Principles to follow
The Association of British Insurers published a set of high level principles on requesting and obtaining medical information electronically from GPs. The principles were developed with input from the BMA and the ICO.
Compliance with these principles will ensure that the release of electronic medical information for insurance purposes will be in line, or be a higher data protection standard, than the paper-based system.
We have separate guidance on the Access to medical reports legislation.
Practices should seek to agree the fee with the requestor in advance of completion. Practices may also wish to seek advanced payment.
The use of electronic signatures
We have been aware of the move towards electronic patient consent within the insurance industry. Where practices agree with the insurance company to provide a GP report, the legal position is that electronic consent is acceptable.
Handling subject access requests
Should a practice receive a subject access request from an insurer, our guidance, which is based on advice from the ICO, should be followed.
Releasing medical information
Sometimes insurers need medical information to verify a claim, for example before a company organises repatriation of an insured person taken ill abroad. In these circumstances a medical report is not necessary.
Consent is needed before information is disclosed to insurance companies for the purpose of verifying claims. The company must approach the patient for permission to release information to verify the claim. Evidence of that consent must be provided to the patient's doctor.