HCS69-Accessing Records of a Deceased Person Policy

Registration Number: {{org_field_registration_no}}

Accessing Records of a Deceased Person Policy

1. Purpose

This policy outlines {{org_field_name}}’s approach to managing requests for access to records of a deceased person. It ensures compliance with legal and ethical obligations while maintaining confidentiality, sensitivity, and respect for the deceased and their loved ones.

As a domiciliary care provider, {{org_field_name}} recognises that access to these records may be necessary for legal, medical, or personal reasons. This policy provides clear guidance to staff, external parties, and Care Inspectorate inspectors on how such requests are managed efficiently and transparently.

Our approach ensures that requests are processed fairly, securely, and in compliance with relevant legislation, while also upholding the dignity and privacy of the deceased individual. This policy also aims to support families and legal representatives by ensuring a straightforward and respectful process.

2. Scope

This policy applies to all records of deceased individuals who received care from {{org_field_name}}. It covers:

Requests from next of kin, executors, legal representatives, or regulatory bodies who have a legitimate interest in accessing records.
Access under legal provisions such as the Access to Health Records Act 1990 (UK), which defines who is entitled to request records and under what circumstances.
Our internal procedures for handling, storing, and disclosing these records to ensure compliance with confidentiality and security standards.
Confidentiality and security measures to protect sensitive information from unauthorised access or disclosure.

It applies to all employees, contractors, and third-party agencies working with {{org_field_name}} who may be involved in processing such requests. Staff must ensure they adhere to the guidelines outlined in this policy when responding to record access requests.

3. Related Policies

To support the implementation of this policy, the following policies provide additional guidance and should be referred to when necessary:

Confidentiality and Data Protection Policy – Covers how sensitive data is managed, stored, and protected.
Records Management and Retention Policy – Outlines the timeframe for storing and disposing of records.
Safeguarding Policy – Ensures that concerns related to the deceased’s well-being prior to death are appropriately managed.
End-of-Life Care Policy – Defines best practices in supporting individuals at the end of their lives and how records should reflect this.
Complaints and Compliments Policy – Details the process for handling disputes or grievances regarding record access requests.

4. Legislative and Regulatory Framework

This policy complies with:

The Access to Health Records Act 1990, which governs access to a deceased person’s health records by authorised individuals.
The General Data Protection Regulation (GDPR) & Data Protection Act 2018, which, while not applicable to deceased individuals, guides secure record handling and access controls.
The Care Inspectorate guidance on record-keeping and access, ensuring compliance with best practices in Scotland.
Health and Social Care Standards, which ensure fairness and respect when handling personal information.
Freedom of Information (Scotland) Act 2002, which may apply in specific cases involving publicly held records.

This framework ensures that our processes for handling access requests align with the latest legal and regulatory requirements.

5. Our Commitments

5.1 Handling Requests for Access to Records

{{org_field_name}} follows a structured process to handle requests efficiently and securely:

Requests must be submitted in writing or by email: {{org_field_registered_manager_email}}, accompanied by proof of identity and legal authority (e.g., executor of the will, legal representative).
Only authorised individuals such as next of kin, executors, or legal representatives may request records.
A request form is provided to streamline the process and ensure all necessary information is collected.
Requests will be processed within 40 days, in line with the Access to Health Records Act 1990.
A secure verification process is in place to ensure that records are only disclosed to entitled persons.
Where legal disputes arise, records will not be released without proper legal guidance and a formal resolution.

5.2 Confidentiality and Ethical Considerations

To uphold privacy and ethical standards:

Records will be released only when there is a legitimate and legal reason.
All disclosures will be logged, detailing the requester, reason for access, and approval process.
Sensitive third-party information will be redacted, unless consent has been obtained from the individuals involved.
Staff are trained to handle such requests with professionalism and sensitivity, ensuring the dignity of the deceased and respect for their loved ones.
The Data Protection Officer {{org_field_data_protection_officer_first_name}} {{org_field_data_protection_officer_last_name}} will oversee complex cases to ensure compliance with legal requirements.

5.3 Storage, Retention, and Security of Records

To ensure secure and appropriate record-keeping:

Records are retained for a minimum of eight years after death, in line with NHS and social care best practices.
Electronic records are stored securely, with encrypted access to protect against unauthorised retrieval.
Paper records are archived securely and destroyed according to approved retention schedules.
Access to records is limited to designated personnel, and all access attempts are logged for audit purposes.

5.4 Handling Disputes and Appeals

In cases where record access is denied or disputed:

A formal explanation will be provided to the requester, outlining the reasons for refusal.
An appeals process is available, allowing disputes to be reviewed by senior management and legal advisors.
Legal advice will be sought where necessary, particularly in cases involving conflicting claims to access records.
Complaints can be escalated to external bodies, such as the Care Inspectorate or the Information Commissioner’s Office (ICO), if necessary.

5.5 Staff Training and Compliance

To ensure all staff members are well-equipped to manage record access requests:

All employees receive annual training on handling confidential records and responding to access requests appropriately.
A designated Data Protection Officer oversees compliance with this policy and provides guidance on complex cases.
Regular audits are conducted to ensure adherence to legal and ethical record-keeping practices.
Staff are encouraged to report any concerns about improper or unauthorised record access to senior management.

6. Monitoring and Compliance

To uphold the integrity of our record management processes, {{org_field_name}} will:

Conduct regular audits of record access logs to ensure proper procedures are followed.
Maintain up-to-date staff training, ensuring all employees understand their responsibilities under this policy.
Implement recommendations from the Care Inspectorate, ensuring alignment with best practices.
Ensure compliance with all legal obligations through internal governance reviews and risk management assessments.

7. Policy Review

This policy will be reviewed annually or sooner if legislative changes, regulatory updates, or operational needs arise.

Any updates to this policy will be communicated to all relevant staff and stakeholders to ensure continued compliance and best practices in handling deceased individuals’ records.

Responsible Person: {{org_field_registered_manager_first_name}} {{org_field_registered_manager_last_name}}
Reviewed on: {{last_update_date}}
Next Review Date: {{next_review_date}}
Copyright © {{current_year}} – {{org_field_name}}. All rights reserved.