Secret-Diary-of-a-Practice-Manager-2.jpg (1)

Secret Diary of a PM – A GDPR Dilemma

Over the past eighteen months I have written a number of blogs on the implications and interpretations of GDPR.


We have all received advice and guidelines on its ramifications, but I wonder if a recent incident at my practice is indicative of the continued confusion.

Let me explain, and see what you think. A retirement property company emailed a list of their residents that needed the Flu vaccination this year. Going through the list of names and flat addresses, a fair number of the patients were not ours.

So, we asked ourselves, is this a GDPR breach? We felt it was and so the next step was to contact our Data Protection Officer (DPO), who was in the Information Governance Department for our area.

Their response agreed with our assessment, which was that GDPR had been breached - but they also said we did not need to take action as it was not us who caused the breach.

I responded to them ‘what do you mean?’, and they replied that it is the care home’s responsibility to report the breach to the ICO – all we can do is advise them of the breach. They told me to just return the email to them, but what is the point of that?

This set me thinking, it’s a bit like turkeys voting for Christmas… you need to report yourself for a breach. How many breaches will get covered up by them not being reported?

I then got in touch with the ICO and without mentioning names I gave them the scenario and they agreed with everything I had been told - yes it seemed like a breach and our DPO was right that the care home should report it, not us.

I then asked why we cannot report this breach ourselves, but the ICO clarified that it is up to the care home to report it and not me. I could report it, and it may be investigated, but the ICO would not be able to discuss the case and findings with me.

Is this a law with little chance of enforcement because it relies so heavily on self-reporting?

I later contacted the care home and they said that all the residents on the list we received had agreed it would be better if one practice came into to do the flu jabs and they thought we would be happy with that.

They did not think it mattered if they were not our patients and, in any case, it was easier for them to get the jabs done on one day. I am still discussing this matter with them, but they tend to say they have not done anything. Should there be any developments then I will let you all know.


Have you found yourself in any tricky positions in the months following GDPR? Let us know in the comments below. FPM members can access the
GDPR Toolkit for a wealth of information and resources.


Comments

First Practice Management 23/11/2018

Hi Jane, In terms of physical records and posting them out to patients, the ICO’s has said that: “The Practice may also request that the physical response is picked up by the requestor from the surgery but if the requestor refuses to do so, the Practice cannot withhold the data and must send it on”. You can find out more in one of our previous GDPR articles “GDPR And Accessing Medical Records - A Practice Manager's Guide”; http://www.firstpracticemanagement.co.uk/blog/gdpr-and-accessing-medical-records-a-practice-managers-guide/ Thanks for getting in contact! First Practice Management

Jane Hollingsworth 22/11/2018

Can you charge postage for SAR to a solicitor if they are not willing to send a courier to collect the medical records which are free of charge.


Leave a Comment

Categories

Upcoming Events

There are currently no events scheduled.

Jobs

Practice Manager - Cumbria

Closing Date: 7 January 2019

Salary: Competitive and dependent on experience.

GP Recruitment - Whitstable, Kent

Closing Date: 4 January 2019

Salary: £11,400 per session, per annum £91,203 full time equivalent

Practice Manager - Trafford, Greater Manchester

Closing Date: 27 December 2018

Salary: TBC

Practice/Business Manager - Sherston, Wilthsire

Closing Date: 31 December 2018

Salary: Up to £38000 per annum (pro-rata) depending upon experience

Practice Manager - Warrington, Cheshire

Closing Date: 21 December 2018

Salary: 35-45k (pro rata) per annum depending on experience and skill

Deputy Senior Manager - Hammersmith & Fulham, London

Closing Date: 28 February 2019

Salary: Highly competitive and negotiable depending on experience

Practice Manager - Torrington, North Devon

Closing Date: 18 January 2019

Salary: Negotiable depending on qualifications, skills and experience.

Practice Manager - North West London

Closing Date: 31 December 2018

Salary: Highly competitive and negotiable depending on experience

Business Manager - Marlow

Closing Date: 14 January 2019

Salary: Competitive dependent on experience

Practice Manager - Cumbria

Closing Date: 7 January 2019

Salary: Competitive and dependent on experience.

GP Recruitment - Whitstable, Kent

Closing Date: 4 January 2019

Salary: £11,400 per session, per annum £91,203 full time equivalent

Practice Manager - Aylesbury

Closing Date: 17 December 2018

Salary: Competitive salary between £38k- £45K DOE.

Practice Manager - Ferndown, Dorset

Closing Date: 15 December 2018

Salary: TBC

Practice Manager - Aylesbury

Closing Date: 17 December 2018

Salary: Competitive salary between £38k- £45K DOE.

What others are viewing now

Latest Forum Posts

Fetching latest posts...