Data Regulation Policy
The Harrow Dental Centre applies information provided by the Dental Protection Society which refers to Regulation 20 of the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014 (No 2936) states that:
- The practice will ensure that service users are protected against the risks of unsafe or inappropriate care and treatment arising from a lack of proper information about them by means of the maintenance of an accurate record in respect of each service user which shall include appropriate information and documents in relation to the care and treatment provided to each service user and such other records as are appropriate in relation to the registered person must ensure that the records (which may be in paper or electronic form) are:
– kept securely and can be located promptly when required;
– retained for an appropriate period of time; and
– securely destroyed when it is appropriate to do so.
What should people who our services experience?
People who use services can be confident that:
- Their personal records including medical records are accurate, fit for purpose, held securely and remain confidential.
- Communication with patients will be via text message, email or telephone. Such communication relates to our commitment to ongoing dental care recall or appointment reminders.
- The practice does not send out marketing information.
- Data will be shared only when there is need for referral for a second opinion or specialist care provided by a colleague or hospital.
- Other records required to be kept to protect their safety and well-being are maintained and held securely where required.
This is because providers who comply with the regulations will:
- Keep accurate personalised care, treatment and support records secure and confidential for each person who uses the service.
- Keep those records for the correct amount of time.
- Keep any other records the Care Quality Commission asks them to in relation to the management of the regulated activity.
- Store records in a secure, accessible way that allows them to be located quickly.
- Securely destroy records taking into account any relevant retention schedules.
Accurate dental records can help practitioners to reach a diagnosis, by providing detailed information about the changing oral health status of a patient. Detailed records can also help to prevent adverse incidents occurring, for example, if the records are not clear, the wrong tooth could be treated or a previously noticed carious cavity overlooked.
Access to records
Patients have a statutory right to see records made about their dental care. While they live this is under the Data Protection Act 1998. If they die, the right passes on to those who may have a claim against their estate and arises under the Access to Health Records Act 1990.
Complaints and claims
Despite our efforts to ensure that patients are satisfied with their treatment, unfortunately complaints and claims may arise. Without reference to contemporaneous records a dentist will be heavily disadvantaged in defending allegations. Detailed records of treatment can make the difference between robustly defending or needing to settle a case. For this reason your records will be retained beyond the time when you feel that you no longer wish to avail yourself of our care. The original records therefore remain the property of the Harrow Dental Centre.
How long should records be retained?
This decision is not as simple as it seems. The Data Protection Act says that someone holding sensitive personal data (which includes, dental records) should retain that information no longer than necessary. There is no definition of ‘necessary’; this will depend on individual circumstances.
The Department of Health has come to practitioners’ assistance by setting out some guidance in the Code of Practice on Retention/Disposal of Records. By that guidance practitioners are encouraged to put a maximum period of 30 years on retention. Short of 30 years, the suggests the following:
- Records are retained for 11 years for adults
- Records are retained for 25 years for children
- Dental Protection’s advice would be to retain records for as long as possible. Dental Protection advises that records that relate to complex treatment or particularly difficult patients should be kept for longer, up to 30 years.
- If a dentist decides that it is no longer necessary to keep a dental record, for example, 12 years have passed since an adult last attended for treatment, the record should be destroyed by choosing a method that will ensure that confidentiality is maintained (see section below). If that patient subsequently asks to see their record it is reasonable to say that it was destroyed because it was no longer necessary to be kept. Nowhere is there any suggestion that the patient should be told before destruction.
- There are time limits for patients to make claims for compensation. Generally the time limit is three years from the date of knowledge, but the court does have the discretion to extend this period. Additionally for children time does not start to run until they are 18 years of age or the date of knowledge, whichever is the later date. This means that if a patient does not become aware of the problem for many years, for example, if a patient has undiagnosed and untreated periodontal disease, the case against the practitioner may not be brought until many years after the treatment was provided.
- A patient has indefinite entitlement to access his/her records if he is under a ‘disability’, as a result of an ‘unsound mind’. If a patient falls into this category the usual time limits for patients to bring a claim do not apply. A dentist who is aware of a patient suffering such disability as would prevent him from conducting his life unassisted would be wise to make a note on the records and avoid destroying those in order to ensure that, if a claim were to develop or the patient’s representatives later to seek access, they are available.
Legal obligations about storage of dental records
- A dentist must keep records safely and securely (Data Protection Act principle 7). Keeping them securely also requires that they are kept confidential (employed staff who have been instructed on your security policy are exempt). Access to the records by others must only be given if necessary, and with necessary and appropriate safeguards. The dentist is expected to make, and be able to demonstrate, an assessment of risk in deciding on appropriate security measures.
Is there a legal requirement about disposing of paper or computer held records?
- The Information Commissioner gives detailed and useful guidance on security measures and how safely to destroy records, in particular computer records which, though deleted, often remain accessible.
Does a dentist have an obligation to disclose patient records whilst retained in their possession?
The right of access to records is either under the Data Protection Act or the Access to Health Records Act as above. A discretionary fee of up to £10 (£50 for manual records) can be charged and disclosure must take place as quickly as possible but in any event within 40 days of receipt of the signed patient authority (request). Whatever fee is requested should be capable of being justified.
What should a dentist do if someone other than the patient asks for access to his confidential records?
A common example is that of the police contacting a dentist requesting access to the dental records of patients who attended a particular surgery to establish an address for what is obviously a known suspect. It may be that the police have a Court Order or a Statutory Right to compel disclosure. In that situation there would be no breach of the dentist’s professional or common law duty to maintain confidentiality. If a request is made for the confidential information in connection with legal proceedings it is very unlikely that disclosure should take place unless a Court Order is produced. In any event, if a dentist is satisfied it is necessary to disclose, he must consider whether he should ask for the patient’s consent, whether he can anonymise the disclosure and limit the disclosure to the extent necessary. He should also think about whether any other individual name identified has consented to the disclosure and whether the records should be redacted before disclosure.
As a general rule, if a patient has not consented to disclosure of the confidential information, in the absence of a Court Order, disclosure is likely to be unreasonable.