A subject access request comes in: the patient wants their full record. The pack is 400 pages. It'll be in their hands, but you can't risk it being forwarded onwards without controls.
Layered protection is cheap and effective.
Password-protect first
Password-protect the record pack. Use the patient's date of birth as the password — they know it, you don't need to communicate it separately, and it's specific to them. For more sensitive cases or where DOB might be guessed, use a random password and communicate via a verified channel.
Watermark each page
Apply a diagonal watermark reading "CONFIDENTIAL — [Patient Name]" on every page. Use annotate PDF. This deters forwarding — the recipient sees their name on every page and reconsiders sharing. For records going to legal representatives or insurers, this is a useful additional layer.
Flatten after watermarking
Flatten the PDF so the watermark becomes part of the page content rather than a removable annotation. A determined recipient can still remove flattened watermarks with effort, but the friction prevents casual stripping. Flatten before applying password protection.
Distribution log
Log the SAR response: when it was sent, to whom, via what channel, what version. Keep the log with the patient's record. For SAR requests especially, the log proves you complied within the statutory window and what was sent.
FAQ
Can I refuse to provide a patient's record electronically?
Generally no — SARs can be requested in any reasonable format. Electronic delivery is usually the preferred and most accessible option.
Is DOB a strong enough password for medical records?
For SAR responses to the patient themselves, yes. For records going to third parties, use a stronger random password.
Do I need to redact third-party information from a SAR response?
Yes — third parties' identifiers should be redacted unless they've consented or are providing professional services to the patient.
How quickly must I respond to a SAR?
In the UK, one month from receipt under GDPR. Extensions are possible for complex requests but must be communicated.
Layered protection makes SAR responses safe to send. Start with password protection in Flint and add the watermark and flatten steps.