Our Team

News

Webinar: The critical role of the Data Protection Officer

The statutory obligation on GP practices, GP federations and PCN companies to designate a Data Protection Officer (DPO) does not end with engaging somebody to undertake the role. GP Partners and company directors remain responsible for ensuring the competency of their DPO, and can be held liable if the DPO fails to properly undertake their duties.

Designating and supervising/undertaking the role of DPO is not straightforward and many GP practices and other primary care organisations are not meeting their statutory obligations. The ICO continues to offer advice to data subjects on claiming compensation as a result of a data breach or an infringement of their data protection rights, further increasing the risk of claims against GPs for data protection failures.

Hosted by our data protection and compliance specialist David Sinclair, this webinar provides:

  • an update on the relevant statutory obligations
  • top tips to reduce the risk
  • steps to take in the event of a claim
Share
Our Team

News

Patient’s fitness to drive and managing breach of confidentiality

As a GP, you are used to looking into the wider issues around a patient’s presenting complaint, such as safeguarding matters or a patient’s social circumstances and living conditions. However, one issue that could be over looked is a patient’s fitness to drive, and we are all familiar with the news stories of drivers suffering medical emergencies behind the wheel, often with fatal consequences.

In this blog, we look at what to do if you’re not sure about a patient’s fitness to drive and the steps you should take if you suspect that a patient will continue to drive after you have advised them not to.

Understanding your obligations around a patient’s fitness to drive

Often assessing fitness to drive will be explicit – you may be specifically asked by the patient, or the DVLA to consider this and all HGV Group 2 licence holders require a regular medical assessment.

GPs also have an obligation to consider fitness to drive matters even if the patient has not consulted specifically in relation to that, and when a patient has made you aware of a medical condition that could impact their fitness to drive.

Individuals driving when they should not can, and sometimes does, have fatal consequences. Many may recall the Glasgow bin lorry crash of December 2014 in which 6 people died and 15 were seriously injured. The driver of the lorry had fainted at the wheel and there was evidence in his medical records that he had previous episodes of unexplained fainting. Unfortunately, that information was not prominent in the records so the GPs that the driver presented to didn’t consider it a significant problem and took no action to stop him driving.

James Stewart of DR Solicitors acted for the GPs in the subsequent Fatal Accident Inquiry, and at that Inquiry criticisms were made that GPs did not appreciate the significance of a history of vasovagal syncope (ie fainting) that did not appear to have obvious triggers. Although the driver’s condition was not prominent in the records and the driver himself hid or minimised the problem, the Inquiry found that some of the GPs involved were not clear on their responsibilities as they relate to fitness to drive matters.

Carrying out your obligations

As the GMC guidance on fitness to drive states in its preamble:

“If a patient has a condition that could affect their fitness to drive, it’s their duty to report it. But as their doctor you have responsibilities as well”

The GMC guidance was updated in March 2023 and should be a GP’s first port of call if they have any concerns that a patient may be unfit to drive for whatever reason.

If a patient is assessed as unfit to drive, the first step is to advise the patient that they are not fit to drive and that they should report themselves to the DVLA.

Whilst many patients will accept that they are no longer safe to drive, others will be very resistant to any suggestion that they should no longer drive as it can significantly curtail their freedom and in some cases their livelihood.

Here it should be remembered that whilst doctors have a duty of care to their patients they also have duties to the public at large, as the guidance states:

“Doctors owe a duty of confidentiality to their patients, but they also have a wider duty to protect and promote the health of patients and the public”

The consequence of this wider duty is that if certain criteria are fulfilled, then a doctor can breach patient confidentiality and report a patient to the DVLA without their consent. Clearly this is going against one of the fundamental principles of the medical profession and should be a last resort.

As per the guidance:

“If it is not practicable or appropriate to seek consent, and in exceptional cases where a patient has refused consent, disclosing personal information may be justified in the public interest if failure to do so may expose others to a risk of death or serious harm. The benefits to an individual or to society of the disclosure must outweigh both the patient’s and the public interest in keeping the information confidential”

Such a fundamental breach of patient confidentiality should not be taken lightly and we would recommend taking professional advice before doing so.

