As veterinary surgeons and nurses, we have a professional duty, imposed by the RCVS, to keep “clear and accurate detailed clinical and client records”. Not only are good records essential for joined-up patient care, they can also prove pivotal in dispute resolution when things go wrong. For the purpose of this article, records fall broadly into four categories: clinical (patient) records; client records; audits; and reports created in contemplation of claims or complaints.
Clinical records
Clinical records document information relating to the patient, such as clinical findings, test results, treatment plans, outcomes and communications that are relevant to clinical decision making. Clear, concise, contemporaneous clinical records can be crucial to the VDS’s ability to defend its members’ actions because they provide powerful evidence of the circumstances of a case, what was said and what was done.
Clinical records are owned by the practice. Information about an animal is not considered personal data under the GDPR, therefore clients do not have the right to view clinical records via a subject access request, except insofar as such documents record personal data (such as a client’s name and address). However, the RCVS expects you to disclose copies of clinical records when they are requested by (or with the authority of) the owner. This includes relevant records that have come from other practices if they relate to the same animal and the same owner. It does not include records that relate to the same animal but a different owner.
In addition, clinical records are normally stored against a client’s name and address. Following the introduction of GDPR, the RCVS has amended its advice regarding the transfer of clinical records to another practice and now expects you to obtain the explicit consent of your clients to do so, unless all personal data is redacted.
Client records
Client records, such as contact details and financial information, are personal data and are therefore subject to the GDPR. Individuals have a right to access such documents in full via a subject access request. Such requests can be verbal or in writing, you have one month to respond and, in most cases, you cannot charge a fee for providing the information.
Audits
Practices may generate reports relating to internal quality assurance or investigations, such as audits of patient outcomes or “significant event” reviews, which may inform “morbidity and mortality” meetings. These often relate to specific animals and, by default, their owners. If they are not anonymised, the personal data contained within these reports may be disclosable in response to a subject access request under the GDPR.
Reports created in contemplation of claims or complaints
Documents may be produced because a formal legal claim or complaint is in progress or has been threatened, or because there is a reasonable prospect that either may happen. Such documents are not routinely disclosable to the client, not even under a subject access request, or to the RCVS, which might request documents as part of an investigation.
Examples of such documents include those recording the internal investigations of complaints or mistakes, such as VetSafe reports, reports to the VDS documenting your involvement in a case or even a pre-emptive, contemporaneous note of potentially contentious circumstances that might be made for internal purposes whilst memories are fresh.