Medical records model needs treatment
A patient’s wishes about the release or reuse of their records following death is not formally recorded – this needs to change
The events surrounding the death of Savita Halappanavar, in particular the reported struggle between her husband and the Health Service Executive (HSE) over her medical records, have placed the spotlight on the current laws governing the medical records of deceased persons.
Despite claims to the contrary, medical records are not the subject of ownership, at least not in the commonly understood meaning of the term.
In relation to the public healthcare system the HSE is, in effect, a custodian that holds a patient’s medical records for specific purposes.
Certain principles, rights and obligations exist in relation to them, which seek to reconcile the rights and interests of the decedent, the surviving family, medical institutions and staff, and the wider public interest.
Code of practice
The HSE is required to maintain the confidentiality and security of medical records. In line with the current Code of Practice for Healthcare Records Management (2007), in the acute hospital setting, medical records are generally retained for eight years following the death of a patient after which they should be destroyed securely (although some categories of record have different retention periods).
Confidentiality is a time-honoured and fundamental principle of medical ethics, central to the establishment of trust between patients and doctors. A patient’s information and medical records remain confidential even after death.
The principle of doctor-patient confidentiality has also been recognised in law. While alive a patient can also rely on the Data Protection Acts to limit the use and processing of sensitive personal data but this protection ends at death in Ireland.
There are circumstances where information contained in a deceased person’s medical records may be disclosed. The law recognises that the public interest in recording and ascertaining, in a public manner, the cause of a person’s death does outweigh the confidentiality of the doctor-patient relationship.
So, for example, there is a legal requirement to record the cause of death on death certificates in Ireland or, where the cause of death cannot be explained, an inquest, an official public inquiry presided over by a coroner, may be held to establish the facts .
Further situations have been recognised in law where the medical records of a deceased person may be disclosed but these are tightly regulated. Disclosure can be ordered by a court, as happened, in the case of Daniel McAnaspie (HSE -v- McAnaspie IEHC 477) where his next of kin was granted access to his records prepared pursuant to a child care order.
Specific types of inquiry or investigation have authority to lawfully access medical records. This is not always the case and HSE clinical reviews/investigations may require a court order to access relevant files and records.
The most common route for surviving family members or next of kin to access the medical records of a deceased relative is under the Freedom of Information Acts and regulations.
The HSE Code of Practice for Healthcare Records Management recognises that due to the sensitivity of information contained in medical records, and the inability to consult with the deceased patient, “all applications for access to deceased person’s records must be processed under the Freedom of Information Acts”.