Requests for medical information from insurers

We cover what you need to know when dealing with requests from insurance companies - principles to follow, subject access requests and electronic signatures.

Location: UK
Audience: GPs Practice managers
Updated: Friday 28 June 2024
GP practice article illustration

Principles to follow

The Association of British Insurers published a set of high level principles on requesting and obtaining medical information electronically from GPs. The principles were developed with input from the BMA and the ICO.

Compliance with these principles will ensure that the release of electronic medical information for insurance purposes will be in line, or be a higher data protection standard, than the paper-based system.

ABI - obtaining medical information

We have separate guidance on the Access to medical reports legislation.

Practices should seek to agree the fee with the requestor in advance of completion. Practices may also wish to seek advanced payment.

 

The use of electronic signatures

We have been aware of the move towards electronic patient consent within the insurance industry. Where practices agree with the insurance company to provide a GP report, the legal position is that electronic consent is acceptable.

ABI - electronic signatures

 

Handling subject access requests

Should a practice receive a subject access request from an insurer, our guidance, which is based on advice from the ICO, should be followed.

Releasing medical information

Sometimes insurers need medical information to verify a claim, for example before a company organises repatriation of an insured person taken ill abroad. In these circumstances a medical report is not necessary.

Consent is needed before information is disclosed to insurance companies for the purpose of verifying claims. The company must approach the patient for permission to release information to verify the claim. Evidence of that consent must be provided to the patient's doctor.