CHW173-Accessing Records of a Deceased Person Policy
{{org_field_logo}}
{{org_field_name}}
Registration Number: {{org_field_registration_no}}
Accessing Records of a Deceased Person Policy
1. Purpose
The purpose of this policy is to ensure that all requests to access the records of a deceased person previously cared for at {{org_field_name}} are handled sensitively, lawfully, and in accordance with the applicable legislation and CIW regulations. This policy outlines the process by which such records may be requested, reviewed, and disclosed, while protecting the confidentiality of the deceased and respecting the rights of surviving family members, legal representatives, and professionals involved. It complies with the Access to Health Records Act 1990, Data Protection Act 2018, and Regulation and Inspection of Social Care (Wales) Act 2016 and supports CIW’s standards for governance, information management, and rights-based care.
2. Scope
This policy applies to all staff at {{org_field_name}} involved in the handling, storing, and disclosing of personal records. It also applies to any third party—such as family members, legal representatives, solicitors, coroners, and statutory bodies—requesting access to the records of a person who has died while receiving care at the service. It provides guidance to the Registered Manager, Data Protection Officer, and any staff member handling such enquiries.
3. Related Policies
This policy should be read in conjunction with:
CHW04 – Good Governance
CHW13 – Safeguarding Adults from Abuse and Improper Treatment Policy
CHW14 – Receiving and Acting on Complaints Policy
CHW34 – Confidentiality and Data Protection (GDPR) – Service User Policy
CHW35 – Duty of Candour Policy
CHW38 – End of Life and Palliative Care Policy
4. Policy Statement and Legal Framework
Following the death of a service user, their personal and care records remain confidential and protected under the Access to Health Records Act 1990, which governs access to records of deceased individuals. While the UK General Data Protection Regulation (UK GDPR) does not apply to the deceased, professional confidentiality and ethical duties still apply. Only those with a legal right or legitimate interest may access the deceased’s records. At {{org_field_name}}, we handle these requests carefully, ensuring transparency, accountability, and compassion.
5. Retention and Secure Storage of Records
After a person’s death, their personal records—including care notes, medical records, personal plans, correspondence, and risk assessments—are securely archived for a minimum period of eight years in line with the NHS Records Management Code of Practice and CIW guidance. Records are stored securely either in locked filing cabinets or in encrypted digital systems with access restricted to authorised personnel only. The Data Protection Officer, {{org_field_data_protection_officer_first_name}} {{org_field_data_protection_officer_last_name}}, ensures appropriate data retention, access control, and audit trails are maintained.
6. Who Can Request Access to Records
The following individuals may request access to the records of a deceased person:
- The executor or administrator of the deceased’s estate
- A person who has a claim arising from the individual’s death
- A solicitor acting on behalf of the estate or claimant
- A statutory body or authority, such as a coroner, court, ombudsman, or CIW
- Police or safeguarding services with legal justification
- Family members or next of kin where there is a legitimate interest (subject to lawful justification and evidence of relationship or purpose)
Each request must be made in writing and accompanied by appropriate identification and legal authority (e.g., grant of probate, letter of administration, power of attorney if still applicable, or written consent from the estate’s legal representative).
7. Request Process and Timescales
Requests to access records must be directed to the Registered Manager at {{org_field_registered_manager_email}}. The following steps apply:
- The requestor submits a written request specifying what records are being sought and for what purpose
- The request is acknowledged within five working days
- Identification and authority documents are verified by the Registered Manager and/or {{org_field_data_protection_officer_first_name}} {{org_field_data_protection_officer_last_name}}
- The request is assessed to determine if disclosure is lawful, necessary, and proportionate
- A response is provided within 21 days, or 40 days if a longer review is necessary, as guided by the Access to Health Records Act
- Where access is granted, copies of relevant records are provided securely, with irrelevant or sensitive third-party information redacted if necessary
- A full record of the request and response is retained in the access log maintained by the Registered Manager
8. Grounds for Refusal or Redaction
We reserve the right to withhold or redact information if:
- Disclosure would cause serious harm to the physical or mental health of any individual
- Information relates to a third party who has not consented and whose identity cannot be anonymised
- The request is not supported by legal or evidential authority
- The record contains sensitive information not relevant to the purpose of the request
If access is refused, a written explanation is provided, and the requestor is informed of their right to appeal or seek legal advice. We cooperate fully with CIW, coroners, and the courts where access is lawfully mandated.
9. Safeguarding and Sensitive Cases
In cases involving safeguarding investigations, abuse allegations, or criminal matters, we liaise closely with the relevant safeguarding authority, police, or legal representatives. Any requests for records relating to such investigations are handled under strict supervision and legal guidance. The Safeguarding Lead, {{org_field_safeguarding_lead_name}}, is consulted in all such cases.
10. Staff Responsibilities and Training
All staff receive training in confidentiality, data protection, and record-keeping as part of their induction and annual refresher programme. Only designated staff may access and handle archived records. Any staff member receiving a request for records must refer it immediately to the Registered Manager or Data Protection Officer and must not disclose any information without authorisation.
11. Auditing and Quality Assurance
Requests for access to deceased person’s records are logged, reviewed, and audited as part of our governance processes. This includes reviewing trends, response times, outcomes, and compliance with legal standards. Any issues identified are addressed during management meetings and reflected in our Quality of Care Review and CIW compliance monitoring.
12. Policy Review
This policy will be reviewed annually or sooner in response to changes in legislation, guidance from CIW or the Information Commissioner’s Office, or following a request or incident relating to access to deceased individuals’ records. Updates are communicated to all relevant staff and included in training programmes.
Responsible Person: {{org_field_registered_manager_first_name}} {{org_field_registered_manager_last_name}}
Reviewed on: {{last_update_date}}
Next Review Date: {{next_review_date}}
Copyright © {{current_year}} – {{org_field_name}}. All rights reserved.