Clinco has been at the forefront of digital documentation and data security in relation to pagination of medical records over the last few years. There are still lots of firms out there using hard copies of medical records; but more and more are turning to digital format to read and transfer the information. Several firms now are totally paperless. Others are paperlight – running at least one set of hard copy records alongside the electronic version. Enthusiasm varies from firm to firm (and fee earner to fee earner) but most say that, however daunting the prospect at the outset, they would not go back to pure hard copy working.
We have been able to deal with a couple of large urgent cases over the last few weeks by making the most of electronic transfer of records and documents. Transfer of documents is instant when using a secure file transfer system. Saving a day at each end will makes a big difference in an urgent case. With no physical packing or movement of boxes, there are fewer stages within the processing of the work.
If the matter is an update, it makes even more difference. If we have had the case before, under our new systems we will already have the previously collated set in digital format and all we need are the additional records to integrate, update and return complete. We completed and returned an update yesterday which had only arrived that morning.
Not all cases are urgent, but the use of electronic resources raises efficiency generally. We are here to put those resources to work on your behalf and are also available to advise on electronic file transfer, records management and data security should that be required. Get in touch if you would like to know more – email@example.com
Happy New Year! This year we will be celebrating 10 years of Clinco being in business. Over that time we have processed tens of thousands of cases – that is millions of pages of medical evidence accurately assessed for ordering and relevance. We’ll be marking the anniversary in March but for the moment, it’s back to work as usual and delivering on our deadlines. We wish all our clients, supporters, friends and suppliers a successful and prosperous 2019.
As we come to the end of 2018 we would like to thank all our clients, suppliers, supporters and friends. We have had a busy and productive time, with an office move to a more central location on our site, successful renewal of our data protection credentials by the ISO27001 auditors and streamlining of procedures to keep workflow efficient.
We have a broader client case than ever before. 2018 has seen us welcome a number of new firms and organisations who are seeking best value, but won’t compromise on quality. Clinco is increasingly a technological hub. We still receive plenty of hardcopy instructions, but are receiving an increasing amount of work via electronic transfer too. Our partnership with Inspire MediLaw led to us attending conferences in obstetrics and gynaecology, brain and spine injury, where talented medical and legal speakers provided invaluable continuing education to our team.
We continue to watch quality and deadlines on a daily basis. Our training and systems drive efficient delivery of both.
We wish everyone a Happy Christmas and a successful New Year!
This week our largest ever case and our smallest ever case were both, by complete coincidence, with us at the same time. Both were sent out on the same day. The small one was only 18 pages. Behind every set of medical records we see, there is a person going through a dreadful time and deserving of our best efforts.
One thing these cases had in common was that they were both urgent and the large one in particular has taken up a lot of resources. It’s good to see them going out on time, and those matters being progressed swiftly as a result. Thank you to our clients for entrusting us with their medical records, which will always have our full attention whatever the size of case.
We’ve had a busy Autumn so far at Clinco. Not much time to enjoy the beautiful sunshine outside! But it’s been a productive and interesting period. We’ll soon be getting in touch with our clients to report to them on activity over the year, to check their preferences are up to date, and offer to assist them in whatever way they require. We like to innovate and streamline, so we’ll also be reporting on new practices in the office, all designed with efficiency and service in mind.
We’ve also been attending to some scheduled ‘housekeeping’ matters, staff reviews and equipment updates…staying on top of the timetable for our internal processes. Feels good to have made time for these things. We’re processing thousands of pages of evidence a week and need to be sure our systems are sound.
One piece of good news for clinical negligence practitioners is that their requests for medical records from healthcare providers should now be met free of charge, and more quickly than was sometimes the case pre-GDPR. Whilst the previous statutory charge of £50.00 (which applied except where the patient was deceased) was generally considered reasonable and had not been increased over the years, it could add up where there were large numbers of providers.
Authority for the change is at Chapter 3, Article 12 of the GDPR. Paragraph 5 reads: “Information provided under Articles 13 and 14…shall be provided free of charge”. Article 13 relates to personal data originating from the data subject and Article 14 to personal data originating elsewhere – medical records arguably could be both, but there is no need to go into this for the purpose of Article 12.
There is an exception to the free of charge principle, but only in the event of unfounded or excessive requests – effectively ‘nuisance’ or malicious approaches. Even then the burden is placed on the data controller to demonstrate that a (limited, administrative) fee is appropriate under the regulations so this looks unlikely to be sought in the context of a professional access request.
I have read that under GDPR, disclosure must be made within 30 days of the request being made. This would represent a considerable improvement on the previous position, in many cases. However when looking at the raw regulations they do not actually require substantive 30 day compliance. They say (Article 12, para 3) “The controller shall provide information on action taken on a request [including access to data] without undue delay and in any event within one month of receipt of the request”. This is not the same thing as providing the data itself within one month. Furthermore the same paragraph allows for a two month extension “where necessary” , again to provide information on action taken rather than provision of the data itself. In the absence of any meaningful deadline, it remains to be seen whether requests will actually be processed faster as appears to be the intention of the GDPR.
