Healthcare providers are often contacted by relatives, carers or attorneys asking for access to a patient / service user information. Sometimes this is straightforward. Sometimes it is not.

A Lasting Power of Attorney, often called an LPA, is a legal document that allows someone to make decisions on behalf of another person if they are unable to make those decisions themselves. There are two main types:

• Health and Welfare LPA

• Property and Financial Affairs LPA

For Healthcare providers, the important point is that not every LPA gives the attorney the same rights.

Health and Welfare LPA

A Health and Welfare LPA allows the attorney to make decisions about the person’s health and care, but usually only when the person lacks mental capacity to make the relevant decision themselves.

This may include decisions about care arrangements, medical treatment, daily routine and access to relevant health information.

If an attorney is asking for medical information to support a health or care decision, a Health and Welfare LPA is usually the most relevant document.

Property and Financial Affairs LPA

A Property and Financial Affairs LPA allows the attorney to make decisions about money, bills, property, pensions and financial matters.

This type of LPA does not automatically mean the attorney is entitled to full access to the patient / service user's medical records.

However, there may be situations where limited health information is relevant to a financial decision. For example, an attorney may need evidence of capacity, care needs or medical circumstances to manage benefits, insurance, care funding or financial affairs.

The Healthcare provider should consider what information is actually needed and avoid disclosing more than is necessary.

Do Not Assume “LPA” Means Full Access

One of the most common mistakes is assuming that because someone has an LPA, they can automatically see everything in the patient’s record.

Healthcare providers should check:

• What type of LPA it is

• Whether it has been registered

• Whether any restrictions or conditions apply

• Whether the patient / service user'scurrently has capacity for the decision

• What information is being requested

• Why the information is needed

• Whether disclosure is in the patient / service user's best interests

The attorney’s role is not a general right to browse the record. Disclosure should be linked to the decision they are authorised to make.

What If the Patient / Service user Still Has Capacity?

If the patient / service user has capacity to make the relevant decision, they should usually decide whether information is shared.

For example, if a relative with an LPA asks for a copy of the patient / service user's records but the patient / service user has capacity and does not want this shared, the Healthcare providers should be very cautious about disclosure.

Capacity is decision-specific. A patient / service user may lack capacity for some decisions but still be able to decide whether they want information shared with a relative.

Proxy Access and Online GP Records

LPA requests often arise in the context of proxy access to online GP services.

Proxy access allows someone to access GP services on behalf of another patient / service user, such as booking appointments, ordering repeat prescriptions or viewing parts of the GP record.

NHS England guidance makes clear that proxy access should be managed carefully and proportionately. The level of access should reflect the patient / service user's needs, the proxy’s role and any risks involved.

A Health and Welfare attorney may request proxy access, but the Healthcare provider should still decide what level of access is appropriate. It may not be necessary to provide full record access in every case.

Practical Examples

Example 1: Daughter With Health and Welfare LPA

A daughter provides a registered Health and Welfare LPA and asks for information to help make decisions about her mother’s care. The patient / service user lacks capacity to manage the decision.

It may be appropriate to share relevant health information with the daughter, provided the request is linked to the care decision and there are no restrictions in the LPA.

Example 2: Son With Property and Financial Affairs LPA

A son provides a Property and Financial Affairs LPA and asks for the patient / service user's full GP record.

The healthcare provider should not automatically disclose the full record. It should ask why the information is needed and consider whether a limited letter or specific extract would be sufficient.

Example 3: Patient / service user Has Capacity and Objects

An attorney asks for access to the patient / service user's records, but the patient / service user has capacity and says they do not want the information shared.

In most cases, the patient / service user's wishes should be respected unless there is a clear legal basis or safeguarding reason to do otherwise.

What Should Healthcare Providers Record?

Whenever a healthcare provider discloses information to an attorney, it should record:

• The type of LPA seen

• Whether it was registered

• Any restrictions or conditions

• What information was requested

• Why disclosure was considered appropriate

• What information was disclosed

• Whether capacity was considered

• Any best interests reasoning

Good record keeping is essential because these decisions can be sensitive and may be challenged later.

Practical Tips for processing LPA requests can be found in the Resource section of myKafico (for our DPO+ customers)

Key Takeaway

An LPA can provide authority to act for a patient / service user, but it does not automatically give unrestricted access to their medical record.

Healthcare providers should check the type and scope of the LPA, consider the patient / service user's capacity, understand why the information is needed and disclose only what is necessary and proportionate.

The safest approach is to treat each request individually, document the decision and avoid assuming that “power of attorney” means “full access to everything”.

💡 Have a Data Protection Question?

Ask the experts through our low cost advice hub

🖱️ Interested in myKafico

One month free trial of our DPO Compliance platform