Conclusion

Doctors should only report a patient to the DVLA without their consent when all the other options have been exhausted. Make sure you consult with the relevant GMC guidance very carefully before taking any action, as it lays out the various steps that must be undertaken before confidentiality can be breached.

As you might imagine, the patient involved may raise a complaint for breach of confidentiality, but you cannot allow the threat of a complaint deter you from your obligation to report.

If in doubt, doctors would also be well advised to take advice from senior colleagues or discuss with their defence organisation or discuss with DR Solicitors.

For further information about this or any other regulatory matter, please contact us on 01483 511555 or by email info@drsolicitors.com

Share
Our Team

News

The Letby case and Doctors’ non-clinical regulatory obligations

The recent Lucy Letby case made headlines across the world. Interest in her trial and subsequent sentencing has brought into focus not only Ms Letby’s actions, but also the actions of those people who were managing her and the unit she was working in. Recently, it was reported that Cheshire Police are investigating if corporate manslaughter charges can be laid in relation to the events that took place at the Countess of Chester Hospital.

In addition to their corporate responsibilities, doctors have to meet the non-clinical regulatory obligations set out by the GMC. This includes ensuring that the systems they oversee and the processes which they implement and supervise are fit for purpose, and are focused on delivering good patient care.

In this blog, we look at how a doctor can meet their non-clinical regulatory obligations.

Meeting the GMC standards in leadership and management

The GMC has produced specific guidance on the standards it expects doctors to meet in relation to leadership and management.

The introduction to the guidance is instructive as it lays out the GMC’s position:

“Being a good doctor means more than simply being a good clinician. In their day-to-day role doctors can provide leadership to their colleagues and vision for the organisations in which they work and for the profession as a whole. However, unless doctors are willing to contribute to improving the quality of services and to speak up when things are wrong, patient care is likely to suffer.

This guidance sets out the wider management and leadership responsibilities of doctors in the workplace, including:

  • responsibilities relating to employment issues
  • teaching and training
  • planning, using and managing resources
  • raising and acting on concerns
  • helping to develop and improve services.

The principles in this guidance apply to all doctors, whether they work directly with patients or have a formal management role…..

….You continue to have responsibility for the safety and wellbeing of patients when you perform non-clinical duties, including when you work as a manager. You are still accountable to the General Medical Council (GMC) for your decisions and actions, even if someone without medical training could perform your role.

The highlighted last sentence is significant because it makes clear that the GMC will investigate concerns about doctors even when they are operating in a purely managerial, non clinical role. The GMC frequently investigate cases involving drink driving, fraud, assault and similar, so investigating non clinical management is not as big a step as some might imagine.

Your obligation to raise and act on concerns

As stated above, one of the important responsibilities for doctors is “raising and acting on concerns”. One of the great tragedies of the Letby case is that it appears concerns may have been raised, but that these may not have been acted upon.

The GMC consider this to be such an important subject in its own right that they have produced separate guidance on this. The guidance essentially explains how to apply in practice the relevant principles in Good Medical Practice, which is of course the primary guidance for doctors.

Conclusion

The GMC guidance on raising concerns states the following:

“All doctors have a duty to raise concerns where they believe that patient safety or care is being compromised by the practice of colleagues or the systems, policies and procedures in the organisations in which they work. They must also encourage and support a culture in which staff can raise concerns openly and safely.”

The wording is clear that doctors are under a duty to raise concerns and it is not optional.

If you find yourself in a position where you have a concern, you should check your practice’s own policies and procedures and read the GMC guidance in full.

If you are worried that you are not being listened to, or of potential repercussions, then DR Solicitors can offer you practical advice on best practise. For the rare occasions when things do go wrong and you find yourself in front of a regulator, we have the experience to guide you through that process.

For more information about meeting your non-clinical regulatory obligations or for any other primary care related legal issues, please get in touch for a free, no obligation chat on 01483 511555 or via email info@drsolicitors.com

Share
Our Team

News

Data law compliance failures are a growing problem: tips to reduce your risk

The ICO have recently published their findings that many public sector bodies, including NHS organisations, still do not have appropriate policies, processes or staff training in place to ensure compliance with GDPR. In particular, they have identified failings in three key areas, being (i) inappropriate disclosure of data; (ii) insufficient data removal and redaction; and (iii) failure to identify and report a data breach. The failures have resulted in the ICO issuing reprimands to the organisations involved, which then go on to be published on the ICO website for all to see.  

