GPs must ensure their practices do not breach the Data Protection Act and Health and Safety at Work regulations, as Dr Gerard Panting explains


The new GP contract makes financial provision for the development of practice premises. No doubt there will be arguments about how much money is required overall and how it should be distributed, but the fact that money is to be made available signals the need to address some of the frequently encountered structural problems of surgery premises.

Access to GP surgeries is one obvious area to assess. Modern purpose-built premises should be wheelchair friendly, with ramps, wide doorways and corridors, door handles at an appropriate height, disabled toilet facilities, and waiting rooms and consulting rooms that accommodate the non-ambulant patient. However, some converted premises may struggle to meet these standards.

The most common medico-legal problem is confidentiality. Combined reception and waiting areas pose an obvious problem but even when they are separate, a queue at reception may mean a conversation between patient and receptionist can be overheard, resulting in embarrassment or key information being withheld.

A problem with the layout may therefore create a staff training need. Practice staff need to be aware of the issues and must be particularly careful to avoid confidential matters when talking to patients if they may be overheard.

Even being in a separate room does not mean that no-one else can hear what is said. Consulting rooms may not be soundproof, particularly in converted premises, and the problem may be exacerbated if the patient is hard of hearing.

Some problems are easier to fix than soundproofing rooms. Positioning a computer monitor in the consulting room or reception area may enable patients to gain unauthorised access to confidential information about others. It should be fairly easy to ensure that the screen is not visible to patients. Equally, any message books or other written materials containing confidential information should not be left in areas where patients can see them.

Security of medical information is a big issue. The Data Protection Act 1998 categorises medical records as sensitive personal data and adequate security arrangements need to be made. Alarms, bars on windows and secure locks protect medical data out of hours but it is equally important to consider how to protect data when the surgery is open.

Logging off the computer when leaving the room, especially if patients are to be left on their own, is a tedious but necessary precaution. Password protection is another sine qua non of secure computerised systems.

Where computerised notes are relied upon, it is important to make regular back-ups and store them securely off-site so that if the surgery burns down or if there is some other disaster, medical data can be retrieved.

Although around 98% of practices are now said to be computerised, many more than 2% still rely on written records. Paper records also come under the Data Protection Act and must be kept securely. The basic rules of keeping them in areas reserved for practice staff and ensuring that all staff are aware of the need to safeguard them apply to written records as much as to computerised ones.

Health and safety

In addition to the obvious medico-legal issues, there are a host of other matters that GPs, like all employers in the UK, must consider if they are to comply with the Health and Safety at Work Act 1974. Many GPs are apparently unaware of these responsibilities.

As a non-expert in this area, all I can do is flag up some issues to be considered and suggest that if they are not being attended to in your practice, someone is given the responsibility of bringing working practices up to scratch.

There are a number of hazards in any surgery. Discarded sharps must be placed in containers from which even the most persistent toddler is unable to extract them or injure himself by poking fingers or a whole hand inside.

Every year the Medical Protection Society receives reports of precisely this sort of injury with the obvious attendant fears of HIV or hepatitis infection. Although this is not strictly a clinical negligence issue, it is a category of claim that the MPS normally takes on. Safe disposal of clinical waste is another issue to which practices must pay attention.

Other hazards within the surgery include drugs, and cleaning and other fluids. The Substances Hazardous to Health Regulations1 require these to be kept securely. If the regulations are not complied with, the surgery, and most likely the senior partner, is liable to criminal prosecution.

Under the Health and Safety at Work Act 1974 GPs must ensure that staff, patients and other visitors to the surgery are safe. Employees also have a responsibility to take reasonable care of their own health and safety and to comply with the measures introduced by the employer.

All businesses employing five or more staff, part-time or full-time, must have a written statement of policy on health and safety at work. The policy should be updated regularly, setting out who is responsible for various aspects of safety. There is also a requirement under the Management of Health and Safety at Work Regulations 1999 to carry out a risk assessment.

Regulations governing equipment with display screens require employers to ensure that problems associated with VDU use are minimised. Employers must provide eye tests and corrective spectacles for VDU use when they are required exclusively for that purpose.

Virtually every surgery will store some drugs. Practices need to be aware of the regulations governing scheduled drugs, particularly those covering record-keeping, secure Vtorage and disposal. Details of all other drugs supplied to patients or administered by practice staff must also be recorded to ensure that any claim for defective products can be successfully defended by quoting the practice°s source of supply, as required by the Consumer Protection Act 1987.

In conclusion, all GP practices must comply with a variety of regulations, some related to the specific nature of the work and others, such as the Data Protection Act and Health and Safety at Work requirements, much more general in nature.


  1. Substances Hazardous to Health Regulations. Statutory Instrument. 1999: SI 438/99.

Guidelines in Practice, August 2002, Volume 5(8)
© 2002 MGP Ltd
further information | subscribe