The ISO27001 external auditor came to the Clinco offices yesterday to scrutinise our data protection systems. These are subject to annual audit. Having achieved the data protection standard last year, we now have 18 months’ worth of evidence to show commitment and integrity in relation to information security. We took the decision two years ago that, as a leading provider of medical records pagination services, we should also be leading on data protection. All the medical records we are paginating are classified as special category data and we want to show we are protecting that information.
The ISO standard for information security is wide-ranging. Electronic security opens up a whole raft of issues and risks which need to be minimised or eliminated. Physical security is equally important. What we came to realise in the early days of our application for ISO27001 is that almost every aspect of a business can affect information security – from recruitment to continuity planning.
With this in mind it is not surprising that it took five hours of intense scrutiny yesterday for the external auditor to be satisfied that he had examined enough evidence to continue Clinco’s data protection accreditation. He also interviewed our IT support team and the site head of security. I have not seen the full report yet, but I am pleased to report that Clinco’s systems passed with flying colours – no major or even minor non-compliances. We are therefore confident that our services continue to be offered without risk to our clients’ data and in a way which meets compliance requirements in the new data protection landscape.
Well done to the Clinco staff, who made such an impressive contribution to the successful outcome.
We’re just working up to our first external annual audit for ISO27001 – that’s the international data protection standard, which Clinco attained last summer. We’re bringing our first audit a few weeks forward so we can tie it in with the earliest days of GDPR application, but we have now completed a full year’s certified compliance with information security best practice. We still believe we are the only independent pagination service to have achieved this, not surprising to us as it has been a very stringent process. We’re proud to have been the first in line for such an achievement and all credit to our compliance-minded management team and motivated staff for the push forward on standards.
We’ve been able to answer GDPR and other data protection questions with confidence, as a result. We’ve noticed increasing attention being paid to information security, quite rightly in our view, and will continue to seek to improve standards and offer our clients the best available secure pagination service. Apart from that, we’ve noticed benefits in terms of operational efficiency from the internal and external scrutiny of our processes – meaning that we can pass costs savings on to our clients. So it’s a better service, for less. We have invested much time and energy over the last couple of years in this area and are actually looking forward to welcoming the external auditor next week…
We’ve all seen so many articles and commentaries about GDPR in recent weeks that the tendency may be to ‘switch off’. Wrong! Those of us who work daily with highly confidential medical records – as our pagination service does – have a duty of care to the patient to maintain confidentiality by reducing the risk of a data breach. The statutory duty which has existed so far has become outdated, overtaken by technical advances, and in practice has not always been effective. Every day in our work we see ‘wrong patient’ records – medical records which are unrelated to the patient whose records we are ordering, and should never have been disclosed by the healthcare provider. Records have in the past been sent out to experts, pagination services and costs draftsmen whose facilities are not secure and where the patient has not given informed consent (to use a medical analogy).
At Clinco, we decided some time ago to disassociate ourselves from this sort of practice. We didn’t need GDPR to motivate us – we wanted to know we had done everything possible to keep confidential information secure. We were the first medical records pagination service to become ISO27001 certified last year, and we are proud to be leading the way on such an important area. We’ve seen firms of solicitors realise that they too should be making data protection a priority and we’re pleased to be working with firms who have the same ethos that we do.
We’ve seen a couple of very high profile cases in the media recently, where mistakes made by doctors have had tragic consequences. In the case of 6 year old Jack Adcock, paediatrician Dr H Bawa-Garba was criticised (and prosecuted) for errors made leading to his death. In the other case, 5 year old Ellie-May Clark died from an asthma attack after being turned away unseen by her GP for being a few minutes late for an emergency appointment.
Both cases resulted in the death of a young child. It’s beyond words how terribly sad these cases are, and the lives of the families will never be the same after such loss. It’s made immeasurably worse that these deaths may well have been avoidable. No one could presume to know what the families have been through, and have to face for the future.
Whilst not for a moment forgetting their experience and these young lost lives, should we not spare a thought and some sympathy for the doctors involved?
The reality is that many medical decision-makers are making countless life or death judgments every day. How many of us are taking that responsibility in our daily lives? Which of us has never made a professional mistake? As a former claimant lawyer I believe patients should receive competent care and that those providing it should absolutely be accountable. However, I am also grateful to those who are prepared to put their lifetime peace of mind on the line by making difficult decisions on matters where the consequences will frequently be life-changing. Struck off or not, an event of this sort can be career-ending and devastating on a personal level for the person responsible. Let’s see some compassion for those doing a difficult job, often in compromised circumstances.