How confident are you that your practice is properly managing the risks of GDPR, and what are the possible consequences of a reprimand from the ICO? 

What is an ICO reprimand?

In the event of a complaint about you to the ICO, or a claim for damages against you from a wronged data subject, the GDPR imposes a statutory duty on you as a data controller to demonstrate that you have implemented the GDPR Article 5(1) ‘data protection principles’ and the wider GDPR provisions. This is known as the ‘accountability principle’ and an inability to demonstrate compliance could result in you receiving a reprimand from the ICO. Note that it is not enough to simply comply, you have to be able to demonstrate how you comply. 

In June 2022, the ICO announced that they would generally rely on their wider powers of warnings, reprimands and enforcement notices when dealing with public sector GDPR breaches, and would only issue fines in the most serious of cases. It is slightly unclear whether primary care providers would be regarded as public sector for these purposes, as the ICO used the terms public authority (which most practices are) and public sector (which most are not) interchangeably, but at least initially we would expect the ICO to err towards reprimands.

Primary Care providers may not consider receiving an ICO enforcement notice or a reprimand to be overly serious (and it will certainly be preferable to a fine), but the ICO publishes the enforcement action it takes on its website, which is constantly monitored by the media and claimant solicitors. 

Providers who receive an ICO enforcement notice or reprimand may therefore quickly find themselves under the media spotlight and in receipt of damages claims from solicitors representing affected data subjects. It will be very hard to defend any data breach claim if the ICO has already published that you are not complying with the GDPR.

Top tips to avoid an ICO reprimand 

We suggest that you carry out a thorough and regular review of your policies, procedures and training and document the outcome of each review. You may wish to prioritise the following: 

  1. all data protection policies, procedures and staff guidance and training, particularly those relating to the management of data subject requests and requests for access to medical records
  2. those policies and procedures relating to the removal and redaction of third party and non-personal data and those for data disclosure and sharing
  3. procedures and training on how to detect and report a personal data breach 
  4. staff data protection instruction and training to confirm that it complies with the ICO’s Accountability Framework.  Particular attention should be given to the training of those responsible for managing data subject requests, the removal and redaction of data and the disclosure and sharing of personal data.

Conclusion

Data protection legislation is a complex but increasingly litigious area, and practices are particularly at risk of claims because they hold such sensitive personal data. LMCs, PCNs and primary care providers who require further information on anything covered in this article, or who would like a confidential conversation about complying with the GDPR’s Article 5 requirements can contact Nils Christiansen on 01483 511555 or send an email to enquiries@drsolicitors.com

Share
Our Team

News

Podcast: David Sinclair on the threat of cyber-attacks on GP Practices and steps to take now

With the threat of cyber-attacks on the rise, coupled with a quickly evolving policy landscape when it comes to GDPR, data protection and information security, our Information Law Solicitor, David Sinclair, discusses with Ockham Healthcare what practices should be doing now to ready themselves, who should take responsibility for this critical area of work, and what to expect going forwards.

Share
Our Team

News

Data Protection Officers – what’s the risk?

Every GP Practice in England and Wales should have a designated Data Protection Officer (‘DPO’) who is key to the practice being able to comply with its UK General Data Protection Regulation 2016 (‘GDPR’) duties. Unfortunately, there is a lack of understanding about the importance of the DPO role, resulting in partners and separately, the DPO, taking on potentially significant regulatory and financial liability. In many practices, the DPO is seen as a secondary function that a partner, practice manager, or relatively junior member of staff can undertake in addition to their normal duties. In this blog, our data and information security solicitor, David Sinclair, identifies some of the key risks and some steps you can take to avoid them.

The role of the DPO

A DPO has significant, statutory data protection responsibilities that require them to possess requisite professional qualities and other abilities (not defined in the legislation), together with an ‘expert knowledge of data protection law and practices’. Given the complexity and ever-changing nature of UK data protection law, this is a significant burden to impose on any professional – even one with considerable information governance experience.

Partner liability

Unless otherwise expressly set out in the partnership agreement, partners are jointly and severally liable for GDPR compliance, including for formally appointing and adequately supporting a competent DPO, and for filing the DPO appointment with the ICO.

