As we come to the end of 2018 we would like to thank all our clients, suppliers, supporters and friends. We have had a busy and productive time, with an office move to a more central location on our site, successful renewal of our data protection credentials by the ISO27001 auditors and streamlining of procedures to keep workflow efficient.
We have a broader client case than ever before. 2018 has seen us welcome a number of new firms and organisations who are seeking best value, but won’t compromise on quality. Clinco is increasingly a technological hub. We still receive plenty of hardcopy instructions, but are receiving an increasing amount of work via electronic transfer too. Our partnership with Inspire MediLaw led to us attending conferences in obstetrics and gynaecology, brain and spine injury, where talented medical and legal speakers provided invaluable continuing education to our team.
We continue to watch quality and deadlines on a daily basis. Our training and systems drive efficient delivery of both.
We wish everyone a Happy Christmas and a successful New Year!
This week our largest ever case and our smallest ever case were both, by complete coincidence, with us at the same time. Both were sent out on the same day. The small one was only 18 pages. Behind every set of medical records we see, there is a person going through a dreadful time and deserving of our best efforts.
One thing these cases had in common was that they were both urgent and the large one in particular has taken up a lot of resources. It’s good to see them going out on time, and those matters being progressed swiftly as a result. Thank you to our clients for entrusting us with their medical records, which will always have our full attention whatever the size of case.
We’ve had a busy Autumn so far at Clinco. Not much time to enjoy the beautiful sunshine outside! But it’s been a productive and interesting period. We’ll soon be getting in touch with our clients to report to them on activity over the year, to check their preferences are up to date, and offer to assist them in whatever way they require. We like to innovate and streamline, so we’ll also be reporting on new practices in the office, all designed with efficiency and service in mind.
We’ve also been attending to some scheduled ‘housekeeping’ matters, staff reviews and equipment updates…staying on top of the timetable for our internal processes. Feels good to have made time for these things. We’re processing thousands of pages of evidence a week and need to be sure our systems are sound.
One piece of good news for clinical negligence practitioners is that their requests for medical records from healthcare providers should now be met free of charge, and more quickly than was sometimes the case pre-GDPR. Whilst the previous statutory charge of £50.00 (which applied except where the patient was deceased) was generally considered reasonable and had not been increased over the years, it could add up where there were large numbers of providers.
Authority for the change is at Chapter 3, Article 12 of the GDPR. Paragraph 5 reads: “Information provided under Articles 13 and 14…shall be provided free of charge”. Article 13 relates to personal data originating from the data subject and Article 14 to personal data originating elsewhere – medical records arguably could be both, but there is no need to go into this for the purpose of Article 12.
There is an exception to the free of charge principle, but only in the event of unfounded or excessive requests – effectively ‘nuisance’ or malicious approaches. Even then the burden is placed on the data controller to demonstrate that a (limited, administrative) fee is appropriate under the regulations so this looks unlikely to be sought in the context of a professional access request.
I have read that under GDPR, disclosure must be made within 30 days of the request being made. This would represent a considerable improvement on the previous position, in many cases. However when looking at the raw regulations they do not actually require substantive 30 day compliance. They say (Article 12, para 3) “The controller shall provide information on action taken on a request [including access to data] without undue delay and in any event within one month of receipt of the request”. This is not the same thing as providing the data itself within one month. Furthermore the same paragraph allows for a two month extension “where necessary” , again to provide information on action taken rather than provision of the data itself. In the absence of any meaningful deadline, it remains to be seen whether requests will actually be processed faster as appears to be the intention of the GDPR.
The ISO27001 external auditor came to the Clinco offices yesterday to scrutinise our data protection systems. These are subject to annual audit. Having achieved the data protection standard last year, we now have 18 months’ worth of evidence to show commitment and integrity in relation to information security. We took the decision two years ago that, as a leading provider of medical records pagination services, we should also be leading on data protection. All the medical records we are paginating are classified as special category data and we want to show we are protecting that information.
The ISO standard for information security is wide-ranging. Electronic security opens up a whole raft of issues and risks which need to be minimised or eliminated. Physical security is equally important. What we came to realise in the early days of our application for ISO27001 is that almost every aspect of a business can affect information security – from recruitment to continuity planning.
With this in mind it is not surprising that it took five hours of intense scrutiny yesterday for the external auditor to be satisfied that he had examined enough evidence to continue Clinco’s data protection accreditation. He also interviewed our IT support team and the site head of security. I have not seen the full report yet, but I am pleased to report that Clinco’s systems passed with flying colours – no major or even minor non-compliances. We are therefore confident that our services continue to be offered without risk to our clients’ data and in a way which meets compliance requirements in the new data protection landscape.
Well done to the Clinco staff, who made such an impressive contribution to the successful outcome.
We’re just working up to our first external annual audit for ISO27001 – that’s the international data protection standard, which Clinco attained last summer. We’re bringing our first audit a few weeks forward so we can tie it in with the earliest days of GDPR application, but we have now completed a full year’s certified compliance with information security best practice. We still believe we are the only independent pagination service to have achieved this, not surprising to us as it has been a very stringent process. We’re proud to have been the first in line for such an achievement and all credit to our compliance-minded management team and motivated staff for the push forward on standards.
