Are you wondering if it is possible to know the name of the professionals who have accessed my clinical history? There are multiple judicial RedGIF
rulings that have sentenced physiotherapists, doctors, nurses, etc. to several years in prison and a few more years of disqualification for accessing medical records without authorization.
Headlines like the following abound in our daily lives:
“The Supreme Court ratified the sentence of two years and six months for two physiotherapists from a public hospital who entered the clinical record of a colleague and commented on it in front of other patients.”
“The Pontevedra Court sentences a nurse who accessed the medical records of her ex-boyfriend and his partner to three years and ten months in prison.”
If Law 41/2002 regulating patient autonomy establishes that access to medical history is limited to health personnel directly involved in the patient’s treatment, and that, therefore, these data cannot be consulted by health personnel without a cause justified by law. How can we know if health personnel are failing to comply with this Law?
Although it seems simple, or rather it
should be, it is by no means simple, and in this article we will see why.
Who can access my medical history?
As we mentioned, regarding the and access to a patient’s health data, by health personnel for their own purposes, it may entail responsibilities, not only for the professional, but also for the entity where you work.
However, there are some exceptions to this general rule, in the following cases:
- Due to an investigation by order of the competent judicial authority, and only for the specific purposes of said investigation.
- For epidemiological reasons , to prevent serious health risks or dangers for the population.
- To plan and evaluate the quality of care , as long as it is carried out by accredited health personnel.
Although, as a general rule, only the healthcare professional who is treating the patient will be able to see your medical history.
Right of access to my history and data protection
The Spanish Data Protection Agency (AEPD) in legal report 171/2008 and in Resolution R/00948/2011 included this important limitation on the right of access to medical records, warning that, unless a law expressly allows it, The right of access does not include the identification of the health professionals who access the medical record.
That is, when a patient exercises their right of access due to suspicions of non-consensual access to their medical history, said information does not
include knowing who has access to the medical history.
This has been criticized on several occasions by the sector, considering that it contradicts what is established in privacy regulations. Consequently, the information contained in your medical history can be accessed, but not who has had access to it.
Alternatives to access the data of healthcare providers who have visited my medical history without authorization
If you are aware that improper access has been made to your medical history, you can send a request for a review of this clinical history data to the health inspection of the corresponding autonomous community, who among its functions is entrusted with reviewing and evaluating this type of requests, and if it is considered necessary, request these data for study and undertake the actions it considers necessary in view of them.
However, the above does not mean that, a priori, the body responsible for analyzing such improper access will provide us with the personal data of the health workers who have accessed the medical history, but rather that these data will be accessible only by the inspector staff. , who will take the relevant measures in accordance with the applicable regulations.
As an alternative, it establishes the sec. 6ª, A 07-12-2022 in a case in which a patient had indications that his relatives had accessed his medical history improperly that although “ the Complainant requests the Canarian Health Service to provide him with information about the people who have accessed your medical data and inform you of when it was accessed, and from where, but not the identity of the person who did it, as the Data Protection Agency prevents it, and a complaint is filed so that the judicial authority can order the administrative, provision of the identity data of the people who have accessed the patient’s medical history in case the facts constitute a crime. ”
(…) “In the case being examined, there is no reason or motive that justifies, in principle and for the sole purposes of this resolution, access from Arucas to the medical history of a patient who is in Vecindario.
For this reason, and for the fact that simple unjustified access is already criminal, the estimation of resources is justified in order to investigate the crime, that is, to agree to notify the SCS to facilitate the identity of the people who accessed the complainant’s medical history at the Arucas Health Center on the dates August 30, September 20, October 11 and November 2, all of them in 2021.
Likewise, the Investigating Judge will also investigate any access made on other dates from that or another hospital center that he considers suspicious and unfounded, that is, for which there are indications that no reason justifies it.”
It follows that, in the event that there are well-founded suspicions of access to the clinical history, the Judge investigating the case (upon a complaint from the interested party) may request the competent administrative body, which sent the personal data of the person to the Court. those people who have accessed the patient’s medical history improperly.
Our team of at Letslaw by RSM have extensive experience and knowledge in the sector. Contact us so we can advise you if you need help in this matter or any other of the services we offer.