Partners bear the full statutory responsibility of ensuring that the DPO (whether a staff member or third party) has the experience, skills and knowledge to fulfil their DPO duties, as well as the required ongoing training, support and resources to enable them to carry out their role.

DPO liability

A DPO carries significant liability if a GDPR breach is attributed in whole or in part to a failure on their part to properly undertake their DPO duties. This is the case even when it can be shown that they perhaps did not have the necessary experience for the role and/or were not provided with adequate training to understand the GDPR’s requirements (many of which are poorly defined and open to interpretation), unless the DPO can demonstrate that they raised these issues with the practice at the earliest opportunity.

A common misconception among DPOs is that they have immunity from prosecution, dismissal, or other disciplinary action by virtue of their status as a DPO. This is not the case.

Article 38 of the GDPR provides DPOs with limited protection from dismissal or other penalty relating purely to the performance of their DPO tasks. In addition, DPOs cannot be personally liable for the partnership’s non-compliance with the GDPR, which remains with the partners.

Data protection law does not, however, protect DPOs who fail to undertake their statutory role or who do so negligently, eg by them failing to advise the partners, or them giving inaccurate advice, particularly where this is due to the DPO’s lack of competence and they failed to raise that with the practice.

Further, the GDPR does not prevent partners disciplining DPO employees (up to and including dismissal) under the terms of their employment contract, or from partners seeking to recover damages (in breach of contract and/or negligence) from external DPOs, whose failure to undertake their role results in a breach of data protection law.

Conclusion

So how can you minimise your liabilities?

Partners should undertake due diligence on a DPO’s competence and suitability to undertake their role. The practice must also provide the DPO with the resources and support they need to carry out their duties. We strongly advise partners to review their DPO appointment on a regular basis.

Existing DPOs and those considering taking on the role should give thought to whether they have the required training, experience, skills and knowledge to undertake the role. Particular consideration should be given to whether they can advise the practice competently and confidently on complex GDPR issues. Individuals who have doubts about their competence in this area should raise this with a partner as a priority.

For more information about GDPR, the role of the DPO or on information governance issues generally, please contact David Sinclair on 01483 511555 or by email to d.sinclair@drsolicitors.com.

Share
Our Team

News

Weaponising Data Subject Access Requests

If you find yourself in dispute with a partner or employee, then you may well find yourself in receipt of a Data Subject Access Request (DSAR). This is an increasingly common occurrence in civil and employment litigation and requires careful handling. In our experience many primary care practices do not have effective systems in place to deal with DSARs, which can then result in significant reputational damage and financial cost.

In this blog, we look at how and why DSARs are being used as a legal tactic in disputes, and how your Practice can minimise the risk of a claim arising out of one.

What is a DSAR?

The UK General Data Protection Regulation 2016 (‘GDPR’) provides data subjects with a right to access their personal data. Many practices do not realise that a DSAR can be made in any format, including orally, and can be made to anyone in the organisation.

The GDPR also provides data subjects with a statutory right to claim compensation from a provider where they have suffered material (eg medical bills, loss of wages) or non-material (eg distress, anxiety) damage. It has been established that non-material damage can include a data subject’s ‘loss of control over their personal data’.

Article 15 of the GDPR gives a data subject a further right to sue a data controller if they fail or partially fail to respond to a DSAR. ‘Fail’ includes responding late and/or not providing the mandatory information. Recent damages paid range from £750 for the ‘frustration’ felt by a data subject whose personal data had not been erased, to £18,000 awarded for distress following the inclusion of inaccurate personal data in a report.

Why are DSARs important?

DSARs, other than those held to be manifestly unreasonable or excessive, are a fundamental legal and human right that the Courts have held to be ‘purpose blind’. This has led to DSARs being used as a weapon by individual claimants and their solicitors to short-circuit the normal legal disclosure process. The hope is to pressurise a data controller into early and higher settlements by highlighting a breach and/or threatening civil action for compensation.

If poorly managed, DSARs can also result in claimants being given information to which they are not entitled, such as other people’s personal data, which would itself constitute a data breach. This then enables the claimant to increase the size of their own claim, and opens the possibility of further claims from new claimants. Unfortunately, the size of the likely awards means that some solicitors are prepared to act on DSARS and data breach claims on a no win/no fee basis, which simply encourages even more claimants to come forward. In this way a DSAR received on a small dispute can quickly snowball into multiple large claims against a practice.

