We’ve all seen so many articles and commentaries about GDPR in recent weeks that the tendency may be to ‘switch off’. Wrong! Those of us who work daily with highly confidential medical records – as our pagination service does – have a duty of care to the patient to maintain confidentiality by reducing the risk of a data breach. The statutory duty which has existed so far has become outdated, overtaken by technical advances, and in practice has not always been effective. Every day in our work we see ‘wrong patient’ records – medical records which are unrelated to the patient whose records we are ordering, and should never have been disclosed by the healthcare provider. Records have in the past been sent out to experts, pagination services and costs draftsmen whose facilities are not secure and where the patient has not given informed consent (to use a medical analogy).
At Clinco, we decided some time ago to disassociate ourselves from this sort of practice. We didn’t need GDPR to motivate us – we wanted to know we had done everything possible to keep confidential information secure. We were the first medical records pagination service to become ISO27001 certified last year, and we are proud to be leading the way on such an important area. We’ve seen firms of solicitors realise that they too should be making data protection a priority and we’re pleased to be working with firms who have the same ethos that we do.