Use of subject access rights to obtain medical records for insurance purposes

shutterstock_103173653The ICO has told the Association of British Insurers that their members who ask data subjects to exercise their rights of access to health records in order to obtain insurance products are breaching the Data Protection Act.

In a letter dated 14 July 2015, the ICO states that the Access to Medical Reports Act (AMRA) “sets out a statutory regime…by which medical information about an individual may be obtained by an insurer for insurance purposes.  It should be noted that AMRA makes provision for GP reports to be provided to insurers, and is not a regime for obtaining medical records.” The letter also says “We believe that use of subject access rights in the manner described sidesteps the statutory regime under AMRA”.

The ICO concludes: “Using individuals’ own data protection rights to side step the current statutory arrangements designed to meet the insurance industry’s needs, and including important safeguards for individuals, is not the appropriate approach

Leave a Reply

Your email address will not be published. Required fields are marked *