Managing DSARs

Good DSARs management starts with processes and staff training. Since DSARs can be made to anyone in the practice, all staff must understand what to do if they receive one. This minimises the risk of a DSAR being overlooked. Practices should then have a single point of contact responsible for responding to DSARs, who is trained in the regulations and who has appropriate access to the relevant systems. They should also understand and manage the timelines for responding, and report directly to a responsible partner to enable quick decision-making. It would also be a good idea to know who you will approach in the event you need expert legal help.

Conclusion

The use of DSARs as a litigation weapon is increasing, as are the number and size of claims against data controllers. It is important that primary care practices have robust, formal procedures in place to ensure that:

  • all staff can recognise a DSAR;
  • all data search, collation, redaction and removal processes are GDPR compliant
  • DPA exemptions are correctly applied;
  • all non-disclosable information is withheld;
  • any consents to disclosure are valid; and
  • timeframes are strictly adhered to

Primary care providers who are uncertain about dealing with a DSAR should seek legal advice as soon as possible, particularly if there is a link to a known or potential litigation matter. If you would like more information about this or any other matter, please contact Nils Christiansen or David Sinclair on 01483 511555, email n.christiansen@drsolicitors.com

Share
Our Team

News

Integrated Care Systems Consultation: Very little time to respond

NHS England recently issued a consultation on significantly extending the role of Integrated Care Systems (ICSs) in the NHS. The proposals are very far reaching for Primary Care as well as other NHS providers, and the consultation is set to close on 8 January 2021 so time is short.

What are the Proposals?

ICSs have been around for a couple of years now, and bring together CCGs, Trusts, Councils and other NHS Organisations to ‘take collective responsibility for managing resources, delivering NHS standards, and improving the health of the population they serve”. To date ICSs have been collaborations between existing organisations rather than creating anything new.

At heart, the proposals in the consultation paper are to put the ICSs on a firmer footing by introducing new legislation. There are 2 options presented, and it should be noted that ‘Doing Nothing’ is not an option. The implicit conclusion must be that the current organisation of the NHS in England is no longer considered fit for purpose. The options are:

Option 1: a statutory committee model with an Accountable Officer that ‘binds together’ current statutory organisations

Option 2: a statutory corporate NHS body model that additionally brings CCG statutory functions into the ICS.

There is a clear preference in the paper for Option 2. Under this model the current GP-led CCG model would disappear and CCG functions would move into ICSs. ICSs would instead be governed by a board consisting of representatives from the ‘system partners’, including, as a minimum, representatives of NHS providers, primary care and local government.

Under Option 2, ‘many commissioning functions for which NHSE is currently responsible could be transferred or delegated to the ICS’. Critically, it also anticipates allocating ‘combined population-level primary care, community health services and specialised services population budgets to ICSs under this option. There is no doubt that these proposals are very far reaching and, if adopted by the government, will see a radical change to the NHS in England. They will also open the door to a very different role for primary care and we will analyse these changes in a separate blog.

How to respond?

The Consultation poses 4 questions, and asks for responses by 8 January 2021. The questions are all framed as ‘Do you agree thatâ’ so you will need to be clear in your answers if you actually disagree with any of the statements. The four questions are:

1. Do you agree that giving ICSs a statutory footing from 2022, alongside other legislative proposals, provides the right foundation for the NHS over the next decade?

2. Do you agree that option 2 offers a model that provides greater incentive for collaboration alongside clarity of accountability across systems, to Parliament and most importantly, to patients?

3. Do you agree that, other than mandatory participation of NHS bodies and Local Authorities, membership should be sufficiently permissive to allow systems to shape their own governance arrangements to best suit their populations needs?

4. Do you agree, subject to appropriate safeguards and where appropriate, that services currently commissioned by NHSE should be either transferred or delegated to ICS bodies?

Quite how NHSE expects to receive carefully considered responses to such far-reaching proposals in a tight timescale in the midst of a Covid pandemic, during the flu season, and over the Christmas period is not explained. Although we would obviously recommend that readers respond by 8 January if they can, we would suggest that if you would like to respond but feel that the deadlines are too tight, as a minimum you notify NHSE of this so that later representations may possibly be considered.

