Using a medical collation service – regulation and compliance

It’s become common practice in recent years for clinical negligence practitioners to use a collation service – to order and paginate the medical records, and often to provide a chronological summary of events.

Outsourcing makes great sense and there’s been a natural uptake from medical lawyers, who are used to sending records out for other purposes – primarily to their medical experts.

However, outsourcing the pagination of the records (or any onward processing of personal and sensitive data) is about to get a lot more involved with the imminent arrival of the GDPR (General Data Protection Regulation) due to come into force in May 2018.  The GDPR (Articles 28 and 29, Recitals 81) imposes a high duty of care on firms, as data controllers, in approving data processing service providers (including collators).  Compliance with this duty of care is going to require implementation and maintenance of a service provider procurement process, to show the data protection credentials on which the collation service has been selected. It is also going to mean a contract put in place to set out the collation service’s obligations (for example, in relation to technical and organisational measures taken to reduce the risk of data loss).

In fact, a formal contractual relationship is already required by the SRA where ‘legal activities’ (likely to include collation services) are concerned – Outcome 7.10 (b) of the SRA Code of Conduct.  Similarly, the Code of Conduct on client confidentiality (Outcomes 4.1 and 4.5) requires that firms must be able to demonstrate how they are satisfied that outsourcing suppliers take all appropriate steps to ensure client confidentiality.

We know that a high proportion of collation services provided in the UK have not previously been provided under contract, and that it’s been rare for enquiry to be made, in the past, into outsourcing confidentiality standards.

We’ve noticed that this is changing and, at Clinco, we welcome that change.  We believe in high standards and consider that protection of the sensitive data we are managing is paramount.  We have been working for some time on our electronic and hard copy systems to ensure that a data breach should not occur, and now we have become the only medical records collation service in the UK to be accredited with ISO27001; which demonstrates the extent of our commitment to information security.

If you are a departmental head or COLP, or just a compliance-minded fee earner, and would like to put yourself in a good position to comply with the SRA and GDPR requirements when you send your medical records out for collation, then consider sending them to Clinco.   You’ll get an excellent service too.

Whitepaper review EU GDPR

 

Scroll to Top