-year-old daughter's patient record after she attended an appointment at the surgery. What should we do?

Richenda Tisdale, medicolegal adviser at Medical Protection advises:

This is a serious breach of confidentiality and there are a number of issues to consider here.

Firstly, there should be a robust investigation of the incident to determine the extent of the breach and seek the comments of the receptionist. Has the member of staff had adequate training in confidentiality? If not, are there training gaps across the staff?

The practice should consider whether formal disciplinary proceedings should be brought against the receptionist, and if so, they may wish to take advice from an employment law specialist.

Following the investigation, the breach of confidentiality should be reported to the patient in accordance with the practice’s ethical requirement to be open and honest. In this particular case, it would need to be handled sensitively and the practice may wish to give the receptionist the opportunity to inform her daughter herself before the practice contacts her.

Without revealing the identity of the member of staff, the incident could be used as a springboard for a review of confidentiality training within the practice to ensure all members of staff understand ‘soft’ breaches of confidentiality.

If the practice computer system permits different levels of access to the clinical records then the practice may also wish to review whether non-clinical staff have the appropriate level of access. Access to patient information should be limited to the data necessary to perform their jobs and in some circumstances, may not include clinical information.

If effective action is taken to ensure that there is no recurrence of this incident, the practice may not consider it necessary to self-refer the breach of confidentiality to the Information Commissioner’s office. However, the practice may wish to discuss the breach with their medical defence organisation (MDO) and seek further advice.

Even if the practice takes all of the steps above, it is still possible to envisage a scenario in which a member of the clerical team is privy to confidential information regarding a relative, such as seeing a script for a medication.

Whilst it is desirable for relatives (and friends) of staff to be registered at alternative practices, in rural areas and for a number of other reasons this may not always be practical. However, if appropriate measures are taken to limit access to clinical information and to remind all staff of the extent of their duty of confidence then there is no reason why the family cannot remain patients of the practice.

Have you registered with us yet?

Register now to enjoy more articles
and free email bulletins.

Sign up now
Already registered?
Sign in

Would you like to post a comment?

Please Sign in or register.

Database of GP Fees

Latest Jobs