We’ve been able to answer GDPR and other data protection questions with confidence, as a result. We’ve noticed increasing attention being paid to information security, quite rightly in our view, and will continue to seek to improve standards and offer our clients the best available secure pagination service. Apart from that, we’ve noticed benefits in terms of operational efficiency from the internal and external scrutiny of our processes – meaning that we can pass costs savings on to our clients. So it’s a better service, for less. We have invested much time and energy over the last couple of years in this area and are actually looking forward to welcoming the external auditor next week…
We’ve all seen so many articles and commentaries about GDPR in recent weeks that the tendency may be to ‘switch off’. Wrong! Those of us who work daily with highly confidential medical records – as our pagination service does – have a duty of care to the patient to maintain confidentiality by reducing the risk of a data breach. The statutory duty which has existed so far has become outdated, overtaken by technical advances, and in practice has not always been effective. Every day in our work we see ‘wrong patient’ records – medical records which are unrelated to the patient whose records we are ordering, and should never have been disclosed by the healthcare provider. Records have in the past been sent out to experts, pagination services and costs draftsmen whose facilities are not secure and where the patient has not given informed consent (to use a medical analogy).
At Clinco, we decided some time ago to disassociate ourselves from this sort of practice. We didn’t need GDPR to motivate us – we wanted to know we had done everything possible to keep confidential information secure. We were the first medical records pagination service to become ISO27001 certified last year, and we are proud to be leading the way on such an important area. We’ve seen firms of solicitors realise that they too should be making data protection a priority and we’re pleased to be working with firms who have the same ethos that we do.
We’ve seen a couple of very high profile cases in the media recently, where mistakes made by doctors have had tragic consequences. In the case of 6 year old Jack Adcock, paediatrician Dr H Bawa-Garba was criticised (and prosecuted) for errors made leading to his death. In the other case, 5 year old Ellie-May Clark died from an asthma attack after being turned away unseen by her GP for being a few minutes late for an emergency appointment.
Both cases resulted in the death of a young child. It’s beyond words how terribly sad these cases are, and the lives of the families will never be the same after such loss. It’s made immeasurably worse that these deaths may well have been avoidable. No one could presume to know what the families have been through, and have to face for the future.
Whilst not for a moment forgetting their experience and these young lost lives, should we not spare a thought and some sympathy for the doctors involved?
The reality is that many medical decision-makers are making countless life or death judgments every day. How many of us are taking that responsibility in our daily lives? Which of us has never made a professional mistake? As a former claimant lawyer I believe patients should receive competent care and that those providing it should absolutely be accountable. However, I am also grateful to those who are prepared to put their lifetime peace of mind on the line by making difficult decisions on matters where the consequences will frequently be life-changing. Struck off or not, an event of this sort can be career-ending and devastating on a personal level for the person responsible. Let’s see some compassion for those doing a difficult job, often in compromised circumstances.
A front page article published in the Telegraph last week used very emotive language when discussing the costs of clinical negligence claims – the potential bankruptcy of the NHS, no less, by implication due to the greed of claimants and their lawyers. I think the article was about the recent changes to the discount rate but this wasn’t made clear or explored in any way. The drawing up of lines between the good and the bad, and portraying the injured patient as the enemy of the NHS, is extremely unhelpful. Those of us who have practised in clinical negligence have seen countless injured patients who do not want money – they want to prevent a similar event happening to someone else, and feel the legal process is the only way to get true accountability. Others are seeking recompense on behalf of a child who may need costly care well into the future, beyond the ability of the family to provide. Others do require compensation for themselves – and why should they not be compensated? They have by definition suffered avoidable harm as a result of a mistake which should never have occurred. This test is strictly applied and assessed not by the patient, nor even the lawyer, but by medical experts in the same specialty and ultimately, if necessary, the court. The claimant may need that compensation to achieve even a degree of his or her former independence or quality of life.
Ask any claimant – he or she would always prefer not to have been injured than to go through the legal process, even successfully. Ask any decent clinical negligence lawyer – he or she would also rather avoidable injuries did not occur.
It is simplistic and dangerous to say that these claims are costing too much and should be shut down. The right approach would be to address the root causes to reduce the numbers of preventable medical accidents, and to be proactive about compensating avoidably injured patients promptly and fairly.
In any obstetric case where the labour is an area of focus – which will be most cases – the expert needs to scrutinise the CTG traces. We do see cases where the CTG traces are simply not disclosed – in which case a good pagination service will identify the traces by date and time of commencement so they can be obtained from the Trust. Where the traces are disclosed, they are often copied onto A4 sheets, each of which only shows a part of the trace. This is not an acceptable way to present the evidence to the expert, who needs to be sure that the entire document is there and to assess it in continuous form rather than piecemeal. We are able to copy CTG traces continuously to replicate the original document. Not only can we produce the hard copy but we can also provide an electronic version to include in paperless bundles of records. We’ve received increasing numbers of requests for this service, which we provide either alongside collation of the full medical records, or standalone. Turnaround is 5 working days. All documents, whether hard copy or electronic are transferred securely to satisfy the stringent data protection standards of ISO27001.