Subject access requests might seem a panacea to an industry inundated with GP reports. But there are side-effects for everyone in the chain, writes Chris Pollard.
It has recently been reported that some providers have chosen to move away from traditional GP medical reports, instead obtaining medical information through their customers who exercise their data protection rights by making subject access requests (SARs).
While this raises a number of questions, one of the most obvious is: "What was broken, breaking or in need of a fix, and does this new approach improve the situation?"
As an insurance provider, our purpose is to offer policies for customers to protect those they love, should they fall ill or die. To do this, we take a number of factors into account. The customer's current state of health is the most important in determining how much and what type of protection can be provided, and at what cost.
Advances in technology are such that most customers can be insured immediately. However, for the remainder, there is a need to look more closely at their situation, usually with the help of the customer's GP.
The Association of British Insurers (ABI), as the representative of the insurance industry, and the British Medical Association (BMA), which represents more than two-thirds of practising UK doctors, has put in place numerous agreements and codes, but one treaty over fees and turnaround times expired in March 2011 and remains unresolved to this day.
In the underwriting world, there are only two reasons a GP will receive a request for medical information. The main one is there is specific information disclosed on the application form that requires expert and reliable validation.
The second reason will be when the level of cover exceeds the underwriting limit, regardless of what may be on the application.
In the first scenario, the insurer is most likely to request specific information, while in the second, a standard report (one agreed between the ABI and BMA) is produced.
STUMBLING BLOCKS
So, what problems has this approach caused those involved in this process - the provider, the adviser, the customer and their doctor - and how will these problems be resolved by moving from the current process of requesting a GP report to a new system whereby the customer uses the legal right to submit an SAR?
Under the established system, consent is required to get a GP report. This means that the insurance provider must give the customer's GP evidence of consent by way of a declaration and signature from the patient in accordance with the 1988 Access to Medical Records Acts.