ICO wades in over insurer asking for full GP records
The Information Commissioner’s Office is to question a major insurance provider after learning that it has been requesting patients’ full GP records to underwrite some insurance policies rather than only relevant information.
An ICO spokesperson said it would be contacting insurer Aviva to ‘understand more’ about their use ‘subject access requests’ for collecting medical information on patients and ‘how these accord with the [Data Protection] Act’.
Meanwhile, Aviva confirmed to Pulse that it has been using the method - with customer consent - for ‘almost 12 months’.
An ICO spokesperson said: ‘The Data Protection Act provides individuals with a right to make a subject access request to find out what information is held about them and to hold organisations to account. These requests are powerful and lead to all of the information held by an organisation being disclosed.’
‘There are already specific means for insurers to find out relevant medical information with appropriate safeguards. We will be contacting Aviva to understand more about their use of subject access requests and how these accord with the Act.’
However, Aviva said the choice for how access to medical records was obtained was left to the customer and that subject access requests were used only with their written consent.
A spokesperson said: ‘If a customer discloses information which requires confirmation from their doctor, they have a choice about how we obtain this information. The customer can choose whether we receive a medical report - under the Access to Medical Reports Act - or they can make a subject access request to their doctor - under the Data Protection Act - in accordance with their legal right to obtain access to their medical information.’
‘Subject access requests which obtain a person’s full medical history, are recognised across the insurance industry as a way to gather medical evidence. They can help to provide a quicker, smoother application journey for customers. Customers are under no obligation and we will only use this approach if they have signed a health records consent form which enables us to do so. This form includes a tickbox option which customers can select if they do not wish Aviva to receive a full copy of their health records by way of a subject access request.’
According to Aviva, the method is preferred in many cases because it requires less work on the part of the GP and can therefore speed up the process of obtaining insurance cover.
The spokesperson said: ‘They are a preferred option for some insurers as they tend to return information to the insurer much quicker than a tailored medical report, which requires more involvement from the GP. The BMA has also advised doctors to comply with requests from insurers for full medical records.’
‘Obtaining a customer’s full medical history also means that the likelihood of receiving an incomplete report is greatly reduced when the insurer requests full medical information. This can help to minimise any delays to the customer, and ensure that they obtain cover as quickly as possible. It has been our practice to allow customers to select either method for almost 12 months and each option is fully explained to the customer within the declaration that they sign when providing us with the necessary consent to approach their doctor.’