Watchdog to probe Aviva's access to customers' full medical records
Updated 10:56am Thursday 29th May 2014 in News
A WATCHDOG is to investigate the way insurance companies including Aviva are accessing unnecessary medical information from some customers' GPs.
The Information Commissioner’s Office plans to contact the York insurance giant over its obtaining of all records held by GPs, including personal details such as contraception, mental health and relationship problems.
But Aviva said doctors were only approached for such information with the full written consent of customers.
A spokeswoman said that when a customer applied for a protection policy such as life insurance, most applications were accepted immediately without the need for medical evidence from their doctor.
"If a customer discloses information which requires confirmation from their doctor, they have a choice about how we obtain this information," she said.
"The customer can choose whether we receive a medical report under the Access to Medical Reports Act or they can make a ‘Subject Access Request’ (SAR) to their doctor under the Data Protection Act, in accordance with their legal right to obtain access to their medical information."
She said SARs were recognised across the insurance industry as a way to gather medical evidence, and could help to provide a quicker, smoother application journey for customers.
"Customers are under no obligation and we will only use this approach if they have signed a health records consent form which enables us to do so," she said.
"It has been our practice to allow customers to select either method for almost 12 months and each option is fully explained to the customer within the declaration that they sign when providing us with the necessary consent to approach their doctor."
But John Canning, of the British Medical Association, expressed 'grave concerns,' saying GP records held personal details, for example about termination of pregnancies and relationship issues, which had no bearing on insurance policies.
He believed the consent obtained by insurers wasn't always understood by people applying for a policy, and believed the Data Protection Act was being misused.
A spokesman for the ICO said the Act provided individuals with a right to make an SAR to find out what information is held about them and to hold organisations to account.
"These requests are powerful and lead to all of the information held by an organisation being disclosed," he said. "There are already specific means for insurers to find out relevant medical information with appropriate safeguards.
"We will be contacting Aviva to understand more about their use of subject access requests and how these accord with the Act.”