Introduction
This guidance relates to requests from the Police for access to personal information held by us on a data subject. This will usually be a patient, but it could also be another individual. The words data subject, individual and patient have been used where relevant.
This guidance does not deal with reports to the police we make with regards to criminal offences or threatening and abusive conduct. These reports can still be made whenever it is deemed necessary by a member of staff
These request by the Police are not subject access requests.
The paper also provides guidance on the situations where we have a duty to disclose information to the Police even though we have not been asked to do so.
These requests are sometimes made by the Police as an emergency and outside normal working hours, so it is important everyone in our organisation understands what to do.
Requests may also be made by other law enforcement agencies to which this guidance will apply, but in respect of other law enforcement agencies it is advisable to speak to our DPO before making any decision.
Personal information held by us is managed in accordance with GDPR and the Data Protection Act 2018 (DPA 2018). Our Data Protection Policy, Subject Access Request Procedure and Privacy Policy provide guidance on the situations in which personal data can be disclosed and transferred outside our organisation.
It is the policy of BrisDoc to assist the Police and other law enforcement agencies whilst still upholding an individual’s right to confidentiality and complying with GDPR.
No part of this guidance is intended to overrule a clinician’s professional duty of confidentiality. Guidance on confidentiality is provided below.