Posthumous Confidentiality

Privacy does not end at death. Ethical respect and legal controls still apply, with specific routes for access and disclosure.^[3][2]

Continuing duties

Treating the deceased person's information with the same care as the living maintains trust.^[3][4]

Limiting disclosure to what is necessary for lawful purposes, and recording rationale, supports accountability.^[2][1]

Access routes

Under the Access to Health Records Act 1990, personal representatives and those with a claim may request relevant parts of the record.^[1] Coroners (or Procurators Fiscal) may lawfully require information for investigations and inquests.^[5]

• Checks before releasing: verify identity and authority; scope the request precisely; disclose the minimum necessary; and use secure transmission with receipt confirmation.^[2]
• Exclusions to consider: third-party data, information likely to cause serious harm, and content subject to legal privilege.^[1][3]

Communication with families

Compassionate, clear explanations about what can be shared help expectations. Where some information must be withheld, explaining why and offering routes to challenge or clarify is respectful. Briefly recording conversations maintains a trace.^[3]

Records management

Applying standard retention schedules, securing and indexing records, and ensuring they are retrievable supports continuity. Logging access requests, disclosures, and decisions with dates, names and legal bases enables audit.^[4]

Ethical considerations

Public interest may justify disclosure in limited cases, such as genetic risk to relatives, but decisions must be proportionate and documented after advice. Seeking senior or Caldicott input when uncertain is prudent.^[6][7][3]

Domiciliary and community settings

Deaths may occur outside the practice. Protecting any portable records and liaising with relevant authorities using secure channels are consistent steps. Avoiding discussion in shared spaces reduces inadvertent disclosure.^[4][2]

References (numbered in text) Why we include references

1. Access to Health Records Act 1990 — Legislation.gov.uk (UK Parliament) Find (opens in a new tab)
2. What is personal data? / Part one: Is the request for personal data? — Information Commissioner's Office Find (opens in a new tab)
3. Confidentiality: good practice in handling patient information — General Medical Council Find (opens in a new tab)
4. Records Management Code of Practice for Health and Social Care — NHS England / Transformation Directorate (First published 4 August 2021; updated 7 August 2023) Find (opens in a new tab)
5. Guidance No44: Disclosure — Courts and Tribunals Judiciary (Judiciary of England and Wales) Find (opens in a new tab)
6. Alerting relatives about heritable risks: the limits of confidentiality — Anneke Lucassen; Roy Gilbar; BMJ (2018) Find (opens in a new tab)
7. Information: To Share Or Not To Share? The Information Governance Review — Dame Fiona Caldicott; National Data Guardian (Caldicott review, 2013) Find (opens in a new tab)