Analysis: BMA urges GPs not to comply with insurer SARs

clock • 7 min read

GPs providing full patient medical records to insurers risk breaking data protection laws, the Information Commissioner Office (ICO) has warned. Cover looks at this industry practice in greater depth

GPs providing full patient medical records at the request of life offices risk breaking data-protection law and patient's privacy, an investigation by the ICO has concluded.

As a result, The British Medical Association (BMA) has put out communications urging doctors not to comply with requests for full medical records made under the data protection act by insurers. It said this owed to the risk of "excessive" medical information being divulged to insurers.

The association is advising such requests by insurers be returned and instead suggest firms to apply for a written GP medical report. The initial story is covered in more depth on page four.

ICO statement

The ICO said of its investigation into GP reports: "This is a powerful right, designed to ensure individuals can access information held about them within a specified time period and at a nominal cost.

"This right was not designed to underpin the commercial processes of insurers. By making a subject access request [SAR] on a patient's behalf, an insurance company may be provided with a patient's entire medical record, including information that is not relevant for the purpose of underwriting a policy. The ICO has recently written to the insurance industry to explain that we consider that the use of SARs in this way is inappropriate and an abuse of that right.

The ICO added it was concerned that the processing of medical records by insurers once received from GPs is likely to breach the Data Protection Act.

It said: "Patients continue to be able to make SARs to their GP. GPs have ethical obligations around how patient records are shared, and we advise GPs to explain to patients, in broad terms, the implications of making a SAR so they can make a more informed decision on whether they wish to exercise their rights under the Data Protection Act.We also recommend GPs share any responses to SARs directly with patients, rather than to insurance companies."

In addition, The ICO has told GPs that contrary to the BMA's advice, they are still obliged to respond to subject access requests made under the DPA.

It said: "Contrary to comments made by the BMA, GPs must still respond to SARs, in accordance with the guidance published on our website. The right to see personal information held about you by an organisation is an important one, and one from which GPs are not exempt. We will be speaking with the BMA again to further clarify this."

There is clarification to come regarding exactly what the guidelines mean for different parties.

Industry practice

At the moment there are three ways that an insurer can request a patient's medical history from their GP during the underwriting process. These are: a general practice report (GPR), which asks a set of questions on the patient's health); a SAR (or full patient report); and a targeted report.

But the practice of gathering further medical evidence has always been a thorny issue and has been one not really resolved in partnership with GPs and insurers over time.

In 2010, The Association of British Insurers and the BMA agreed a £97 fee for GP reports. They agreed that GPs should supply reports within 21 days.

The agreement expired in March 2011 and was not renewed. Since then, the insurance industry has said that GPs are now taking too long to return the reports, holding up decisions on individuals' underwriting and policy acceptances or terms.

To combat the difficulties, some insurers started using SARs. Supporters of SARs have said that moving away from using GPRs to full reports is a good way to speed up receiving reports from GPs, and having a full medical history helps to weed out the specific information needed for underwriting.

Using a SAR, an individual can ask their GP for access to their full medical records for between £10 to £50. This covers the cost of any administration fees, such as postage for paper reports.

These reports must be supplied within a maximum of 40 days. It is also worth mentioning that SARs are not a legally binding request and customers or GP surgeries can still choose a GPR.

 PTO for insurer views 

 

 

More on Underwriting

Digital underwriting: a step forward?

Digital underwriting: a step forward?

“We need to step back and challenge what we do”

Jaskeet Briah
clock 26 September 2024 • 6 min read
Royal London updates cancer underwriting

Royal London updates cancer underwriting

Focus on inclusivity

Cameron Roberts
clock 29 July 2024 • 2 min read
Best Insurance launches AI underwriting solution

Best Insurance launches AI underwriting solution

Targets accident, sickness and unemployment market

Jaskeet Briah
clock 14 June 2024 • 2 min read

Highlights

COVER Survey: Advisers damning of protection insurer service levels

COVER Survey: Advisers damning of protection insurer service levels

"It takes longer than ever to get underwriting terms"

John Brazier
clock 12 October 2023 • 5 min read
Online reviews trump price for young people selecting life and health cover

Online reviews trump price for young people selecting life and health cover

According to latest ReMark report

John Brazier
clock 11 October 2023 • 2 min read
ABI members with staff neurodiversity policy nearly doubles

ABI members with staff neurodiversity policy nearly doubles

Women within executive teams have grown to 32%

Jaskeet Briah
clock 10 October 2023 • 3 min read