If you wish to discuss the impacts of any of these changes on your practice, PCN or federation, please contact Nils Christiansen on 01483 511555, info@drsolicitors.com

Share
Our Team

News

The NHS Long Term Plan: How will GP practices be impacted?

There is a tendency when new plans come out of the NHS for people to say they have seen it all before. Would this be a wise response to the Long Term Plan?

Pleasingly, there is an acknowledgement of the many issues in primary care and a commitment that investment in primary medical and community services will grow faster than the overall NHS budget. Spend should be at least £4.5bn higher in 2024, but the extra money will come with strings attached. If applied consistently, this will mean further change is coming for many GPs in England.

The Network Contract

A new ‘Network Contract’ will route the additional monies and will also incorporate local enhanced services currently commissioned by CCGs. This Network Contract will be in addition to existing GMS, PMS and APMS contracts. ‘Primary Care Networks’ (PCNs) will be responsible for these contracts and will typically cover 30-50,000 patients. Each network will be responsible for expanded community multidisciplinary teams along the lines of the Integrated Care Vanguards. The obvious question is, who will actually hold (and deliver) these contracts? In some parts of the country GP Federations are sufficiently developed to do so, and could then subcontract services to member practices or to other service providers as appropriate. In other areas super-partnerships are sufficiently large and geographically contiguous to do so, though they may be concerned about using their unlimited liability partnerships to do so. Elsewhere again, it is possible that existing community health providers may look to lead.

What is clear is that the Network Contract is supposed to facilitate ‘integrated community-based health care’ and all new money in primary care will flow that way. We are told that practice participation will be voluntary, but it is hard to see how practices will remain financially viable in the medium term if they do not participate.

Online GP consultations

Digital-first primary care will become a new option for every patient. Over the next five years every patient in England will have a new right to choose telephone or online consultations instead of face to face consultations. The plan states this will be ‘usually with their own practice or, if patients prefer, with one of the new digital GP providers’.

The plan goes on to say that a new framework will be created for digital suppliers to offer their platforms to primary care networks on standard NHS terms. It is therefore unclear whether the digital providers enabling online consultations are supposed to be suppliers of services to networks of GPs, or will be able to hold patient lists themselves.

Our recommendations

It has been clear for some time that any increases in funding will go to practices working at scale. Scale working has now been formalised into PCNs . In those areas of the country where there is already an obvious PCN in existence, the immediate focus should be on working out which approach to use for online consultations. Where there is not currently any single obvious PCN, practices would be well advised to reconsider their local joint working arrangements: be that though through federations, mergers, primary care homes or the like.

Remember that the new Network Contract will need to be held by an appropriate business vehicle (there is no indication yet of any restrictions on who could hold them) so you will need to consider who will be the local prime contractor.

We would be delighted to discuss how we can help practices and PCNs prepare for the imminent changes. Please contact Nils Christiansen in the first instance for a no obligation conversation about how we can assist.

Share
Our Team

News

The advantages and disadvantages of LLPs and Mutuals in Primary Care

There are currently only four types of business vehicle permitted to hold GMS contracts. These are:

  1. Individual GPs (who have unlimited liability)
  2. Unlimited liability partnerships including at least one GP (the most common structure)
  3. Limited partnerships including at least one GP
  4. Companies limited by shares including at least one GP shareholder

There are statutory mechanisms enabling a GMS contract to be transferred between types 1, 2 and 3, but no statutory mechanism enabling a transfer to or from type 4. The rules for PMS are slightly different, but given the right of PMS contractors to return to GMS the difference is not material for the purposes of this note.

The current options for practices to limit their liability are restricted. They could transfer a GMS contract into a limited partnership, but these entities require at least one partner to have unlimited liability for all the risks of the business. Since only a subset of the partners have limited liability, this would create obvious difficulties in a GP partnership. Using a Company limited by shares would limit the exposure of all the shareholders to the value of their capital, but this is not normally available to practices as there is no mechanism to transfer the GMS contract into the company.

