This site is intended for health professionals only
CCGs should fund data protection officers to help overworked practices cope with patient data requests, the GP partnership review has suggested.
The review, which was commissioned by the Government and independently chaired by GP Dr Nigel Watson, said the ‘burden’ of the General Data Protection Regulation (GDPR) was disproportionately high for GPs and needed to be addressed.
Under GDPR, which took effect in May, GPs have to comply with requests for data from patients within one month and cannot charge patients or solicitors for a copy of health records.
GPs must also designate a data protection officer to monitor compliance and act as a point of contact for patients requesting access to their data. They can be appointed within the practice, shared with another practice, or appointed externally by CCGs or health boards.
The review, published today, said: ‘This burden should be recognised and supported, which could include the provision of resources such as a data protection officer by CCGs.’
Earlier this month culture, media and sport minister Margot James ruled out exempting GPs from GDPR so they could charge patients for access to data.
Speaking to our sister publication Pulse, where this story was first published, Dr Watson said GDPR was having a ‘disproportionate impact’ on general practice, and while other small businesses can pass the charge onto their customers, practices cannot do that.
He said: ‘Many have a full-time person photocopying or printing out notes for patients or solicitors asking for subject access requests. So the cost to practices – now they can’t charge – is quite significant and is being borne by practices.
‘We are suggesting the NHS or Government needs to take recognition of that. This has a financial impact on general practice. And therefore there needs to be some resource to go with it.’
GPC IT lead Dr Paul Cundy said: ‘I think every little helps…I would have worries about CCGs having the competence to provide data protection officers but direct re-imbursement of practice-provided data protection time would be welcomed.’
NHS England previously said that CCGs have a ‘responsibility to provide support for data protection officers’ although the details of how that is done is up to individual CCGs.
Pulse reported in October that commissioners in parts of England were suggesting charging GPs hundreds of pounds a year to access data protection officers. In one case, NHS Bedfordshire CCG said GPs would have to pay £1,800, although later claimed this was an ‘early estimate’.
Meanwhile, practices in Scotland will have data officers provided for them by health boards at no cost, the Scottish Government announced in December.
This story was first published on our sister publication Pulse.