Access to Medical Records
The Data Protection Act gives every living person (or authorised representative) the right to apply for access to their medical records.
If you have any complaints about any aspect of your application to obtain access to your health records, you should first discuss this with the clinician concerned. If this proves unsuccessful, you can make a complaint through the NHS Complaints Procedure by contacting the Practice Manager.
Further information about the NHS Complaints Procedure is available on the NHS Choices website.
Alternatively you can contact the Information Commissioners Office (responsible for governing
Data Protection compliance)
Tel 01625 545745 or via their website
All complaints will be acknowledged within three working days and a full response will be provided within 20 working days. If a complaint is made verbally to the practice, this will be documented and you will be asked to confirm in writing that you agree with what has been recorded
- CCTV images will not be retained longer than is considered necessary, and will be then be deleted.
- All images will be held securely, and all access requests, and access to images will be documented.
- Except for law enforcement bodies, images will not be provided to third parties.
- Images may record individuals and/or record incidents. Not all recordings are designed to identify persons.
- Other than in accordance with statutory rights, the release or availability of images will be at the discretion of the Data Controller(s) for the purposes of the Data Protection Act 2017.
- Images are held to improve the personal security of patients and staff whilst on the premises, and for the prevention and detection of crime, and images may be provided to police or other bodies.
- Where access is granted in response to an application received, the image may be edited to exclude images of third parties who are also included within the requested image. This may be necessary to protect the identity of the third parties. In these circumstances the image released as part of the application may identify the “data subject” only.
- Images will be located by the Data Controller or authorised person.
- The practice regularly reviews compliance with the ICO’s CCTV Code of Practice; continued operational effectiveness and whether the system continues to meet its purposes and remains justified.
Online Access / Making a Subject Access Request (SAR)
The Data Protection Act gives every living person (or authorised representative) the right to apply for access to their health records.
Online Access to Medical Records
As of March 2016, [Coded information from Medical Records / Full Medical Records] can be accessed as part of the Practice’s online services. For security reasons, you will have to visit the practice to undertake an identity check before you are granted access to these records.
To make a subject access request
A request for your medical health records held at Northgate Medical Practice must be made in writing (e-mails accepted) to the data controller via : SAR Team at Northgate Medical Practice (please contact the practice for alternative methods of access if you are unable to make a request in writing).
You can apply using an Application for Access to Medical Records Form available from reception if you wish.
Under the Data Protection Act you will not normally be charged a fee to view your health records or to be provided with a copy of them unless the request is judged to be unfounded or excessive.
In the event that a request is deemed to be unfounded or excessive, a fee will be incurred based on the administrative cost of providing the information.
Once the data controller has all the required information, and fee where relevant, your request should be fulfilled within one month (in exceptional circumstances where it is not possible to comply within this period, you will be informed of the delay within one month of the request. We will provide you with a timescale of when the information will be madeavailable, which will be no more than three monthsafter the request was made).
In some circumstances, the Act permits the data controller to withhold information held in your health record. These rare cases are:
- Where it has been judged that supplying you with the information is likely to cause serious harm to the physical or mental health or condition of you, or any other person, or;
- Where providing you with access would disclose information relating to or provided by a third person who had not consented to the disclosure. This exemption does not apply where that third person is a clinician involved in your care.
When making your request for access, it would be helpful if you could provide details of the time-periods and aspects of your health record you require (this is optional, but it may help save practice time and resources). If you are using an authorised representative, you need to be aware that in doing so, they may gain access to all health records concerning you, which may not all be relevant. If this is a concern, you should inform your representative of what information you wish them to specifically request when they are applying for access. Please ask the Reception Team for an Application form for making a Subject Acess Request, or send us a request for an application form via email.
GPs have ethical obligations around how patient records are shared, and will explain to patients, in broad terms, the implications of making a Subject Access Request so they can make an informed decision on whether they wish to exercise their rights under the Data Protection Act.