Limited Liability Partnerships (LLPs)

LLPs retain the central feature of partnerships, being that partners both own and manage the business. In a company, by contrast, ownership and management are split between the shareholders and directors. Partnerships are often the preferred business vehicle in the professions because the alignment of ownership and management encourages close collaborative working. This in turn facilitates the transfer of tacit skills and good risk management on which the reputation of the profession relies.

LLPs bring several advantages over other kinds of partnership:

  1. LLPs are registered legal entities and are therefore capable of contracting in their own name. This means that important assets such as the surgery freehold or lease can be held in the name of the LLP rather than individual LLP member’s names. When a member joins or leaves an LLP, there is no need to change the lease or the land registry title, because the member is not named on it. Discussions amongst members would then change from being whether or not to ‘buy-in’ to the surgery, to whether or not to contribute capital to the LLP.
  2. The liability of LLP members is limited to their capital contribution. There are ways this can be circumvented such as by a mortgagor requiring personal guarantees, but members know that their liability is limited except where they have agreed otherwise. By contrast in traditional partnerships all partners have unlimited liability except where they have agreed to limit it. The most common ways of doing so are to take out insurance (such as professional indemnity cover) or to have contractual limits to liability in service contracts. In this way it is possible to create structures which arrive at similar levels of risk, but they start from opposite extremes
  3. In an LLP a member is not responsible or liable for another member’s misconduct or negligence. This is an inevitable consequence of the limited liability status since this removes the joint and several liability inherent in an unlimited liability partnership. Some argue that this can reduce the level of collaboration between LLP members, but this has not generally been the experience of other professions.
  4. There is considerably more formality around LLPs. Unlimited liability partnerships can be created and dissolved with no documentation, whereas LLPs cannot exist unless they are registered at Companies House. This increased formality eliminates some of the uncertainty around whether a partnership has been created or dissolved, which is at the heart of many GP partnership disputes. However, Companies House requires LLPs to file and disclose information about their membership and accounts which is normally kept private in an unlimited liability partnership.

Mutuals and Social Enterprises

There are a variety of legal structures which enable employee and community ownership of, and involvement in, a business. These are usually known collectively as social enterprises. The only form of social enterprise which is currently open to primary care is a Community Interest Company Limited by Shares (“CIC-CLS”). Since the same ownership rules apply to a CIC-CLS as to an ordinary company limited by shares, it is not possible to use it to broaden employee and community involvement in the practice.

If other social enterprises were to be permitted to hold GMS and PMS contracts, they would most likely include Companies limited by Guarantee (“CLG”), Community Benefit Societies (“BenComs”) and Industrial Provident Societies (IPS).

The primary difference between the various different types of enterprise comes down to who they ultimately seek to benefit:

  • Partnerships and LLPs look to provide financial benefit (profit) for the partners/members
  • Companies limited by shares look to provide financial benefit (profit) for the shareholders
  • CLGs look to provide financial and non-financial benefit to a defined purpose and are often charities
  • BenComs look to benefit the community
  • IPS’s seek to benefit their members

If social enterprises were able to hold GMS and PMS contracts, they would have similar advantages to LLPs. They all generally have legal personality and so can hold assets and contracts, they have limited liability by default, and they are regulated and must be registered. Social enterprises come with the additional disclosure requirement beyond those of LLPs, to ensure that their social purpose is being complied with.

A further possible advantage with social enterprise is that it might make it easier to integrate across other elements of healthcare, since it would be easier to involve the care and voluntary sectors in a social enterprise such as a BenCom.

Transitioning issues

If LLPs and mutuals were permitted to hold GMS and PMS contracts, this would not resolve the question of how to move existing GMS and PMS contracts into them. As LLPs and mutuals are distinct legal entities, they would suffer from the same procurement problem as Companies limited by shares currently do. This is that procurement law states that public bodies must tender all contracts above a certain value. Because GMS and PMS contracts do not generally have a fixed term, their cumulative value normally exceeds this threshold. Since moving a contract from one legal entity to another is technically a termination and re-grant, the re-grant would by default have to occur through a tender process. There are exceptions to the public tender rule, but it is a matter of some debate whether these exemptions can be applied to GMS and PMS contracts.

If you have any questions or for more information, please contact Nils Christiansen on 01483 511555 or email n.christiansen@drsolicitors.com

Share