As if I didn’t have enough to worry about already with the threat of having to be responsible 24/7 for certain vulnerable patients, and having to stay open until eight o’clock seven days a week for all patients, and having to provide continuity of care, I now run the risk of being sued by patients for sharing their confidential data because I didn’t try hard enough to inform them so they could exercise their right to opt out.
Apparently GPs have just eight weeks ‘to take reasonable steps to inform patients their data will be shared outside the practice’. Of course patients have the right to object and this must be recorded in their notes. The problem is that guidance from the Information Commissioner’s Office on what would be regarded as ‘reasonable steps’ isn’t ready yet; and putting up some posters in the waiting room, or adding something to the practice website may not be enough to avoid the wrath of the Information Commissioner when a complaint is made. In the eyes of the law, under the Data Protection Act GPs are data controllers and liable to criminal proceedings if data is shared without their patients’ permission.
What if ‘reasonable steps’ means writing to every patient? Who is going to pay for this?
So in my next ten minute consultation with one of my male diabetics I now not only have to sort out their complex medical needs, I also have to tick various QOF boxes, ask some personal questions regarding their sex life and I now have to explain how all their information will be shared with a third party in an identifiable way unless they wish to object. That particular consultation will run for more than ten minutes won’t it?
Come to think of it, I might need to work from eight in the morning until eight at night just to see the same number of patients I do now simply to record all the information I’m now expected to gather – and once I’ve done that it’s not even the patients’ information any more, anyway.
Dr Hadrian Moss is a GP in Kettering, Northamptonshire. You can tweet him at @DrHMoss.