Subject Access Requests (SARs)
As these no longer attract any payment, you need to ensure you are complying with requests but not doing more work than is necessary.
GDPR gives you the option to contact the practice when you receive a request for their medical records from a solicitor - afterall you are just being diligent and ensuring the request has come from the patient. In many cases the patient will have no idea the solicitor has requested their complete medical record - so when you confirm the patient’s consent it is perfectly acceptable for you to ask the patient if they want their whole medical record for the last 50 years being sent or just information relating to the accident they had. Once they realise the patient will not want their whole record sending and to ensure you really are only sending what the patient wants, it is perfectly acceptable for you to tell the patient you will print out the documents you think are relevant and will leave for the patient to collect so they can review before they (the patient) pass onto the solicitor. This could potentially save you a great deal of time & money as well as acting in the best interests of your patient.
National Data Opt-Out Programme
This replaces the previous ‘type-2’ opt-out - NHS Digital cannot share patient confidential information for purposes beyond their individual care. Any patient with a type 2 opt-out has had it automatically converted to a national data opt-out from 25 May 2018 and will have received a letter giving them more information and a leaflet explaining the new national data opt-out.
More information, including resources such as patient leaflets and posters can be found at: https://digital.nhs.uk/services/national-data-opt-out-programme